generated from sambuc/tpl.docker-compose
129 lines
5.2 KiB
YAML
129 lines
5.2 KiB
YAML
version: "3.8"
|
|
|
|
networks:
|
|
internal:
|
|
internal: true
|
|
proxy_home:
|
|
external: true
|
|
|
|
services:
|
|
memcache:
|
|
image: "redis:6.2-alpine"
|
|
restart: always
|
|
networks:
|
|
- internal
|
|
environment:
|
|
- REDIS_HOST=memcache
|
|
|
|
db:
|
|
image: "postgres:13.2-alpine"
|
|
restart: always
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- "./postgres_data:/var/lib/postgresql/data:rw"
|
|
env_file:
|
|
- ./db.env
|
|
environment:
|
|
- POSTGRES_HOST=db
|
|
|
|
app:
|
|
image: "nextcloud:23"
|
|
restart: always
|
|
networks:
|
|
- proxy_home
|
|
- internal
|
|
# NextCloud issues direct internet calls for plugins!
|
|
- default
|
|
depends_on:
|
|
- db
|
|
- memcache
|
|
volumes:
|
|
- "./nextcloud/:/var/www/html/:rw"
|
|
#- "./nextcloud/apps/:/var/www/html/custom_apps/:rw"
|
|
#- "./nextcloud/config/:/var/www/html/config/:rw"
|
|
#- "./nextcloud/data/:/var/www/html/data/:rw"
|
|
env_file:
|
|
- ./db.env
|
|
environment:
|
|
- POSTGRES_HOST=db
|
|
- REDIS_HOST=memcache
|
|
- APACHE_DISABLE_REWRITE_IP=1
|
|
- TRUSTED_PROXIES=${TRUSTED_PROXIES}
|
|
- OVERWRITEHOST=${FQDN_CLOUD}
|
|
- OVERWRITEPROTOCOL=https
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy_home"
|
|
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
|
|
|
|
# MIDDLEWARES
|
|
- "traefik.http.middlewares.append-slash.redirectregex.permanent=true"
|
|
- "traefik.http.middlewares.append-slash.redirectregex.regex=https://(.*)${DOMAIN_NAME}$$"
|
|
- "traefik.http.middlewares.append-slash.redirectregex.replacement=https://$${1}${DOMAIN_NAME}/"
|
|
|
|
- "traefik.http.middlewares.headers-same-origin.headers.customframeoptionsvalue=SAMEORIGIN"
|
|
|
|
# CalDAV / CardDAV
|
|
- "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true"
|
|
- "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
|
|
- "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://$${1}/remote.php/dav/"
|
|
|
|
# Priority goes from first in the list to last.
|
|
- "traefik.http.middlewares.nextcloud.chain.middlewares=headers-same-origin,headers-base@file,headers-sts@file,headers-policy-domain@file"
|
|
|
|
# Pico CMS redirect / rewrite rules
|
|
- "traefik.http.middlewares.sites-redirect.redirectregex.permanent=true"
|
|
- "traefik.http.middlewares.sites-redirect.redirectregex.regex=^https://${FQDN_SITES}/?$$"
|
|
- "traefik.http.middlewares.sites-redirect.redirectregex.replacement=https://${FQDN_HOME}/"
|
|
|
|
- "traefik.http.middlewares.sites-exceptions.replacepathregex.regex=^/apps/cms_pico/pico/(.*?/)?(custom_)?apps/(.*)$$"
|
|
- "traefik.http.middlewares.sites-exceptions.replacepathregex.replacement=/$${2}apps/$${3}"
|
|
|
|
- "traefik.http.middlewares.sites-path.replacepathregex.regex=^/(.*)$$"
|
|
- "traefik.http.middlewares.sites-path.replacepathregex.replacement=/apps/cms_pico/pico/$${1}"
|
|
|
|
- "traefik.http.middlewares.sites-home-path.replacepathregex.regex=^/(.*)$$"
|
|
- "traefik.http.middlewares.sites-home-path.replacepathregex.replacement=/apps/cms_pico/pico/home/$${1}"
|
|
|
|
- "traefik.http.middlewares.sites-blog-path.replacepathregex.regex=^/(.*)$$"
|
|
- "traefik.http.middlewares.sites-blog-path.replacepathregex.replacement=/apps/cms_pico/pico/blog/$${1}"
|
|
|
|
# Use a chain to guarantee ordering
|
|
- "traefik.http.middlewares.sites.chain.middlewares=sites-path,sites-exceptions"
|
|
- "traefik.http.middlewares.sites-home.chain.middlewares=sites-home-path,sites-exceptions"
|
|
- "traefik.http.middlewares.sites-blog.chain.middlewares=sites-blog-path,sites-exceptions"
|
|
|
|
# NextCloud
|
|
- "traefik.http.routers.nextcloud.service=nextcloud"
|
|
- "traefik.http.routers.nextcloud.entrypoints=web-secure"
|
|
- "traefik.http.routers.nextcloud.rule=(Host(`${FQDN_CLOUD}`) || Host(`${FQDN_DRIVE}`))"
|
|
- "traefik.http.routers.nextcloud.tls=true"
|
|
- "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud-dav"
|
|
|
|
# Main site
|
|
- "traefik.http.routers.home.service=nextcloud"
|
|
- "traefik.http.routers.home.entrypoints=web-secure"
|
|
- "traefik.http.routers.home.rule=(Host(`${DOMAIN_NAME}`) || Host(`${FQDN_HOME}`))"
|
|
- "traefik.http.routers.home.tls=true"
|
|
- "traefik.http.routers.home.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.home.middlewares=nextcloud,append-slash,sites-home"
|
|
|
|
# Blog
|
|
- "traefik.http.routers.blog.service=nextcloud"
|
|
- "traefik.http.routers.blog.entrypoints=web-secure"
|
|
- "traefik.http.routers.blog.rule=Host(`${FQDN_BLOG}`)"
|
|
- "traefik.http.routers.blog.tls=true"
|
|
- "traefik.http.routers.blog.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.blog.middlewares=nextcloud,append-slash,sites-blog"
|
|
|
|
# Web sites
|
|
- "traefik.http.routers.sites.service=nextcloud"
|
|
- "traefik.http.routers.sites.entrypoints=web-secure"
|
|
- "traefik.http.routers.sites.rule=Host(`${FQDN_SITES}`)"
|
|
- "traefik.http.routers.sites.tls=true"
|
|
- "traefik.http.routers.sites.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.sites.middlewares=nextcloud,sites-redirect,sites"
|
|
|