server.coop/nextcloud.yml at main · TheOtherRealm/server.coop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
version: '3.9'
services:
  db:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
      - ../nextcloud_log/mysqllogs/:/var/log/mysql
    env_file:
      - ../secrets/nc.env
    networks:
      # - traefik-public
      - net
    deploy:
      restart_policy:
        condition: on-failure
  app:
    image: nextcloud:latest
    security_opt:
      - no-new-privileges:true
    command:
      - --sh -c "apt-get install clamav clamav-daemon"
    volumes:
      - ../nextcloud/:/var/www/html/
      - data:/var/www/html/data
      - ../nextcloud_log/:/var/log/apache2
    networks:
      - traefik-public
      - net
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.nextcloud-http.rule=Host(`next.otherrealm.org`)
        - traefik.http.routers.nextcloud-http.entrypoints=http
        - traefik.http.routers.nextcloud-http.middlewares=https-redirect
        - traefik.http.routers.nextcloud-https.rule=Host(`next.otherrealm.org`)
        - traefik.http.routers.nextcloud-https.entrypoints=https
        - traefik.http.routers.nextcloud-https.tls=true
        - traefik.http.routers.nextcloud-https.tls.certresolver=le
        - traefik.http.services.nextcloud.loadbalancer.server.port=80
        - traefik.http.middlewares.nextcloud-http2https.redirectscheme.scheme=https
        - traefik.http.middlewares.nextcloud-http2https.redirectscheme.permanent=true
        - traefik.http.routers.nextcloud-http.middlewares=nextcloud-http2https
    env_file:
      - ../secrets/nc.env
    environment:
      # - MYSQL_HOST=db
      - extra_params=--o:ssl.enable=false
      - o:ssl.termination=true
    depends_on:
      - db
  collabora:
    image: collabora/code:latest
    restart: always
    labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.collabora-http.rule=Host(`next.otherrealm.org`)
        - traefik.http.routers.collabora-http.service=collabora
        - traefik.http.routers.collabora-http.entrypoints=http
        - traefik.http.routers.collabora-http.middlewares=https-redirect
        - traefik.http.routers.collabora-https.rule=Host(`next.otherrealm.org`)
        - traefik.http.routers.collabora-https.service=collabora
        - traefik.http.routers.collabora-https.entrypoints=https
        - traefik.http.routers.collabora-https.tls=true
        - traefik.http.routers.collabora-https.tls.certresolver=le
        - traefik.http.services.collabora.loadbalancer.server.port=9980
        - traefik.http.middlewares.collabora-http2https.redirectscheme.scheme=https
        - traefik.http.middlewares.collabora-http2https.redirectscheme.permanent=true
        - traefik.http.routers.collabora-http.middlewares=collabora-http2https
    networks:
      - traefik-public
      - net
    env_file:
      - ../secrets/nc.env
    environment:
      - extra_params=--o:ssl.enable=true
      - o:ssl.termination=true
      - domain=next.otherrealm.org
      - VIRTUAL_HOST=next.otherrealm.org
      - LETSENCRYPT_HOST=next.otherrealm.org
      - LETSENCRYPT_EMAIL=the@otherrealm.org
    ports:
      - 9980:9980
    expose:
      - 9980
    depends_on:
      - db
volumes:
  db:
  data:
networks:
  net:
    driver: overlay
    attachable: true
  traefik-public:
    external: true