66 lines
2.8 KiB
Django/Jinja
66 lines
2.8 KiB
Django/Jinja
version: '3'
|
|
|
|
services:
|
|
db:
|
|
image: postgres:14
|
|
restart: always
|
|
container_name: nextcloud_db
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- {{ server.work_dir }}/nextcloud/db:/var/lib/postgresql/data
|
|
environment:
|
|
- POSTGRES_PASSWORD=nextcloud
|
|
- POSTGRES_DB=nextcloud
|
|
- POSTGRES_USER=nextcloud
|
|
|
|
nextcloud:
|
|
image: nextcloud
|
|
restart: always
|
|
container_name: nextcloud
|
|
networks:
|
|
- proxy
|
|
- protonmail
|
|
- internal
|
|
depends_on:
|
|
- db
|
|
volumes:
|
|
- {{ server.work_dir }}/nextcloud/base:/var/www/html
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.middlewares.nextcloud-compress.compress=true"
|
|
- "traefik.http.middlewares.nextcloud-regex-redirect.redirectregex.permanent=true"
|
|
- "traefik.http.middlewares.nextcloud-regex-redirect.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
|
|
- "traefik.http.middlewares.nextcloud-regex-redirect.redirectregex.replacement=https://$$1/remote.php/dav/"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.frameDeny=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.sslRedirect=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=31536000"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=same-origin"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.browserXssFilter=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.customRequestHeaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.customRequestHeaders.X-Robots-Tag=none"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"
|
|
- "traefik.http.routers.nextcloud-secure.entrypoints=https"
|
|
- "traefik.http.routers.nextcloud-secure.rule=Host(`mycld.{{ server.domain }}`)"
|
|
- "traefik.http.routers.nextcloud-secure.tls=true"
|
|
- "traefik.http.routers.nextcloud-secure.tls.certresolver=sslResolver"
|
|
- "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-compress,nextcloud-regex-redirect,nextcloud-headers"
|
|
# - "traefik.http.routers.nextcloud-secure.service=nextcloud"
|
|
# - "traefik.http.services.nextcloud.loadbalancer.server.port=9002"
|
|
- "traefik.docker.network=proxy"
|
|
environment:
|
|
- POSTGRES_PASSWORD=nextcloud
|
|
- POSTGRES_DATABASE=nextcloud
|
|
- POSTGRES_USER=nextcloud
|
|
- POSTGRES_HOST=db
|
|
- OVERWRITEPROTOCOL=https
|
|
|
|
networks:
|
|
internal:
|
|
proxy:
|
|
external: true
|
|
protonmail:
|
|
external: true
|