Run Nextcloud, Bitwarden_rs, and poste.io with Caddy proxy in Docker

readme.md

Description

This is a basic docker-compose reference for spinning up a Nextcloud, poste.io, and Bitwarden_rs instance efficiently. It uses Caddy, Sqlite and Redis for simplicity and speed. I did things this way because I wanted to eliminate Nginx and Apache completely. This was to reduce overhead and to gain the simplicity of Caddy's configs and automatic SSL. It has been working well for me for about a year now.

Instructions

• Install docker and docker-compose on your host
• Set up your DNS
• Change the configs to your liking
• Copy Caddyfile and zzz-custom.ini files to their respective locations as referenced by docker-compose.yml
• Download Gosu from https://github.com/tianon/gosu, make it executable, and copy it into the location referenced in docker-compose.yml
• Run docker-compose up -d
• Configure your Nextcloud to use Sqlite and Redis via its UI
• ???
• Profit

Caddyfile

yourhost.com {
  redir / https://cloud.yourhost.com 301
}

cloud.yourhost.com {
  tls admin@yourhost.com
  header / Strict-Transport-Security "max-age=31536000;"
  root /var/www/html
  fastcgi / nextcloud:9000 php {
    connect_timeout 1h
    read_timeout    10m
    send_timeout    30m
  }
  redir 301 {
    /.well-known/webfinger /public.php?service=webfinger
    /.well-known/caldav /remote.php/dav
    /.well-known/carddav /remote.php/dav
  }
  status 403 {
      /.htaccess
      /data
      /config
      /db_structure
      /.xml
      /README
  }
}

pw.yourhost.com {
  proxy / pw:80 {
    transparent
  }
}

http://mail.yourhost.com {
  proxy / mail:80 {
    transparent
  }
}

https://mail.yourhost.com {
  proxy / https://mail:443 {
    transparent
    insecure_skip_verify
  }
}

docker-compose.yml

---
version: '3.3'
services:
  caddy:
    restart: unless-stopped
    image: abiosoft/caddy:no-stats
    container_name: caddy
    hostname: caddy
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./conf/caddy/Caddyfile:/etc/Caddyfile:ro
      - ./data/caddy:/etc/caddycerts
      - ./data/nextcloud:/var/www/html
    environment:
      - CADDYPATH=/etc/caddycerts
      - ACME_AGREE=true
  nextcloud:
    restart: unless-stopped
    image : nextcloud:fpm-alpine
    container_name: nextcloud
    hostname: nextcloud
    depends_on:
      - caddy
      - redis
    environment:
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=Shhh...itsas3cret! # not really my password
      - SQLITE_DATABASE=nextcloud
    volumes:
      - /usr/bin/gosu:/usr/bin/gosu:ro
      - ./conf/nextcloud/zzz-custom.ini:/usr/local/etc/php/conf.d/zzz-custom.ini:ro
      - ./data/nextcloud:/var/www/html
    healthcheck:
      test: [ 'CMD', '/usr/bin/gosu', 'www-data:www-data', '/usr/local/bin/php', '/var/www/html/cron.php' ]
      interval: 5m
      timeout: 5m
  redis:
    restart: unless-stopped
    image: redis:alpine
    container_name: redis
    hostname: redis
  pw:
    restart: unless-stopped
    image: mprasil/bitwarden:alpine
    container_name: pw
    hostname: pw.protobit.io
    depends_on:
      - caddy
    environment:
    # - SIGNUPS_ALLOWED=false
    volumes:
      - ./data/pw:/data
  mail:
    image: analogic/poste.io
    container_name: mail
    hostname: mail.yourhost.com
    restart: unless-stopped
    depends_on:
      - caddy
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "587:587"
      - "993:993"
      - "995:995"
      - "4190:4190"
    environment:
      - LETSENCRYPT_EMAIL=admin@yourhost.com
      - LETSENCRYPT_HOST=mail.yourhost.com
      - VIRTUAL_HOST=mail.yourhost.com
    volumes:
      - ./data/mail:/data
      - /etc/localtime:/etc/localtime:ro

zzz-custom.ini

pm.max_children=24
memory_limit=1024M
request_terminate_timeout = 0
max_execution_time = 999
max_input_time = 999

@redr00t sadly, I have not had time to convert this for caddyv2, and likely won't be doing so. I plan on migrating to Kubernetes in the near future, so none of this will be applicable for me anymore.