Created
May 20, 2019 00:10
-
-
Save adamelliotfields/8757ead921c9622b148c945dd4ce4214 to your computer and use it in GitHub Desktop.
Docker Compose Nextcloud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.5' | |
services: | |
redis: | |
image: 'redis:5.0.5' | |
container_name: redis | |
ports: | |
- '0.0.0.0:6379:6379' | |
networks: | |
- nextcloud | |
volumes: | |
- type: volume | |
source: redis | |
target: '/data' | |
mariadb: | |
image: 'mariadb:10.3.15' | |
container_name: mariadb | |
environment: | |
MYSQL_ROOT_HOST: '%' | |
MYSQL_ROOT_PASSWORD: root | |
MYSQL_DATABASE: nextcloud | |
MYSQL_USER: nextcloud | |
MYSQL_PASSWORD: nextcloud | |
ports: | |
- '0.0.0.0:3306:3306' | |
networks: | |
- nextcloud | |
volumes: | |
- type: volume | |
source: mariadb | |
target: '/var/lib/mysql' | |
nextcloud: | |
image: 'nextcloud:16.0.1-fpm' | |
container_name: nextcloud | |
environment: | |
NEXTCLOUD_ADMIN_USER: admin | |
NEXTCLOUD_ADMIN_PASSWORD: admin | |
NEXTCLOUD_TRUSTED_DOMAINS: 'localhost:8080' | |
MYSQL_DATABASE: nextcloud | |
MYSQL_USER: nextcloud | |
MYSQL_PASSWORD: nextcloud | |
MYSQL_HOST: mariadb | |
REDIS_HOST: redis | |
ports: | |
- '0.0.0.0:9000:9000' | |
networks: | |
- nextcloud | |
volumes: | |
- type: volume | |
source: nextcloud | |
target: '/var/www/html' | |
- type: bind | |
source: './php.ini' | |
target: '/usr/local/etc/php/php.ini' | |
- type: bind | |
source: './zz-docker.conf' | |
target: '/usr/local/etc/php-fpm.d/zz-docker.conf' | |
depends_on: | |
- mariadb | |
- redis | |
nginx: | |
image: 'nginx:1.15.12' | |
container_name: nginx | |
ports: | |
- '0.0.0.0:8080:8080' | |
networks: | |
- nextcloud | |
volumes: | |
- type: volume | |
source: nextcloud | |
target: '/var/www/html' | |
- type: bind | |
source: './nginx.conf' | |
target: '/etc/nginx/nginx.conf' | |
depends_on: | |
- nextcloud | |
networks: | |
nextcloud: | |
name: nextcloud | |
volumes: | |
nextcloud: | |
name: nextcloud | |
mariadb: | |
name: mariadb | |
redis: | |
name: redis |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes 1; | |
worker_rlimit_nofile 65535; | |
events { | |
worker_connections 65535; | |
multi_accept on; | |
use epoll; | |
} | |
http { | |
charset utf-8; | |
sendfile on; | |
tcp_nopush on; | |
server_tokens off; | |
log_not_found off; | |
types_hash_max_size 2048; | |
client_max_body_size 1024M; | |
# MIME | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
# logging | |
access_log /proc/self/fd/1; | |
error_log /proc/self/fd/2; | |
map $http_x_forwarded_proto $fastcgi_https { | |
default ""; | |
https on; | |
} | |
upstream php { | |
server nextcloud:9000; | |
} | |
# localhost | |
server { | |
listen 8080; | |
server_name localhost; | |
set $base /var/www/html; | |
root $base/; | |
# security headers | |
add_header X-Content-Type-Options nosniff; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Robots-Tag none; | |
add_header X-Download-Options noopen; | |
add_header X-Permitted-Cross-Domain-Policies none; | |
add_header Referrer-Policy no-referrer; | |
# remove X-Powered-By, which is an information leak | |
fastcgi_hide_header X-Powered-By; | |
# gzip | |
gzip on; | |
gzip_vary on; | |
gzip_comp_level 4; | |
gzip_min_length 256; | |
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | |
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; | |
# the following 2 rules are only needed for the user_webfinger app. | |
rewrite ^/.well-known/host-meta /public.php?service=host-meta last; | |
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; | |
# the following rule is only needed for the Social app. | |
rewrite ^/.well-known/webfinger /public.php?service=webfinger last; | |
# index.php fallback | |
location / { | |
rewrite ^ /index.php$request_uri; | |
} | |
# handle .php | |
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { | |
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; | |
# default fastcgi_params | |
include /etc/nginx/fastcgi_params; | |
# fastcgi settings | |
fastcgi_pass php; | |
fastcgi_index index.php; | |
fastcgi_buffers 64 4k; | |
fastcgi_intercept_errors on; | |
fastcgi_request_buffering off; | |
# fastcgi params | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param PATH_INFO $fastcgi_path_info; | |
fastcgi_param HTTPS $fastcgi_https; | |
# avoid sending the security headers twice | |
fastcgi_param modHeadersAvailable true; | |
fastcgi_param front_controller_active true; | |
} | |
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { | |
try_files $uri/ =404; | |
index index.php; | |
} | |
# adding the cache control header for js and css files | |
# make sure it is BELOW the PHP block | |
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ { | |
try_files $uri /index.php$request_uri; | |
add_header Cache-Control "public, max-age=15778463"; | |
access_log off; | |
} | |
# favicon.ico | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
} | |
# robots.txt | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
location = /.well-known/carddav { | |
return 301 $scheme://$host:$server_port/remote.php/dav; | |
} | |
location = /.well-known/caldav { | |
return 301 $scheme://$host:$server_port/remote.php/dav; | |
} | |
# . files | |
location ~ /\.(?!well-known) { | |
deny all; | |
} | |
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { | |
deny all; | |
} | |
location ~ ^\/(?:autotest|occ|issue|indie|db_|console) { | |
deny all; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[PHP] | |
post_max_size = 1024M | |
upload_max_filesize = 1024M |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[global] | |
daemonize = no | |
[www] | |
listen = 9000 | |
access.log = /dev/null |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment