francis-io/nextcloud docker Secret

## nextcloud docker
version: "3.8"

services:
  traefik:
    image: "traefik:v2.3"
    container_name: "traefik"
    environment:
      - AWS_ACCESS_KEY_ID=${TRAEFIK_AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${TRAEFIK_AWS_SECRET_ACCESS_KEY}
      - AWS_REGION=${AWS_REGION}
      - AWS_HOSTED_ZONE_ID=${ROUTE53_HOSTED_ZONE_ID}
    command:
      - "--log=true"
      - "--log.level=INFO" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      #- "--accessLog=true"
      - "--global.sendAnonymousUsage=true"
      #- "--api.insecure=true"
      #- "--api=true"
      #- "--api.dashboard=true"
      - "--providers.docker=true"
      #- "--providers.docker.useBindPortIP=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.http.address=:80"
      # - "--entrypoints.http.http.redirections.entryPoint.to=https"
      # - "--entrypoints.http.http.redirections.entryPoint.scheme=https"
      - "--entryPoints.https.address=:443"
      - "--entryPoints.public.address=:9000"
      - "--entryPoints.traefik.address=:8080"
      - "--entrypoints.https.http.tls.certResolver=dns-route53"
      - "--entrypoints.public.http.tls.certResolver=dns-route53"
      - "--entrypoints.https.http.tls.domains[0].main=*.${DOMAIN}"
      - "--certificatesresolvers.dns-route53.acme.dnsChallenge=true"
      - "--certificatesResolvers.dns-route53.acme.dnsChallenge.provider=route53"
      #- "--certificatesResolvers.dns-route53.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory" # LetsEncrypt Staging Server
      - "--certificatesResolvers.dns-route53.acme.email=dns@${DOMAIN}"
      - "--certificatesResolvers.dns-route53.acme.storage=/letsencrypt/acme.json"
      - "--certificatesResolvers.dns-route53.acme.dnsChallenge.delayBeforeCheck=60"
      - "--certificatesResolvers.dns-route53.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
    security_opt:
      - no-new-privileges:true
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "9000:9000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/localtime:/etc/localtime:ro"
      - "/root/letsencrypt:/letsencrypt"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      - "traefik.http.routers.traefik.entryPoints=https"
      # Rate Limit
      - "traefik.http.middlewares.rate-limit.ratelimit.average=3"
      - "traefik.http.middlewares.rate-limit.ratelimit.period=1m"
      #- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=10"
      # Global redirect for public access
      - "traefik.http.middlewares.public_redirect.redirectscheme.scheme=https"
    restart: always

  nextcloud:
    image: nextcloud:20-apache
    container_name: nextcloud
    environment:
      NEXTCLOUD_TRUSTED_DOMAINS: "docs.${DOMAIN}"
      OVERWRITEPROTOCOL: "https"
      NEXTCLOUD_ADMIN_USER: "admin"
      NEXTCLOUD_ADMIN_PASSWORD: "pass"
      NEXTCLOUD_TRUSTED_PROXIES: "traefik"
      POSTGRES_HOST: "nextcloud-postgres"
      POSTGRES_PASSWORD: "123"
      POSTGRES_DB: "nextcloud"
      POSTGRES_USER: "nextcloud"
      REDIS_HOST: "nextcloud-redis"
      REDIS_HOST_PASSWORD: "pass"
    volumes:
      - /tmp/config-nextcloud10:/var/www/html
    depends_on:
      - nextcloud-postgres
      - nextcloud-redis
    security_opt:
      - no-new-privileges=true
    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.docs.rule=Host(`docs.${DOMAIN}`)"
      - "traefik.http.services.docs.loadbalancer.server.port=80"
      - "traefik.http.routers.docs.entrypoints=https"
      # External route
      - "traefik.http.routers.docs-public.rule=Host(`docs.${DOMAIN}`)"
      - "traefik.http.routers.docs-public.entryPoints=public"
      - "traefik.http.routers.docs-public.middlewares=public_redirect"
      ##- "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent=true"
      #- "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
      #- "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement=https://$${1}/remote.php/dav/"
      ##- "traefik.http.routers.nextcloud.middlewares=nextcloud-caldav@docker"
    restart: always

  nextcloud-collabora:
    image: collabora/code:latest
    container_name: nextcloud-collabora
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    cap_add:
      - MKNOD
    environment:
      domain: "docs.${DOMAIN}"
      server_name: "collabora.${DOMAIN}"
      DONT_GEN_SSL_CERT: "YES"
      VIRTUAL_PROTO: "https"
      extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
    depends_on:
      - nextcloud-postgres
      - nextcloud-redis
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)"
    #- "traefik.http.services.collabora.loadbalancer.passHostHeader=true"
    - "traefik.http.routers.collabora.entrypoints=https"
    # External route
    - "traefik.http.routers.collabora-public.rule=Host(`collabora.${DOMAIN}`)"
    - "traefik.http.routers.collabora-public.entryPoints=public"
    - "traefik.http.routers.collabora-public.middlewares=public_redirect"
    ## Middlewares
    #- "traefik.http.routers.collabora.middlewares=secure-headers@file"
    ## HTTP Services
    #- "traefik.http.routers.collabora.service=code-svc"
    #- "traefik.http.services.code-svc.loadbalancer.server.port=9980"
    restart: always

  nextcloud-postgres:
    image: postgres:10-alpine
    container_name: nextcloud-postgres
    #user: ${UID}:${GID}
    security_opt:
      - no-new-privileges=true
    volumes:
      - /tmp/config-postgres-nextcloud:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      POSTGRES_USER: "nextcloud"
      POSTGRES_PASSWORD: "123"
      POSTGRES_DB: "nextcloud"
    restart: always

  nextcloud-postgres-backup:
    container_name: "nextcloud-postgres-backup"
    image: "postgres:10-alpine"
    environment:
      BACKUP_NUM_KEEP: 7
      BACKUP_FREQUENCY: "1d"
    volumes:
      - /tank/backups/databases/nextcloud:/dump
      - /etc/localtime:/etc/localtime:ro
    entrypoint: |
      bash -c 'bash -s <<EOF
      trap "break;exit" SIGHUP SIGINT SIGTERM
      sleep 1s
      while /bin/true; do
        PGPASSWORD=123 pg_dump --host=nextcloud-postgres --username=nextcloud nextcloud | gzip -c > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.sql.gz
        (ls -t /dump/dump*.sql.gz|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.sql.gz)|sort|uniq -u|xargs rm -- {}
        sleep $$BACKUP_FREQUENCY
      done
      EOF'
    restart: always

  nextcloud-redis:
    image: redis:alpine
    container_name: nextcloud-redis
    command: redis-server --requirepass pass
    restart: always

  nextcloud-cron:
    image: nextcloud:20-apache
    container_name: nextcloud-cron
    volumes:
      - /tmp/config-nextcloud10:/var/www/html
    depends_on:
      - nextcloud-postgres
      - nextcloud-redis
    entrypoint: /cron.sh
    restart: always
	version: "3.8"

	services:
	traefik:
	image: "traefik:v2.3"
	container_name: "traefik"
	environment:
	- AWS_ACCESS_KEY_ID=${TRAEFIK_AWS_ACCESS_KEY_ID}
	- AWS_SECRET_ACCESS_KEY=${TRAEFIK_AWS_SECRET_ACCESS_KEY}
	- AWS_REGION=${AWS_REGION}
	- AWS_HOSTED_ZONE_ID=${ROUTE53_HOSTED_ZONE_ID}
	command:
	- "--log=true"
	- "--log.level=INFO" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
	#- "--accessLog=true"
	- "--global.sendAnonymousUsage=true"
	#- "--api.insecure=true"
	#- "--api=true"
	#- "--api.dashboard=true"
	- "--providers.docker=true"
	#- "--providers.docker.useBindPortIP=true"
	- "--providers.docker.endpoint=unix:///var/run/docker.sock"
	- "--providers.docker.exposedbydefault=false"
	- "--entryPoints.http.address=:80"
	# - "--entrypoints.http.http.redirections.entryPoint.to=https"
	# - "--entrypoints.http.http.redirections.entryPoint.scheme=https"
	- "--entryPoints.https.address=:443"
	- "--entryPoints.public.address=:9000"
	- "--entryPoints.traefik.address=:8080"
	- "--entrypoints.https.http.tls.certResolver=dns-route53"
	- "--entrypoints.public.http.tls.certResolver=dns-route53"
	- "--entrypoints.https.http.tls.domains[0].main=*.${DOMAIN}"
	- "--certificatesresolvers.dns-route53.acme.dnsChallenge=true"
	- "--certificatesResolvers.dns-route53.acme.dnsChallenge.provider=route53"
	#- "--certificatesResolvers.dns-route53.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory" # LetsEncrypt Staging Server
	- "--certificatesResolvers.dns-route53.acme.email=dns@${DOMAIN}"
	- "--certificatesResolvers.dns-route53.acme.storage=/letsencrypt/acme.json"
	- "--certificatesResolvers.dns-route53.acme.dnsChallenge.delayBeforeCheck=60"
	- "--certificatesResolvers.dns-route53.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
	security_opt:
	- no-new-privileges:true
	ports:
	- "80:80"
	- "443:443"
	- "8080:8080"
	- "9000:9000"
	volumes:
	- "/var/run/docker.sock:/var/run/docker.sock:ro"
	- "/etc/localtime:/etc/localtime:ro"
	- "/root/letsencrypt:/letsencrypt"
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
	- "traefik.http.services.traefik.loadbalancer.server.port=8080"
	- "traefik.http.routers.traefik.entryPoints=https"
	# Rate Limit
	- "traefik.http.middlewares.rate-limit.ratelimit.average=3"
	- "traefik.http.middlewares.rate-limit.ratelimit.period=1m"
	#- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=10"
	# Global redirect for public access
	- "traefik.http.middlewares.public_redirect.redirectscheme.scheme=https"
	restart: always

	nextcloud:
	image: nextcloud:20-apache
	container_name: nextcloud
	environment:
	NEXTCLOUD_TRUSTED_DOMAINS: "docs.${DOMAIN}"
	OVERWRITEPROTOCOL: "https"
	NEXTCLOUD_ADMIN_USER: "admin"
	NEXTCLOUD_ADMIN_PASSWORD: "pass"
	NEXTCLOUD_TRUSTED_PROXIES: "traefik"
	POSTGRES_HOST: "nextcloud-postgres"
	POSTGRES_PASSWORD: "123"
	POSTGRES_DB: "nextcloud"
	POSTGRES_USER: "nextcloud"
	REDIS_HOST: "nextcloud-redis"
	REDIS_HOST_PASSWORD: "pass"
	volumes:
	- /tmp/config-nextcloud10:/var/www/html
	depends_on:
	- nextcloud-postgres
	- nextcloud-redis
	security_opt:
	- no-new-privileges=true
	labels:
	- "traefik.enable=true"
	# HTTP Routers
	- "traefik.http.routers.docs.rule=Host(`docs.${DOMAIN}`)"
	- "traefik.http.services.docs.loadbalancer.server.port=80"
	- "traefik.http.routers.docs.entrypoints=https"
	# External route
	- "traefik.http.routers.docs-public.rule=Host(`docs.${DOMAIN}`)"
	- "traefik.http.routers.docs-public.entryPoints=public"
	- "traefik.http.routers.docs-public.middlewares=public_redirect"
	##- "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent=true"
	#- "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex=^https://(.*)/.well-known/(card\|cal)dav"
	#- "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement=https://$${1}/remote.php/dav/"
	##- "traefik.http.routers.nextcloud.middlewares=nextcloud-caldav@docker"
	restart: always

	nextcloud-collabora:
	image: collabora/code:latest
	container_name: nextcloud-collabora
	volumes:
	- /etc/timezone:/etc/timezone:ro
	- /etc/localtime:/etc/localtime:ro
	cap_add:
	- MKNOD
	environment:
	domain: "docs.${DOMAIN}"
	server_name: "collabora.${DOMAIN}"
	DONT_GEN_SSL_CERT: "YES"
	VIRTUAL_PROTO: "https"
	extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
	depends_on:
	- nextcloud-postgres
	- nextcloud-redis
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)"
	#- "traefik.http.services.collabora.loadbalancer.passHostHeader=true"
	- "traefik.http.routers.collabora.entrypoints=https"
	# External route
	- "traefik.http.routers.collabora-public.rule=Host(`collabora.${DOMAIN}`)"
	- "traefik.http.routers.collabora-public.entryPoints=public"
	- "traefik.http.routers.collabora-public.middlewares=public_redirect"
	## Middlewares
	#- "traefik.http.routers.collabora.middlewares=secure-headers@file"
	## HTTP Services
	#- "traefik.http.routers.collabora.service=code-svc"
	#- "traefik.http.services.code-svc.loadbalancer.server.port=9980"
	restart: always

	nextcloud-postgres:
	image: postgres:10-alpine
	container_name: nextcloud-postgres
	#user: ${UID}:${GID}
	security_opt:
	- no-new-privileges=true
	volumes:
	- /tmp/config-postgres-nextcloud:/var/lib/postgresql/data
	- /etc/localtime:/etc/localtime:ro
	environment:
	POSTGRES_USER: "nextcloud"
	POSTGRES_PASSWORD: "123"
	POSTGRES_DB: "nextcloud"
	restart: always

	nextcloud-postgres-backup:
	container_name: "nextcloud-postgres-backup"
	image: "postgres:10-alpine"
	environment:
	BACKUP_NUM_KEEP: 7
	BACKUP_FREQUENCY: "1d"
	volumes:
	- /tank/backups/databases/nextcloud:/dump
	- /etc/localtime:/etc/localtime:ro
	entrypoint: \|
	bash -c 'bash -s <<EOF
	trap "break;exit" SIGHUP SIGINT SIGTERM
	sleep 1s
	while /bin/true; do
	PGPASSWORD=123 pg_dump --host=nextcloud-postgres --username=nextcloud nextcloud \| gzip -c > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.sql.gz
	(ls -t /dump/dump.sql.gz\|head -n $$BACKUP_NUM_KEEP;ls /dump/dump.sql.gz)\|sort\|uniq -u\|xargs rm -- {}
	sleep $$BACKUP_FREQUENCY
	done
	EOF'
	restart: always

	nextcloud-redis:
	image: redis:alpine
	container_name: nextcloud-redis
	command: redis-server --requirepass pass
	restart: always

	nextcloud-cron:
	image: nextcloud:20-apache
	container_name: nextcloud-cron
	volumes:
	- /tmp/config-nextcloud10:/var/www/html
	depends_on:
	- nextcloud-postgres
	- nextcloud-redis
	entrypoint: /cron.sh
	restart: always