-
-
Save francis-io/935be5679b3308f5fbc3fe1bb78ae885 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.8" | |
services: | |
traefik: | |
image: "traefik:v2.3" | |
container_name: "traefik" | |
environment: | |
- AWS_ACCESS_KEY_ID=${TRAEFIK_AWS_ACCESS_KEY_ID} | |
- AWS_SECRET_ACCESS_KEY=${TRAEFIK_AWS_SECRET_ACCESS_KEY} | |
- AWS_REGION=${AWS_REGION} | |
- AWS_HOSTED_ZONE_ID=${ROUTE53_HOSTED_ZONE_ID} | |
command: | |
- "--log=true" | |
- "--log.level=INFO" # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC | |
#- "--accessLog=true" | |
- "--global.sendAnonymousUsage=true" | |
#- "--api.insecure=true" | |
#- "--api=true" | |
#- "--api.dashboard=true" | |
- "--providers.docker=true" | |
#- "--providers.docker.useBindPortIP=true" | |
- "--providers.docker.endpoint=unix:///var/run/docker.sock" | |
- "--providers.docker.exposedbydefault=false" | |
- "--entryPoints.http.address=:80" | |
# - "--entrypoints.http.http.redirections.entryPoint.to=https" | |
# - "--entrypoints.http.http.redirections.entryPoint.scheme=https" | |
- "--entryPoints.https.address=:443" | |
- "--entryPoints.public.address=:9000" | |
- "--entryPoints.traefik.address=:8080" | |
- "--entrypoints.https.http.tls.certResolver=dns-route53" | |
- "--entrypoints.public.http.tls.certResolver=dns-route53" | |
- "--entrypoints.https.http.tls.domains[0].main=*.${DOMAIN}" | |
- "--certificatesresolvers.dns-route53.acme.dnsChallenge=true" | |
- "--certificatesResolvers.dns-route53.acme.dnsChallenge.provider=route53" | |
#- "--certificatesResolvers.dns-route53.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory" # LetsEncrypt Staging Server | |
- "--certificatesResolvers.dns-route53.acme.email=dns@${DOMAIN}" | |
- "--certificatesResolvers.dns-route53.acme.storage=/letsencrypt/acme.json" | |
- "--certificatesResolvers.dns-route53.acme.dnsChallenge.delayBeforeCheck=60" | |
- "--certificatesResolvers.dns-route53.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53" | |
security_opt: | |
- no-new-privileges:true | |
ports: | |
- "80:80" | |
- "443:443" | |
- "8080:8080" | |
- "9000:9000" | |
volumes: | |
- "/var/run/docker.sock:/var/run/docker.sock:ro" | |
- "/etc/localtime:/etc/localtime:ro" | |
- "/root/letsencrypt:/letsencrypt" | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" | |
- "traefik.http.services.traefik.loadbalancer.server.port=8080" | |
- "traefik.http.routers.traefik.entryPoints=https" | |
# Rate Limit | |
- "traefik.http.middlewares.rate-limit.ratelimit.average=3" | |
- "traefik.http.middlewares.rate-limit.ratelimit.period=1m" | |
#- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=10" | |
# Global redirect for public access | |
- "traefik.http.middlewares.public_redirect.redirectscheme.scheme=https" | |
restart: always | |
nextcloud: | |
image: nextcloud:20-apache | |
container_name: nextcloud | |
environment: | |
NEXTCLOUD_TRUSTED_DOMAINS: "docs.${DOMAIN}" | |
OVERWRITEPROTOCOL: "https" | |
NEXTCLOUD_ADMIN_USER: "admin" | |
NEXTCLOUD_ADMIN_PASSWORD: "pass" | |
NEXTCLOUD_TRUSTED_PROXIES: "traefik" | |
POSTGRES_HOST: "nextcloud-postgres" | |
POSTGRES_PASSWORD: "123" | |
POSTGRES_DB: "nextcloud" | |
POSTGRES_USER: "nextcloud" | |
REDIS_HOST: "nextcloud-redis" | |
REDIS_HOST_PASSWORD: "pass" | |
volumes: | |
- /tmp/config-nextcloud10:/var/www/html | |
depends_on: | |
- nextcloud-postgres | |
- nextcloud-redis | |
security_opt: | |
- no-new-privileges=true | |
labels: | |
- "traefik.enable=true" | |
# HTTP Routers | |
- "traefik.http.routers.docs.rule=Host(`docs.${DOMAIN}`)" | |
- "traefik.http.services.docs.loadbalancer.server.port=80" | |
- "traefik.http.routers.docs.entrypoints=https" | |
# External route | |
- "traefik.http.routers.docs-public.rule=Host(`docs.${DOMAIN}`)" | |
- "traefik.http.routers.docs-public.entryPoints=public" | |
- "traefik.http.routers.docs-public.middlewares=public_redirect" | |
##- "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent=true" | |
#- "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav" | |
#- "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement=https://$${1}/remote.php/dav/" | |
##- "traefik.http.routers.nextcloud.middlewares=nextcloud-caldav@docker" | |
restart: always | |
nextcloud-collabora: | |
image: collabora/code:latest | |
container_name: nextcloud-collabora | |
volumes: | |
- /etc/timezone:/etc/timezone:ro | |
- /etc/localtime:/etc/localtime:ro | |
cap_add: | |
- MKNOD | |
environment: | |
domain: "docs.${DOMAIN}" | |
server_name: "collabora.${DOMAIN}" | |
DONT_GEN_SSL_CERT: "YES" | |
VIRTUAL_PROTO: "https" | |
extra_params: "--o:ssl.enable=false --o:ssl.termination=true" | |
depends_on: | |
- nextcloud-postgres | |
- nextcloud-redis | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)" | |
#- "traefik.http.services.collabora.loadbalancer.passHostHeader=true" | |
- "traefik.http.routers.collabora.entrypoints=https" | |
# External route | |
- "traefik.http.routers.collabora-public.rule=Host(`collabora.${DOMAIN}`)" | |
- "traefik.http.routers.collabora-public.entryPoints=public" | |
- "traefik.http.routers.collabora-public.middlewares=public_redirect" | |
## Middlewares | |
#- "traefik.http.routers.collabora.middlewares=secure-headers@file" | |
## HTTP Services | |
#- "traefik.http.routers.collabora.service=code-svc" | |
#- "traefik.http.services.code-svc.loadbalancer.server.port=9980" | |
restart: always | |
nextcloud-postgres: | |
image: postgres:10-alpine | |
container_name: nextcloud-postgres | |
#user: ${UID}:${GID} | |
security_opt: | |
- no-new-privileges=true | |
volumes: | |
- /tmp/config-postgres-nextcloud:/var/lib/postgresql/data | |
- /etc/localtime:/etc/localtime:ro | |
environment: | |
POSTGRES_USER: "nextcloud" | |
POSTGRES_PASSWORD: "123" | |
POSTGRES_DB: "nextcloud" | |
restart: always | |
nextcloud-postgres-backup: | |
container_name: "nextcloud-postgres-backup" | |
image: "postgres:10-alpine" | |
environment: | |
BACKUP_NUM_KEEP: 7 | |
BACKUP_FREQUENCY: "1d" | |
volumes: | |
- /tank/backups/databases/nextcloud:/dump | |
- /etc/localtime:/etc/localtime:ro | |
entrypoint: | | |
bash -c 'bash -s <<EOF | |
trap "break;exit" SIGHUP SIGINT SIGTERM | |
sleep 1s | |
while /bin/true; do | |
PGPASSWORD=123 pg_dump --host=nextcloud-postgres --username=nextcloud nextcloud | gzip -c > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.sql.gz | |
(ls -t /dump/dump*.sql.gz|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.sql.gz)|sort|uniq -u|xargs rm -- {} | |
sleep $$BACKUP_FREQUENCY | |
done | |
EOF' | |
restart: always | |
nextcloud-redis: | |
image: redis:alpine | |
container_name: nextcloud-redis | |
command: redis-server --requirepass pass | |
restart: always | |
nextcloud-cron: | |
image: nextcloud:20-apache | |
container_name: nextcloud-cron | |
volumes: | |
- /tmp/config-nextcloud10:/var/www/html | |
depends_on: | |
- nextcloud-postgres | |
- nextcloud-redis | |
entrypoint: /cron.sh | |
restart: always |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment