---
version: '2'
services:
app:
image: linuxserver/nextcloud
restart: always
ports:
- 8082:80
volumes:
- /mnt/nextcloud/config:/config
- /mnt/nextcloud/data:/data
environment:
- MYSQL_DATABASE=CHANGEME
- MYSQL_USER=CHANGEME
- MYSQL_PASSWORD=CHANGEME
- MYSQL_HOST=db
db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- ./sqldata:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=CHANGEME
- MYSQL_PASSWORD=CHANGEME
- MYSQL_DATABASE=CHANGEME
- MYSQL_USER=CHANGEME
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
listen 443 ssl http2;
server_name drive.example.org;
location / {
proxy_pass http://192.168.20.216:8082$request_uri;
proxy_set_header Host drive.example.org;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
ssl_certificate /etc/letsencrypt/live/drive.example.org/fullchain.pem; # managed by certbot on host machine
ssl_certificate_key /etc/letsencrypt/live/drive.example.org/privkey.pem; # managed by certbot on host machine
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
}
nano /mnt/nextcloud/config/www/nextcloud/config/config.php
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'datadirectory' => '/data',
'instanceid' => 'REDACTED',
'passwordsalt' => 'REDACTED',
'secret' => 'REDACTED',
'trusted_domains' =>
array (
0 => 'drive.example.org',
),
'dbtype' => 'mysql',
'version' => '25.0.2.3',
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://drive.example.org',
'dbname' => 'nextcloud',
'dbhost' => '172.25.0.2',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'REDACTED',
'dbpassword' => 'REDACTED',
'installed' => true,
);
cd /nextcloud/apps
wget .tar.gz from https://apps.nextcloud.com/
Activate on Apps tabs -> Configure on Settings
wget from https://apps.nextcloud.com/apps/onlyoffice
sudo docker run -i -t -d -p 443:443 \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
### Put TLS crt here
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
### Generate TOKEN
sudo docker exec $ONLYOFFICE_CONTAINER_ID /var/www/onlyoffice/documentserver/npm/json -f /etc/onlyoffice/documentserver/local.json
### Configure on ONLYOFFICE Settings
INSECURE TLS -> TRUE