-
-
Save ismailyenigul/f03b4f5f15e5e61ac5b80905c5d2890a to your computer and use it in GitHub Desktop.
| # docker network create nextcloud | |
| NOTES: | |
| 1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com | |
| 2. TRUSTED_PROXIES values based on your 'nexcloud network' | |
| 3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and | |
| traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain | |
| 3 | |
| # cat docker-compose.yml | |
| version: '3.3' | |
| volumes: | |
| nextcloud-www: | |
| driver: local | |
| nextcloud-db: | |
| driver: local | |
| redis: | |
| driver: local | |
| letsencrypt: | |
| driver: local | |
| services: | |
| traefik: | |
| image: traefik:v2.2 | |
| container_name: traefik | |
| restart: always | |
| command: | |
| - "--log.level=DEBUG" | |
| - "--api.insecure=true" | |
| - "--providers.docker=true" | |
| - "--providers.docker.exposedbydefault=true" | |
| - "--entrypoints.web.address=:80" | |
| - "--entrypoints.websecure.address=:443" | |
| - "--entrypoints.web.http.redirections.entryPoint.to=websecure" | |
| - "--entrypoints.web.http.redirections.entryPoint.scheme=https" | |
| - "--certificatesresolvers.myresolver.acme.httpchallenge=true" | |
| - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" | |
| - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com" | |
| - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| networks: | |
| - nextcloud | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - letsencrypt:/letsencrypt | |
| db: | |
| restart: always | |
| image: postgres:11 | |
| networks: | |
| - nextcloud | |
| environment: | |
| - POSTGRES_USER=nextcloud | |
| - POSTGRES_PASSWORD=password | |
| - POSTGRES_DB=nextcloud | |
| volumes: | |
| - nextcloud-db:/var/lib/postgresql/data | |
| redis: | |
| image: redis:latest | |
| restart: always | |
| networks: | |
| - nextcloud | |
| volumes: | |
| - redis:/var/lib/redis | |
| nextcloud: | |
| image: nextcloud:latest | |
| restart: always | |
| networks: | |
| - nextcloud | |
| depends_on: | |
| - redis | |
| - db | |
| labels: | |
| - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect | |
| - traefik.http.routers.nextcloud.tls.certresolver=myresolver | |
| - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) | |
| - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com | |
| - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net | |
| - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 | |
| - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true | |
| - traefik.http.middlewares.nextcloud.headers.stsPreload=true | |
| - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav | |
| - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ | |
| environment: | |
| - POSTGRES_DB=nextcloud | |
| - POSTGRES_USER=nextcloud | |
| - POSTGRES_PASSWORD=password | |
| - POSTGRES_HOST=db | |
| - NEXTCLOUD_ADMIN_USER=admin | |
| - NEXTCLOUD_ADMIN_PASSWORD=adminpass | |
| - REDIS_HOST=redis | |
| - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com | |
| - TRUSTED_PROXIES=172.18.0.0/16 | |
| volumes: | |
| - nextcloud-www:/var/www/html | |
| networks: | |
| nextcloud: | |
| external: true |
This works for me generally but I get a warning in firefox that not all elements of my page are being served over https. If I inspect the page these are some elements that are not secured. Do you have any idea's how to resolve this?
This works for me generally but I get a warning in firefox that not all elements of my page are being served over https. If I inspect the page these are some elements that are not secured. Do you have any idea's how to resolve this?
- Read the docs: https://hub.docker.com/_/nextcloud
- Add to yaml file in section Nextcloud
environment:
— OVERWRITEPROTOCOL=https
@BartKoppers that fixed it for me. I did read the docs BTW it just wasn't clear to me that would solve my issue.
@BartKoppers that fixed it for me. I did read the docs BTW it just wasn't clear to me that would solve my issue.
Yeah, I agree - docs on NC / NC Docker are somewhat scattered. Glad it helped!
Why would you choose the non-FPM version of Nextcloud, isn't it slower?
Why would you choose the non-FPM version of Nextcloud, isn't it slower?
Don't know how much slower.
I do know that:
- use of FPM would need another container.
- as it needs a httpd layer between Traefik and NC
- and, it's easier without
But, if you write a Gist here, I'm willing to test!
Ha thanks!
I am pretty clueless to be honest, my question is purely based on what I read online. I do use FileRun (similar to NextCloud but much faster and purely focused on file management, max 10 users). It does use FPM.
oh man, thank you!
This works but I had to integrate it into my compose file and added exposedbydefault is false there
labels: - "traefik.enable=true" - "traefik.docker.network=nextcloud" #not sure if this is needed ...