nextcloud-docker-compose.yml

version: "3"

services:
  nextcloud:
    image: nextcloud:21.0.3-apache
    restart: always
    volumes:
      - ./nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=localhost
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - APACHE_DISABLE_REWRITE_IP
      - TRUSTED_PROXIES=172.xx.xx.x
    env_file:
      - db.env
    depends_on:
      - db
      - redis
    networks:
      - web
      - internal
    labels:
      - traefik.enable=true
      #  HTTP route including the necessary redirect to https
      #  TODO: remove path postfix, as soon as everything is configured correctly
      - traefik.http.routers.nextcloud.rule=Host(`xxx`) # && Path(`/nc`)
      - traefik.http.routers.nextcloud.entrypoints=web # <== Defining the entrypoint for http, **ref: line 30
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true

      # Redirect to root path
      # - traefik.http.middlewares.to-root.replacepath.path=/
      # - traefik.http.routers.nextcloud-sec.middlewares=to-root
      # HTTPS route
      #  TODO: remove path postfix, as soon as everything is configured correctly
      - traefik.http.routers.nextcloud-sec.rule=Host(`xxx`) # && Path(`/nc`)
      - traefik.http.routers.nextcloud-sec.entrypoints=websecure
      - traefik.http.routers.nextcloud-sec.tls=true
      - traefik.http.routers.nextcloud-sec.tls.certresolver=certresolver

  db:
    image: mariadb:10.5
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=xxx
    env_file:
      - db.env
    networks:
      - internal

  redis:
    image: redis:alpine
    restart: always
    networks:
      - internal
      
      redis:
    image: redis:alpine
    restart: always
    networks:
      - internal

  cron:
    image: nextcloud:21.0.3-apache
    restart: always
    volumes:
      - ./nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis

volumes:
  db:
  nextcloud:

networks:
  web:
    name: web
  internal:
    name: internal

traefik-docker-compose.yml

version: "3"

services:
  traefik:
    # The official v2 Traefik docker image
    image: traefik:v2.4
    restart: always
    command:
      # Enables the web UI and tells Traefik to listen to docker
      - --api.dashboard=true
      - --api.insecure=true

      - --providers.docker=true
      - --providers.docker.exposedByDefault=false

      ## Certificate Settings (Let's Encrypt) -  https://docs.traefik.io/https/acme/#configuration-examples ##
      - --certificatesresolvers.certresolver.acme.dnschallenge=true
      - --certificatesresolvers.certresolver.acme.dnschallenge.provider=inwx
      - --certificatesresolvers.certresolver.acme.email=xxx
      # Staging/prod server uncomment the one in question
      # - --certificatesresolvers.certresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.certresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.certresolver.acme.storage=/letsencrypt/acme.json

      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
    ports:
      # The HTTP port
      - "80:80"
      - "443:443" # <== https
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt
    environment:
      - INWX_USERNAME=xxx
      - INWX_PASSWORD=xxx
    networks:
      - web
      
 networks:
  web:
    name: web