-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
89 lines (79 loc) · 3.37 KB
/
docker-compose.yml
File metadata and controls
89 lines (79 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
services:
nextcloud_db:
image: postgres:13-bookworm
hostname: nextcloud_db
container_name: nextcloud_db
restart: always
volumes:
- ./database:/var/lib/postgresql/data
env_file: .env
networks:
- nextcloud_db
nextcloud_redis:
container_name: nextcloud_redis
hostname: nextcloud_redis
image: redis:7.4
restart: always
networks:
- nextcloud_db
nextcloud_app:
container_name: nextcloud_app
hostname: nextcloud_app
image: nextcloud:30
restart: always
ports:
- 8090:80
depends_on:
- nextcloud_db
volumes:
- ./data/www/html:/var/www/html
networks:
- nextcloud_db
- frontend
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
- "traefik.http.routers.nextcloud.rule=Host(`nuage.$DOMAIN`)"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
- "traefik.http.routers.nextcloud.middlewares=nextcloud_custom_header, nextcloud_redirectregex"
# Pour le chargement de scripts extérieurs, ex : onlyoffice
- "traefik.http.middlewares.nextcloud_custom_header.headers.customResponseHeaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload;"
- "traefik.http.middlewares.nextcloud_custom_header.headers.contentSecurityPolicy=frame-ancestors 'self' ${DOMAIN} onlyoffice.${DOMAIN} "
# redirection nécéssaire au desktop client et autres webdav
- "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
- "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav"
onlyoffice:
container_name: onlyoffice
hostname: onlyoffice
image: onlyoffice/documentserver:latest
restart: always
networks:
- frontend
environment:
JWT_SECRET: ${JWT_SECRET}
ENABLE_SSL: true
expose:
- '80'
- '443'
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.http.routers.onlyoffice.tls.certresolver=myresolver"
- "traefik.http.routers.onlyoffice.rule=Host(`onlyoffice.$DOMAIN`)"
- "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
- "traefik.http.routers.onlyoffice.entrypoints=websecure"
- "traefik.http.routers.onlyoffice.middlewares=onlyoffice-https-redirect"
- "traefik.http.middlewares.onlyoffice-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.onlyoffice.middlewares=onlyoffice_custom_header"
- "traefik.http.middlewares.onlyoffice_custom_header.headers.customResponseHeaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload;"
- "traefik.http.middlewares.onlyoffice_custom_header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.onlyoffice_custom_header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.onlyoffice_custom_header.headers.browserXssFilter=true"
- "traefik.http.middlewares.onlyoffice_custom_header.headers.customRequestHeaders.X-Forwarded-Proto=https"
networks:
frontend:
external: true
nextcloud_db:
internal: true