-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
91 lines (81 loc) · 3.48 KB
/
docker-compose.yml
File metadata and controls
91 lines (81 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
services:
nextcloud_db:
image: postgres:13-bookworm
hostname: nextcloud_db
container_name: nextcloud_db
restart: always
volumes:
- ./database:/var/lib/postgresql/data
env_file: .env
networks:
- nextcloud_db
nextcloud_redis:
container_name: nextcloud_redis
hostname: nextcloud_redis
image: redis:7.4
restart: always
networks:
- nextcloud_db
nextcloud_app:
container_name: nextcloud_app
hostname: nextcloud_app
image: nextcloud:31
restart: always
ports:
- 8090:80
depends_on:
- nextcloud_db
volumes:
- ./data/www/html:/var/www/html
environment:
- NC_skeletondirectory=
networks:
- nextcloud_db
- frontend
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
- "traefik.http.routers.nextcloud.rule=Host(`nuage.$DOMAIN`)"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
- "traefik.http.routers.nextcloud.middlewares=nextcloud_custom_header, nextcloud_redirectregex, crowdsec@file"
# Pour le chargement de scripts extérieurs, ex : onlyoffice
- "traefik.http.middlewares.nextcloud_custom_header.headers.customResponseHeaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload;"
- "traefik.http.middlewares.nextcloud_custom_header.headers.contentSecurityPolicy=frame-ancestors 'self' ${DOMAIN} onlyoffice.${DOMAIN} "
# redirection nécéssaire au desktop client et autres webdav
- "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
- "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav"
# onlyoffice:
# container_name: onlyoffice
# hostname: onlyoffice
# image: onlyoffice/documentserver:latest
# restart: always
# networks:
# - frontend
# environment:
# JWT_SECRET: ${JWT_SECRET}
# ENABLE_SSL: true
# expose:
# - '80'
# - '443'
# labels:
# - "traefik.enable=true"
# - "traefik.docker.network=frontend"
# - "traefik.http.routers.onlyoffice.tls.certresolver=myresolver"
# - "traefik.http.routers.onlyoffice.rule=Host(`onlyoffice.$DOMAIN`)"
# - "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
# - "traefik.http.routers.onlyoffice.entrypoints=websecure"
# - "traefik.http.routers.onlyoffice.middlewares=onlyoffice-https-redirect"
# - "traefik.http.middlewares.onlyoffice-https-redirect.redirectscheme.scheme=https"
# - "traefik.http.routers.onlyoffice.middlewares=onlyoffice_custom_header"
# - "traefik.http.middlewares.onlyoffice_custom_header.headers.customResponseHeaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload;"
# - "traefik.http.middlewares.onlyoffice_custom_header.headers.referrerPolicy=no-referrer"
# - "traefik.http.middlewares.onlyoffice_custom_header.headers.forceSTSHeader=true"
# - "traefik.http.middlewares.onlyoffice_custom_header.headers.browserXssFilter=true"
# - "traefik.http.middlewares.onlyoffice_custom_header.headers.customRequestHeaders.X-Forwarded-Proto=https"
networks:
frontend:
external: true
nextcloud_db:
internal: true