We setup nextcloud manually with docker-compose.yml:
version: '3.9'
services:
traefik:
image: traefik:v2.10
container_name: traefik
hostname: traefik
restart: always
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/log:/var/log
- /data/traefik:/data/traefik
command:
- --log.level=INFO
- --accesslog=true
- --accesslog.filepath=/var/log/traefik-access.log
- --api.dashboard=true
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls.certresolver=myresolver
- --certificatesresolvers.myresolver.acme.email=<mail@example.com>
- --certificatesresolvers.myresolver.acme.storage=/data/traefik/acme.json
- --certificatesresolvers.myresolver.acme.tlschallenge=true
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$v9rdfknT$$63JGq8avNBe993kUW0z6u1"
whoami:
image: traefik/whoami:v1.10
container_name: whoami
hostname: whoami
restart: always
labels:
- 'traefik.enable=true'
#- 'traefik.http.routers.whoami.tls=true'
#- 'traefik.http.routers.whoami.tls.certresolver=myresolver'
- 'traefik.http.routers.whoami.entrypoints=websecure'
- 'traefik.http.routers.whoami.rule=PathPrefix(`/whoami`)'
- 'traefik.http.routers.whoami.priority=1024'
- 'traefik.http.services.whoami.loadbalancer.server.port=80'
nginx:
image: nginx
container_name: nginx
restart: always
hostname: nginx
volumes:
- /data/nginx:/usr/share/nginx/html:ro
labels:
- 'traefik.enable=true'
#- 'traefik.http.routers.nginx.tls=true'
#- 'traefik.http.routers.nginx.tls.certresolver=myresolver'
- 'traefik.http.routers.nginx.entrypoints=websecure'
- 'traefik.http.routers.nginx.rule=Host(`example.com`) || Host(`www.example.com`)'
- 'traefik.http.services.nginx.loadbalancer.server.port=80'
postgres:
image: postgres:14-alpine
container_name: postgres
restart: always
volumes:
- /data/postgres:/var/lib/postgresql/data
environment:
- TZ=Europe/Berlin
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=<ABC>
nextcloud:
image: nextcloud
container_name: nextcloud
hostname: nextcloud
restart: always
volumes:
- /data/nextcloud:/var/www/html
environment:
- TZ=Europe/Berlin
- POSTGRES_HOST=postgres
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=<ABC>
- NEXTCLOUD_ADMIN_PASSWORD=<DEF>
- NEXTCLOUD_ADMIN_USER=ncadmin
- NEXTCLOUD_TRUSTED_DOMAINS=cloud.example.com
- TRUSTED_PROXIES=traefik
- OVERWRITEPROTOCOL=https
- NC_default_phone_region=<EU>
depends_on:
- postgres
labels:
- 'traefik.enable=true'
#- 'traefik.http.routers.nextcloud.tls=true'
#- 'traefik.http.routers.nextcloud.tls.certresolver=myresolver'
- 'traefik.http.routers.nextcloud.entrypoints=websecure'
- 'traefik.http.routers.nextcloud.rule=Host(`cloud.example.com`)'
- 'traefik.http.routers.nextcloud.middlewares=nextcloud-dav,nextcloud-header'
- 'traefik.http.services.nextcloud.loadbalancer.server.port=80'
- 'traefik.http.middlewares.nextcloud-dav.redirectRegex.regex=https://(.*)/.well-known/(card|cal)dav'
- 'traefik.http.middlewares.nextcloud-dav.redirectRegex.replacement=https://$${1}/remote.php/dav/'
- 'traefik.http.middlewares.nextcloud-dav.redirectRegex.permanent=true'
- "traefik.http.middlewares.nextcloud-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nextcloud-header.headers.stsSeconds=15552000"
- "traefik.http.middlewares.nextcloud-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nextcloud-header.headers.stsPreload=true"
- "traefik.http.middlewares.nextcloud-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloud-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nextcloud-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
collabora:
image: collabora/code
container_name: collabora
hostname: collabora
restart: always
environment:
- aliasgroup1=https://cloud.example.com
- dictionaries=en_US
- username=coadmin
- password=<GHI>
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
tty: true
labels:
- 'traefik.enable=true'
#- 'traefik.http.routers.collabora.tls=true'
#- 'traefik.http.routers.collabora.tls.certresolver=myresolver'
- 'traefik.http.routers.collabora.entrypoints=websecure'
- 'traefik.http.routers.collabora.rule=Host(`office.example.com`) || Host(`co.example.com`)'
- 'traefik.http.routers.collabora.middlewares=collabora-header'
- 'traefik.http.middlewares.collabora-header.headers.referrerPolicy=no-referrer'
- 'traefik.http.middlewares.collabora-header.headers.stsSeconds=15552000'
- 'traefik.http.middlewares.collabora-header.headers.forceSTSHeader=true'
- 'traefik.http.middlewares.collabora-header.headers.stsPreload=true'
- 'traefik.http.middlewares.collabora-header.headers.stsIncludeSubdomains=true'
- 'traefik.http.middlewares.collabora-header.headers.browserXssFilter=true'
- 'traefik.http.middlewares.collabora-header.headers.customRequestHeaders.X-Forwarded-Proto=https'
- 'traefik.http.services.collabora.loadbalancer.server.port=9980'