version: "3.8" services: documentserver: image: onlyoffice/documentserver:7.0.1.37 networks: - proxy restart: unless-stopped env_file: secrets/oo.secrets environment: - JWT_ENABLED=true labels: - "traefik.enable=true" - "traefik.http.middlewares.ds-redirect-websecure.redirectscheme.scheme=https" - "traefik.http.routers.ds-http.middlewares=ds-redirect-websecure" - "traefik.http.routers.ds-http.rule=Host(`${OOCN}`)" - "traefik.http.routers.ds-http.entrypoints=web" - "traefik.http.routers.ds-https.rule=Host(`${OOCN}`)" - "traefik.http.routers.ds-https.entrypoints=websecure" - "traefik.http.routers.ds-https.tls=true" - "traefik.http.routers.ds-https.tls.certresolver=myhttpchallenge" - "traefik.http.middlewares.ds-header.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.routers.ds-https.middlewares=ds-header" redis: image: redis:6.2.1 command: ["sh", "-c", "redis-server --requirepass $${REDIS_HOST_PASSWORD}"] restart: unless-stopped env_file: secrets/redis.secrets volumes: - ${DATA_PATH}/redis:/var/lib/redis db: image: mariadb:10.5.4 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: unless-stopped volumes: - ${DATA_PATH}/my.cnf:/etc/mysql/my.cnf:ro - ${DATA_PATH}/db:/var/lib/mysql env_file: secrets/db.secrets labels: - "co.elastic.logs/module=mysql" app: image: nextcloud:23.0.10 depends_on: - db - redis networks: - proxy - default expose: - "80" links: - db volumes: - ${DATA_PATH}/app/html:/var/www/html - ${DATA_PATH}/app/skeleton:/var/www/html/gnous-skeleton:ro restart: unless-stopped env_file: secrets/app.secrets environment: - APACHE_DISABLE_REWRITE_IP=1 labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.middlewares.nc-redirect-websecure.redirectscheme.scheme=https" - "traefik.http.routers.nc-http.middlewares=nc-redirect-websecure" - "traefik.http.routers.nc-http.rule=Host(`${NCCN}`,`${SAN1}`)" - "traefik.http.routers.nc-http.entrypoints=web" - "traefik.http.routers.nc-https.rule=Host(`${NCCN}`,`${SAN1}`)" - "traefik.http.routers.nc-https.entrypoints=websecure" - "traefik.http.routers.nc-https.tls=true" - "traefik.http.routers.nc-https.tls.certresolver=myhttpchallenge" - "traefik.http.middlewares.nc-redirectregex.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" - "traefik.http.middlewares.nc-redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav/" - "traefik.http.middlewares.nc-redirectregex.redirectregex.permanent=true" - "traefik.http.routers.nc-https.middlewares=nc-redirectregex" - "traefik.http.routers.nc-https.middlewares=nc-Header" - "traefik.http.middlewares.nc-Header.headers.stsSeconds=15552000" - "co.elastic.logs/module=apache" - "co.elastic.logs/fileset=access" networks: proxy: external: true