86 lines
3.1 KiB
YAML
86 lines
3.1 KiB
YAML
version: "3.8"
|
|
|
|
services:
|
|
documentserver:
|
|
image: onlyoffice/documentserver:7.0.1.37
|
|
networks:
|
|
- proxy
|
|
restart: unless-stopped
|
|
env_file: secrets/oo.secrets
|
|
environment:
|
|
- JWT_ENABLED=true
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.middlewares.ds-redirect-websecure.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.ds-http.middlewares=ds-redirect-websecure"
|
|
- "traefik.http.routers.ds-http.rule=Host(`${OOCN}`)"
|
|
- "traefik.http.routers.ds-http.entrypoints=web"
|
|
- "traefik.http.routers.ds-https.rule=Host(`${OOCN}`)"
|
|
- "traefik.http.routers.ds-https.entrypoints=websecure"
|
|
- "traefik.http.routers.ds-https.tls=true"
|
|
- "traefik.http.routers.ds-https.tls.certresolver=myhttpchallenge"
|
|
- "traefik.http.middlewares.ds-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.routers.ds-https.middlewares=ds-header"
|
|
|
|
redis:
|
|
image: redis:6.2.1
|
|
command: ["sh", "-c", "redis-server --requirepass $${REDIS_HOST_PASSWORD}"]
|
|
restart: unless-stopped
|
|
env_file: secrets/redis.secrets
|
|
volumes:
|
|
- ${DATA_PATH}/redis:/var/lib/redis
|
|
|
|
db:
|
|
image: mariadb:10.5.4
|
|
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ${DATA_PATH}/my.cnf:/etc/mysql/my.cnf:ro
|
|
- ${DATA_PATH}/db:/var/lib/mysql
|
|
env_file: secrets/db.secrets
|
|
labels:
|
|
- "co.elastic.logs/module=mysql"
|
|
|
|
app:
|
|
image: nextcloud:22.2.8
|
|
depends_on:
|
|
- db
|
|
- redis
|
|
networks:
|
|
- proxy
|
|
- default
|
|
expose:
|
|
- "80"
|
|
links:
|
|
- db
|
|
volumes:
|
|
- ${DATA_PATH}/app/html:/var/www/html
|
|
- ${DATA_PATH}/app/skeleton:/var/www/html/gnous-skeleton:ro
|
|
restart: unless-stopped
|
|
env_file: secrets/app.secrets
|
|
environment:
|
|
- APACHE_DISABLE_REWRITE_IP=1
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
- "traefik.http.middlewares.nc-redirect-websecure.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.nc-http.middlewares=nc-redirect-websecure"
|
|
- "traefik.http.routers.nc-http.rule=Host(`${NCCN}`,`${SAN1}`)"
|
|
- "traefik.http.routers.nc-http.entrypoints=web"
|
|
- "traefik.http.routers.nc-https.rule=Host(`${NCCN}`,`${SAN1}`)"
|
|
- "traefik.http.routers.nc-https.entrypoints=websecure"
|
|
- "traefik.http.routers.nc-https.tls=true"
|
|
- "traefik.http.routers.nc-https.tls.certresolver=myhttpchallenge"
|
|
- "traefik.http.middlewares.nc-redirectregex.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
|
|
- "traefik.http.middlewares.nc-redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav/"
|
|
- "traefik.http.middlewares.nc-redirectregex.redirectregex.permanent=true"
|
|
- "traefik.http.routers.nc-https.middlewares=nc-redirectregex"
|
|
- "traefik.http.routers.nc-https.middlewares=nc-Header"
|
|
- "traefik.http.middlewares.nc-Header.headers.stsSeconds=15552000"
|
|
- "co.elastic.logs/module=apache"
|
|
- "co.elastic.logs/fileset=access"
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|