83 lines
3 KiB
YAML
83 lines
3 KiB
YAML
|
services:
|
||
|
|
db:
|
||
|
|
image: postgres:16-alpine
|
||
|
|
container_name: nextcloud-db
|
||
|
|
restart: always
|
||
|
|
volumes:
|
||
|
|
- /srv/docker/nextcloud/pgdata:/var/lib/postgresql/data
|
||
|
|
environment:
|
||
|
|
- POSTGRES_DB=${POSTGRES_DB}
|
||
|
|
- POSTGRES_USER=${POSTGRES_USER}
|
||
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||
|
|
networks:
|
||
|
|
- default
|
||
|
|
|
||
|
|
redis:
|
||
|
|
image: redis:alpine
|
||
|
|
container_name: nextcloud-redis
|
||
|
|
restart: always
|
||
|
|
networks:
|
||
|
|
- default
|
||
|
|
|
||
|
|
app:
|
||
|
|
image: nextcloud
|
||
|
|
container_name: nextcloud-app
|
||
|
|
restart: always
|
||
|
|
depends_on:
|
||
|
|
- db
|
||
|
|
- redis
|
||
|
|
volumes:
|
||
|
|
- /srv/docker/nextcloud/app:/var/www/html
|
||
|
|
environment:
|
||
|
|
- POSTGRES_DB=${POSTGRES_DB}
|
||
|
|
- POSTGRES_USER=${POSTGRES_USER}
|
||
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||
|
|
- POSTGRES_HOST=db
|
||
|
|
labels:
|
||
|
|
- "traefik.enable=true"
|
||
|
|
|
||
|
|
# Route HTTPS principale
|
||
|
|
- "traefik.http.routers.nextcloud.rule=Host(`cloud.alamaison.me`)"
|
||
|
|
|
||
|
|
- "traefik.http.routers.nextcloud.entrypoints=websecure"
|
||
|
|
- "traefik.http.routers.nextcloud.tls=true"
|
||
|
|
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
|
||
|
|
|
||
|
|
- "traefik.http.routers.http-catch.rule=Host(`cloud.alamaison.me`)"
|
||
|
|
- "traefik.http.routers.http-catch.entrypoints=web"
|
||
|
|
- "traefik.http.routers.http-catch.middlewares=redirect-to-https"
|
||
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||
|
|
|
||
|
|
|
||
|
|
# Cible le bon port interne (Apache dans le conteneur Nextcloud)
|
||
|
|
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
|
||
|
|
|
||
|
|
# Réseau utilisé par Traefik
|
||
|
|
- "traefik.docker.network=http-proxy"
|
||
|
|
|
||
|
|
# Middleware : Headers recommandés pour WebDAV et sécurité
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.customresponseheaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.browserXssFilter=true"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=no-referrer"
|
||
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.permissionsPolicy=interest-cohort=()"
|
||
|
|
|
||
|
|
# Middleware : Upload illimité (buffering)
|
||
|
|
- "traefik.http.middlewares.nextcloud-upload.buffering.maxRequestBodyBytes=0"
|
||
|
|
- "traefik.http.middlewares.nextcloud-upload.buffering.memRequestBodyBytes=0"
|
||
|
|
|
||
|
|
# Appliquer les middlewares à la route
|
||
|
|
- "traefik.http.routers.nextcloud.middlewares=nextcloud-headers,nextcloud-upload"
|
||
|
|
|
||
|
|
networks:
|
||
|
|
- http-proxy
|
||
|
|
- default
|
||
|
|
|
||
|
|
networks:
|
||
|
|
http-proxy:
|
||
|
|
external: true
|