First commit

nextcloud/install/nextcloud.compose.yaml

@@ -0,0 +1,82 @@
+services:
+  db:
+    image: postgres:16-alpine
+    container_name: nextcloud-db
+    restart: always
+    volumes:
+      - /srv/docker/nextcloud/pgdata:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    networks:
+      - default
+
+  redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: always
+    networks:
+      - default
+
+  app:
+    image: nextcloud
+    container_name: nextcloud-app
+    restart: always
+    depends_on:
+      - db
+      - redis
+    volumes:
+      - /srv/docker/nextcloud/app:/var/www/html
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_HOST=db
+    labels:
+      - "traefik.enable=true"
+      
+      # Route HTTPS principale
+      - "traefik.http.routers.nextcloud.rule=Host(`cloud.alamaison.me`)"
+      
+      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+      - "traefik.http.routers.nextcloud.tls=true"
+      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
+      
+      - "traefik.http.routers.http-catch.rule=Host(`cloud.alamaison.me`)"
+      - "traefik.http.routers.http-catch.entrypoints=web"
+      - "traefik.http.routers.http-catch.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+
+      # Cible le bon port interne (Apache dans le conteneur Nextcloud)
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+
+      # Réseau utilisé par Traefik
+      - "traefik.docker.network=http-proxy"
+
+      # Middleware : Headers recommandés pour WebDAV et sécurité
+      - "traefik.http.middlewares.nextcloud-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customresponseheaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=no-referrer"
+      - "traefik.http.middlewares.nextcloud-headers.headers.permissionsPolicy=interest-cohort=()"
+
+      # Middleware : Upload illimité (buffering)
+      - "traefik.http.middlewares.nextcloud-upload.buffering.maxRequestBodyBytes=0"
+      - "traefik.http.middlewares.nextcloud-upload.buffering.memRequestBodyBytes=0"
+
+      # Appliquer les middlewares à la route
+      - "traefik.http.routers.nextcloud.middlewares=nextcloud-headers,nextcloud-upload"
+
+    networks:
+      - http-proxy
+      - default
+
+networks:
+  http-proxy:
+    external: true

nextcloud/install/nextcloud.env

@@ -0,0 +1,3 @@
+POSTGRES_DB=nextcloud
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD=8PXUQ9zE5Ql7Mg2F4BeF6z85omh76uqo

nextcloud/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

nextcloud/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net