First commit

nextcloud/install/nextcloud.compose.yaml

@@ -0,0 +1,82 @@
+services:
+  db:
+    image: postgres:16-alpine
+    container_name: nextcloud-db
+    restart: always
+    volumes:
+      - /srv/docker/nextcloud/pgdata:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    networks:
+      - default
+
+  redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: always
+    networks:
+      - default
+
+  app:
+    image: nextcloud
+    container_name: nextcloud-app
+    restart: always
+    depends_on:
+      - db
+      - redis
+    volumes:
+      - /srv/docker/nextcloud/app:/var/www/html
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_HOST=db
+    labels:
+      - "traefik.enable=true"
+      
+      # Route HTTPS principale
+      - "traefik.http.routers.nextcloud.rule=Host(`cloud.alamaison.me`)"
+      
+      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+      - "traefik.http.routers.nextcloud.tls=true"
+      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
+      
+      - "traefik.http.routers.http-catch.rule=Host(`cloud.alamaison.me`)"
+      - "traefik.http.routers.http-catch.entrypoints=web"
+      - "traefik.http.routers.http-catch.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+
+      # Cible le bon port interne (Apache dans le conteneur Nextcloud)
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+
+      # Réseau utilisé par Traefik
+      - "traefik.docker.network=http-proxy"
+
+      # Middleware : Headers recommandés pour WebDAV et sécurité
+      - "traefik.http.middlewares.nextcloud-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customresponseheaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=no-referrer"
+      - "traefik.http.middlewares.nextcloud-headers.headers.permissionsPolicy=interest-cohort=()"
+
+      # Middleware : Upload illimité (buffering)
+      - "traefik.http.middlewares.nextcloud-upload.buffering.maxRequestBodyBytes=0"
+      - "traefik.http.middlewares.nextcloud-upload.buffering.memRequestBodyBytes=0"
+
+      # Appliquer les middlewares à la route
+      - "traefik.http.routers.nextcloud.middlewares=nextcloud-headers,nextcloud-upload"
+
+    networks:
+      - http-proxy
+      - default
+
+networks:
+  http-proxy:
+    external: true