services:
  db:
    image: postgres:16-alpine
    container_name: nextcloud-db
    restart: always
    volumes:
      - /srv/docker/nextcloud/pgdata:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    networks:
      - default

  redis:
    image: redis:alpine
    container_name: nextcloud-redis
    restart: always
    networks:
      - default

  app:
    image: nextcloud
    container_name: nextcloud-app
    restart: always
    depends_on:
      - db
      - redis
    volumes:
      - /srv/docker/nextcloud/app:/var/www/html
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_HOST=db
    labels:
      - "traefik.enable=true"
      
      # Route HTTPS principale
      - "traefik.http.routers.nextcloud.rule=Host(`cloud.alamaison.me`)"
      
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
      
      - "traefik.http.routers.http-catch.rule=Host(`cloud.alamaison.me`)"
      - "traefik.http.routers.http-catch.entrypoints=web"
      - "traefik.http.routers.http-catch.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"


      # Cible le bon port interne (Apache dans le conteneur Nextcloud)
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"

      # Réseau utilisé par Traefik
      - "traefik.docker.network=http-proxy"

      # Middleware : Headers recommandés pour WebDAV et sécurité
      - "traefik.http.middlewares.nextcloud-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.nextcloud-headers.headers.customresponseheaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload"
      - "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
      - "traefik.http.middlewares.nextcloud-headers.headers.browserXssFilter=true"
      - "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=no-referrer"
      - "traefik.http.middlewares.nextcloud-headers.headers.permissionsPolicy=interest-cohort=()"

      # Middleware : Upload illimité (buffering)
      - "traefik.http.middlewares.nextcloud-upload.buffering.maxRequestBodyBytes=0"
      - "traefik.http.middlewares.nextcloud-upload.buffering.memRequestBodyBytes=0"

      # Appliquer les middlewares à la route
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-headers,nextcloud-upload"

    networks:
      - http-proxy
      - default

networks:
  http-proxy:
    external: true