nextcloud/compose.yml

version: "3.8"
services:
  web:
    image: nginx:1.25.3
    depends_on:
      - app
    configs:
      - source: nginx_conf
        target: /etc/nginx/nginx.conf
    environment:
      - X_FRAME_OPTIONS_ALLOW_FROM
      - X_FRAME_OPTIONS_ENABLED
      - DOMAIN
      - STACK_NAME
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - proxy
      - internal
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "caddy=${DOMAIN}"
        - "caddy.reverse_proxy={{upstreams 80}}"
        - "caddy.tls.on_demand="
    healthcheck:
      test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php |  grep "installed\":true"']
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 5m

  app:
    image: nextcloud:28.0.2-fpm
    depends_on:
      - db
    configs:
      - source: fpm_tune
        target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf
      - source: entrypoint
        target: /custom-entrypoint.sh
        mode: 555
    entrypoint: /custom-entrypoint.sh
    secrets:
      - db_password
      - admin_password
    environment:
      - APPS
      - OCC_CMDS
      - X_FRAME_OPTIONS_ALLOW_FROM
      - X_FRAME_OPTIONS_ENABLED
      - DOMAIN
      - STACK_NAME
      - NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
      - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
      - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
      - TRUSTED_PROXIES=10.0.0.0/8
      - REDIS_HOST=cache
      - OVERWRITEPROTOCOL=https
      - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}
      - FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}
      - FPM_START_SERVERS=${FPM_START_SERVERS:-32}
      - FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}
      - FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98}
      - DEFAULT_QUOTA
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - internal
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "coop-cloud.${STACK_NAME}.version=6.0.1+28.0.2-fpm"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
    healthcheck:
      test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"']
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 15m

  cron:
    image: nextcloud:28.0.2-fpm
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - internal
    entrypoint: /cron.sh

  cache:
    image: redis:7.2.4-alpine
    networks:
      - internal
    volumes:
      - "redis:/data"
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 3s
      timeout: 5s
      retries: 20

secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
  admin_password:
    external: true
    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}

volumes:
  nextcloud:
  nextapps:
  nextdata:
  nextconfig:
  redis:


configs:
  nginx_conf:
    name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}
    file: nginx.conf.tmpl
    template_driver: golang
  fpm_tune:
    name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
    file: fpm-tune.ini
    template_driver: golang
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

networks:
  proxy:
    external: true
  internal:
One-shot install 2020-09-08 22:52:37 +00:00			`version: "3.8"`
Initial import 2020-06-26 23:43:19 +00:00			`services:`
Nginx 2021-08-26 09:22:45 +00:00			`web:`
chore: publish 5.1.0+27.1.3-fpm release 2023-11-06 13:44:44 +00:00			`image: nginx:1.25.3`
add container depedency to avoid restart of web container 2023-11-28 10:29:55 +00:00			`depends_on:`
			`- app`
Nginx 2021-08-26 09:22:45 +00:00			`configs:`
			`- source: nginx_conf`
			`target: /etc/nginx/nginx.conf`
			`environment:`
add headers to embed nextcloud in frame on external site (#28) This introduces new env variables to configure nextloud to be embedded via iframe on an external site. Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to set X-Frame-Options and CSP headers to allow the domain configured in X_FRAME_OPTIONS_ALLOW_FROM. I created a PR because I'm not sure if this is helpful for other people or just a custom hack that bloats the recipe :D Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/28 2022-09-02 14:32:04 +00:00			`- X_FRAME_OPTIONS_ALLOW_FROM`
			`- X_FRAME_OPTIONS_ENABLED`
More FPM excitement 2021-08-26 10:02:21 +00:00			`- DOMAIN`
			`- STACK_NAME`
Nginx 2021-08-26 09:22:45 +00:00			`volumes:`
			`- nextcloud:/var/www/html/`
			`- nextapps:/var/www/html/custom_apps:cached`
			`- nextdata:/var/www/html/data:cached`
			`- nextconfig:/var/www/html/config:cached`
			`- ${EXTRA_VOLUME}`
			`networks:`
			`- proxy`
			`- internal`
			`deploy:`
			`update_config:`
			`failure_action: rollback`
			`order: start-first`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.docker.network=proxy"`
			`- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"`
			- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
			`- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"`
			`- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"`
			`- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"`
			`- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"`
			`- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"`
Add Caddy labels 2023-08-22 17:08:56 +00:00			`- "caddy=${DOMAIN}"`
			`- "caddy.reverse_proxy={{upstreams 80}}"`
			`- "caddy.tls.on_demand="`
healthchecks (#32) Adding healthchecks for nginx, mariadb, redis and php-fpm Co-authored-by: Moritz <moritz.m@local-it.org> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/32 2023-01-12 21:16:31 +00:00			`healthcheck:`
			`test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php \| grep "installed\":true"']`
			`interval: 30s`
			`timeout: 10s`
			`retries: 10`
increase healthcheck start_period for long updates 2023-01-20 14:03:11 +00:00			`start_period: 5m`
Spacing 2021-08-26 10:11:29 +00:00
Rename services, fix `abra occ` See compose-stacks/organising#19 2020-09-27 23:16:36 +00:00			`app:`
chore: publish 6.0.1+28.0.2-fpm release 2024-02-08 17:51:39 +00:00			`image: nextcloud:28.0.2-fpm`
Initial import 2020-06-26 23:43:19 +00:00			`depends_on:`
Rename services, fix `abra occ` See compose-stacks/organising#19 2020-09-27 23:16:36 +00:00			`- db`
Add fpm tuning config Closes https://git.coopcloud.tech/coop-cloud/nextcloud/issues/16#issuecomment-8284. 2021-08-26 10:41:59 +00:00			`configs:`
			`- source: fpm_tune`
fix: release the fpm handbrake it seems like php-fpm applys configs in aphabetical order, so that our fpm-tune was overwritten by the www.conf with default values. so let's go on highspeed now! :) 2023-06-13 11:20:26 +00:00			`target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf`
add headers to embed nextcloud in frame on external site (#28) This introduces new env variables to configure nextloud to be embedded via iframe on an external site. Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to set X-Frame-Options and CSP headers to allow the domain configured in X_FRAME_OPTIONS_ALLOW_FROM. I created a PR because I'm not sure if this is helpful for other people or just a custom hack that bloats the recipe :D Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/28 2022-09-02 14:32:04 +00:00			`- source: entrypoint`
			`target: /custom-entrypoint.sh`
			`mode: 555`
			`entrypoint: /custom-entrypoint.sh`
Initial import 2020-06-26 23:43:19 +00:00			`secrets:`
Set MySQL user password 2020-06-29 14:00:04 +00:00			`- db_password`
One-shot install 2020-09-08 22:52:37 +00:00			`- admin_password`
Initial import 2020-06-26 23:43:19 +00:00			`environment:`
Automatically install apps specified via env variable. 2022-11-08 11:31:24 +00:00			`- APPS`
feat: run occ commands from env variables as post deploy command 2023-01-10 17:09:11 +00:00			`- OCC_CMDS`
add headers to embed nextcloud in frame on external site (#28) This introduces new env variables to configure nextloud to be embedded via iframe on an external site. Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to set X-Frame-Options and CSP headers to allow the domain configured in X_FRAME_OPTIONS_ALLOW_FROM. I created a PR because I'm not sure if this is helpful for other people or just a custom hack that bloats the recipe :D Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/28 2022-09-02 14:32:04 +00:00			`- X_FRAME_OPTIONS_ALLOW_FROM`
			`- X_FRAME_OPTIONS_ENABLED`
More FPM excitement 2021-08-26 10:02:21 +00:00			`- DOMAIN`
			`- STACK_NAME`
Make admin user configurable 2021-02-15 00:09:04 +00:00			`- NEXTCLOUD_ADMIN_USER=${ADMIN_USER}`
Use upstream auto-config 😳 2020-09-08 23:01:15 +00:00			`- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password`
			`- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}`
fix: set trusted proxies to 10.0.0.0/8 2023-05-08 09:43:24 +00:00			`- TRUSTED_PROXIES=10.0.0.0/8`
Add Redis caching 2021-08-26 08:54:30 +00:00			`- REDIS_HOST=cache`
Support HTTP protocol overwriting Closes https://git.coopcloud.tech/coop-cloud/nextcloud/issues/5. 2021-08-26 09:05:01 +00:00			`- OVERWRITEPROTOCOL=https`
fix env fpm default values overwriteable 2023-06-09 13:38:52 +00:00			`- PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G}`
			`- FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131}`
			`- FPM_START_SERVERS=${FPM_START_SERVERS:-32}`
			`- FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32}`
			`- FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98}`
feat: set default quota via abra app cmd 2022-12-14 11:12:41 +00:00			`- DEFAULT_QUOTA`
Initial import 2020-06-26 23:43:19 +00:00			`volumes:`
Reluctant `nextcloud` volume 2020-09-28 20:31:41 +00:00			`- nextcloud:/var/www/html/`
Set MySQL user password 2020-06-29 14:00:04 +00:00			`- nextapps:/var/www/html/custom_apps:cached`
			`- nextdata:/var/www/html/data:cached`
			`- nextconfig:/var/www/html/config:cached`
Optional EXTRA_VOLUME 2020-12-09 20:51:04 +00:00			`- ${EXTRA_VOLUME}`
Initial import 2020-06-26 23:43:19 +00:00			`networks:`
			`- internal`
			`deploy:`
Rename services, fix `abra occ` See compose-stacks/organising#19 2020-09-27 23:16:36 +00:00			`update_config:`
			`failure_action: rollback`
			`order: start-first`
Add labels 2021-08-26 10:14:52 +00:00			`labels:`
chore: publish 6.0.1+28.0.2-fpm release 2024-02-08 17:51:39 +00:00			`- "coop-cloud.${STACK_NAME}.version=6.0.1+28.0.2-fpm"`
add default timeout 2023-04-13 17:50:40 +00:00			`- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"`
add postgres db (#26) This PR moves the db service into two override files `compose.mariadb.yml` and `compose.postgres.yml`. Existing installations need to add: ``` COMPOSE_FILE="compose.yml" COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" ``` to their .env file to ensure mariadb is still used. Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/26 2022-05-18 08:36:26 +00:00			`- "backupbot.backup=true"`
			`- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"`
healthchecks (#32) Adding healthchecks for nginx, mariadb, redis and php-fpm Co-authored-by: Moritz <moritz.m@local-it.org> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/32 2023-01-12 21:16:31 +00:00			`healthcheck:`
			`test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 \| grep "installed\":true"']`
			`interval: 30s`
			`timeout: 10s`
			`retries: 10`
increase healthcheck start_period for long updates 2023-11-28 13:39:50 +00:00			`start_period: 15m`
Spacing 2021-08-26 10:11:29 +00:00
Get cron back in the game 2021-08-26 10:12:02 +00:00			`cron:`
chore: publish 6.0.1+28.0.2-fpm release 2024-02-08 17:51:39 +00:00			`image: nextcloud:28.0.2-fpm`
Get cron back in the game 2021-08-26 10:12:02 +00:00			`volumes:`
			`- nextcloud:/var/www/html/`
			`- nextapps:/var/www/html/custom_apps:cached`
			`- nextdata:/var/www/html/data:cached`
			`- nextconfig:/var/www/html/config:cached`
			`- ${EXTRA_VOLUME}`
			`networks:`
			`- internal`
			`entrypoint: /cron.sh`
Spacing 2021-08-26 10:11:29 +00:00
Working nginx config 2021-08-26 10:07:37 +00:00			`cache:`
chore: publish 6.0.0+28.0.1-fpm release 2024-01-21 00:51:02 +00:00			`image: redis:7.2.4-alpine`
Working nginx config 2021-08-26 10:07:37 +00:00			`networks:`
			`- internal`
Add a volume for Redis 2021-09-15 08:25:49 +00:00			`volumes:`
			`- "redis:/data"`
healthchecks (#32) Adding healthchecks for nginx, mariadb, redis and php-fpm Co-authored-by: Moritz <moritz.m@local-it.org> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/32 2023-01-12 21:16:31 +00:00			`healthcheck:`
			`test: ["CMD", "redis-cli", "ping"]`
			`interval: 3s`
			`timeout: 5s`
			`retries: 20`
Nginx 2021-08-26 09:22:45 +00:00
Initial import 2020-06-26 23:43:19 +00:00			`secrets:`
Run formatter over it 2021-02-14 22:36:13 +00:00			`db_password:`
			`external: true`
Fix typo in db_password versioning 2022-11-22 05:37:36 +00:00			`name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}`
Run formatter over it 2021-02-14 22:36:13 +00:00			`admin_password:`
			`external: true`
Use new secret convention 2021-02-15 00:00:23 +00:00			`name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}`
Nginx 2021-08-26 09:22:45 +00:00
Initial import 2020-06-26 23:43:19 +00:00			`volumes:`
Reluctant `nextcloud` volume 2020-09-28 20:31:41 +00:00			`nextcloud:`
Initial import 2020-06-26 23:43:19 +00:00			`nextapps:`
			`nextdata:`
			`nextconfig:`
Add a volume for Redis 2021-09-15 08:25:49 +00:00			`redis:`
Nginx 2021-08-26 09:22:45 +00:00
add headers to embed nextcloud in frame on external site (#28) This introduces new env variables to configure nextloud to be embedded via iframe on an external site. Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to set X-Frame-Options and CSP headers to allow the domain configured in X_FRAME_OPTIONS_ALLOW_FROM. I created a PR because I'm not sure if this is helpful for other people or just a custom hack that bloats the recipe :D Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/28 2022-09-02 14:32:04 +00:00
Nginx 2021-08-26 09:22:45 +00:00			`configs:`
			`nginx_conf:`
			`name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}`
			`file: nginx.conf.tmpl`
			`template_driver: golang`
Add fpm tuning config Closes https://git.coopcloud.tech/coop-cloud/nextcloud/issues/16#issuecomment-8284. 2021-08-26 10:41:59 +00:00			`fpm_tune:`
			`name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}`
			`file: fpm-tune.ini`
feat: template fpm settings this closes #25 2022-12-13 14:20:57 +00:00			`template_driver: golang`
add headers to embed nextcloud in frame on external site (#28) This introduces new env variables to configure nextloud to be embedded via iframe on an external site. Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to set X-Frame-Options and CSP headers to allow the domain configured in X_FRAME_OPTIONS_ALLOW_FROM. I created a PR because I'm not sure if this is helpful for other people or just a custom hack that bloats the recipe :D Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de> Reviewed-on: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/28 2022-09-02 14:32:04 +00:00			`entrypoint:`
			`name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}`
			`file: entrypoint.sh.tmpl`
			`template_driver: golang`
Nginx 2021-08-26 09:22:45 +00:00
Initial import 2020-06-26 23:43:19 +00:00			`networks:`
			`proxy:`
			`external: true`
Fix secrets & network definition 2020-06-29 12:29:16 +00:00			`internal:`