version: "3.8" services: web: image: nginx:1.25.3 depends_on: - app configs: - source: nginx_conf target: /etc/nginx/nginx.conf environment: - X_FRAME_OPTIONS_ALLOW_FROM - X_FRAME_OPTIONS_ENABLED - DOMAIN - STACK_NAME volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached - nextdata:/var/www/html/data:cached - nextconfig:/var/www/html/config:cached - ${EXTRA_VOLUME} networks: - proxy - internal deploy: update_config: failure_action: rollback order: start-first labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "caddy=${DOMAIN}" - "caddy.reverse_proxy={{upstreams 80}}" - "caddy.tls.on_demand=" healthcheck: test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php | grep "installed\":true"'] interval: 30s timeout: 10s retries: 10 start_period: 5m app: image: nextcloud:28.0.5-fpm depends_on: - db configs: - source: fpm_tune target: /usr/local/etc/php-fpm.d/zzz-fpm-tune.conf - source: entrypoint target: /custom-entrypoint.sh mode: 555 entrypoint: /custom-entrypoint.sh secrets: - db_password - admin_password environment: - APPS - OCC_CMDS - X_FRAME_OPTIONS_ALLOW_FROM - X_FRAME_OPTIONS_ENABLED - DOMAIN - STACK_NAME - NEXTCLOUD_ADMIN_USER=${ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN} - TRUSTED_PROXIES=10.0.0.0/8 - REDIS_HOST=cache - OVERWRITEPROTOCOL=https - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-1G} - FPM_MAX_CHILDREN=${FPM_MAX_CHILDREN:-131} - FPM_START_SERVERS=${FPM_START_SERVERS:-32} - FPM_MIN_SPARE_SERVERS=${FPM_MIN_SPARE_SERVERS:-32} - FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-98} - DEFAULT_QUOTA volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached - nextdata:/var/www/html/data:cached - nextconfig:/var/www/html/config:cached - ${EXTRA_VOLUME} networks: - internal deploy: update_config: failure_action: rollback order: start-first labels: - "coop-cloud.${STACK_NAME}.version=6.0.1+28.0.2-fpm" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/" healthcheck: test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"'] interval: 30s timeout: 10s retries: 10 start_period: 15m cron: image: nextcloud:28.0.5-fpm volumes: - nextcloud:/var/www/html/ - nextapps:/var/www/html/custom_apps:cached - nextdata:/var/www/html/data:cached - nextconfig:/var/www/html/config:cached - ${EXTRA_VOLUME} networks: - internal entrypoint: /cron.sh cache: image: redis:7.2.4-alpine networks: - internal volumes: - "redis:/data" healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 3s timeout: 5s retries: 20 secrets: db_password: external: true name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} admin_password: external: true name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} volumes: nextcloud: nextapps: nextdata: nextconfig: redis: configs: nginx_conf: name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION} file: nginx.conf.tmpl template_driver: golang fpm_tune: name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION} file: fpm-tune.ini template_driver: golang entrypoint: name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} file: entrypoint.sh.tmpl template_driver: golang networks: proxy: external: true internal: