morbidick · November 20, 2020 23:22
diff --git a/docker + traefik + nextcloud b/docker + traefik + nextcloud
 How to combine nextcloud and a central traefik instance
diff --git a/ingress .env b/ingress .env
 HOST=traefik.localhost
 EMAIL=hostmaster@localhost
 BASIC_AUTH=admin:$apr1$8EVjn/nj$GiLUZqcbueTFeD23SuB6x0
 #admin/admin
diff --git a/ingress docker-compose.yml b/ingress docker-compose.yml
 version: "3.3"

 services:

  traefik:
    image: "traefik:v2.3"
    restart: unless-stopped
    command:
      - "--api=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=ingress_bridge"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.email=${EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    labels:
      # middleware redirect  
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"  
      # global redirect to https  
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"  
      - "traefik.http.routers.redirs.entrypoints=web"  
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"

      # dashboard
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.rule=Host(`${HOST}`)"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      # BasicAuth
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${BASIC_AUTH}"
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    networks:
      - bridge
    volumes:
      - "./data/letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

 networks:
  bridge:
    driver: bridge
diff --git a/nextcloud .env b/nextcloud .env
 NAME=testde
 HOST=test.de

 MYSQL_ROOT_PASSWORD=changeme123
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
 MYSQL_PASSWORD=nextcloud
diff --git a/nextcloud docker-compose.yml b/nextcloud docker-compose.yml
 # https://hub.docker.com/_/nextcloud
 version: "3.3"

 services:
  db:
    image: mariadb
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./data/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD
      - MYSQL_DATABASE
      - MYSQL_USER
      - MYSQL_PASSWORD

  db-backup:
    image: fradelg/mysql-cron-backup
    depends_on:
      - db
    volumes:
      - ./data/backup:/backup
    environment:
      - MYSQL_HOST=db
      - MYSQL_USER=root
      - MYSQL_PASS=${MYSQL_ROOT_PASSWORD}
      - MYSQL_DB=${MYSQL_DATABASE}
      - MAX_BACKUPS=15
      - INIT_BACKUP=0
      - CRON_TIME=0 3 * * *
      - GZIP_LEVEL=9
    restart: unless-stopped

  nextcloud:
    image: nextcloud:apache
    depends_on:
      - db
    volumes:
      - ./data/nextcloud:/var/www/html
    networks:
      - default
      - ingress
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${NAME}.rule=Host(`${HOST}`)"
      - "traefik.http.routers.${NAME}.entrypoints=websecure"
      - "traefik.http.routers.${NAME}.tls.certresolver=letsencrypt"

      # add https proxy headers
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.referrerPolicy=no-referrer"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.sslRedirect=true"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.stsSeconds=315360000"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.browserXSSFilter=true"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.stsPreload=true"
      - "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"

      # Cal* Redirect
      - "traefik.http.middlewares.${NAME}-nextcloud-redirect.redirectRegex.permanent=true"
      - "traefik.http.middlewares.${NAME}-nextcloud-redirect.redirectRegex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.${NAME}-nextcloud-redirect.redirectRegex.replacement=https://$${1}/remote.php/dav/"

      - "traefik.http.routers.${NAME}.middlewares=${NAME}-nextcloud-redirect,${NAME}-nextcloud-headers"
    restart: unless-stopped
    environment:
      - TRUSTED_PROXIES=172.16.0.0/12
      - OVERWRITEPROTOCOL=https
      - MYSQL_DATABASE
      - MYSQL_HOST=db:3306
      - MYSQL_PASSWORD
      - MYSQL_USER

  nextcloud-cron:
    image: nextcloud:apache
    entrypoint: /cron.sh
    depends_on:
      - nextcloud
      - db
    volumes:
      - ./data/nextcloud:/var/www/html
    restart: unless-stopped

 networks:
  ingress:
    external:
      name: ingress_bridge
	HOST=traefik.localhost
	EMAIL=hostmaster@localhost
	BASIC_AUTH=admin:$apr1$8EVjn/nj$GiLUZqcbueTFeD23SuB6x0
	#admin/admin
	version: "3.3"

	services:

	traefik:
	image: "traefik:v2.3"
	restart: unless-stopped
	command:
	- "--api=true"
	- "--api.dashboard=true"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--providers.docker.network=ingress_bridge"
	- "--entrypoints.web.address=:80"
	- "--entrypoints.websecure.address=:443"
	- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
	- "--certificatesresolvers.letsencrypt.acme.email=${EMAIL}"
	- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
	labels:
	# middleware redirect
	- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
	# global redirect to https
	- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
	- "traefik.http.routers.redirs.entrypoints=web"
	- "traefik.http.routers.redirs.middlewares=redirect-to-https"

	# dashboard
	- "traefik.enable=true"
	- "traefik.http.routers.traefik.service=api@internal"
	- "traefik.http.routers.traefik.rule=Host(`${HOST}`)"
	- "traefik.http.routers.traefik.entrypoints=web"
	- "traefik.http.routers.traefik.entrypoints=websecure"
	- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
	# BasicAuth
	- "traefik.http.routers.traefik.middlewares=traefik-auth"
	- "traefik.http.middlewares.traefik-auth.basicauth.users=${BASIC_AUTH}"
	ports:
	- "80:80"
	- "8080:8080"
	- "443:443"
	networks:
	- bridge
	volumes:
	- "./data/letsencrypt:/letsencrypt"
	- "/var/run/docker.sock:/var/run/docker.sock:ro"

	networks:
	bridge:
	driver: bridge
	NAME=testde
	HOST=test.de

	MYSQL_ROOT_PASSWORD=changeme123
	MYSQL_DATABASE=nextcloud
	MYSQL_USER=nextcloud
	MYSQL_PASSWORD=nextcloud
	# https://hub.docker.com/_/nextcloud
	version: "3.3"

	services:
	db:
	image: mariadb
	restart: unless-stopped
	command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
	volumes:
	- ./data/db:/var/lib/mysql
	environment:
	- MYSQL_ROOT_PASSWORD
	- MYSQL_DATABASE
	- MYSQL_USER
	- MYSQL_PASSWORD

	db-backup:
	image: fradelg/mysql-cron-backup
	depends_on:
	- db
	volumes:
	- ./data/backup:/backup
	environment:
	- MYSQL_HOST=db
	- MYSQL_USER=root
	- MYSQL_PASS=${MYSQL_ROOT_PASSWORD}
	- MYSQL_DB=${MYSQL_DATABASE}
	- MAX_BACKUPS=15
	- INIT_BACKUP=0
	- CRON_TIME=0 3 * * *
	- GZIP_LEVEL=9
	restart: unless-stopped

	nextcloud:
	image: nextcloud:apache
	depends_on:
	- db
	volumes:
	- ./data/nextcloud:/var/www/html
	networks:
	- default
	- ingress
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.${NAME}.rule=Host(`${HOST}`)"
	- "traefik.http.routers.${NAME}.entrypoints=websecure"
	- "traefik.http.routers.${NAME}.tls.certresolver=letsencrypt"

	# add https proxy headers
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.referrerPolicy=no-referrer"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.sslRedirect=true"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.stsSeconds=315360000"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.browserXSSFilter=true"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.contentTypeNosniff=true"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.forceSTSHeader=true"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.stsIncludeSubdomains=true"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.stsPreload=true"
	- "traefik.http.middlewares.${NAME}-nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"

	# Cal* Redirect
	- "traefik.http.middlewares.${NAME}-nextcloud-redirect.redirectRegex.permanent=true"
	- "traefik.http.middlewares.${NAME}-nextcloud-redirect.redirectRegex.regex=https://(.*)/.well-known/(card\|cal)dav"
	- "traefik.http.middlewares.${NAME}-nextcloud-redirect.redirectRegex.replacement=https://$${1}/remote.php/dav/"

	- "traefik.http.routers.${NAME}.middlewares=${NAME}-nextcloud-redirect,${NAME}-nextcloud-headers"
	restart: unless-stopped
	environment:
	- TRUSTED_PROXIES=172.16.0.0/12
	- OVERWRITEPROTOCOL=https
	- MYSQL_DATABASE
	- MYSQL_HOST=db:3306
	- MYSQL_PASSWORD
	- MYSQL_USER

	nextcloud-cron:
	image: nextcloud:apache
	entrypoint: /cron.sh
	depends_on:
	- nextcloud
	- db
	volumes:
	- ./data/nextcloud:/var/www/html
	restart: unless-stopped

	networks:
	ingress:
	external:
	name: ingress_bridge