Merge f737f49662 into 473af1bed1

2024-04-25 03:31:28 +02:00 · 2024-04-25 03:31:28 +02:00 · 2122079be5
parent 473af1bed1 f737f49662
commit 2122079be5
6 changed files with 274 additions and 0 deletions
--- a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md
+++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md
@ -0,0 +1,23 @@
+## Trafik Multi Network Deployment
+
+1. Create Traefik network
+
+` # docker network  create --driver=bridge --attachable --internal=false traefik `
+
+2. Edit `traefik2/docker-compose.yml`
+    - Change ACME email
+    - Change --providers.docker.network=traefik value if you created different network then `traefik`
+
+3. Deploy traefik
+
+ `docker-compose -f traefik2/docker-compose.yml up -d`
+
+4. Edit `nextcloud/docker-compose.yml`
+    - Change traefik.http.routers.nextcloud.rule Host
+    - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy`
+      if you dont need to iframe access from your external website
+    - Change PostgreSQL environments
+    - Edit `TRUSTED_PROXIES` with your traefik network address
+5. Deploy nextcloud
+
+ `docker-compose -f nextcloud/docker-compose.yml up -d`
--- a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml
+++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml
@ -0,0 +1,82 @@
+
+# Create netxcloud network first
+# docker network create nextcloud
+#NOTES:
+#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com 
+#2. TRUSTED_PROXIES values based on your 'traefik docker network run docker network inspect traefik' to see the network
+#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and  
+#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain
+# cat docker-compose.yml
+
+version: '3.3'
+
+volumes:
+  nextcloud-www:
+    driver: local
+  nextcloud-db:
+    driver: local
+  redis:
+    driver: local
+
+
+services:
+
+  db:
+    restart: always
+    image: postgres:11
+    networks:
+      - nextcloud
+    environment:
+    - POSTGRES_USER=nextcloud
+    - POSTGRES_PASSWORD=password
+    - POSTGRES_DB=nextcloud
+    volumes:
+    - nextcloud-db:/var/lib/postgresql/data
+  redis:
+    image: redis:latest
+    restart: always
+    networks:
+      - nextcloud
+    volumes:
+      - redis:/var/lib/redis
+
+  nextcloud:
+    image: nextcloud:latest
+    restart: always
+    networks:
+      - default
+      - nextcloud
+    depends_on:
+      - redis
+      - db
+    labels:
+      - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
+      - traefik.http.routers.nextcloud.tls.certresolver=myresolver
+      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`)
+      - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com
+      - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net
+      - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
+      - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
+      - traefik.http.middlewares.nextcloud.headers.stsPreload=true
+      - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
+      - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
+    environment:
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_HOST=db
+      - NEXTCLOUD_ADMIN_USER=admin
+      - NEXTCLOUD_ADMIN_PASSWORD=adminpass
+      - REDIS_HOST=redis
+      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com
+      - TRUSTED_PROXIES=172.19.0.0/16
+    volumes:
+      - nextcloud-www:/var/www/html
+
+networks:
+  default:
+    external:
+      name: traefik
+
+  nextcloud:
+      internal: true
--- a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml
+++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml
@ -0,0 +1,47 @@
+
+# Create  network first
+# docker network  create --driver=bridge --attachable --internal=false traefik
+#NOTES:
+#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com 
+# cat docker-compose.yml
+
+version: '3.3'
+
+volumes:
+  letsencrypt:
+    driver: local
+
+
+services:
+
+  traefik:
+    image: traefik:v2.2
+    container_name: traefik
+    restart: always
+    command:
+      - "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.network=traefik"
+      - "--providers.docker.exposedbydefault=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - default
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - letsencrypt:/letsencrypt
+
+networks:
+  default:
+    external:
+      name: traefik
--- a/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md
+++ b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md
@ -0,0 +1,16 @@
+## Trafik Single Network Deployment
+
+1. Create a  network
+
+` # docker network  create  nextcloud `
+
+4. Edit `docker-compose.yml`
+    -  Change ACME Email Address
+    - Change traefik.http.routers.nextcloud.rule Host
+    - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy`
+      if you dont need to iframe access from your external website
+    - Change PostgreSQL environments
+    - Edit `TRUSTED_PROXIES` with your nextcloud network address
+5. Deploy nextcloud
+
+ `docker-compose docker-compose.yml up -d`
--- a/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml
+++ b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml
@ -0,0 +1,104 @@
+
+# Create  network first
+# docker network create nextcloud
+#NOTES:
+#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com 
+#2. TRUSTED_PROXIES values based on your 'nexcloud network'
+#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and  
+#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain
+# cat docker-compose.yml
+
+version: '3.1'
+
+volumes:
+  nextcloud-www:
+    driver: local
+  nextcloud-db:
+    driver: local
+  redis:
+    driver: local
+  letsencrypt:
+    driver: local
+
+
+services:
+
+  traefik:
+    image: traefik:v2.2
+    container_name: traefik
+    restart: always
+    command:
+      - "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - nextcloud
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - letsencrypt:/letsencrypt
+  db:
+    restart: always
+    image: postgres:11
+    networks:
+      - nextcloud
+    environment:
+    - POSTGRES_USER=nextcloud
+    - POSTGRES_PASSWORD=password
+    - POSTGRES_DB=nextcloud
+    volumes:
+    - nextcloud-db:/var/lib/postgresql/data
+  redis:
+    image: redis:latest
+    restart: always
+    networks:
+      - nextcloud
+    volumes:
+      - redis:/var/lib/redis
+
+  nextcloud:
+    image: nextcloud:latest
+    restart: always
+    networks:
+      - nextcloud
+    depends_on:
+      - redis
+      - db
+    labels:
+      - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
+      - traefik.http.routers.nextcloud.tls.certresolver=myresolver
+      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`)
+      - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com
+      - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net
+      - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
+      - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
+      - traefik.http.middlewares.nextcloud.headers.stsPreload=true
+      - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
+      - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
+    environment:
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_HOST=db
+      - NEXTCLOUD_ADMIN_USER=admin
+      - NEXTCLOUD_ADMIN_PASSWORD=adminpass
+      - REDIS_HOST=redis
+      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com
+      - TRUSTED_PROXIES=172.18.0.0/16
+    volumes:
+      - nextcloud-www:/var/www/html
+
+networks:
+  nextcloud:
+    external: true
--- a/README.md
+++ b/README.md
@ -448,6 +448,8 @@ We recommend using a reverse proxy in front of your Nextcloud installation. Your

 In our [examples](https://github.com/nextcloud/docker/tree/master/.examples) section we have an example for a fully automated setup using a reverse proxy, a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling, database and Nextcloud. It uses the popular [nginx-proxy](https://github.com/jwilder/nginx-proxy) and [docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers. Please check the according documentations before using this setup.

+You can also use [Traefik 2.0](https://github.com/containous/traefik) as a reverse proxy. It is single docker image that handle reverse proxy and Let's Encrypt certicate. You can find sample docker-compose files in [examples](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose) 
+
 # First use
 When you first access your Nextcloud, the setup wizard will appear and ask you to choose an administrator account username, password and the database connection. For the database use `db` as host and `nextcloud` as table and user name. Also enter the password you chose in your `docker-compose.yml` file.