titanz/Docker-Compose-Files
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
titanz
2024-12-30 03:03:02 +01:00
parent 34bbbfccee
commit b78303335e
10 changed files with 411 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nextcloud/.env Normal file
View File

@@ -0,0 +1,14 @@
MARIADB_ROOT_PASSWORD=
MARIADB_DATABASE=nextclouddb
MARIADB_USER=nextcloud
MARIADB_PASSWORD=
SMTP_HOST=
SMTP_SECURE=ssl
SMTP_PORT=465
SMTP_NAME=
SMTP_PASSWORD=
MAIL_FROM_ADDRESS=
MAIL_DOMAIN=
TRUSTED_PROXIES=cloud.conorz.at
NC_maintenance_window_start=0
NC_default_phone_region=US

127
nextcloud/compose.yml Normal file
View File

@@ -0,0 +1,127 @@
services:
mariadb:
container_name: mariadb
restart: unless-stopped
image: ghcr.io/polarix-containers/mariadb:11.4-alpine
volumes:
- "./mariadb:/var/lib/mysql:Z"
networks:
- mariadb
environment:
- MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
- MARIADB_DATABASE=${MARIADB_DATABASE}
- MARIADB_USER=${MARIADB_USER}
- MARIADB_PASSWORD=${MARIADB_PASSWORD}
user: "3003:3003"
read_only: true
tmpfs:
- /var/tmp:mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
- /run/mariadb:size=50M,mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
security_opt:
- "no-new-privileges=true"
cap_drop:
- ALL
valkey:
container_name: valkey
image: ghcr.io/polarix-containers/valkey:8
restart: unless-stopped
volumes:
- ./valkey:/data:Z
networks:
- valkey
user: "3009:3009"
read_only: true
security_opt:
- "no-new-privileges=true"
cap_drop:
- ALL
nextcloud:
container_name: nextcloud
image: ghcr.io/polarix-containers/nextcloud:29
restart: unless-stopped
volumes:
- ./nextcloud:/var/www/html:z
networks:
- mariadb
- valkey
- nginx
depends_on:
- mariadb
- valkey
environment:
- MYSQL_HOST=mariadb
- MYSQL_DATABASE=${MARIADB_DATABASE}
- MYSQL_USER=${MARIADB_USER}
- MYSQL_PASSWORD=${MARIADB_PASSWORD}
- REDIS_HOST=valkey
- SMTP_HOST=${SMTP_HOST}
- SMTP_SECURE=${SMTP_SECURE}
- SMTP_PORT=${SMTP_PORT}
- SMTP_NAME=${SMTP_NAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- MAIL_FROM_ADDRESS=${MAIL_FROM_ADDRESS}
- MAIL_DOMAIN=${MAIL_DOMAIN}
- TRUSTED_PROXIES=${TRUSTED_PROXIES}
- NC_maintenance_window_start=${NC_maintenance_window_start}
- NC_default_phone_region=${NC_default_phone_region}
security_opt:
- "no-new-privileges=true"
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
cron:
container_name: cron
image: ghcr.io/polarix-containers/nextcloud:stable
restart: unless-stopped
volumes:
- ./nextcloud:/var/www/html:z
networks:
- mariadb
- valkey
depends_on:
- mariadb
- valkey
entrypoint: /cron.sh
security_opt:
- "no-new-privileges=true"
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
nginx:
container_name: nginx
restart: unless-stopped
image: ghcr.io/polarix-containers/nginx:unprivileged-slim
ports:
- 8085:8080/tcp
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:Z,ro
- ./nextcloud:/var/www/html:z
networks:
- nginx
depends_on:
- nextcloud
user: "101:101"
read_only: true
tmpfs:
- /var/cache/nginx:mode=0770,uid=101,gid=101,noexec,nosuid,nodev
- /tmp:mode=0770,uid=101,gid=101,noexec,nosuid,nodev
security_opt:
- "no-new-privileges=true"
cap_drop:
- ALL
networks:
mariadb:
valkey:
nginx:

93
nextcloud/nginx/default.conf Normal file
View File

@@ -0,0 +1,93 @@
server {
listen 8080;
absolute_redirect off;
sendfile on;
include mime.types;
default_type application/octet-stream;
types {
text/javascript mjs;
application/wasm wasm;
}
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
client_body_buffer_size 512k;
root /var/www/html;
index index.php index.html /index.php$request_uri;
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
return 301 /index.php$request_uri;
}
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass nextcloud:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.(otf|woff2?)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=604800";
access_log off; # Optional: Don't log access to assets
}
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}