diff --git a/docker-compose/nextcloud_ldap/docker-compose.yml.j2 b/docker-compose/nextcloud_ldap/docker-compose.yml.j2 new file mode 100644 index 00000000..895cbda1 --- /dev/null +++ b/docker-compose/nextcloud_ldap/docker-compose.yml.j2 @@ -0,0 +1,148 @@ +version: '3.3' +services: +######## Datenbank ######## + nextcloud-db-ldap: + image: "mariadb:11.3.2" + container_name: nextcloud-db-ldap + command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - db:/var/lib/mysql + environment: + MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}" + MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}" + MYSQL_DATABASE: nextcloud + MYSQL_USER: nextcloud + MYSQL_INITDB_SKIP_TZINFO: 1 + networks: + - intern + healthcheck: + interval: 30s + retries: 3 + test: + [ + "CMD", + "healthcheck.sh", + "--su-mysql", + "--connect" + ] + timeout: 30s + + # Error + ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'histogram' at position 10 to have type longblob, found type varbinary(255). + ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'hist_type' at position 9 to have type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB'), found type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB'). + # Fix + ## docker exec nextcloud-db-ldap mysql nextcloud -p -e "ALTER TABLE mysql.column_stats MODIFY histogram longblob;" + ## docker exec nextcloud-db-ldap mysql nextcloud -p -e "ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" + +######## Redis ######## + nextcloud-redis-ldap: + image: "redis:7.2.5" + container_name: nextcloud-redis-ldap + hostname: nextcloud-redis-ldap + networks: + - intern + restart: unless-stopped + command: "redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}" + healthcheck: + test: ["CMD", "redis-cli", "--pass", "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"] + interval: 5s + timeout: 2s + retries: 3 + +######## cron ######## + nextcloud-cron-ldap: + container_name: nextcloud-cron-ldap + image: "registry.mgrote.net/nextcloud-cron-ldapjob:latest" + restart: unless-stopped + network_mode: none + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /etc/localtime:/etc/localtime:ro + environment: + NEXTCLOUD_CONTAINER_NAME: nextcloud-app-ldap + NEXTCLOUD_CRON_MINUTE_INTERVAL: 1 + +######## Nextcloud ######## + nextcloud-app-ldap: + image: "nextcloud:29.0.0" + container_name: nextcloud-app-ldap + restart: unless-stopped + depends_on: + - nextcloud-db-ldap + - nextcloud-redis-ldap + - nextcloud-cron-ldap + environment: + REDIS_HOST: nextcloud-redis-ldap + REDIS_HOST_PASSWORD: "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}" + MYSQL_DATABASE: nextcloud + MYSQL_USER: nextcloud + MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}" + MYSQL_HOST: nextcloud-db-ldap + NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net" + SMTP_HOST: mail-relay + #SMTP_SECURE: tls + SMTP_PORT: 25 + #SMTP_AUTHTYPE: LOGIN + SMTP_NAME: info@mgrote.net + #SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}" + MAIL_FROM_ADDRESS: info@mgrote.net + PHP_MEMORY_LIMIT: 1024M + PHP_UPLOAD_LIMIT: 10G + APACHE_DISABLE_REWRITE_IP: 1 + TRUSTED_PROXIES: "192.168.48.0/24" # Subnetz in dem sich traefik befindet + NEXTCLOUD_UPLOAD_LIMIT: 10G + NEXTCLOUD_MAX_TIME: 3600 + APACHE_BODY_LIMIT: 0 # unlimited, https://github.com/nextcloud/docker/issues/1796 + volumes: + - app:/var/www/html + - data:/var/www/html/data + networks: + - intern + - traefik + - mail-relay + healthcheck: + test: ["CMD", "curl", "-f", "--insecure", "http://localhost:80"] + interval: 30s + timeout: 10s + retries: 3 + labels: + traefik.http.routers.nextcloud.rule: Host(`nextcloud.mgrote.net`) + traefik.enable: true + traefik.http.routers.nextcloud.tls: true + traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt + traefik.http.routers.nextcloud.entrypoints: entry_https + traefik.http.services.nextcloud.loadbalancer.server.port: 80 + + traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex: "^/.well-known/ca(l|rd)dav" + traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement: "/remote.php/dav/" + + traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains: false + traefik.http.middlewares.nextcloud-hsts.headers.stspreload: true + traefik.http.middlewares.nextcloud-hsts.headers.stsseconds: 15552001 + traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment: false + + traefik.http.routers.nextcloud.middlewares: nextcloud-hsts,nextcloud-webdav + +######## Networks ######## +networks: + intern: + driver: bridge + traefik: + external: true + mail-relay: + external: true +######## Volumes ######## +volumes: + db: + app: + data: + +######## Doku ######## +# Telefonregion +# docker exec --user www-data nextcloud-app-ldap php occ config:system:set default_phone_region --value="DE" +# https://help.nextcloud.com/t/nextcloud-wont-load-any-mixed-content/13565/3 +# docker exec --user www-data nextcloud-app-ldap php occ config:system:set overwriteprotocol --value="https" +# docker exec --user www-data nextcloud-app-ldap php occ config:system:set overwrite.cli.url --value="http://nextcloud.mgrote.net"