services: ######## Datenbank ######## nextcloud-db: image: "mariadb:11.6.2" container_name: nextcloud-db command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF restart: unless-stopped pull_policy: missing deploy: resources: limits: cpus: "2" memory: "512M" security_opt: - no-new-privileges=true volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - db:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_root_password', 'password') }}" MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}" MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud MYSQL_INITDB_SKIP_TZINFO: 1 networks: - internal healthcheck: test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"] interval: 30s timeout: 10s retries: 3 # Error ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'histogram' at position 10 to have type longblob, found type varbinary(255). ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'hist_type' at position 9 to have type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB'), found type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB'). # Fix ## docker exec nextcloud-db mysql nextcloud -p -e "ALTER TABLE mysql.column_stats MODIFY histogram longblob;" ## docker exec nextcloud-db mysql nextcloud -p -e "ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" ######## Redis ######## nextcloud-redis: image: "redis:7.4.1" container_name: nextcloud-redis hostname: nextcloud-redis networks: - internal restart: unless-stopped pull_policy: missing deploy: resources: limits: cpus: "2" memory: "512M" security_opt: - no-new-privileges=true command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}" healthcheck: test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"] interval: 5s timeout: 2s retries: 3 ######## cron ######## nextcloud-cron: container_name: nextcloud-cron image: "registry.mgrote.net/nextcloud-cronjob:latest" restart: unless-stopped pull_policy: missing deploy: resources: limits: cpus: "2" memory: "512M" security_opt: - no-new-privileges=true network_mode: none volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /etc/localtime:/etc/localtime:ro environment: NEXTCLOUD_CONTAINER_NAME: nextcloud-app NEXTCLOUD_CRON_MINUTE_INTERVAL: 1 ######## Nextcloud ######## nextcloud-app: image: "nextcloud:30.0.4" container_name: nextcloud-app restart: unless-stopped pull_policy: missing deploy: resources: limits: cpus: "4" memory: "1024M" security_opt: - no-new-privileges=true depends_on: - nextcloud-db - nextcloud-redis - nextcloud-cron environment: # redis REDIS_HOST: nextcloud-redis REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}" # mysql MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}" MYSQL_HOST: nextcloud-db # admin NEXTCLOUD_ADMIN_USER: n-admin NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_admin_user_password', 'password') }}" # misc NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net" PHP_MEMORY_LIMIT: 1024M PHP_UPLOAD_LIMIT: 10G APACHE_DISABLE_REWRITE_IP: 1 TRUSTED_PROXIES: "172.18.0.0/24" # Subnetz in dem sich traefik befindet NEXTCLOUD_UPLOAD_LIMIT: 10G NEXTCLOUD_MAX_TIME: 3600 APACHE_BODY_LIMIT: 0 # unlimited, https://github.com/nextcloud/docker/issues/1796 volumes: - app:/var/www/html - data:/var/www/html/data # hook-script nach install welches die ldap-config setzt, je einmal nach install und vor starten - ./ldap.sh:/docker-entrypoint-hooks.d/post-installation/ldap.sh - ./ldap.sh:/docker-entrypoint-hooks.d/before-starting/ldap.sh # weitere scripte - ./misc.sh:/docker-entrypoint-hooks.d/post-installation/misc.sh - ./misc.sh:/docker-entrypoint-hooks.d/before-starting/misc.sh networks: - internal - traefik - postfix healthcheck: test: ["CMD", "curl", "-f", "--insecure", "http://localhost:80"] interval: 30s timeout: 10s retries: 3 labels: traefik.http.routers.nextcloud.rule: Host(`nextcloud.mgrote.net`) traefik.enable: true traefik.http.routers.nextcloud.tls: true traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt traefik.http.routers.nextcloud.entrypoints: entry_https traefik.http.services.nextcloud.loadbalancer.server.port: 80 traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex: "^/.well-known/ca(l|rd)dav" traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement: "/remote.php/dav/" traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains: false traefik.http.middlewares.nextcloud-hsts.headers.stspreload: true traefik.http.middlewares.nextcloud-hsts.headers.stsseconds: 15552001 traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment: false traefik.http.routers.nextcloud.middlewares: nextcloud-hsts,nextcloud-webdav ######## Networks ######## networks: internal: driver: bridge traefik: external: true postfix: external: true ######## Volumes ######## volumes: db: app: data: