version: "3.3" services: reverse-proxy: image: traefik:v2.3 command: - --log.level=WARN #- --api.insecure=true - --providers.docker - --entryPoints.web.address=:80 - --entrypoints.web.http.redirections.entryPoint.to=websecure - --entrypoints.web.http.redirections.entryPoint.scheme=https - --entryPoints.websecure.address=:443 - --certificatesresolvers.myresolver.acme.email=tom@tcweb.org - --certificatesresolvers.myresolver.acme.storage=/acme.json # used during the challenge - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web ports: - "80:80" - "443:443" # The Web UI (enabled by --api.insecure=true) #- "8080:8080" depends_on: - nextcloud-front volumes: - /var/run/docker.sock:/var/run/docker.sock - ./acme.json:/acme.json restart: unless-stopped networks: nextcloud: aliases: - traefik nextcloud-front: image: nginx:latest depends_on: - nextcloud-app restart: unless-stopped volumes: - ./nextcloud-data/:/var/www/html:ro - ./nginx.conf:/etc/nginx/conf.d/nextcloud.conf:ro labels: - "traefik.http.routers.front.rule=Host(`cloud.${DOMAIN}`)" - "traefik.http.routers.front.entryPoints=web,traefik" - "traefik.http.services.front.loadbalancer.server.port=80" - "traefik.http.routers.front-ssl.rule=Host(`cloud.${DOMAIN}`)" - "traefik.http.routers.front-ssl.entryPoints=websecure" - "traefik.http.routers.front-ssl.tls=true" - "traefik.http.routers.front-ssl.service=front" - "traefik.http.routers.front-ssl.tls.certresolver=myresolver" networks: nextcloud: aliases: - front collabora: image: collabora/code restart: unless-stopped labels: - "traefik.http.routers.collabora.rule=Host(`office.${DOMAIN}`)" - "traefik.http.routers.collabora.entryPoints=web,traefik" - "traefik.http.services.collabora.loadbalancer.server.port=9980" - "traefik.http.routers.collabora-ssl.rule=Host(`office.${DOMAIN}`)" - "traefik.http.routers.collabora-ssl.entryPoints=websecure" - "traefik.http.routers.collabora-ssl.tls=true" - "traefik.http.routers.collabora-ssl.service=collabora" - "traefik.http.routers.collabora-ssl.tls.certresolver=myresolver" - "traefik.wss.protocol=https" environment: extra_params: "--o:ssl.enable=true" domain: cloud\\.tcweb\\.org networks: nextcloud: aliases: - collabora nextcloud-app: image: nextcloud:22-fpm environment: MYSQL_USER: nextcloud MYSQL_PASSWORD: "${MYSQL_PASSWORD}" MYSQL_DATABASE: nextcloud MYSQL_HOST: mysql REDIS_HOST: redis PHP_MEMORY_LIMIT: 4096M depends_on: - nextcloud-db - nextcloud-redis restart: unless-stopped volumes: - ./nextcloud-data/:/var/www/html networks: nextcloud: aliases: - app nextcloud-cron: image: nextcloud:22-fpm environment: MYSQL_USER: nextcloud MYSQL_PASSWORD: "${MYSQL_PASSWORD}" MYSQL_DATABASE: nextcloud MYSQL_HOST: mysql REDIS_HOST: redis PHP_MEMORY_LIMIT: 4096M entrypoint: /cron.sh depends_on: - nextcloud-db - nextcloud-redis restart: unless-stopped volumes: - ./nextcloud-data/:/var/www/html networks: nextcloud: aliases: - cron nextcloud-redis: image: redis:latest restart: unless-stopped networks: nextcloud: aliases: - redis nextcloud-db: image: mariadb:latest restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD}" MYSQL_PASSWORD: "${MYSQL_PASSWORD}" MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud command: --innodb_read_only_compressed=OFF volumes: - ./nextcloud-db:/var/lib/mysql networks: nextcloud: aliases: - mysql # Custom network so all services can communicate using a FQDN networks: nextcloud: