commit 2736cd601930a11e94f13b02367fd1104bbb210b
Author: Dejan R. <drozic1989@gmail.com>
Date:   Sun Nov 23 09:57:14 2025 +0000

    Add Nextcloud docker-compose configuration

diff --git a/.env b/.env
new file mode 100644
index 0000000..b255257
--- /dev/null
+++ b/.env
@@ -0,0 +1,3 @@
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=your_secure_password
+NEXTCLOUD_DOMAIN=nextcloud.rozic-dev.com
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..77a5fac
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,110 @@
+volumes:
+  mysql:
+    driver: local
+  redis:
+    driver: local
+  nextcloud:
+    driver: local
+
+networks:
+  traefik:
+    external: true
+    name: traefik_default
+  internal:
+    driver: bridge
+
+services:
+  nextcloud:
+    image: nextcloud:latest
+    container_name: nextcloud_server
+    restart: unless-stopped
+    depends_on:
+      - mariadb
+      - redis
+    networks:
+      - traefik
+      - internal
+    environment:
+      MYSQL_HOST: mariadb
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: nextcloud
+      REDIS_HOST: redis
+      REDIS_HOST_PASSWORD: nextcloud
+      NEXTCLOUD_ADMIN_USER: ${ADMIN_USERNAME}
+      NEXTCLOUD_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
+      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
+      OVERWRITEPROTOCOL: https
+      OVERWRITEHOST: ${NEXTCLOUD_DOMAIN}
+      OVERWRITECLIURL: https://${NEXTCLOUD_DOMAIN}
+      TRUSTED_PROXIES: 172.16.0.0/12
+    volumes:
+      - nextcloud:/var/www/html
+      - /mnt/nextcloud:/var/www/html/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik_default"
+      
+      # HTTP → HTTPS redirect
+      - "traefik.http.routers.nextcloud.entrypoints=web"
+      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.rozic-dev.com`)"
+      - "traefik.http.routers.nextcloud.middlewares=nextcloud-https-redirect"
+      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.permanent=true"
+      
+      # HTTPS Router
+      - "traefik.http.routers.nextcloud-secure.entrypoints=websecure"
+      - "traefik.http.routers.nextcloud-secure.rule=Host(`nextcloud.rozic-dev.com`)"
+      - "traefik.http.routers.nextcloud-secure.tls=true"
+      - "traefik.http.routers.nextcloud-secure.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.nextcloud-secure.service=nextcloud"
+      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-headers"
+      
+      # Nextcloud-specific security headers
+      - "traefik.http.middlewares.nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=15552000; includeSubDomains"
+      
+      # Internal port inside container
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+
+  mariadb:
+    image: mariadb:10.11
+    container_name: nextcloud_mariadb
+    restart: unless-stopped
+    networks:
+      - internal
+    environment:
+      MYSQL_ROOT_PASSWORD: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: nextcloud
+      MYSQL_DATABASE: nextcloud
+      MARIADB_AUTO_UPGRADE: 1
+    command: 
+      - "--max-allowed-packet=128M"
+      - "--innodb-log-file-size=64M"
+      - "--transaction-isolation=READ-COMMITTED"
+      - "--binlog-format=ROW"
+      - "--innodb-file-per-table=1"
+      - "--skip-innodb-read-only-compressed"
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=nextcloud"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    volumes:
+      - mysql:/var/lib/mysql
+
+  redis:
+    image: redis:6-alpine
+    container_name: nextcloud_redis
+    restart: unless-stopped
+    networks:
+      - internal
+    command: ["redis-server", "--requirepass", "nextcloud"]
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    volumes:
+      - redis:/data
\ No newline at end of file
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..74f8fd7
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,10 @@
+Don't forget to create a .env file:
+envADMIN_USERNAME=admin
+ADMIN_PASSWORD=your_secure_password
+NEXTCLOUD_DOMAIN=cloud.rozic-dev.com
+Before deploying:
+
+Create the data directory: sudo mkdir -p /mnt/nextcloud/data
+Set proper permissions: sudo chown -R www-data:www-data /mnt/nextcloud/data
+Make sure the Traefik network exists
+Update the domain in the Traefik labels if needed
\ No newline at end of file
diff --git a/remove-data.sh b/remove-data.sh
new file mode 100644
index 0000000..a5f4608
--- /dev/null
+++ b/remove-data.sh
@@ -0,0 +1,20 @@
+# Stop the containers
+docker compose down
+
+# Remove the existing data (this will delete any partial installation)
+sudo rm -rf /mnt/nextcloud/data/*
+sudo rm -rf /mnt/nextcloud/data/.[!.]*  # Remove hidden files too
+
+# Also clean the nextcloud volume to start fresh
+docker volume rm nextcloud_nextcloud
+
+# Recreate the data directory with correct permissions
+sudo mkdir -p /mnt/nextcloud/data
+sudo chown -R 33:33 /mnt/nextcloud/data
+sudo chmod -R 750 /mnt/nextcloud/data
+
+# Start again
+docker compose up -d
+
+# Watch the logs
+docker compose logs -f nextcloud
\ No newline at end of file