Add Nextcloud docker-compose configuration

2025-11-23 09:57:14 +00:00 · 2025-11-23 09:57:14 +00:00 · 2736cd6019
commit 2736cd6019
4 changed files with 143 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,3 @@
 ADMIN_USERNAME=admin
 ADMIN_PASSWORD=your_secure_password
 NEXTCLOUD_DOMAIN=nextcloud.rozic-dev.com
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,110 @@
 volumes:
  mysql:
    driver: local
  redis:
    driver: local
  nextcloud:
    driver: local
 networks:
  traefik:
    external: true
    name: traefik_default
  internal:
    driver: bridge
 services:
  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud_server
    restart: unless-stopped
    depends_on:
      - mariadb
      - redis
    networks:
      - traefik
      - internal
    environment:
      MYSQL_HOST: mariadb
      MYSQL_DATABASE: nextcloud
      MYSQL_USER: nextcloud
      MYSQL_PASSWORD: nextcloud
      REDIS_HOST: redis
      REDIS_HOST_PASSWORD: nextcloud
      NEXTCLOUD_ADMIN_USER: ${ADMIN_USERNAME}
      NEXTCLOUD_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
      OVERWRITEPROTOCOL: https
      OVERWRITEHOST: ${NEXTCLOUD_DOMAIN}
      OVERWRITECLIURL: https://${NEXTCLOUD_DOMAIN}
      TRUSTED_PROXIES: 172.16.0.0/12
    volumes:
      - nextcloud:/var/www/html
      - /mnt/nextcloud:/var/www/html/data
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_default"
      # HTTP → HTTPS redirect
      - "traefik.http.routers.nextcloud.entrypoints=web"
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.rozic-dev.com`)"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-https-redirect"
      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.permanent=true"
      # HTTPS Router
      - "traefik.http.routers.nextcloud-secure.entrypoints=websecure"
      - "traefik.http.routers.nextcloud-secure.rule=Host(`nextcloud.rozic-dev.com`)"
      - "traefik.http.routers.nextcloud-secure.tls=true"
      - "traefik.http.routers.nextcloud-secure.tls.certresolver=letsencrypt"
      - "traefik.http.routers.nextcloud-secure.service=nextcloud"
      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-headers"
      # Nextcloud-specific security headers
      - "traefik.http.middlewares.nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"
      - "traefik.http.middlewares.nextcloud-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=15552000; includeSubDomains"
      # Internal port inside container
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
  mariadb:
    image: mariadb:10.11
    container_name: nextcloud_mariadb
    restart: unless-stopped
    networks:
      - internal
    environment:
      MYSQL_ROOT_PASSWORD: nextcloud
      MYSQL_USER: nextcloud
      MYSQL_PASSWORD: nextcloud
      MYSQL_DATABASE: nextcloud
      MARIADB_AUTO_UPGRADE: 1
    command: 
      - "--max-allowed-packet=128M"
      - "--innodb-log-file-size=64M"
      - "--transaction-isolation=READ-COMMITTED"
      - "--binlog-format=ROW"
      - "--innodb-file-per-table=1"
      - "--skip-innodb-read-only-compressed"
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=nextcloud"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - mysql:/var/lib/mysql
  redis:
    image: redis:6-alpine
    container_name: nextcloud_redis
    restart: unless-stopped
    networks:
      - internal
    command: ["redis-server", "--requirepass", "nextcloud"]
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - redis:/data
--- a/readme.md
+++ b/readme.md
@ -0,0 +1,10 @@
 Don't forget to create a .env file:
 envADMIN_USERNAME=admin
 ADMIN_PASSWORD=your_secure_password
 NEXTCLOUD_DOMAIN=cloud.rozic-dev.com
 Before deploying:
 Create the data directory: sudo mkdir -p /mnt/nextcloud/data
 Set proper permissions: sudo chown -R www-data:www-data /mnt/nextcloud/data
 Make sure the Traefik network exists
 Update the domain in the Traefik labels if needed
--- a/remove-data.sh
+++ b/remove-data.sh
@ -0,0 +1,20 @@
 # Stop the containers
 docker compose down
 # Remove the existing data (this will delete any partial installation)
 sudo rm -rf /mnt/nextcloud/data/*
 sudo rm -rf /mnt/nextcloud/data/.[!.]*  # Remove hidden files too
 # Also clean the nextcloud volume to start fresh
 docker volume rm nextcloud_nextcloud
 # Recreate the data directory with correct permissions
 sudo mkdir -p /mnt/nextcloud/data
 sudo chown -R 33:33 /mnt/nextcloud/data
 sudo chmod -R 750 /mnt/nextcloud/data
 # Start again
 docker compose up -d
 # Watch the logs
 docker compose logs -f nextcloud