FileRun/docker-compose.yml

version: "3.8"

services:
  db:
    image: mariadb:10.11
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: SuperSecretRoot123!
      MYSQL_DATABASE: filerun
      MYSQL_USER: filerun
      MYSQL_PASSWORD: SuperSecretFileRun456!
    volumes:
      - ./db_data:/var/lib/mysql
    networks:
      - internal

  filerun:
    image: filerun/filerun:8.1.arm64v8
    restart: unless-stopped
    environment:
      FR_DB_HOST: db
      FR_DB_PORT: 3306
      FR_DB_NAME: filerun
      FR_DB_USER: filerun
      FR_DB_PASS: SuperSecretFileRun456!

      APACHE_RUN_USER: www-data
      APACHE_RUN_USER_ID: 33
      APACHE_RUN_GROUP: www-data
      APACHE_RUN_GROUP_ID: 33

      # Behind reverse proxy
      FR_USE_PROXY: "true"
      # (OPTIONAL but recommended)
      FR_BASEURL: "https://filerun.rozic-dev.com"

    volumes:
      - ./filerun_html:/var/www/html
      - ./user_data:/user-files
    networks:
      - internal
      - traefik_default
    depends_on:
      - db

    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_default"

      # -------------------------------
      # HTTP router → uses GLOBAL redirect-to-https
      # -------------------------------
      - "traefik.http.routers.filerun-http.entrypoints=web"
      - "traefik.http.routers.filerun-http.rule=Host(`filerun.rozic-dev.com`)"
      - "traefik.http.routers.filerun-http.middlewares=redirect-to-https"

      # -------------------------------
      # HTTPS router (real traffic)
      # -------------------------------
      - "traefik.http.routers.filerun-https.entrypoints=websecure"
      - "traefik.http.routers.filerun-https.rule=Host(`filerun.rozic-dev.com`)"
      - "traefik.http.routers.filerun-https.tls=true"
      - "traefik.http.routers.filerun-https.tls.certresolver=letsencrypt"
      - "traefik.http.routers.filerun-https.service=filerun"
      - "traefik.http.routers.filerun-https.middlewares=filerun-headers,filerun-oauth-header"

      # -------------------------------
      # Middleware: proxy headers for FileRun
      # -------------------------------
      - "traefik.http.middlewares.filerun-headers.headers.customRequestHeaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.filerun-headers.headers.customRequestHeaders.X-Forwarded-Host=filerun.rozic-dev.com"

      # -------------------------------
      # Middleware: Nextcloud OAuth redirect header (if you need it)
      # -------------------------------
      - "traefik.http.middlewares.filerun-oauth-header.headers.customResponseHeaders.X-Nextcloud-Redirect-Url=nc://auth-finished"

      # -------------------------------
      # Service (internal port in container)
      # -------------------------------
      - "traefik.http.services.filerun.loadbalancer.server.port=80"

networks:
  internal:
    driver: bridge
  traefik_default:
    external: true