60 lines
2.0 KiB
YAML
60 lines
2.0 KiB
YAML
version: '3'
|
|
|
|
services:
|
|
|
|
mywww:
|
|
image: bunkerity/bunkerized-nginx
|
|
restart: always
|
|
depends_on:
|
|
- mync
|
|
ports:
|
|
- 80:8080
|
|
- 443:8443
|
|
# bunkerized-nginx runs as an unprivileged user with UID/GID 101
|
|
# don't forget to edit the permissions of the files and folders accordingly
|
|
volumes:
|
|
- ./nc-files:/www:ro
|
|
- ./letsencrypt:/etc/letsencrypt
|
|
- ./server-confs:/server-confs:ro # custom nginx confs at server context to make Nextcloud working
|
|
- ./modsec-crs-confs:/modsec-crs-confs:ro # custom Core Rule Set confs to add Nextcloud exclusions
|
|
- ./modsec-confs:/modsec-confs:ro # disable some false positive
|
|
environment:
|
|
- SERVER_NAME=www.example.com # replace with your domain
|
|
- AUTO_LETS_ENCRYPT=yes
|
|
- REDIRECT_HTTP_TO_HTTPS=yes
|
|
- DISABLE_DEFAULT_SERVER=yes
|
|
- MAX_CLIENT_SIZE=10G
|
|
- USE_CLIENT_CACHE=yes
|
|
- REMOTE_PHP=mync
|
|
- REMOTE_PHP_PATH=/var/www/html
|
|
- LIMIT_REQ_RATE=5r/s
|
|
- LIMIT_REQ_BURST=10
|
|
- ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS
|
|
- X_FRAME_OPTIONS=SAMEORIGIN
|
|
- USE_GZIP=yes
|
|
- BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 444
|
|
- WHITELIST_USER_AGENT=WebDAV
|
|
|
|
mync:
|
|
image: nextcloud:21-fpm
|
|
restart: always
|
|
volumes:
|
|
- ./nc-files:/var/www/html
|
|
environment:
|
|
- MYSQL_HOST=mydb
|
|
- MYSQL_DATABASE=nc
|
|
- MYSQL_USER=user
|
|
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
|
|
|
mydb:
|
|
image: mariadb
|
|
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
|
restart: always
|
|
volumes:
|
|
- ./db-data:/var/lib/mysql
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
|
- MYSQL_DATABASE=nc
|
|
- MYSQL_USER=user
|
|
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|