oxmox-dot-dev/docker-compose.yml

version: "3.3"

secrets:
  nextcloud_db_password:
    file: ./secrets/nextcloud_db_password
  nextcloud_db_root_password:
    file: ./secrets/nextcloud_db_root_password
  nextcloud_admin_password:
    file: ./secrets/nextcloud_admin_password
  forgejo_db_root_password:
    file: ./secrets/forgejo_db_root_password

# logger driver - change this driver to ship all container logs to a different location
x-logging: &logging
  logging:
    driver: loki
    options:
      loki-url: "http://localhost:3100/loki/api/v1/push"
      mode: "non-blocking"
      max-buffer-size: "32m"
      loki-retries: "3"

services:
  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"
    restart: unless-stopped
    <<: *logging
    command:
      - "--log.level=INFO"
      - "--accesslog=true"
      - "--accesslog.filePath=/logs/access.log"
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/conf"
      - "--entrypoints.websecure.address=:443"
      - "--metrics.prometheus=true"
      #- "--entrypoints.forge.address=:3000"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=badctoxymoron@gmx.de"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      #- "3000:3000"
      #- "8080:8080"
    volumes:
      - ./letsencrypt:/letsencrypt
      - ./traefik/logs:/logs
      - ./traefik/conf:/conf
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      # Make the traefik dashboard available under https://oxmox.dev/traefik/dashboard/
      # For some reason it's slow when used this way. It's fast when exposed via port 8080 and api.insecure=true.
      - "traefik.http.routers.traefik_api.rule=Host(`oxmox.dev`) && (PathPrefix(`/api`) || PathPrefix(`/traefik`))"
      - "traefik.http.routers.traefik_api.entrypoints=websecure"
      - "traefik.http.routers.traefik_api.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik_api.service=api@internal"
      - "traefik.http.routers.traefik_api.middlewares=traefik_api_auth,traefik_api_strip"
      - "traefik.http.middlewares.traefik_api_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s."
      - "traefik.http.middlewares.traefik_api_strip.stripprefix.prefixes=/traefik"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`oxmox.dev`) && Path(`/whoami`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

  nextcloud-db:
    image: mariadb:latest
    container_name: "nextcloud-db"
    restart: unless-stopped
    <<: *logging
    command:
      - --transaction-isolation=READ-COMMITTED
      - --log-bin=binlog
      - --binlog-format=ROW
      # Memory usage tuning.
      - --max-connections=100
      - --thread-cache-size=2
      - --query-cache-size=1048576
      - --sort-buffer-size=1048576
      - --bulk-insert-buffer-size=0
      - --tmp-table-size=4194304
      - --max-heap-table-size=4194304
      - --key-buffer-size=4194304
      - --read-buffer-size=131072
      - --read-rnd-buffer-size=262144
      - --innodb-buffer-pool-size=10485760
      - --innodb-log-buffer-size=4194304
    volumes:
      - ./nextcloud-db:/var/lib/mysql
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password
    secrets:
      - nextcloud_db_password
      - nextcloud_db_root_password
    labels:
      - "traefik.enable=false"

  nextcloud-app:
    image: nextcloud:stable
    container_name: "nextcloud-app"
    restart: unless-stopped
    <<: *logging
    depends_on:
      - nextcloud-db
    volumes:
      - ./nextcloud-app/nextcloud:/var/www/html
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=nextcloud-db
      - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password
      # reverse proxy setup
      - APACHE_DISABLE_REWRITE_IP=1
      - TRUSTED_PROXIES=192.168.128.0/24
      - NEXTCLOUD_TRUSTED_DOMAINS=oxmox.dev
      # PHP tuning
      - PHP_MEMORY_LIMIT=256M # default=512M
      - PHP_UPLOAD_LIMIT=512M # default=512M
      # Sadly this did not work for me.
      #- NEXTCLOUD_ADMIN_USER=admin
      #- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
    secrets:
      - nextcloud_db_password
      - nextcloud_db_root_password
      - nextcloud_admin_password
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud_app.rule=Host(`oxmox.dev`) && PathPrefix(`/nextcloud`)"
      - "traefik.http.routers.nextcloud_app.entrypoints=websecure"
      - "traefik.http.routers.nextcloud_app.tls.certresolver=myresolver"
      - "traefik.http.routers.nextcloud_app.middlewares=nextcloud_app_strip"
      - "traefik.http.middlewares.nextcloud_app_strip.stripprefix.prefixes=/nextcloud"

      - "traefik.http.routers.nextcloud_dav.rule=Host(`oxmox.dev`) && PathPrefix(`/.well-known/`)"
      - "traefik.http.routers.nextcloud_dav.entrypoints=websecure"
      - "traefik.http.routers.nextcloud_dav.tls.certresolver=myresolver"
      - "traefik.http.routers.nextcloud_dav.middlewares=nextcloud_app_dav"
      - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
      - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.replacement=/remote.php/dav/"

  nextcloud-app-cron:
    image: nextcloud:stable
    container_name: "nextcloud-app-cron"
    restart: unless-stopped
    <<: *logging
    volumes:
      - ./nextcloud-app/nextcloud:/var/www/html
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    entrypoint: /cron.sh
    depends_on:
      - nextcloud-app
    labels:
      - "traefik.enable=true"

  forgejo-db:
    image: mariadb:latest
    container_name: "forgejo-db"
    restart: unless-stopped
    <<: *logging
    command:
      - --transaction-isolation=READ-COMMITTED
      - --log-bin=binlog
      - --binlog-format=ROW
      # Memory usage tuning.
      - --max-connections=100
      - --thread-cache-size=2
      - --query-cache-size=1048576
      - --sort-buffer-size=1048576
      - --bulk-insert-buffer-size=0
      - --tmp-table-size=4194304
      - --max-heap-table-size=4194304
      - --key-buffer-size=4194304
      - --read-buffer-size=131072
      - --read-rnd-buffer-size=262144
      - --innodb-buffer-pool-size=10485760
      - --innodb-log-buffer-size=4194304
    volumes:
      - ./forgejo/db:/var/lib/mysql
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
      - MYSQL_DATABASE=forgejo
      - MYSQL_USER=forgejo
      - MYSQL_PASSWORD=forgejo1234
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/forgejo_db_root_password
    secrets:
      - forgejo_db_root_password
    labels:
      - "traefik.enable=false"

  forgejo-app:
    image: codeberg.org/forgejo/forgejo:1.20.3-0
    container_name: "forgejo-app"
    restart: unless-stopped
    <<: *logging
    links:
      - forgejo-db
    volumes:
      - ./forgejo/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - FORGEJO__database__DB_TYPE=mysql
      - FORGEJO__database__HOST=forgejo-db:3306
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=forgejo1234
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.forgejo_app.rule=Host(`oxmox.dev`) && PathPrefix(`/forge`)"
      - "traefik.http.routers.forgejo_app.entrypoints=websecure"
      - "traefik.http.routers.forgejo_app.tls.certresolver=myresolver"
      - "traefik.http.routers.forgejo_app.middlewares=forgejo_app_strip"
      - "traefik.http.middlewares.forgejo_app_strip.stripprefix.prefixes=/forge"
      - "traefik.http.services.forgejo-app.loadbalancer.server.port=3000"

  prometheus:
    image: prom/prometheus
    container_name: "prometheus"
    restart: unless-stopped
    <<: *logging
    command:
      - '--web.external-url=/prometheus/'
      - '--web.route-prefix=/prometheus/'
      - '--storage.tsdb.path=/prometheus/tsdb'
    volumes:
      - ./prometheus:/prometheus
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.prometheus_app.rule=Host(`oxmox.dev`) && PathPrefix(`/prometheus`)"
      - "traefik.http.routers.prometheus_app.entrypoints=websecure"
      - "traefik.http.routers.prometheus_app.tls.certresolver=myresolver"
      - "traefik.http.routers.prometheus_app.middlewares=traefik_api_auth"
      - "traefik.http.services.prometheus_app.loadbalancer.server.port=9090"

  grafana:
    image: grafana/grafana
    container_name: "grafana"
    restart: unless-stopped
    <<: *logging
    depends_on:
      - prometheus
    volumes:
      - ./grafana/data:/var/lib/grafana
      - ./grafana/etc:/etc/grafana
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
      #- GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION=true
      - GF_INSTALL_PLUGINS=grafana-piechart-panel
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana_app.rule=Host(`oxmox.dev`) && PathPrefix(`/grafana`)"
      - "traefik.http.routers.grafana_app.entrypoints=websecure"
      - "traefik.http.routers.grafana_app.tls.certresolver=myresolver"
      - "traefik.http.routers.grafana_app.middlewares=traefik_api_auth,grafana_app_strip"
      - "traefik.http.middlewares.grafana_app_strip.stripprefix.prefixes=/grafana"
      - "traefik.http.services.grafana_app.loadbalancer.server.port=3000"

  node-exporter:
    #image: quay.io/prometheus/node-exporter:latest
    image: prom/node-exporter:latest
    container_name: node-exporter
    restart: unless-stopped
    <<: *logging
    #network_mode: host
    pid: host
    volumes:
      #- /proc:/host/proc:ro
      #- /sys:/host/sys:ro
      - /:/rootfs:ro,rslave
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    command:
      #- '--path.procfs=/host/proc'
      - '--path.rootfs=/rootfs'
      #- '--path.sysfs=/host/sys'
      #- '--dollector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
    expose:
      - 9100

  loki-app:
    image: grafana/loki:2.8.4
    container_name: "loki-app"
    restart: unless-stopped
    <<: *logging
    volumes:
      - ./loki/etc:/etc/loki
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
    command: -config.file=/etc/loki/loki-config.yml
    ports:
      - "127.0.0.1:3100:3100"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.loki_app.rule=Host(`oxmox.dev`) && PathPrefix(`/loki`)"
      - "traefik.http.routers.loki_app.entrypoints=websecure"
      - "traefik.http.routers.loki_app.tls.certresolver=myresolver"
      - "traefik.http.routers.loki_app.middlewares=traefik_api_auth,loki_app_strip"
      - "traefik.http.middlewares.loki_app_strip.stripprefix.prefixes=/loki"
      - "traefik.http.services.loki_app.loadbalancer.server.port=3100"

  loki-promtail:
    image: grafana/promtail:2.8.4
    container_name: "loki-promtail"
    restart: unless-stopped
    <<: *logging
    volumes:
      - ./loki/etc:/etc/promtail
      - /var/log:/var/log
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=1000
      - PGID=1000
    command: -config.file=/etc/promtail/promtail-config.yml
    labels:
      - "traefik.enable=false"


  #wireguard:
  #  image: lscr.io/linuxserver/wireguard:latest
  #  container_name: wireguard
  #  labels:
  #    - "traefik.enable=true"
  #  cap_add:
  #    - NET_ADMIN
  #    #- SYS_MODULE
  #  environment:
  #    - PUID=1000
  #    - PGID=1000
  #    #- SERVERURL=wireguard.oxmox.dev #optional
  #    - SERVERPORT=51820 #optional
  #    - PEERS=1 #optional
  #    - PEERDNS=auto #optional
  #    - INTERNAL_SUBNET=10.42.23.0 #optional
  #    - ALLOWEDIPS=10.42.23.0/24 #optional
  #    - PERSISTENTKEEPALIVE_PEERS= #optional
  #    - LOG_CONFS=true #optional
  #  volumes:
  #    - ./wireguard:/config
  #    #- /lib/modules:/lib/modules #optional
  #  ports:
  #    - 51820:51820/udp
  #  sysctls:
  #    - net.ipv4.conf.all.src_valid_mark=1
  #  restart: unless-stopped
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`version: "3.3"`

move secrets up top; cleanup 2023-09-04 21:28:12 +02:00			`secrets:`
			`nextcloud_db_password:`
			`file: ./secrets/nextcloud_db_password`
			`nextcloud_db_root_password:`
			`file: ./secrets/nextcloud_db_root_password`
			`nextcloud_admin_password:`
			`file: ./secrets/nextcloud_admin_password`
			`forgejo_db_root_password:`
			`file: ./secrets/forgejo_db_root_password`

node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`# logger driver - change this driver to ship all container logs to a different location`
			`x-logging: &logging`
			`logging:`
			`driver: loki`
			`options:`
			`loki-url: "http://localhost:3100/loki/api/v1/push"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			`mode: "non-blocking"`
			`max-buffer-size: "32m"`
			`loki-retries: "3"`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`services:`
			`traefik:`
			`image: "traefik:v2.10"`
			`container_name: "traefik"`
cleanup 2023-09-04 23:57:44 +02:00			`restart: unless-stopped`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`<<: *logging`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`command:`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`- "--log.level=INFO"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`- "--accesslog=true"`
			`- "--accesslog.filePath=/logs/access.log"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`- "--api.insecure=false"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`- "--api.dashboard=true"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`- "--providers.docker=true"`
			`- "--providers.docker.exposedbydefault=false"`
enable metrics and file provider 2023-09-04 21:28:34 +02:00			`- "--providers.file.directory=/conf"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`- "--entrypoints.websecure.address=:443"`
enable metrics and file provider 2023-09-04 21:28:34 +02:00			`- "--metrics.prometheus=true"`
add forgejo Installer was run with auth protection through port 3000. Then config was switched to /forge prefix. 2023-09-04 20:56:57 +02:00			`#- "--entrypoints.forge.address=:3000"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`- "--certificatesresolvers.myresolver.acme.tlschallenge=true"`
			`#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"`
			`- "--certificatesresolvers.myresolver.acme.email=badctoxymoron@gmx.de"`
			`- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"`
			`ports:`
			`- "443:443"`
add forgejo Installer was run with auth protection through port 3000. Then config was switched to /forge prefix. 2023-09-04 20:56:57 +02:00			`#- "3000:3000"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`#- "8080:8080"`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`volumes:`
enable metrics and file provider 2023-09-04 21:28:34 +02:00			`- ./letsencrypt:/letsencrypt`
			`- ./traefik/logs:/logs`
			`- ./traefik/conf:/conf`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
expose /etc/timezone & /etc/localtime to containers 2023-09-04 18:47:24 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
initial commit: traefik and letsencrypt working 2023-09-03 03:13:03 +02:00			`labels:`
			`- "traefik.enable=true"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			`# Make the traefik dashboard available under https://oxmox.dev/traefik/dashboard/`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`# For some reason it's slow when used this way. It's fast when exposed via port 8080 and api.insecure=true.`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.traefik_api.rule=Host(`oxmox.dev`) && (PathPrefix(`/api`) \|\| PathPrefix(`/traefik`))"
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00			`- "traefik.http.routers.traefik_api.entrypoints=websecure"`
			`- "traefik.http.routers.traefik_api.tls.certresolver=myresolver"`
			`- "traefik.http.routers.traefik_api.service=api@internal"`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`- "traefik.http.routers.traefik_api.middlewares=traefik_api_auth,traefik_api_strip"`
			`- "traefik.http.middlewares.traefik_api_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s."`
cleanup 2023-09-04 23:57:44 +02:00			`- "traefik.http.middlewares.traefik_api_strip.stripprefix.prefixes=/traefik"`
dashboard now at traefik/dashboard/ (it's slow) 2023-09-03 17:13:09 +02:00
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`whoami:`
			`image: "traefik/whoami"`
			`container_name: "simple-service"`
			`labels:`
			`- "traefik.enable=true"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.whoami.rule=Host(`oxmox.dev`) && Path(`/whoami`)"
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`- "traefik.http.routers.whoami.entrypoints=websecure"`
			`- "traefik.http.routers.whoami.tls.certresolver=myresolver"`

working nextcloud setup 2023-09-03 21:52:27 +02:00			`nextcloud-db:`
			`image: mariadb:latest`
			`container_name: "nextcloud-db"`
			`restart: unless-stopped`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`<<: *logging`
nextcloud memory tuning 2023-09-04 20:56:10 +02:00			`command:`
			`- --transaction-isolation=READ-COMMITTED`
			`- --log-bin=binlog`
			`- --binlog-format=ROW`
			`# Memory usage tuning.`
			`- --max-connections=100`
			`- --thread-cache-size=2`
			`- --query-cache-size=1048576`
			`- --sort-buffer-size=1048576`
			`- --bulk-insert-buffer-size=0`
			`- --tmp-table-size=4194304`
			`- --max-heap-table-size=4194304`
			`- --key-buffer-size=4194304`
			`- --read-buffer-size=131072`
			`- --read-rnd-buffer-size=262144`
			`- --innodb-buffer-pool-size=10485760`
			`- --innodb-log-buffer-size=4194304`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`volumes:`
			`- ./nextcloud-db:/var/lib/mysql`
expose /etc/timezone & /etc/localtime to containers 2023-09-04 18:47:24 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`- MYSQL_DATABASE=nextcloud`
			`- MYSQL_USER=nextcloud`
			`- MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password`
			`- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password`
			`secrets:`
			`- nextcloud_db_password`
			`- nextcloud_db_root_password`
			`labels:`
cleanup 2023-09-04 23:57:44 +02:00			`- "traefik.enable=false"`
working nextcloud setup 2023-09-03 21:52:27 +02:00
			`nextcloud-app:`
			`image: nextcloud:stable`
			`container_name: "nextcloud-app"`
			`restart: unless-stopped`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`<<: *logging`
add nextcloud-app-cron container 2023-09-08 18:53:40 +02:00			`depends_on:`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`- nextcloud-db`
			`volumes:`
			`- ./nextcloud-app/nextcloud:/var/www/html`
expose /etc/timezone & /etc/localtime to containers 2023-09-04 18:47:24 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`environment:`
			`- MYSQL_DATABASE=nextcloud`
			`- MYSQL_USER=nextcloud`
			`- MYSQL_HOST=nextcloud-db`
			`- MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password`
			`- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password`
nextcloud memory tuning 2023-09-04 20:56:10 +02:00			`# reverse proxy setup`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`- APACHE_DISABLE_REWRITE_IP=1`
			`- TRUSTED_PROXIES=192.168.128.0/24`
add nextcloud-app-cron container 2023-09-08 18:53:40 +02:00			`- NEXTCLOUD_TRUSTED_DOMAINS=oxmox.dev`
nextcloud memory tuning 2023-09-04 20:56:10 +02:00			`# PHP tuning`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`- PHP_MEMORY_LIMIT=256M # default=512M`
nextcloud memory tuning 2023-09-04 20:56:10 +02:00			`- PHP_UPLOAD_LIMIT=512M # default=512M`
			`# Sadly this did not work for me.`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`#- NEXTCLOUD_ADMIN_USER=admin`
			`#- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password`
			`secrets:`
			`- nextcloud_db_password`
			`- nextcloud_db_root_password`
			`- nextcloud_admin_password`
			`labels:`
			`- "traefik.enable=true"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.nextcloud_app.rule=Host(`oxmox.dev`) && PathPrefix(`/nextcloud`)"
working nextcloud setup 2023-09-03 21:52:27 +02:00			`- "traefik.http.routers.nextcloud_app.entrypoints=websecure"`
			`- "traefik.http.routers.nextcloud_app.tls.certresolver=myresolver"`
			`- "traefik.http.routers.nextcloud_app.middlewares=nextcloud_app_strip"`
			`- "traefik.http.middlewares.nextcloud_app_strip.stripprefix.prefixes=/nextcloud"`

change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.nextcloud_dav.rule=Host(`oxmox.dev`) && PathPrefix(`/.well-known/`)"
working nextcloud setup 2023-09-03 21:52:27 +02:00			`- "traefik.http.routers.nextcloud_dav.entrypoints=websecure"`
			`- "traefik.http.routers.nextcloud_dav.tls.certresolver=myresolver"`
			`- "traefik.http.routers.nextcloud_dav.middlewares=nextcloud_app_dav"`
			`- "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.regex=^/.well-known/ca(l\|rd)dav"`
			`- "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.replacement=/remote.php/dav/"`

add nextcloud-app-cron container 2023-09-08 18:53:40 +02:00			`nextcloud-app-cron:`
			`image: nextcloud:stable`
			`container_name: "nextcloud-app-cron"`
			`restart: unless-stopped`
			`<<: *logging`
			`volumes:`
			`- ./nextcloud-app/nextcloud:/var/www/html`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`entrypoint: /cron.sh`
			`depends_on:`
			`- nextcloud-app`
			`labels:`
			`- "traefik.enable=true"`

add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`forgejo-db:`
			`image: mariadb:latest`
			`container_name: "forgejo-db"`
			`restart: unless-stopped`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`<<: *logging`
add forgejo Installer was run with auth protection through port 3000. Then config was switched to /forge prefix. 2023-09-04 20:56:57 +02:00			`command:`
			`- --transaction-isolation=READ-COMMITTED`
			`- --log-bin=binlog`
			`- --binlog-format=ROW`
			`# Memory usage tuning.`
			`- --max-connections=100`
			`- --thread-cache-size=2`
			`- --query-cache-size=1048576`
			`- --sort-buffer-size=1048576`
			`- --bulk-insert-buffer-size=0`
			`- --tmp-table-size=4194304`
			`- --max-heap-table-size=4194304`
			`- --key-buffer-size=4194304`
			`- --read-buffer-size=131072`
			`- --read-rnd-buffer-size=262144`
			`- --innodb-buffer-pool-size=10485760`
			`- --innodb-log-buffer-size=4194304`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`volumes:`
			`- ./forgejo/db:/var/lib/mysql`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`- MYSQL_DATABASE=forgejo`
			`- MYSQL_USER=forgejo`
			`- MYSQL_PASSWORD=forgejo1234`
			`- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/forgejo_db_root_password`
			`secrets:`
			`- forgejo_db_root_password`
working nextcloud setup 2023-09-03 21:52:27 +02:00			`labels:`
cleanup 2023-09-04 23:57:44 +02:00			`- "traefik.enable=false"`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00
			`forgejo-app:`
			`image: codeberg.org/forgejo/forgejo:1.20.3-0`
			`container_name: "forgejo-app"`
			`restart: unless-stopped`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`<<: *logging`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`links:`
			`- forgejo-db`
			`volumes:`
add forgejo Installer was run with auth protection through port 3000. Then config was switched to /forge prefix. 2023-09-04 20:56:57 +02:00			`- ./forgejo/data:/data`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- USER_UID=1000`
			`- USER_GID=1000`
			`- FORGEJO__database__DB_TYPE=mysql`
add forgejo Installer was run with auth protection through port 3000. Then config was switched to /forge prefix. 2023-09-04 20:56:57 +02:00			`- FORGEJO__database__HOST=forgejo-db:3306`
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`- FORGEJO__database__NAME=forgejo`
			`- FORGEJO__database__USER=forgejo`
			`- FORGEJO__database__PASSWD=forgejo1234`
			`labels:`
			`- "traefik.enable=true"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.forgejo_app.rule=Host(`oxmox.dev`) && PathPrefix(`/forge`)"
add non-working forgejo / reenable traefik auth 2023-09-04 18:51:54 +02:00			`- "traefik.http.routers.forgejo_app.entrypoints=websecure"`
			`- "traefik.http.routers.forgejo_app.tls.certresolver=myresolver"`
			`- "traefik.http.routers.forgejo_app.middlewares=forgejo_app_strip"`
add forgejo Installer was run with auth protection through port 3000. Then config was switched to /forge prefix. 2023-09-04 20:56:57 +02:00			`- "traefik.http.middlewares.forgejo_app_strip.stripprefix.prefixes=/forge"`
add prometheus and grafana 2023-09-04 23:58:43 +02:00			`- "traefik.http.services.forgejo-app.loadbalancer.server.port=3000"`

			`prometheus:`
			`image: prom/prometheus`
			`container_name: "prometheus"`
			`restart: unless-stopped`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`<<: *logging`
add prometheus and grafana 2023-09-04 23:58:43 +02:00			`command:`
			`- '--web.external-url=/prometheus/'`
			`- '--web.route-prefix=/prometheus/'`
			`- '--storage.tsdb.path=/prometheus/tsdb'`
			`volumes:`
			`- ./prometheus:/prometheus`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`labels:`
			`- "traefik.enable=true"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.prometheus_app.rule=Host(`oxmox.dev`) && PathPrefix(`/prometheus`)"
add prometheus and grafana 2023-09-04 23:58:43 +02:00			`- "traefik.http.routers.prometheus_app.entrypoints=websecure"`
			`- "traefik.http.routers.prometheus_app.tls.certresolver=myresolver"`
			`- "traefik.http.routers.prometheus_app.middlewares=traefik_api_auth"`
			`- "traefik.http.services.prometheus_app.loadbalancer.server.port=9090"`

			`grafana:`
			`image: grafana/grafana`
			`container_name: "grafana"`
			`restart: unless-stopped`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`<<: *logging`
add prometheus and grafana 2023-09-04 23:58:43 +02:00			`depends_on:`
			`- prometheus`
			`volumes:`
			`- ./grafana/data:/var/lib/grafana`
			`- ./grafana/etc:/etc/grafana`
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
add prometheus and grafana 2023-09-04 23:58:43 +02:00			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`#- GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION=true`
			`- GF_INSTALL_PLUGINS=grafana-piechart-panel`
			`labels:`
			`- "traefik.enable=true"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.grafana_app.rule=Host(`oxmox.dev`) && PathPrefix(`/grafana`)"
add prometheus and grafana 2023-09-04 23:58:43 +02:00			`- "traefik.http.routers.grafana_app.entrypoints=websecure"`
			`- "traefik.http.routers.grafana_app.tls.certresolver=myresolver"`
			`- "traefik.http.routers.grafana_app.middlewares=traefik_api_auth,grafana_app_strip"`
			`- "traefik.http.middlewares.grafana_app_strip.stripprefix.prefixes=/grafana"`
			`- "traefik.http.services.grafana_app.loadbalancer.server.port=3000"`
working nextcloud setup 2023-09-03 21:52:27 +02:00
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`node-exporter:`
			`#image: quay.io/prometheus/node-exporter:latest`
			`image: prom/node-exporter:latest`
			`container_name: node-exporter`
			`restart: unless-stopped`
			`<<: *logging`
			`#network_mode: host`
			`pid: host`
			`volumes:`
			`#- /proc:/host/proc:ro`
			`#- /sys:/host/sys:ro`
			`- /:/rootfs:ro,rslave`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`command:`
			`#- '--path.procfs=/host/proc'`
			`- '--path.rootfs=/rootfs'`
			`#- '--path.sysfs=/host/sys'`
			`#- '--dollector.filesystem.mount-points-exclude=^/(sys\|proc\|dev\|host\|etc)($$\|/)'`
			`expose:`
			`- 9100`

			`loki-app:`
			`image: grafana/loki:2.8.4`
			`container_name: "loki-app"`
			`restart: unless-stopped`
			`<<: *logging`
			`volumes:`
			`- ./loki/etc:/etc/loki`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`command: -config.file=/etc/loki/loki-config.yml`
			`ports:`
			`- "127.0.0.1:3100:3100"`
			`labels:`
			`- "traefik.enable=true"`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			- "traefik.http.routers.loki_app.rule=Host(`oxmox.dev`) && PathPrefix(`/loki`)"
node-exporter, loki+promtail, loki logging, up php cloud mem 2023-09-08 01:38:37 +02:00			`- "traefik.http.routers.loki_app.entrypoints=websecure"`
			`- "traefik.http.routers.loki_app.tls.certresolver=myresolver"`
			`- "traefik.http.routers.loki_app.middlewares=traefik_api_auth,loki_app_strip"`
			`- "traefik.http.middlewares.loki_app_strip.stripprefix.prefixes=/loki"`
			`- "traefik.http.services.loki_app.loadbalancer.server.port=3100"`

			`loki-promtail:`
			`image: grafana/promtail:2.8.4`
			`container_name: "loki-promtail"`
			`restart: unless-stopped`
			`<<: *logging`
			`volumes:`
			`- ./loki/etc:/etc/promtail`
			`- /var/log:/var/log`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`environment:`
			`- PUID=1000`
			`- PGID=1000`
			`command: -config.file=/etc/promtail/promtail-config.yml`
			`labels:`
			`- "traefik.enable=false"`


add working but disabled wireguard conf Need to figure out what I actually want from wireguard, then set it up properly. 2023-09-03 14:17:09 +02:00			`#wireguard:`
			`# image: lscr.io/linuxserver/wireguard:latest`
			`# container_name: wireguard`
			`# labels:`
			`# - "traefik.enable=true"`
			`# cap_add:`
			`# - NET_ADMIN`
			`# #- SYS_MODULE`
			`# environment:`
			`# - PUID=1000`
			`# - PGID=1000`
change domain to "oxmox.dev" 2023-09-08 15:24:13 +02:00			`# #- SERVERURL=wireguard.oxmox.dev #optional`
add working but disabled wireguard conf Need to figure out what I actually want from wireguard, then set it up properly. 2023-09-03 14:17:09 +02:00			`# - SERVERPORT=51820 #optional`
			`# - PEERS=1 #optional`
			`# - PEERDNS=auto #optional`
			`# - INTERNAL_SUBNET=10.42.23.0 #optional`
			`# - ALLOWEDIPS=10.42.23.0/24 #optional`
			`# - PERSISTENTKEEPALIVE_PEERS= #optional`
			`# - LOG_CONFS=true #optional`
			`# volumes:`
			`# - ./wireguard:/config`
			`# #- /lib/modules:/lib/modules #optional`
			`# ports:`
			`# - 51820:51820/udp`
			`# sysctls:`
			`# - net.ipv4.conf.all.src_valid_mark=1`
			`# restart: unless-stopped`