version: "3.3" services: traefik: image: "traefik:v2.10" container_name: "traefik" command: - "--log.level=DEBUG" - "--accesslog=true" - "--accesslog.filePath=/logs/access.log" - "--api.insecure=false" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.tlschallenge=true" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - "--certificatesresolvers.myresolver.acme.email=badctoxymoron@gmx.de" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" ports: - "443:443" #- "8080:8080" volumes: - "./letsencrypt:/letsencrypt" - "./traefik/logs:/logs" - "/var/run/docker.sock:/var/run/docker.sock:ro" environment: - TZ=Europe/Berlin labels: - "traefik.enable=true" # Make the traefik dashboard available under https://oxmox.root.sx/traefik/dashboard/ # For some reason it's slow when used this way. It's fast when exposed via port 8080 and api.insecure=true. - "traefik.http.routers.traefik_api.rule=Host(`oxmox.root.sx`) && (PathPrefix(`/api`) || PathPrefix(`/traefik`))" - "traefik.http.routers.traefik_api.entrypoints=websecure" - "traefik.http.routers.traefik_api.tls.certresolver=myresolver" - "traefik.http.routers.traefik_api.service=api@internal" - "traefik.http.routers.traefik_api.middlewares=traefik_api_strip" #- "traefik.http.middlewares.traefik_api_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s." - "traefik.http.middlewares.traefik_api_strip.stripprefix.prefixes=/traefik/" nextcloud-db: image: mariadb:latest container_name: "nextcloud-db" restart: unless-stopped command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: - ./nextcloud-db:/var/lib/mysql environment: - PUID=1000 - PGID=1000 - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password - TZ=Europe/Berlin secrets: - nextcloud_db_password - nextcloud_db_root_password labels: - "traefik.enable=true" nextcloud-app: image: nextcloud:stable container_name: "nextcloud-app" restart: unless-stopped links: - nextcloud-db depends_on: - nextcloud-db volumes: - ./nextcloud-app/nextcloud:/var/www/html environment: - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_HOST=nextcloud-db - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password # https://github.com/nextcloud/docker/blob/master/README.md#using-the-apache-image-behind-a-reverse-proxy-and-auto-configure-server-host-and-protocol - APACHE_DISABLE_REWRITE_IP=1 - TRUSTED_PROXIES=192.168.128.0/24 - NEXTCLOUD_TRUSTED_DOMAINS=* #- NEXTCLOUD_ADMIN_USER=admin #- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password - TZ=Europe/Berlin secrets: - nextcloud_db_password - nextcloud_db_root_password - nextcloud_admin_password labels: - "traefik.enable=true" - "traefik.http.routers.nextcloud_app.rule=Host(`oxmox.root.sx`) && PathPrefix(`/nextcloud`)" - "traefik.http.routers.nextcloud_app.entrypoints=websecure" - "traefik.http.routers.nextcloud_app.tls.certresolver=myresolver" - "traefik.http.routers.nextcloud_app.middlewares=nextcloud_app_strip" - "traefik.http.middlewares.nextcloud_app_strip.stripprefix.prefixes=/nextcloud" #- "traefik.http.middlewares.nextcloud_app_auth.basicauth.users=florian:$$apr1$$x/GrMMGU$$Dn7yVliaRFEwlW17SNh6s." - "traefik.http.routers.nextcloud_dav.rule=Host(`oxmox.root.sx`) && PathPrefix(`/.well-known/`)" - "traefik.http.routers.nextcloud_dav.entrypoints=websecure" - "traefik.http.routers.nextcloud_dav.tls.certresolver=myresolver" - "traefik.http.routers.nextcloud_dav.middlewares=nextcloud_app_dav" - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - "traefik.http.middlewares.nextcloud_app_dav.replacepathregex.replacement=/remote.php/dav/" whoami: image: "traefik/whoami" container_name: "simple-service" labels: - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`oxmox.root.sx`) && Path(`/whoami`)" - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls.certresolver=myresolver" secrets: nextcloud_db_password: file: ./secrets/nextcloud_db_password nextcloud_db_root_password: file: ./secrets/nextcloud_db_root_password nextcloud_admin_password: file: ./secrets/nextcloud_admin_password #dashboard: # image: "traefik/whoami" # container_name: "dashboard-service" # labels: # - "traefik.enable=true" # - "traefik.http.routers.dashboard.rule=Host(`oxmox.root.sx`) && PathPrefix(`/dashboard`)" # - "traefik.http.routers.dashboard.entrypoints=websecure" # - "traefik.http.routers.dashboard.tls.certresolver=myresolver" #wireguard: # image: lscr.io/linuxserver/wireguard:latest # container_name: wireguard # labels: # - "traefik.enable=true" # cap_add: # - NET_ADMIN # #- SYS_MODULE # environment: # - PUID=1000 # - PGID=1000 # - TZ=Europe/Berlin # #- SERVERURL=wireguard.oxmox.root.sx #optional # - SERVERPORT=51820 #optional # - PEERS=1 #optional # - PEERDNS=auto #optional # - INTERNAL_SUBNET=10.42.23.0 #optional # - ALLOWEDIPS=10.42.23.0/24 #optional # - PERSISTENTKEEPALIVE_PEERS= #optional # - LOG_CONFS=true #optional # volumes: # - ./wireguard:/config # #- /lib/modules:/lib/modules #optional # ports: # - 51820:51820/udp # sysctls: # - net.ipv4.conf.all.src_valid_mark=1 # restart: unless-stopped