diff --git a/roles/nextcloud-docker/files/nextcloud/Dockerfile.cron b/roles/nextcloud-docker/files/nextcloud/Dockerfile.cron
deleted file mode 100644
index 24ffc7a..0000000
--- a/roles/nextcloud-docker/files/nextcloud/Dockerfile.cron
+++ /dev/null
@@ -1,15 +0,0 @@
-FROM nextcloud:fpm
-
-RUN apt-get update && apt-get install -y \
- supervisor \
- cron \
- vim \
- && rm -rf /var/lib/apt/lists/*
-
-RUN mkdir /var/log/supervisord /var/run/supervisord && \
- echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab -
-
-COPY supervisord.conf /etc/supervisor/supervisord.conf
-
-CMD ["/usr/bin/supervisord"]
-
diff --git a/roles/nextcloud-docker/files/nextcloud/app/Dockerfile b/roles/nextcloud-docker/files/nextcloud/app/Dockerfile
new file mode 100644
index 0000000..4443ff4
--- /dev/null
+++ b/roles/nextcloud-docker/files/nextcloud/app/Dockerfile
@@ -0,0 +1,4 @@
+FROM nextcloud:fpm
+
+COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
+
diff --git a/roles/nextcloud-docker/files/nextcloud/app/redis.config.php b/roles/nextcloud-docker/files/nextcloud/app/redis.config.php
new file mode 100644
index 0000000..2baa9d3
--- /dev/null
+++ b/roles/nextcloud-docker/files/nextcloud/app/redis.config.php
@@ -0,0 +1,9 @@
+ '\OC\Memcache\Redis',
+ 'redis' => array(
+ 'host' => 'redis',
+ 'port' => 6379,
+ ),
+);
+
diff --git a/roles/nextcloud-docker/files/nextcloud/config/.htaccess b/roles/nextcloud-docker/files/nextcloud/config/.htaccess
deleted file mode 100755
index 79e65ab..0000000
--- a/roles/nextcloud-docker/files/nextcloud/config/.htaccess
+++ /dev/null
@@ -1,15 +0,0 @@
-# line below if for Apache 2.4
-
-Require all denied
-
-
-# line below if for Apache 2.2
-
-deny from all
-
-
-# section for Apache 2.2 and 2.4
-
-IndexIgnore *
-
-
diff --git a/roles/nextcloud-docker/files/nextcloud/config/apcu.config.php b/roles/nextcloud-docker/files/nextcloud/config/apcu.config.php
deleted file mode 100755
index 69fed87..0000000
--- a/roles/nextcloud-docker/files/nextcloud/config/apcu.config.php
+++ /dev/null
@@ -1,4 +0,0 @@
- '\OC\Memcache\APCu',
-);
diff --git a/roles/nextcloud-docker/files/nextcloud/config/apps.config.php b/roles/nextcloud-docker/files/nextcloud/config/apps.config.php
deleted file mode 100755
index a4bed83..0000000
--- a/roles/nextcloud-docker/files/nextcloud/config/apps.config.php
+++ /dev/null
@@ -1,15 +0,0 @@
- array (
- 0 => array (
- "path" => OC::$SERVERROOT."/apps",
- "url" => "/apps",
- "writable" => false,
- ),
- 1 => array (
- "path" => OC::$SERVERROOT."/custom_apps",
- "url" => "/custom_apps",
- "writable" => true,
- ),
- ),
-);
diff --git a/roles/nextcloud-docker/files/nextcloud/config/nginx.conf b/roles/nextcloud-docker/files/nextcloud/config/nginx.conf
deleted file mode 100644
index 77716a6..0000000
--- a/roles/nextcloud-docker/files/nextcloud/config/nginx.conf
+++ /dev/null
@@ -1,111 +0,0 @@
-user www-data;
-
-events {
- worker_connections 768;
-}
-
-http {
- upstream backend {
- server app:9000;
- }
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- server {
- listen 80;
-
- # Add headers to serve security related headers
- #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header X-Download-Options noopen;
- add_header X-Permitted-Cross-Domain-Policies none;
-
- root /var/www/html;
- client_max_body_size 10G; # 0=unlimited - set max upload size
- fastcgi_buffers 64 4K;
-
- gzip off;
-
- index index.php;
- error_page 403 /core/templates/403.php;
- error_page 404 /core/templates/404.php;
-
- rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
- rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
-
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
-
- location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
- deny all;
- }
-
- location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
- deny all;
- }
-
- location / {
- rewrite ^/remote/(.*) /remote.php last;
- rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
- try_files $uri $uri/ =404;
- }
-
- location ~ \.php(?:$|/) {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
- fastcgi_pass backend;
- fastcgi_intercept_errors on;
- }
-
- # Adding the cache control header for js and css files
- # Make sure it is BELOW the location ~ \.php(?:$|/) { block
- location ~* \.(?:css|js)$ {
- add_header Cache-Control "public, max-age=7200";
- # Add headers to serve security related headers
- #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header X-Download-Options noopen;
- add_header X-Permitted-Cross-Domain-Policies none;
- # Optional: Don't log access to assets
- access_log off;
- }
-
- # Optional: Don't log access to other assets
- location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
- access_log off;
- }
-
- # collabora static files
- location ^~ /loleaflet {
- proxy_pass https://collabora:9980;
- proxy_set_header Host $http_host;
- }
-
- # collabora WOPI discovery URL
- location ^~ /hosting/discovery {
- proxy_pass https://collabora:9980;
- proxy_set_header Host $http_host;
- }
-
- # collabora websockets, download, presentation and image upload
- location ^~ /lool {
- proxy_pass https://collabora:9980;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $http_host;
- }
- }
-}
-
diff --git a/roles/nextcloud-docker/files/nextcloud/docker-compose.yml b/roles/nextcloud-docker/files/nextcloud/docker-compose.yml
index ca4c7ea..46ec430 100644
--- a/roles/nextcloud-docker/files/nextcloud/docker-compose.yml
+++ b/roles/nextcloud-docker/files/nextcloud/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '2.2'
+version: '3'
networks:
proxy-tier:
@@ -7,43 +7,63 @@ networks:
services:
web:
- image: nginx
+ build: ./web
volumes:
- - ./config/nginx.conf:/etc/nginx/nginx.conf:ro
+ - /var/lib/nextcloud:/var/www/html:ro
- /etc/localtime:/etc/localtime:ro
- links:
- - app
- - collabora
- volumes_from:
- - app
environment:
- VIRTUAL_HOST=${CLOUD_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
+ depends_on:
+ - app
+ - collabora
networks:
- proxy-tier
+ - default
restart: always
app:
- build:
- context: .
- dockerfile: Dockerfile.cron
- links:
- - db
+ build: ./app
volumes:
- - /var/lib/nextcloud/apps:/var/www/html/apps
- - ./config:/var/www/html/config
- - /var/lib/nextcloud/data:/var/www/html/data
+ - ./config/config.php:/var/www/html/config/config.php
+ - /var/lib/nextcloud:/var/www/html
- /media:/media
- /etc/localtime:/etc/localtime:ro
- networks:
- - proxy-tier
+ environment:
+ - MYSQL_HOST=db
+ env_file:
+ - db.env
+ depends_on:
+ - db
+ - redis
restart: always
+ cron:
+ build: ./app
+ restart: always
+ volumes:
+ - /var/lib/nextcloud:/var/www/html
+ user: www-data
+ entrypoint: |
+ bash -c 'bash -s < 'noreply@banditlair.com',
'mail_smtppassword' => '{{email_password}}',
'filelocking.enabled' => true,
- 'memcache.locking' => '\\OC\\Memcache\\Redis',
- 'redis' =>
- array (
- 'host' => 'redis',
- 'port' => 6379,
- 'timeout' => 0.0,
- 'password' => '',
- ),
);
diff --git a/roles/nextcloud-docker/templates/nextcloud/db.env b/roles/nextcloud-docker/templates/nextcloud/db.env
new file mode 100644
index 0000000..ad0d03a
--- /dev/null
+++ b/roles/nextcloud-docker/templates/nextcloud/db.env
@@ -0,0 +1,4 @@
+MYSQL_PASSWORD={{nextcloud_mysql_password}}
+MYSQL_DATABASE=nextcloud
+MYSQL_USER=nextcloud
+
diff --git a/roles/nginx-proxy-docker/files/proxy/docker-compose.yml b/roles/nginx-proxy-docker/files/proxy/docker-compose.yml
index d0b656b..07fe860 100644
--- a/roles/nginx-proxy-docker/files/proxy/docker-compose.yml
+++ b/roles/nginx-proxy-docker/files/proxy/docker-compose.yml
@@ -11,6 +11,8 @@ services:
ports:
- 80:80
- 443:443
+ labels:
+ com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/vhost.d:/etc/nginx/vhost.d