Add mailu and nextcloud

roles/nextcloud-docker/files/nextcloud/Dockerfile.cron

@@ -0,0 +1,14 @@
+FROM nextcloud:fpm
+
+RUN apt-get update && apt-get install -y \
+  supervisor \
+  cron \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir /var/log/supervisord /var/run/supervisord && \ 
+  echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab -
+
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+
+CMD ["/usr/bin/supervisord"]
+

roles/nextcloud-docker/files/nextcloud/config/.htaccess

@@ -0,0 +1,15 @@
+# line below if for Apache 2.4
+<ifModule mod_authz_core.c>
+Require all denied
+</ifModule>
+
+# line below if for Apache 2.2
+<ifModule !mod_authz_core.c>
+deny from all
+</ifModule>
+
+# section for Apache 2.2 and 2.4
+<ifModule mod_autoindex.c>
+IndexIgnore *
+</ifModule>
+

roles/nextcloud-docker/files/nextcloud/config/apcu.config.php

@@ -0,0 +1,4 @@
+<?php
+$CONFIG = array (
+  'memcache.local' => '\OC\Memcache\APCu',
+);

roles/nextcloud-docker/files/nextcloud/config/apps.config.php

@@ -0,0 +1,15 @@
+<?php
+$CONFIG = array (
+  "apps_paths" => array (
+      0 => array (
+              "path"     => OC::$SERVERROOT."/apps",
+              "url"      => "/apps",
+              "writable" => false,
+      ),
+      1 => array (
+              "path"     => OC::$SERVERROOT."/custom_apps",
+              "url"      => "/custom_apps",
+              "writable" => true,
+      ),
+  ),
+);

roles/nextcloud-docker/files/nextcloud/config/nginx.conf

@@ -0,0 +1,111 @@
+user www-data;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  upstream backend {
+      server app:9000;
+  }
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  server {
+    listen 80;
+    
+    # Add headers to serve security related headers
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Permitted-Cross-Domain-Policies none;
+
+    root /var/www/html;
+    client_max_body_size 10G; # 0=unlimited - set max upload size
+    fastcgi_buffers 64 4K;
+
+    gzip off;
+
+    index index.php;
+    error_page 403 /core/templates/403.php;
+    error_page 404 /core/templates/404.php;
+
+    rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
+    rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
+ 
+    location = /robots.txt {
+      allow all;
+      log_not_found off;
+      access_log off;
+    }
+      
+    location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
+      deny all;
+    }
+
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+      deny all;
+    }
+  
+    location / {
+      rewrite ^/remote/(.*) /remote.php last;
+      rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+      try_files $uri $uri/ =404;
+    }
+  
+    location ~ \.php(?:$|/) {
+      fastcgi_split_path_info ^(.+\.php)(/.+)$;
+      include fastcgi_params;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      fastcgi_param PATH_INFO $fastcgi_path_info;
+      fastcgi_param HTTPS on;
+      fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+      fastcgi_pass backend;
+      fastcgi_intercept_errors on;
+    }
+
+    # Adding the cache control header for js and css files
+    # Make sure it is BELOW the location ~ \.php(?:$|/) { block
+    location ~* \.(?:css|js)$ {
+      add_header Cache-Control "public, max-age=7200";
+      # Add headers to serve security related headers
+      #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+      add_header X-Content-Type-Options nosniff;
+      add_header X-Frame-Options "SAMEORIGIN";
+      add_header X-XSS-Protection "1; mode=block";
+      add_header X-Robots-Tag none;
+      add_header X-Download-Options noopen;
+      add_header X-Permitted-Cross-Domain-Policies none;
+      # Optional: Don't log access to assets
+      access_log off;
+    }
+
+    # Optional: Don't log access to other assets
+    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
+      access_log off;
+    }
+
+    # collabora static files
+    location ^~ /loleaflet {
+        proxy_pass https://collabora:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # collabora WOPI discovery URL
+    location ^~ /hosting/discovery {
+        proxy_pass https://collabora:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # collabora websockets, download, presentation and image upload
+    location ^~ /lool {
+        proxy_pass https://collabora:9980;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+    }
+  }
+}
+

roles/nextcloud-docker/files/nextcloud/docker-compose.yml

@@ -0,0 +1,77 @@
+version: '2.2'
+
+networks:
+  proxy-tier:
+    external:
+      name: nginx-proxy
+
+services:
+  web:
+    image: nginx
+    volumes:
+      - ./config/nginx.conf:/etc/nginx/nginx.conf:ro
+    links:
+      - app
+      - collabora
+    volumes_from:
+      - app
+    environment:
+      - VIRTUAL_HOST=${CLOUD_DOMAIN}
+      - VIRTUAL_NETWORK=nginx-proxy
+      - VIRTUAL_PORT=80
+    networks:
+      - proxy-tier
+    restart: always
+
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile.cron
+    links:
+      - db
+    volumes:
+      - /var/lib/nextcloud/apps:/var/www/html/apps
+      - ./config:/var/www/html/config
+      - /var/lib/nextcloud/data:/var/www/html/data
+      - /media:/media
+    networks:
+      - proxy-tier
+    restart: always
+
+  db:
+    image: mariadb
+    volumes:
+      - /var/lib/nextcloud/db:/var/lib/mysql
+      - /backups/nextcloud:/backups
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+    networks:
+      - proxy-tier
+    restart: always
+
+  redis:
+    image: redis
+    networks:
+      - proxy-tier
+    restart: always
+
+  collabora:
+    image: collabora/code
+    cap_add:
+      - MKNOD
+    expose:
+      - 9980
+    environment:
+      - domain=${CLOUD_DOMAIN}
+      - VIRTUAL_HOST=${COLLABORA_DOMAIN}
+      - VIRTUAL_NETWORK=nginx-proxy
+      - VIRTUAL_PORT=9980
+        #- VIRTUAL_PROTO=https
+#      - LETSENCRYPT_HOST=${COLLABORA_DOMAIN}
+#      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+    networks:
+      - proxy-tier
+    restart: always

roles/nextcloud-docker/files/nextcloud/supervisord.conf

@@ -0,0 +1,23 @@
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
+logfile_backups=10                              ; number of backed up logfiles
+loglevel=error
+
+[program:php-fpm]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=php-fpm
+
+[program:cron]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=cron -f
+