docker/nextcloud/docker-compose.yaml

version: "3.9"

volumes:
  nextcloud:
    name: nextcloud
  nextcloud-data:
    name: nextcloud-data
  nextcloud-config:
    name: nextcloud-config

networks:
  proxy:
    external: true
  internal:
    external: true

services:
  nextcloud:
    image: nextcloud:22-fpm-alpine
    container_name: nextcloud
    restart: unless-stopped
    volumes:
      - nextcloud:/var/www/html
      - nextcloud-data:/var/www/html/data
      - nextcloud-config:/var/www/html/config
    networks:
      - internal
    environment:
      - POSTGRES_DB:nextcloud
      - POSTGRES_USER:nextcloud
      - POSTGRES_PASSWORD:jX9hKI2POvt1VrjVbBs4
      - POSTGRES_HOST:pgsql14
      - REDIS_HOST:redis
      - REDIS_HOST_PASSWORD:${REDIS_PW}
      - NEXTCLOUD_ADMIN_USER:${NEXTCLOUD_ADMIN_USER}
      - NEXTCLOUD_ADMIN_PASSWORD:${NEXTCLOUD_ADMIN_PW}
      - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.lan
      - VIRTUAL_HOST:nextcloud
    depends_on:
      - psql14
      - redis

  nginx-nc:
    image: nginx:alpine
    container_name: nginx-nc
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.entrypoints=web"
      - "traefik.http.routers.nextcloud.rule=Host(`cs-nextcloud.ddnss.de`)"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud"
      - "traefik.http.middlewares.nextcloud.redirectscheme.scheme=https"
      - "traefik.http.routers.nextcloud-secure.entrypoints=websecure"
      - "traefik.http.routers.nextcloud-secure.rule=Host(`cs-nextcloud.ddnss.de`)"
      - "traefik.http.routers.nextcloud-secure.service=nextcloud-secure"
      - "traefik.http.routers.nextcloud-secure.tls=true"
      - "traefik.http.routers.nextcloud-secure.tls.certresolver=myresolver"
      - "traefik.http.routers.nextcloud-secure.tls.domains[0].main=cs-nextcloud.ddnss.de"
      - "traefik.http.services.nextcloud-secure.loadbalancer.server.port=80"
      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-secure,nextcloud-redirect"
      - "traefik.http.middlewares.nextcloud-secure.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nextcloud-secure.headers.stsPreload=true"
      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.replacement=https://$${1}/remote.php/dav/"

    depends_on:
      - nextcloud
    networks:
      - proxy
      - internal
    volumes:
      - nextcloud:/var/www/html
      - ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf