selfhosted
/
selfhosted-apps-docker
mirror of https://github.com/DoTheEvo/selfhosted-apps-docker.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update

This commit is contained in:
DoTheEvolution 2020-05-08 11:50:52 +02:00
parent 9dec95ed36
commit 954e74757b
2 changed files with 234 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
nextcloud/nginx.conf Normal file
View File

@ -0,0 +1,168 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server nextcloud-app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}

77
nextcloud/readme.md
View File

@ -4,7 +4,7 @@
![logo](https://i.imgur.com/VXSovC9.png)
# Purpose
# Purpose & Overview
File share & sync.
@ -12,6 +12,20 @@ File share & sync.
* [Github](https://github.com/nextcloud/server)
* [DockerHub](https://hub.docker.com/_/nextcloud/)
Nextcloud is an open source suite of client-server software for creating
and using file hosting services with wide cross platform support.
The Nextcloud server is written in PHP and JavaScript.
For remote access it employs sabre/dav, an open-source WebDAV server.
It is designed to work with several database management systems,
including SQLite, MariaDB, MySQL, PostgreSQL.
There are many ways to deploy Nextcloud, this setup is going with the most goodies.</br>
Like using [PHP-FPM](https://www.cloudways.com/blog/php-fpm-on-cloud/).
Using [Redis](https://aws.amazon.com/redis/) for more reliable
[transactional file locking](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/files_locking_transactional.html)
and for [memory file caching](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html).
# Files and directory structure
```
@ -23,22 +37,33 @@ File share & sync.
├── nextcloud-db-data/
├── .env
├── docker-compose.yml
├── nginx.conf
└── nextcloud-backup-script.sh
```
* `nextcloud-data/` - a directory where nextcloud will store users data and web app data
* `nextcloud-db-data/` - a directory where nextcloud will store its database data
* `.env` - a file containing environmental variables for docker compose
* `docker-compose.yml` - a docker compose file, telling docker how to build the containers
* `nginx.conf` - nginx web server configuration file
* `nextcloud-backup-script.sh` - a backup script if you want it
You only need to provide the files.</br>
The directories are created by docker compose on the first run.
# docker-compose
Official examples [here](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose)
Four containers to spin up
* **nextcloud** - nextcloud app that stores uploaded files and runs
apache web server with php as a module.
* **nextcloud-db** - mariadb database where files-metadata
and users-metadata are stored
* **nextcloud-app** - nextcloud backend app that stores the files and facilitate
the sync
* **nextcloud-db** - mariadb database where files-metadata and users-metadata are stored
* **nextcloud-web** - nginx web server setup to provide fastCGI PHP-FPM
* **nextcloud-redis** - in memory file caching
and more reliable transactional file locking
* **nextcloud-cron** - for being able to run maintenance cronjobs
* **nextcloud-cron** - for being able to run periodic maintenance cronjobs
`docker-compose.yml`
```yml
@ -65,10 +90,10 @@ services:
hostname: nextcloud-redis
restart: unless-stopped
nextcloud:
image: nextcloud:apache
container_name: nextcloud
hostname: nextcloud
nextcloud-app:
image: nextcloud:fpm-alpine
container_name: nextcloud-app
hostname: nextcloud-app
restart: unless-stopped
depends_on:
- nextcloud-db
@ -86,8 +111,17 @@ services:
- SMTP_NAME
- SMTP_PASSWORD
nextcloud-web:
image: nginx:alpine
container_name: nextcloud-web
hostname: nextcloud-web
restart: unless-stopped
volumes:
- ./nextcloud-data/:/var/www/html:ro
- ./nginx.conf:/etc/nginx/nginx.conf:ro
nextcloud-cron:
image: nextcloud:apache
image: nextcloud:fpm-alpine
container_name: nextcloud-cron
hostname: nextcloud-cron
restart: unless-stopped
@ -130,7 +164,28 @@ SMTP_PORT=465
SMTP_NAME=apikey
SMTP_PASSWORD=SG.asdasdasdasdasdasdsaasdasdsa
```
`nginx.conf`
*I wont be pasting it here in full text, but it is included this github repo.*
This is nginx web server configuration file, specifically setup
to support fastCGI PHP-FPM.
Taken from [this official nextcloud example
setup](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web)
and changed one thing in it - the upstream hostname from `app` to `nextcloud-app`
```
upstream php-handler {
server nextcloud-app:9000;
}
```
---
**All containers must be on the same network**.</br>
Which is named in the `.env` file.</br>
If one does not exist yet: `docker network create caddy_net`
# Reverse proxy