Unverified Commit d85eecf4 authored by Tom Moulard's avatar Tom Moulard
Browse files

nextcloud: reformat, more config, less issues/warns and better doc

parent b01a158b

.env.default

+5 −0
Original line number Diff line number Diff line
@@ -11,6 +11,11 @@ KIBANA_IMAGE_VERSION= 
LOGSTASH_IMAGE_VERSION=

MORTY_IMAGE_VERSION=

MORTY_KEY=

NEXTCLOUD_IMAGE_VERSION=

NEXTCLOUD_MYSQL_DATABASE=

NEXTCLOUD_MYSQL_PASSWORD=

NEXTCLOUD_MYSQL_ROOT_PASSWORD=

NEXTCLOUD_MYSQL_USER=

NGINX_IMAGE_VERSION=

ROOT_EMAIL=

SEARX_IMAGE_VERSION=

nextcloud/README.md

+35 −0
Original line number Diff line number Diff line
@@ -52,3 +52,38 @@ To remove maintenance mode: 
```bash

docker-compose exec -u www-data nextcloud php occ maintenance:mode --off

```



## Misc



### Re apply the coniguration



If you want to re apply the configuration of nextcloud, you can always run this:

```bash

docker-compose -u www-data exec nextcloud php occ maintenance:repair

```



### php-imagick



To fix this issue:

```

Module php-imagick in this instance has no SVG support. For better compatibility it is recommended to install it.

```



Run:



```bash

docker-compose exec nextcloud apt -y install libmagickcore-6.q16-6-extra

```



### default_phone_region



To fix this issue:

```

ERROR: Can not validate phone numbers without `default_phone_region` being set in the config file

```



Run:



```bash

docker-compose -u www-data exec nextcloud php occ config:system:set default_phone_region --type string --value="FR"

```

nextcloud/docker-compose.nextcloud.yml

+29 −20
Original line number Diff line number Diff line
@@ -5,12 +5,12 @@ networks: 


services:

  nextcloud:

    image: nextcloud

    image: nextcloud:${NEXTCLOUD_IMAGE_VERSION:-latest}

    volumes:

      - './nextcloud/data:/var/www/html'

    networks:

      - 'srv'

      - 'nextcloud-internal'

      - srv

      - nextcloud-internal

    restart: always

    depends_on:

      - nextcloud-db
@@ -20,19 +20,28 @@ services: 
      timeout: 10s

      retries: 5

    labels:

      - 'traefik.enable=true'

      - 'traefik.http.routers.nextcloud.rule=Host(`nextcloud.${SITE:-localhost}`)'

      - 'traefik.http.services.nextcloud.loadbalancer.server.port=80'

      traefik.enable: true

      traefik.http.routers.nextcloud.rule: Host(`nextcloud.${SITE:-localhost}`)

      traefik.http.services.nextcloud.loadbalancer.server.port: 80



      # https://docs.nextcloud.com/server/22/admin_manual/installation/harden_server.html

      - 'traefik.http.middlewares.header-nextcloud.headers.stsincludesubdomains=true'

      - 'traefik.http.middlewares.header-nextcloud.headers.stspreload=true'

      - 'traefik.http.middlewares.header-nextcloud.headers.stsseconds=15552000'

      - 'traefik.http.middlewares.header-nextcloud.headers.customFrameOptionsValue=SAMEORIGIN'

      - 'traefik.http.middlewares.header-nextcloud.headers.browserXssFilter=true'

      - 'traefik.http.middlewares.header-nextcloud.headers.contentTypeNosniff=true'

      - 'traefik.http.middlewares.header-nextcloud.headers.referrerPolicy=no-referrer'

      - 'traefik.http.routers.nextcloud.middlewares=header-nextcloud'

      # https://doc.traefik.io/traefik/v2.6/middlewares/http/headers/

      traefik.http.middlewares.header-nextcloud.headers.stsincludesubdomains: true

      traefik.http.middlewares.header-nextcloud.headers.stspreload: true

      traefik.http.middlewares.header-nextcloud.headers.stsseconds: 15552000

      traefik.http.middlewares.header-nextcloud.headers.customFrameOptionsValue: SAMEORIGIN

      traefik.http.middlewares.header-nextcloud.headers.browserXssFilter: true

      traefik.http.middlewares.header-nextcloud.headers.contentTypeNosniff: true

      traefik.http.middlewares.header-nextcloud.headers.referrerPolicy: no-referrer



      # https://docs.nextcloud.com/server/21/admin_manual/issues/general_troubleshooting.html#service-discovery

      # https://docs.nextcloud.com/server/23/admin_manual/configuration_server/reverse_proxy_configuration.html#traefik-2

      # https://doc.traefik.io/traefik/v2.6/middlewares/http/redirectregex/

      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.permanent: true

      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.regex: https://nextcloud.${SITE:-localhost}/.well-known/(card|cal)dav

      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.replacement: https://nextcloud.${SITE:-localhost}/remote.php/dav/



      traefik.http.routers.nextcloud.middlewares: header-nextcloud,redirect-dav-nextcloud



  nextcloud-db:

    image: mariadb
@@ -40,12 +49,12 @@ services: 
    volumes:

      - './nextcloud/db:/var/lib/mysql'

    networks:

      - 'nextcloud-internal'

      - nextcloud-internal

    environment:

      - 'MYSQL_ROOT_PASSWORD=pass'

      - 'MYSQL_PASSWORD=nextcloud'

      - 'MYSQL_DATABASE=nextcloud'

      - 'MYSQL_USER=nextcloud'

      MYSQL_ROOT_PASSWORD: ${NEXTCLOUD_MYSQL_ROOT_PASSWORD:-pass}

      MYSQL_PASSWORD: ${NEXTCLOUD_MYSQL_PASSWORD:-nextcloud}

      MYSQL_DATABASE: ${NEXTCLOUD_MYSQL_DATABASE:-nextcloud}

      MYSQL_USER: ${NEXTCLOUD_MYSQL_USER:-nextcloud}

    restart: always

    healthcheck:

      test: ['CMD', 'mysqlcheck', '--all-databases', '-ppass']
@@ -53,4 +62,4 @@ services: 
      timeout: 10s

      retries: 5

    labels:

      - 'traefik.enable=false'
 
      traefik.enable: false

test_config.yml

+15 −5
Original line number Diff line number Diff line
@@ -2,6 +2,7 @@ networks: 
  codi-internal: {}

  hits-internal: {}

  mastodon-internal: {}

  nextcloud-internal: {}

  rocketchat-internal: {}

  srv: {}

services:
@@ -584,6 +585,9 @@ services: 
    - /home/runner/work/make-my-server/make-my-server/musicbot/conf:/musicBot/conf:rw

    - /home/runner/work/make-my-server/make-my-server/musicbot/playlists:/musicBot/playlists:rw

  nextcloud:

    depends_on:

      nextcloud-db:

        condition: service_started

    healthcheck:

      interval: 10s

      retries: 5
@@ -592,7 +596,7 @@ services: 
      - curl

      - 0.0.0.0:80

      timeout: 10s

    image: nextcloud

    image: nextcloud:latest

    labels:

      traefik.enable: "true"

      traefik.http.middlewares.header-nextcloud.headers.browserXssFilter: "true"
@@ -601,13 +605,17 @@ services: 
      traefik.http.middlewares.header-nextcloud.headers.referrerPolicy: no-referrer

      traefik.http.middlewares.header-nextcloud.headers.stsincludesubdomains: "true"

      traefik.http.middlewares.header-nextcloud.headers.stspreload: "true"

      traefik.http.middlewares.header-nextcloud.headers.stsseconds: '15552000'

      traefik.http.routers.nextcloud.middlewares: header-nextcloud

      traefik.http.middlewares.header-nextcloud.headers.stsseconds: "15552000"

      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.permanent: "true"

      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.regex: https://nextcloud.localhost/.well-known/(card|cal)dav

      traefik.http.middlewares.redirect-dav-nextcloud.redirectRegex.replacement: https://nextcloud.localhost/remote.php/dav/

      traefik.http.routers.nextcloud.middlewares: header-nextcloud,redirect-dav-nextcloud

      traefik.http.routers.nextcloud.rule: Host(`nextcloud.localhost`)

      traefik.http.services.nextcloud.loadbalancer.server.port: '80'

      traefik.http.services.nextcloud.loadbalancer.server.port: "80"

    links:

    - nextcloud-db

    networks:

      nextcloud-internal: {}

      srv: {}

    restart: always

    volumes:
@@ -616,7 +624,7 @@ services: 
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW

    environment:

      MYSQL_DATABASE: nextcloud

      MYSQL_PASSWORD: ''

      MYSQL_PASSWORD: nextcloud

      MYSQL_ROOT_PASSWORD: pass

      MYSQL_USER: nextcloud

    healthcheck:
@@ -631,6 +639,8 @@ services: 
    image: mariadb

    labels:

      traefik.enable: "false"

    networks:

      nextcloud-internal: {}

    restart: always

    volumes:

    - /home/runner/work/make-my-server/make-my-server/nextcloud/db:/var/lib/mysql:rw