├── .docker ├── app │ ├── Dockerfile │ └── config │ │ └── php.ini ├── nginx-proxy │ └── conf.d │ │ ├── client_max_body_size.conf │ │ ├── server_tokens.conf │ │ └── timeout.conf └── web │ ├── Dockerfile │ ├── nextcloud.conf │ └── nginx.conf ├── .env.example ├── .gitignore ├── LICENSE ├── README.md ├── docker-compose-onlyoffice.yml ├── docker-compose-postgres.yml ├── docker-compose.yml ├── docs └── README_ptBR.md └── local ├── .docker ├── app │ └── conf.d │ │ └── php.ini ├── nginx-proxy │ └── conf.d │ │ ├── client_max_body_size.conf │ │ ├── server_tokens.conf │ │ └── timeout.conf └── web │ └── nginx.conf ├── .env.dist ├── .gitignore ├── Makefile ├── README.md └── docker-compose.yml /.docker/app/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG NEXTCLOUD_VERSION=stable-fpm 2 | 3 | FROM nextcloud:${NEXTCLOUD_VERSION} 4 | 5 | RUN apt-get update \ 6 | && apt-get install -y \ 7 | locales \ 8 | poppler-utils \ 9 | && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ 10 | && locale-gen \ 11 | && rm -rf /var/lib/apt/lists/* 12 | 13 | ENV LANG=en_US.UTF-8 14 | ENV LANGUAGE=en_US:en 15 | ENV LC_ALL=en_US.UTF-8 16 | 17 | ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/ 18 | RUN chmod uga+x /usr/local/bin/install-php-extensions && sync \ 19 | && install-php-extensions \ 20 | bz2 21 | 22 | COPY config/php.ini /usr/local/etc/php/conf.d/ 23 | -------------------------------------------------------------------------------- /.docker/app/config/php.ini: -------------------------------------------------------------------------------- 1 | post_max_size=20G 2 | upload_max_filesize=20G 3 | opcache.interned_strings_buffer=64 4 | opcache.memory_consumption=256 5 | -------------------------------------------------------------------------------- /.docker/nginx-proxy/conf.d/client_max_body_size.conf: -------------------------------------------------------------------------------- 1 | client_max_body_size 0; 2 | 3 | -------------------------------------------------------------------------------- /.docker/nginx-proxy/conf.d/server_tokens.conf: -------------------------------------------------------------------------------- 1 | server_tokens off; 2 | -------------------------------------------------------------------------------- /.docker/nginx-proxy/conf.d/timeout.conf: -------------------------------------------------------------------------------- 1 | proxy_connect_timeout 3600; 2 | proxy_send_timeout 3600; 3 | proxy_read_timeout 3600; 4 | send_timeout 3600; 5 | 6 | # Value slightly larger than required for Nextcloud. 7 | # 1024Mb * 15, the necessary is 1024Mb * 10 8 | # Ref: 9 | # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#adjust-chunk-size-on-nextcloud-side 10 | # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size 11 | # Default: 1024m 12 | proxy_max_temp_file_size 15360m; 13 | -------------------------------------------------------------------------------- /.docker/web/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:alpine 2 | 3 | COPY nginx.conf /etc/nginx/nginx.conf 4 | COPY nextcloud.conf /etc/nginx/nextcloud.conf 5 | -------------------------------------------------------------------------------- /.docker/web/nextcloud.conf: -------------------------------------------------------------------------------- 1 | upstream php-handler { 2 | server app:9000; 3 | } 4 | 5 | # Set the `immutable` cache control options only for assets with a cache busting `v` argument 6 | map $arg_v $asset_immutable { 7 | "" ""; 8 | default ", immutable"; 9 | } 10 | 11 | include /etc/nginx/mime.types; 12 | default_type application/octet-stream; 13 | 14 | sendfile on; 15 | #tcp_nopush on; 16 | 17 | keepalive_timeout 65; 18 | 19 | set_real_ip_from 10.0.0.0/8; 20 | set_real_ip_from 172.16.0.0/12; 21 | set_real_ip_from 192.168.0.0/16; 22 | real_ip_header X-Real-IP; 23 | 24 | server { 25 | listen 80; 26 | include /etc/nginx/conf.d/includes/*.conf; 27 | 28 | # Path to the root of your installation 29 | root /var/www/html; 30 | 31 | # Prevent nginx HTTP Server Detection 32 | server_tokens off; 33 | 34 | # HSTS settings 35 | # WARNING: Only add the preload option once you read about 36 | # the consequences in https://hstspreload.org/. This option 37 | # will add the domain to a hardcoded list that is shipped 38 | # in all major browsers and getting removed from this list 39 | # could take several months. 40 | #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always; 41 | 42 | # set max upload size and increase upload timeout: 43 | client_max_body_size 20G; 44 | client_body_timeout 300s; 45 | fastcgi_buffers 64 4K; 46 | 47 | # Enable gzip but do not remove ETag headers 48 | gzip on; 49 | gzip_vary on; 50 | gzip_comp_level 4; 51 | gzip_min_length 256; 52 | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; 53 | gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; 54 | 55 | # Pagespeed is not supported by Nextcloud, so if your server is built 56 | # with the `ngx_pagespeed` module, uncomment this line to disable it. 57 | #pagespeed off; 58 | 59 | # The settings allows you to optimize the HTTP2 bandwidth. 60 | # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ 61 | # for tuning hints 62 | client_body_buffer_size 512k; 63 | 64 | # HTTP response headers borrowed from Nextcloud `.htaccess` 65 | add_header Referrer-Policy "no-referrer" always; 66 | add_header X-Content-Type-Options "nosniff" always; 67 | add_header X-Frame-Options "SAMEORIGIN" always; 68 | add_header X-Permitted-Cross-Domain-Policies "none" always; 69 | add_header X-Robots-Tag "noindex, nofollow" always; 70 | add_header X-XSS-Protection "1; mode=block" always; 71 | 72 | # Remove X-Powered-By, which is an information leak 73 | fastcgi_hide_header X-Powered-By; 74 | 75 | # Set .mjs and .wasm MIME types 76 | # Either include it in the default mime.types list 77 | # and include that list explicitly or add the file extension 78 | # only for Nextcloud like below: 79 | include mime.types; 80 | types { 81 | text/javascript mjs; 82 | } 83 | 84 | # Specify how to handle directories -- specifying `/index.php$request_uri` 85 | # here as the fallback means that Nginx always exhibits the desired behaviour 86 | # when a client requests a path that corresponds to a directory that exists 87 | # on the server. In particular, if that directory contains an index.php file, 88 | # that file is correctly served; if it doesn't, then the request is passed to 89 | # the front-end controller. This consistent behaviour means that we don't need 90 | # to specify custom rules for certain paths (e.g. images and other assets, 91 | # `/updater`, `/ocs-provider`), and thus 92 | # `try_files $uri $uri/ /index.php$request_uri` 93 | # always provides the desired behaviour. 94 | index index.php index.html /index.php$request_uri; 95 | 96 | # Rule borrowed from `.htaccess` to handle Microsoft DAV clients 97 | location = / { 98 | if ( $http_user_agent ~ ^DavClnt ) { 99 | return 302 /remote.php/webdav/$is_args$args; 100 | } 101 | } 102 | 103 | location = /robots.txt { 104 | allow all; 105 | log_not_found off; 106 | access_log off; 107 | } 108 | 109 | # Make a regex exception for `/.well-known` so that clients can still 110 | # access it despite the existence of the regex rule 111 | # `location ~ /(\.|autotest|...)` which would otherwise handle requests 112 | # for `/.well-known`. 113 | location ^~ /.well-known { 114 | # The rules in this block are an adaptation of the rules 115 | # in `.htaccess` that concern `/.well-known`. 116 | 117 | location = /.well-known/carddav { return 301 /remote.php/dav/; } 118 | location = /.well-known/caldav { return 301 /remote.php/dav/; } 119 | 120 | location /.well-known/acme-challenge { try_files $uri $uri/ =404; } 121 | location /.well-known/pki-validation { try_files $uri $uri/ =404; } 122 | 123 | # Let Nextcloud's API for `/.well-known` URIs handle all other 124 | # requests by passing them to the front-end controller. 125 | return 301 /index.php$request_uri; 126 | } 127 | 128 | # Rules borrowed from `.htaccess` to hide certain paths from clients 129 | location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } 130 | location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } 131 | 132 | # Ensure this block, which passes PHP files to the PHP process, is above the blocks 133 | # which handle static assets (as seen below). If this block is not declared first, 134 | # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` 135 | # to the URI, resulting in a HTTP 500 error response. 136 | location ~ \.php(?:$|/) { 137 | # Required for legacy support 138 | rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri; 139 | 140 | fastcgi_split_path_info ^(.+?\.php)(/.*)$; 141 | set $path_info $fastcgi_path_info; 142 | 143 | try_files $fastcgi_script_name =404; 144 | 145 | include fastcgi_params; 146 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 147 | fastcgi_param PATH_INFO $path_info; 148 | fastcgi_param HTTPS on; 149 | 150 | fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice 151 | fastcgi_param front_controller_active true; # Enable pretty urls 152 | fastcgi_pass php-handler; 153 | 154 | fastcgi_intercept_errors on; 155 | fastcgi_request_buffering off; 156 | 157 | fastcgi_max_temp_file_size 0; 158 | fastcgi_read_timeout 3600; 159 | } 160 | 161 | # Serve static files 162 | location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { 163 | try_files $uri /index.php$request_uri; 164 | # HTTP response headers borrowed from Nextcloud `.htaccess` 165 | add_header Cache-Control "public, max-age=15778463$asset_immutable"; 166 | add_header Referrer-Policy "no-referrer" always; 167 | add_header X-Content-Type-Options "nosniff" always; 168 | add_header X-Frame-Options "SAMEORIGIN" always; 169 | add_header X-Permitted-Cross-Domain-Policies "none" always; 170 | add_header X-Robots-Tag "noindex, nofollow" always; 171 | add_header X-XSS-Protection "1; mode=block" always; 172 | access_log off; # Optional: Don't log access to assets 173 | } 174 | 175 | location ~ \.woff2?$ { 176 | try_files $uri /index.php$request_uri; 177 | expires 7d; # Cache-Control policy borrowed from `.htaccess` 178 | access_log off; # Optional: Don't log access to assets 179 | } 180 | 181 | # Rule borrowed from `.htaccess` 182 | location /remote { 183 | return 301 /remote.php$request_uri; 184 | } 185 | 186 | location / { 187 | try_files $uri $uri/ /index.php$request_uri; 188 | } 189 | } 190 | -------------------------------------------------------------------------------- /.docker/web/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 13 | '$status $body_bytes_sent "$http_referer" ' 14 | '"$http_user_agent" "$http_x_forwarded_for"'; 15 | access_log /var/log/nginx/access.log main; 16 | 17 | include /etc/nginx/nextcloud.conf; 18 | } 19 | -------------------------------------------------------------------------------- /.env.example: -------------------------------------------------------------------------------- 1 | VIRTUAL_HOST= 2 | LETSENCRYPT_HOST= 3 | LETSENCRYPT_EMAIL= 4 | 5 | # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones 6 | TZ= 7 | 8 | POSTGRES_PASSWORD= 9 | 10 | NEXTCLOUD_ADMIN_USER= 11 | NEXTCLOUD_ADMIN_PASSWORD= 12 | 13 | NEXTCLOUD_TRUSTED_DOMAINS= 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /volumes 2 | .env 3 | docker-compose.override.yml 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Languages avaliable: [pt-BR](docs/README_ptBR.md) 2 | 3 | # Nextcloud with SSL and Docker 4 | 5 | - [Nextcloud with SSL and Docker](#nextcloud-with-ssl-and-docker) 6 | - [Setup of docker](#setup-of-docker) 7 | - [Setup of proxy](#setup-of-proxy) 8 | - [Setup of database](#setup-of-database) 9 | - [Before first run](#before-first-run) 10 | - [After setup](#after-setup) 11 | - [Custom setup](#custom-setup) 12 | - [Customize docker-compose content](#customize-docker-compose-content) 13 | - [PHP](#php) 14 | - [Run Nextcloud](#run-nextcloud) 15 | - [Use a specific version of Nextcloud](#use-a-specific-version-of-nextcloud) 16 | - [Logs](#logs) 17 | 18 | ## Setup of docker 19 | 20 | You need to have, on your server, the installed docker. The installation can be done with an official script, following the following steps: 21 | - Download the docker 22 | ```bash 23 | curl -fsSL https://get.docker.com -o get-docker.sh 24 | ``` 25 | - run the script 26 | ```bash 27 | sh get-docker.sh 28 | ``` 29 | - Give permissions to execute the Docker command to your user 30 | ```bash 31 | sudo usermod -aG docker $USER 32 | ``` 33 | - Remove the installation script 34 | ```bash 35 | rm get-docker.sh 36 | ``` 37 | 38 | ## Setup of proxy 39 | 40 | Follow the instructions of this repository: 41 | 42 | https://github.com/LibreCodeCoop/nginx-proxy 43 | 44 | ## Setup of database 45 | 46 | Follow the instructions of this repository: 47 | 48 | https://github.com/LibreCodeCoop/postgres-docker 49 | 50 | ## Before first run 51 | 52 | Copy the `.env.example` to `.env` and set the values. 53 | 54 | ```bash 55 | cp .env.example .env 56 | ``` 57 | 58 | | Environment | service | Description | 59 | |-------------|---------|-------| 60 | | [`VIRTUAL_HOST`](https://github.com/nginx-proxy/nginx-proxy#usage) | `web` | Your domain | 61 | | [`LETSENCRYPT_HOST`](https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Basic-usage.md#step-3---proxyed-containers) | `web` | Your domain | 62 | | [`LETSENCRYPT_EMAIL`](https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Let's-Encrypt-and-ACME.md#contact-address) | `web` | Your sysadmin email | 63 | | `NEXTCLOUD_TRUSTED_DOMAINS` | `app` | domains separated by comma. The domain web is mandatory, add your domain together with whe domain web. The domain `web` is the domain of Nginx service. | 64 | 65 | 66 | > **PS**: Let's Encrypt only work in servers when the `VIRTUAL_HOST` and `LETSENCRYPT_HOST` have a valid public domain registered in a DNS server. Don't try to use in localhost, don't work! 67 | 68 | Create a network 69 | 70 | ```bash 71 | docker network create reverse-proxy 72 | docker network create postgres 73 | ``` 74 | 75 | ## After setup 76 | 77 | After finish the setup, access this url: https://yourdomain.tld/settings/admin/overview. 78 | 79 | If is necessary run any occ command, run like this: 80 | 81 | ```bash 82 | docker compose exec -u www-data app ./occ db:add-missing-indices 83 | docker compose exec -u www-data app ./occ db:convert-filecache-bigint 84 | ``` 85 | 86 | ## Custom setup 87 | 88 | ### Customize docker-compose content 89 | 90 | You can do this using environments and creating a file called `docker-compose.override.yml` to add new services. 91 | 92 | ### PHP 93 | 94 | - Create your `.ini` file at `volumes/php/` folder. Example: `volumes/php/xdebug.ini` 95 | - Alter the file `docker-compose.override.yml` adding your volume 96 | ```yaml 97 | services: 98 | app: 99 | volumes: 100 | - ./volumes/php/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini 101 | ``` 102 | 103 | 104 | ### PHP-FPM 105 | 106 | - For PHP-FPM modifications, include the following volume to the app service in `docker-compose.override.yml` file: 107 | ```yaml 108 | services: 109 | app: 110 | volumes: 111 | - ./volumes/php/pm.ini:/usr/local/etc/php/conf.d/ 112 | ``` 113 | - Create a file `./volumes/php/pm.ini` with the following content (see references for tunning according your setup): 114 | ```yaml 115 | [www] 116 | pm.max_children = 10 117 | pm.start_servers = 2 118 | pm.min_spare_servers = 1 119 | pm.max_spare_servers = 3 120 | ``` 121 | 122 | - References: 123 | - https://docs.nextcloud.com/server/21/admin_manual/installation/server_tuning.html#tune-php-fpm 124 | - https://spot13.com/pmcalculator/ 125 | 126 | ## Run Nextcloud 127 | 128 | ```bash 129 | # The postgres service is executed separated to be possible reuse this service to other applications that use PostgreSQL 130 | docker compose up -f docker-compose-postgres.yml -d 131 | docker compose up -d 132 | docker compose -d 133 | ``` 134 | ## Use a specific version of Nextcloud 135 | 136 | Change the value of NEXTCLOUD_VERSION at `.env` file and put the tag name that you want to use. Check the availables tags here: https://hub.docker.com/_/nextcloud/tags 137 | 138 | Build the images, down the containers and get up again: 139 | 140 | ```bash 141 | docker compose build --pull 142 | docker compose up -d 143 | ``` 144 | 145 | ## Logs 146 | 147 | If you want to see the logs, run: 148 | 149 | ```bash 150 | docker compose logs -f --tail=100 151 | ``` 152 | You will see this message in the logs and other many upgrade messages: 153 | 154 | ```log 155 | app_1 | 2020-04-28T19:49:38.568623133Z Initializing nextcloud 18.0.4.2 ... 156 | app_1 | 2020-04-28T19:49:38.577733913Z Upgrading nextcloud from 18.0.3.0 ... 157 | ``` 158 | -------------------------------------------------------------------------------- /docker-compose-onlyoffice.yml: -------------------------------------------------------------------------------- 1 | services: 2 | onlyoffice: 3 | image: onlyoffice/documentserver 4 | restart: always 5 | environment: 6 | - VIRTUAL_HOST=${VIRTUAL_HOST_ONLYOFFICE} 7 | - LETSENCRYPT_HOST=${LETSENCRYPT_HOST_ONLYOFFICE} 8 | volumes: 9 | - ./volumes/onlyoffice/DocumentServer/logs:/var/log/onlyoffice 10 | - ./volumes/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data 11 | networks: 12 | - internal 13 | - reverse-proxy 14 | -------------------------------------------------------------------------------- /docker-compose-postgres.yml: -------------------------------------------------------------------------------- 1 | networks: 2 | postgres: 3 | external: true 4 | name: postgres 5 | 6 | services: 7 | postgres: 8 | image: postgres:11-alpine 9 | restart: always 10 | volumes: 11 | - ./volumes/postgres/data:/var/lib/postgresql/data 12 | environment: 13 | - POSTGRES_DB 14 | - POSTGRES_USER 15 | - POSTGRES_PASSWORD 16 | networks: 17 | - postgres 18 | app: 19 | networks: 20 | - postgres 21 | cron: 22 | networks: 23 | - postgres 24 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | networks: 2 | reverse-proxy: 3 | external: true 4 | name: reverse-proxy 5 | internal: 6 | driver: bridge 7 | 8 | services: 9 | app: 10 | build: 11 | context: .docker/app 12 | args: 13 | NEXTCLOUD_VERSION: ${NEXTCLOUD_VERSION:-stable-fpm} 14 | volumes: 15 | - ./volumes/nextcloud:/var/www/html 16 | restart: unless-stopped 17 | environment: 18 | - POSTGRES_DB=${POSTGRES_DB:-nextcloud} 19 | - POSTGRES_USER=${POSTGRES_USER:-nextcloud} 20 | - POSTGRES_PASSWORD 21 | - POSTGRES_HOST=${POSTGRES_HOST:-postgres} 22 | - NEXTCLOUD_ADMIN_USER 23 | - NEXTCLOUD_ADMIN_PASSWORD 24 | - NEXTCLOUD_TRUSTED_DOMAINS 25 | - SMTP_HOST 26 | - SMTP_SECURE 27 | - SMTP_PORT 28 | - SMTP_AUTHTYPE 29 | - SMTP_NAME 30 | - SMTP_PASSWORD 31 | - MAIL_FROM_ADDRESS 32 | - MAIL_DOMAIN 33 | - TZ 34 | networks: 35 | - internal 36 | 37 | web: 38 | build: .docker/web 39 | restart: unless-stopped 40 | volumes: 41 | - ./volumes/nextcloud:/var/www/html:ro 42 | - ./volumes/nginx/includes:/etc/nginx/conf.d/includes:rw 43 | environment: 44 | - VIRTUAL_HOST 45 | - LETSENCRYPT_HOST 46 | - LETSENCRYPT_EMAIL 47 | - TZ 48 | depends_on: 49 | - app 50 | networks: 51 | - internal 52 | - reverse-proxy 53 | 54 | cron: 55 | build: 56 | context: .docker/app 57 | args: 58 | NEXTCLOUD_VERSION: ${NEXTCLOUD_VERSION:-stable-fpm} 59 | restart: unless-stopped 60 | environment: 61 | - TZ 62 | volumes: 63 | - ./volumes/nextcloud:/var/www/html 64 | networks: 65 | - internal 66 | entrypoint: /cron.sh 67 | -------------------------------------------------------------------------------- /docs/README_ptBR.md: -------------------------------------------------------------------------------- 1 | # Nextcloud com SSL e Docker 2 | - [Nextcloud com SSL e Docker](#nextcloud-com-ssl-e-docker) 3 | - [Configuração do Docker](#configuração-do-docker) 4 | - [Configuração de proxy](#configuração-de-proxy) 5 | - [Antes da primeira execução](#antes-da-primeira-execução) 6 | - [Após a configuração](#após-a-configuração) 7 | - [Configuração personalizada](#configuração-personalizada) 8 | - [Personalize o conteúdo do docker-compose](#personalize-o-conteúdo-do-docker-compose) 9 | - [PHP](#php) 10 | - [Execute o Nextcloud](#execute-o-nextcloud) 11 | - [Use uma versão específica do Nextcloud](#use-uma-versão-específica-do-nextcloud) 12 | - [Logs](#logs) 13 | 14 | ## Configuração do Docker 15 | 16 | Você precisa ter, em seu servidor, o Docker instalado. A instalação pode ser feita com um script oficial, seguindo os seguintes passos: 17 | - Baixe o Docker 18 | ```bash 19 | curl -fsSL https://get.docker.com -o get-docker.sh 20 | ``` 21 | - Execute o script 22 | ```bash 23 | sh get-docker.sh 24 | ``` 25 | - Conceda permissões para executar o comando Docker para seu usuário 26 | ```bash 27 | sudo usermod -aG docker $USER 28 | ``` 29 | - Remova o script de instalação 30 | ```bash 31 | rm get-docker.sh 32 | ``` 33 | 34 | ## Configuração de proxy 35 | 36 | Siga as instruções deste repositório: 37 | 38 | https://github.com/LibreCodeCoop/nginx-proxy 39 | 40 | ## Antes da primeira execução 41 | 42 | Copie o `.env.example` para `.env` e defina os valores. 43 | 44 | ```bash 45 | cp .env.example .env 46 | ``` 47 | 48 | | Ambiente | serviço | Descrição | 49 | |-------------|---------|-------| 50 | | [`VIRTUAL_HOST`](https://github.com/nginx-proxy/nginx-proxy#usage) | `web` | Seu domínio | 51 | | [`LETSENCRYPT_HOST`](https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Basic-usage.md#step-3---proxyed-containers) | `web` | Seu domínio | 52 | | [`LETSENCRYPT_EMAIL`](https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Let's-Encrypt-and-ACME.md#contact-address) | `web` | Seu email de administrador de sistema | 53 | | `NEXTCLOUD_TRUSTED_DOMAINS` | `app` | domínios separados por vírgula. O domínio `web` é obrigatório, adicione seu domínio junto com o domínio `web`. O domínio `web` é o domínio do serviço Nginx. | 54 | 55 | > **PS**: A Let's Encrypt só funciona em servidores quando os `VIRTUAL_HOST` e `LETSENCRYPT_HOST` têm um domínio público válido registrado em um servidor DNS. Não tente usá-lo em localhost, não funciona! 56 | 57 | Crie uma rede 58 | 59 | ```bash 60 | docker network create reverse-proxy 61 | ``` 62 | 63 | ## Após a configuração 64 | 65 | Após concluir a configuração, acesse esta URL: https://seudomínio.tld/settings/admin/overview. 66 | 67 | Se for necessário executar algum comando occ, execute da seguinte forma: 68 | 69 | ```bash 70 | docker compose exec -u www-data app ./occ db:add-missing-indices 71 | docker compose exec -u www-data app ./occ db:convert-filecache-bigint 72 | ``` 73 | 74 | ## Configuração personalizada 75 | 76 | ### Personalize o conteúdo do docker-compose 77 | 78 | Você pode fazer isso usando variáveis de ambiente e criando um arquivo chamado `docker-compose.override.yml` para adicionar novos serviços. 79 | 80 | ### PHP 81 | 82 | - Crie seu arquivo `.ini` na pasta `volumes/php/`. Exemplo: `volumes/php/xdebug.ini` 83 | - Altere o arquivo `docker-compose.override.yml` adicionando seu volume 84 | ```yaml 85 | services: 86 | app: 87 | volumes: 88 | - ./volumes/php/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini 89 | ``` 90 | 91 | ## Execute o Nextcloud 92 | 93 | ```bash 94 | # O serviço postgres é executado separadamente para que seja possível reutilizar este serviço para outras aplicações que usam PostgreSQL 95 | docker compose up -f docker-compose-postgres.yml -d 96 | docker compose up -d 97 | docker compose -d 98 | ``` 99 | ## Use uma versão específica do Nextcloud 100 | 101 | Altere o valor de `NEXTCLOUD_VERSION` no arquivo `.env` e coloque o nome do rótulo que deseja usar. Verifique as tags disponíveis aqui: https://hub.docker.com/_/nextcloud/tags 102 | 103 | Construa as imagens, derrube os contêineres e inicie-os novamente: 104 | 105 | ```bash 106 | docker compose build --pull 107 | docker compose up -d 108 | ``` 109 | 110 | ## Logs 111 | 112 | Se você quiser ver os logs, execute: 113 | 114 | ```bash 115 | docker compose logs -f --tail=100 116 | ``` 117 | Você verá esta mensagem nos logs e muitas outras mensagens de atualização: 118 | 119 | ```log 120 | app_1 | 2020-04-28T19:49:38.568623133Z Inicializando o Nextcloud 18.0.4.2 ... 121 | app_1 | 2020-04-28T19:49:38.577733913Z Atualizando o Nextcloud a partir da versão 18.0.3.0 ... 122 | ``` 123 | -------------------------------------------------------------------------------- /local/.docker/app/conf.d/php.ini: -------------------------------------------------------------------------------- 1 | post_max_size=512M 2 | upload_max_filesize=512M 3 | -------------------------------------------------------------------------------- /local/.docker/nginx-proxy/conf.d/client_max_body_size.conf: -------------------------------------------------------------------------------- 1 | client_max_body_size 0; 2 | 3 | -------------------------------------------------------------------------------- /local/.docker/nginx-proxy/conf.d/server_tokens.conf: -------------------------------------------------------------------------------- 1 | server_tokens off; 2 | -------------------------------------------------------------------------------- /local/.docker/nginx-proxy/conf.d/timeout.conf: -------------------------------------------------------------------------------- 1 | proxy_connect_timeout 3600; 2 | proxy_send_timeout 3600; 3 | proxy_read_timeout 3600; 4 | send_timeout 3600; -------------------------------------------------------------------------------- /local/.docker/web/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes 1; 2 | 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | 12 | http { 13 | include /etc/nginx/mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log /var/log/nginx/access.log main; 21 | 22 | sendfile on; 23 | #tcp_nopush on; 24 | 25 | keepalive_timeout 65; 26 | 27 | set_real_ip_from 10.0.0.0/8; 28 | set_real_ip_from 172.16.0.0/12; 29 | set_real_ip_from 192.168.0.0/16; 30 | real_ip_header X-Real-IP; 31 | 32 | #gzip on; 33 | 34 | upstream php-handler { 35 | server app:9000; 36 | } 37 | 38 | server { 39 | listen 80; 40 | 41 | # Add headers to serve security related headers 42 | # Before enabling Strict-Transport-Security headers please read into this 43 | # topic first. 44 | #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; 45 | # 46 | # WARNING: Only add the preload option once you read about 47 | # the consequences in https://hstspreload.org/. This option 48 | # will add the domain to a hardcoded list that is shipped 49 | # in all major browsers and getting removed from this list 50 | # could take several months. 51 | add_header Referrer-Policy "no-referrer" always; 52 | add_header X-Content-Type-Options "nosniff" always; 53 | add_header X-Download-Options "noopen" always; 54 | add_header X-Frame-Options "SAMEORIGIN" always; 55 | add_header X-Permitted-Cross-Domain-Policies "none" always; 56 | add_header X-Robots-Tag "none" always; 57 | add_header X-XSS-Protection "1; mode=block" always; 58 | 59 | # Remove X-Powered-By, which is an information leak 60 | fastcgi_hide_header X-Powered-By; 61 | 62 | root /var/www/html; 63 | 64 | location = /robots.txt { 65 | allow all; 66 | log_not_found off; 67 | access_log off; 68 | } 69 | 70 | # The following 2 rules are only needed for the user_webfinger app. 71 | # Uncomment it if you're planning to use this app. 72 | #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; 73 | #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json 74 | # last; 75 | 76 | # The following rule is only needed for the Social app. 77 | # Uncomment it if you're planning to use this app. 78 | #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; 79 | 80 | location = /.well-known/carddav { 81 | return 301 $scheme://$host/remote.php/dav; 82 | } 83 | location = /.well-known/caldav { 84 | return 301 $scheme://$host/remote.php/dav; 85 | } 86 | 87 | # set max upload size 88 | client_max_body_size 512M; 89 | fastcgi_buffers 64 4K; 90 | 91 | # Enable gzip but do not remove ETag headers 92 | gzip on; 93 | gzip_vary on; 94 | gzip_comp_level 4; 95 | gzip_min_length 256; 96 | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; 97 | gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; 98 | 99 | # Uncomment if your server is build with the ngx_pagespeed module 100 | # This module is currently not supported. 101 | #pagespeed off; 102 | 103 | location / { 104 | rewrite ^ /index.php$request_uri; 105 | } 106 | 107 | location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { 108 | deny all; 109 | } 110 | location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { 111 | deny all; 112 | } 113 | 114 | location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { 115 | fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; 116 | fastcgi_read_timeout 3600; 117 | set $path_info $fastcgi_path_info; 118 | try_files $fastcgi_script_name =404; 119 | include fastcgi_params; 120 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 121 | fastcgi_param PATH_INFO $path_info; 122 | fastcgi_param HTTPS on; 123 | # Avoid sending the security headers twice 124 | fastcgi_param modHeadersAvailable true; 125 | # Enable pretty urls 126 | fastcgi_param front_controller_active true; 127 | fastcgi_pass php-handler; 128 | fastcgi_intercept_errors on; 129 | fastcgi_request_buffering off; 130 | } 131 | 132 | location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { 133 | try_files $uri/ =404; 134 | index index.php; 135 | } 136 | 137 | # Adding the cache control header for js, css and map files 138 | # Make sure it is BELOW the PHP block 139 | location ~ \.(?:css|js|woff2?|svg|gif|map)$ { 140 | try_files $uri /index.php$request_uri; 141 | add_header Cache-Control "public, max-age=15778463"; 142 | # Add headers to serve security related headers (It is intended to 143 | # have those duplicated to the ones above) 144 | # Before enabling Strict-Transport-Security headers please read into 145 | # this topic first. 146 | #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; 147 | # 148 | # WARNING: Only add the preload option once you read about 149 | # the consequences in https://hstspreload.org/. This option 150 | # will add the domain to a hardcoded list that is shipped 151 | # in all major browsers and getting removed from this list 152 | # could take several months. 153 | add_header Referrer-Policy "no-referrer" always; 154 | add_header X-Content-Type-Options "nosniff" always; 155 | add_header X-Download-Options "noopen" always; 156 | add_header X-Frame-Options "SAMEORIGIN" always; 157 | add_header X-Permitted-Cross-Domain-Policies "none" always; 158 | add_header X-Robots-Tag "none" always; 159 | add_header X-XSS-Protection "1; mode=block" always; 160 | 161 | # Optional: Don't log access to assets 162 | access_log off; 163 | } 164 | 165 | location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { 166 | try_files $uri /index.php$request_uri; 167 | # Optional: Don't log access to other assets 168 | access_log off; 169 | } 170 | } 171 | 172 | } 173 | -------------------------------------------------------------------------------- /local/.env.dist: -------------------------------------------------------------------------------- 1 | POSTGRES_PASSWORD=SECRET_PASSWORD 2 | POSTGRES_DB=nextcloud 3 | POSTGRES_USER=nextcloud 4 | NEXTCLOUD_ADMIN_USER=admin 5 | NEXTCLOUD_ADMIN_PASSWORD=admin 6 | NEXTCLOUD_TRUSTED_DOMAINS=mydomain.coop 7 | CA_STORE=/usr/local/share/ca-certificates 8 | -------------------------------------------------------------------------------- /local/.gitignore: -------------------------------------------------------------------------------- 1 | .data 2 | volumes 3 | .env 4 | certs -------------------------------------------------------------------------------- /local/Makefile: -------------------------------------------------------------------------------- 1 | all: init-all 2 | 3 | init-all: init-db init-proxy init-app set-locale set-config init-cron 4 | 5 | init-db: 6 | docker-compose up -d db 7 | until docker-compose exec db pg_isready; do echo "Awaiting for Postgres"; sleep 5; done 8 | 9 | init-proxy: 10 | docker-compose up -d nginx-proxy mkcert 11 | 12 | init-app: 13 | docker-compose up -d web app 14 | until docker-compose exec --user www-data app php occ status --output=json | grep -e "{\"installed\":true,"; do echo "Awaiting for NextCloud installation"; sleep 10; done 15 | 16 | LANG=pt_BR 17 | set-locale: 18 | docker-compose exec --user www-data app php occ config:system:set default_locale --value ${LANG} 19 | docker-compose exec --user www-data app php occ config:system:set default_language --value ${LANG} 20 | docker-compose exec --user www-data app sh -c "php occ user:setting \$$NEXTCLOUD_ADMIN_USER core lang ${LANG}" 21 | 22 | set-config: 23 | docker-compose exec --user www-data app php occ config:system:set skeletondirectory --value "" 24 | 25 | init-cron: 26 | docker-compose up -d cron 27 | -------------------------------------------------------------------------------- /local/README.md: -------------------------------------------------------------------------------- 1 | # Setup NextCloud 2 | 3 | Este projeto cria uma instância no Docker do NextCloud para ambientes locais contendo: 4 | 5 | - HTTPS, utilizando o [mkcert](https://github.com/FiloSottile/mkcert); 6 | - em português; 7 | - com um banco PostgreSQL; 8 | - com um usuário administrador; 9 | - com o sistema de cron habilitado; 10 | 11 | ## Setup inicial 12 | 13 | Para rodar o projeto pela primeira vez, crie um arquivo `.env` com base no `.env.dist` adaptando as variaveis de acordo com seu cenário. As variáveis disponiveis são: 14 | 15 | | Variável | Default | Descrição | 16 | | ------------------------- | -------------------------------- | -------------------------------------------------- | 17 | | POSTGRES_PASSWORD | SECRET_PASSWORD | senha do banco | 18 | | POSTGRES_DB | nextcloud | nome do banco | 19 | | POSTGRES_USER | nextcloud | usuário do banco | 20 | | NEXTCLOUD_ADMIN_USER | admin | username do primeiro administrador do NextCloud | 21 | | NEXTCLOUD_ADMIN_PASSWORD | admin | username do primeiro administrador do NextCloud | 22 | | NEXTCLOUD_TRUSTED_DOMAINS | mydomain.coop | dominio local da aplicação | 23 | | CA_STORE | /usr/local/share/ca-certificates | diretório dos certificados, de acordo com a distro | 24 | 25 | Caso a distribuição usada não seja Debian ou Ubuntu, é necessário informar outro diretório na variável `CA_STORE`, para uma correta geração dos certificados pelo `mkcert` . O diretório default para a maioria das distribuições pode ser verificado na [página do projeto](https://github.com/aegypius/mkcert-for-nginx-proxy#for-ubuntu--debian) 26 | 27 | Também é necessário adicionar o dominio customizado de acordo com o que foi informado em `NEXTCLOUD_TRUSTED_DOMAINS`. Isso pode ser feito adicionando a linha abaixo ao arquivo `/etc/hosts` da máquina: 28 | 29 | ```bash 30 | 0.0.0.0 mydomain.coop 31 | ``` 32 | 33 | Realizado as etapas acima, basta rodar o Makefile, o que pode ser feito executando o comando `make` na raiz do projeto: 34 | -------------------------------------------------------------------------------- /local/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | networks: 4 | reverse-proxy: 5 | name: reverse-proxy 6 | internal: 7 | 8 | services: 9 | db: 10 | image: postgres:12.3 11 | restart: always 12 | volumes: 13 | - ./volumes/postgres/data:/var/lib/postgresql/data 14 | environment: 15 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-SECRET_PASSWORD} 16 | - POSTGRES_DB=${POSTGRES_DB:-nextcloud} 17 | - POSTGRES_USER=${POSTGRES_USER:-nextcloud} 18 | networks: 19 | - internal 20 | 21 | app: 22 | image: nextcloud:stable-fpm 23 | restart: always 24 | volumes: 25 | - ./.docker/app/conf.d/php.ini:/usr/local/etc/php/conf.d/custom-php.ini 26 | - ./volumes/nextcloud:/var/www/html 27 | environment: 28 | - POSTGRES_DB=db 29 | - POSTGRES_HOST=${POSTGRES_HOST:-db} 30 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-SECRET_PASSWORD} 31 | - POSTGRES_USER=${POSTGRES_USER:-nextcloud} 32 | - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER:-admin} 33 | - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD:-admin} 34 | - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS:-mydomain.coop} 35 | depends_on: 36 | - db 37 | networks: 38 | - internal 39 | 40 | web: 41 | container_name: web 42 | image: nginx:1.18 43 | restart: always 44 | volumes: 45 | - ./.docker/web/nginx.conf:/etc/nginx/nginx.conf 46 | - ./volumes/nextcloud:/var/www/html:ro 47 | environment: 48 | - VIRTUAL_HOST=mydomain.coop 49 | depends_on: 50 | - app 51 | - mkcert 52 | networks: 53 | - internal 54 | - reverse-proxy 55 | 56 | cron: 57 | image: nextcloud:stable-fpm 58 | restart: unless-stopped 59 | volumes: 60 | - ./.docker/app/conf.d/php.ini:/usr/local/etc/php/conf.d/custom-php.ini 61 | - ./volumes/nextcloud:/var/www/html 62 | entrypoint: /cron.sh 63 | networks: 64 | - internal 65 | 66 | nginx-proxy: 67 | container_name: nginx-proxy 68 | image: jwilder/nginx-proxy 69 | restart: unless-stopped 70 | ports: 71 | - 80:80 72 | - 443:443 73 | volumes: 74 | - .docker/nginx-proxy/conf.d/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf 75 | - .docker/nginx-proxy/conf.d/server_tokens.conf:/etc/nginx/conf.d/server_tokens.conf 76 | - .docker/nginx-proxy/conf.d/timeout.conf:/etc/nginx/conf.d/timeout.conf 77 | - ./volumes/nginx/html:/usr/share/nginx/html 78 | - ./certs:/etc/nginx/certs:ro 79 | - /var/run/docker.sock:/tmp/docker.sock:ro 80 | networks: 81 | - internal 82 | - reverse-proxy 83 | 84 | mkcert: 85 | image: aegypius/mkcert-for-nginx-proxy 86 | restart: unless-stopped 87 | environment: 88 | - NGINX_PROXY_CONTAINER=nginx-proxy 89 | depends_on: 90 | - nginx-proxy 91 | volumes: 92 | - /var/run/docker.sock:/var/run/docker.sock:ro 93 | - ~/.mozilla/firefox:/root/.mozilla/firefox:rw 94 | - ~/.pki/nssdb:/root/.pki/nssdb:rw 95 | - ${CA_STORE:-/usr/local/share/ca-certificates}:/usr/local/share/ca-certificates 96 | - ./certs:/app/certs:rw 97 | networks: 98 | - internal 99 | --------------------------------------------------------------------------------