mosskoi/MKs-Docker-Compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'add: collabora to netcloud' (#2) from adding-collabora-to-nextcloud into main

Browse Source 
Reviewed-on: #2
This commit was merged in pull request #2.
This commit is contained in:
mosskoi
2026-04-03 09:10:46 -03:00
parent 996b504c9c 0fdd755e4b
commit af9b88d518
3 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
media/nextcloud/.env.example
View File

@@ -4,3 +4,6 @@ TZ=America/Chicago
PORT=8443
MYSQL_ROOT_PASSWORD=changeme
DATABASE_PASSWORD=changeme
NEXTCLOUD_DOMAIN=nextcloud.example.com
COLLABORA_ADMIN_USER=admin
COLLABORA_ADMIN_PASSWORD=changeme

14
media/nextcloud/docker-compose.yml
View File

@@ -33,6 +33,20 @@ services:
- ./db:/config
restart: unless-stopped
collabora:
image: collabora/code
container_name: collabora
environment:
- domain=${NEXTCLOUD_DOMAIN}
- username=${COLLABORA_ADMIN_USER}
- password=${COLLABORA_ADMIN_PASSWORD}
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
cap_add:
- MKNOD
restart: unless-stopped
networks:
- traefik_portal
networks:
traefik_portal:
external: true

25
tools/wireguard/traefik/dynamic.yml
View File

@@ -19,6 +19,13 @@ http:
customRequestHeaders:
X-Forwarded-Proto: "https"
# Nextcloud headers to prevent man in the middle attacks
hsts:
headers:
stsSeconds: 15552000
stsIncludeSubdomains: true
stsPreload: true
serversTransports:
# Use this for backend containers that use self-signed TLS certs
# (e.g. Nextcloud). Reference it in a service with:
@@ -31,7 +38,7 @@ http:
routers:
# Basic service
my-service:
rule: "Host(`service.example.com`)" # <-- change domain
rule: "Host(`service.example.com`)" # <-- change domain
entryPoints:
- websecure
service: my-service
@@ -40,18 +47,19 @@ http:
# Service that needs X-Forwarded-Proto (e.g. Mastodon, Synapse)
my-service-with-headers:
rule: "Host(`other.example.com`)" # <-- change domain
rule: "Host(`other.example.com`)" # <-- change domain
entryPoints:
- websecure
service: my-service-with-headers
middlewares:
- https-headers
- hsts
tls:
certResolver: letsencrypt
# Service with a self-signed cert on the backend (e.g. Nextcloud)
my-https-backend:
rule: "Host(`secure.example.com`)" # <-- change domain
rule: "Host(`secure.example.com`)" # <-- change domain
entryPoints:
- websecure
service: my-https-backend
@@ -62,18 +70,19 @@ http:
my-service:
loadBalancer:
servers:
- url: "http://container-name:PORT" # <-- change container name and port
- url: "http://container-name:PORT" # <-- change container name and port
my-service-with-headers:
loadBalancer:
servers:
- url: "http://container-name:PORT" # <-- change container name and port
- url: "http://container-name:PORT" # <-- change container name and port
my-https-backend:
loadBalancer:
servers:
- url: "https://container-name:PORT" # <-- change container name and port
- url: "https://container-name:PORT" # <-- change container name and port
serversTransport: insecure-transport
# -------------------------------------------------------------------------
# =============================================================================
@@ -86,12 +95,12 @@ tcp:
my-tcp-service:
rule: "HostSNI(`*`)"
entryPoints:
- my-tcp-entrypoint # <-- must match an entrypoint defined in traefik.yml
- my-tcp-entrypoint # <-- must match an entrypoint defined in traefik.yml
service: my-tcp-service
services:
my-tcp-service:
loadBalancer:
servers:
- address: "container-name:PORT" # <-- change container name and port
- address: "container-name:PORT" # <-- change container name and port
# -------------------------------------------------------------------------