add: collabora to netcloud #2
@@ -4,3 +4,6 @@ TZ=America/Chicago
|
|||||||
PORT=8443
|
PORT=8443
|
||||||
MYSQL_ROOT_PASSWORD=changeme
|
MYSQL_ROOT_PASSWORD=changeme
|
||||||
DATABASE_PASSWORD=changeme
|
DATABASE_PASSWORD=changeme
|
||||||
|
NEXTCLOUD_DOMAIN=nextcloud.example.com
|
||||||
|
COLLABORA_ADMIN_USER=admin
|
||||||
|
COLLABORA_ADMIN_PASSWORD=changeme
|
||||||
|
|||||||
@@ -33,6 +33,20 @@ services:
|
|||||||
- ./db:/config
|
- ./db:/config
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
|
collabora:
|
||||||
|
image: collabora/code
|
||||||
|
container_name: collabora
|
||||||
|
environment:
|
||||||
|
- domain=${NEXTCLOUD_DOMAIN}
|
||||||
|
- username=${COLLABORA_ADMIN_USER}
|
||||||
|
- password=${COLLABORA_ADMIN_PASSWORD}
|
||||||
|
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
|
||||||
|
cap_add:
|
||||||
|
- MKNOD
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- traefik_portal
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
traefik_portal:
|
traefik_portal:
|
||||||
external: true
|
external: true
|
||||||
|
|||||||
@@ -19,6 +19,13 @@ http:
|
|||||||
customRequestHeaders:
|
customRequestHeaders:
|
||||||
X-Forwarded-Proto: "https"
|
X-Forwarded-Proto: "https"
|
||||||
|
|
||||||
|
# Nextcloud headers to prevent man in the middle attacks
|
||||||
|
hsts:
|
||||||
|
headers:
|
||||||
|
stsSeconds: 15552000
|
||||||
|
stsIncludeSubdomains: true
|
||||||
|
stsPreload: true
|
||||||
|
|
||||||
serversTransports:
|
serversTransports:
|
||||||
# Use this for backend containers that use self-signed TLS certs
|
# Use this for backend containers that use self-signed TLS certs
|
||||||
# (e.g. Nextcloud). Reference it in a service with:
|
# (e.g. Nextcloud). Reference it in a service with:
|
||||||
@@ -31,7 +38,7 @@ http:
|
|||||||
routers:
|
routers:
|
||||||
# Basic service
|
# Basic service
|
||||||
my-service:
|
my-service:
|
||||||
rule: "Host(`service.example.com`)" # <-- change domain
|
rule: "Host(`service.example.com`)" # <-- change domain
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
service: my-service
|
service: my-service
|
||||||
@@ -40,18 +47,19 @@ http:
|
|||||||
|
|
||||||
# Service that needs X-Forwarded-Proto (e.g. Mastodon, Synapse)
|
# Service that needs X-Forwarded-Proto (e.g. Mastodon, Synapse)
|
||||||
my-service-with-headers:
|
my-service-with-headers:
|
||||||
rule: "Host(`other.example.com`)" # <-- change domain
|
rule: "Host(`other.example.com`)" # <-- change domain
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
service: my-service-with-headers
|
service: my-service-with-headers
|
||||||
middlewares:
|
middlewares:
|
||||||
- https-headers
|
- https-headers
|
||||||
|
- hsts
|
||||||
tls:
|
tls:
|
||||||
certResolver: letsencrypt
|
certResolver: letsencrypt
|
||||||
|
|
||||||
# Service with a self-signed cert on the backend (e.g. Nextcloud)
|
# Service with a self-signed cert on the backend (e.g. Nextcloud)
|
||||||
my-https-backend:
|
my-https-backend:
|
||||||
rule: "Host(`secure.example.com`)" # <-- change domain
|
rule: "Host(`secure.example.com`)" # <-- change domain
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
service: my-https-backend
|
service: my-https-backend
|
||||||
@@ -62,18 +70,19 @@ http:
|
|||||||
my-service:
|
my-service:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
servers:
|
servers:
|
||||||
- url: "http://container-name:PORT" # <-- change container name and port
|
- url: "http://container-name:PORT" # <-- change container name and port
|
||||||
|
|
||||||
my-service-with-headers:
|
my-service-with-headers:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
servers:
|
servers:
|
||||||
- url: "http://container-name:PORT" # <-- change container name and port
|
- url: "http://container-name:PORT" # <-- change container name and port
|
||||||
|
|
||||||
my-https-backend:
|
my-https-backend:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
servers:
|
servers:
|
||||||
- url: "https://container-name:PORT" # <-- change container name and port
|
- url: "https://container-name:PORT" # <-- change container name and port
|
||||||
serversTransport: insecure-transport
|
serversTransport: insecure-transport
|
||||||
|
|
||||||
# -------------------------------------------------------------------------
|
# -------------------------------------------------------------------------
|
||||||
|
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
@@ -86,12 +95,12 @@ tcp:
|
|||||||
my-tcp-service:
|
my-tcp-service:
|
||||||
rule: "HostSNI(`*`)"
|
rule: "HostSNI(`*`)"
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- my-tcp-entrypoint # <-- must match an entrypoint defined in traefik.yml
|
- my-tcp-entrypoint # <-- must match an entrypoint defined in traefik.yml
|
||||||
service: my-tcp-service
|
service: my-tcp-service
|
||||||
|
|
||||||
services:
|
services:
|
||||||
my-tcp-service:
|
my-tcp-service:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
servers:
|
servers:
|
||||||
- address: "container-name:PORT" # <-- change container name and port
|
- address: "container-name:PORT" # <-- change container name and port
|
||||||
# -------------------------------------------------------------------------
|
# -------------------------------------------------------------------------
|
||||||
|
|||||||
Reference in New Issue
Block a user