version: '3' # See https://docs.docker.com/compose/overview/ for more information. # If you make changes to this file or any related files, apply them by # navigating to the directory that holds this file and run this as root: # docker-compose down; docker-compose up -d # Create two networks: one for front-end containers that we'll make # publicly accessible to the internet, and one for private back-end. networks: frontend: backend: # Create persistent Docker volumes to preserve important data. # We don't want our data to be lost when restarting containers. volumes: vol-nextcloud-db: vol-nextcloud-content: # Create our containers. services: # Traefik is a reverse proxy. It handles SSL and passes traffic to # Docker containers via rules you define in docker-compose labels. # Its dashboard is at http://example.com/traefik/ (behind a login). traefik: # https://hub.docker.com/_/traefik/ image: traefik:v1.7.16 command: --api --docker --acme.email="${ACME_EMAIL}" restart: always networks: - backend - frontend volumes: - /var/run/docker.sock:/var/run/docker.sock # Access to Docker - ./traefik.toml:/traefik.toml # Traefik configuration - ./acme.json:/acme.json # SSL certificates ports: # Map port 80 and 443 on the host to this container. - "80:80" - "443:443" labels: - "traefik.docker.network=frontend" - "traefik.enable=true" - "traefik.frontend.rule=Host:${TRAEFIK_DOMAINS}; PathPrefixStrip:/traefik" - "traefik.port=8080" - "traefik.protocol=http" # Remove next line to disable login prompt for the dashboard. - "traefik.frontend.auth.basic=${BASIC_AUTH}" # Watchtower detects if any linked containers have an new image # available, automatically updating & restarting them if needed. watchtower: # https://hub.docker.com/r/centurylink/watchtower/ image: v2tec/watchtower:latest # https://github.com/v2tec/watchtower#options # This schedule applies updates (if available) at midnight. command: --cleanup --schedule "0 0 0 * * *" restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock nextcloud-db: # https://hub.docker.com/_/mariadb/ # Specify 10.3 as we only want watchtower to apply minor updates # (eg, 10.3.1) and not major updates (eg, 10.4). image: mariadb:10.3 restart: always networks: - backend volumes: # Ensure the database persists between restarts. - vol-nextcloud-db:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: ${NEXTCLOUD_DB_ROOT_PASSWORD} MYSQL_DATABASE: ${NEXTCLOUD_DB_NAME} MYSQL_USER: ${NEXTCLOUD_DB_USER} MYSQL_PASSWORD: ${NEXTCLOUD_DB_PASSWORD} # The main front-end application. nextcloud: # https://hub.docker.com/_/nextcloud/ # Replace "latest" with "13.0.5" to stick to a specific version. image: nextcloud:latest depends_on: - nextcloud-db restart: always networks: - backend - frontend volumes: # Ensure Nextcloud content persist between restarts. - vol-nextcloud-content:/var/www/html # Install our own php.ini, which can be customized. - ./php.ini:/usr/local/etc/php/php.ini environment: MYSQL_HOST: nextcloud-db:3306 MYSQL_DATABASE: ${NEXTCLOUD_DB_NAME} MYSQL_USER: ${NEXTCLOUD_DB_USER} MYSQL_PASSWORD: ${NEXTCLOUD_DB_PASSWORD} labels: - "traefik.docker.network=frontend" - "traefik.enable=true" - "traefik.frontend.rule=Host:${NEXTCLOUD_DOMAINS}" - "traefik.port=80" - "traefik.protocol=http" # Uncomment the next line to enable HSTS header. #- "traefik.frontend.headers.STSSeconds=15768000" # Navigate to http://example.com/phpmyadmin/ to manage your MySQL # databases. (Don't forget the last forward slash.) Like the Traefik # dashboard, this is behind a login prompt to help you stay secure. nextcloud-phpmyadmin: # https://hub.docker.com/r/phpmyadmin/phpmyadmin/ image: phpmyadmin/phpmyadmin:latest depends_on: - nextcloud-db restart: always networks: - backend - frontend volumes: # Install our own php.ini, which can be customized. - ./php.ini:/usr/local/etc/php/php.ini environment: PMA_HOST: nextcloud-db PMA_ABSOLUTE_URI: /phpmyadmin/ MYSQL_ROOT_PASSWORD: ${NEXTCLOUD_DB_ROOT_PASSWORD} labels: - "traefik.docker.network=frontend" - "traefik.enable=true" - "traefik.frontend.rule=Host:${NEXTCLOUD_DOMAINS}; PathPrefixStrip:/phpmyadmin/" - "traefik.port=80" - "traefik.protocol=http" # Remove the next line if you don't want a browser login prompt. - "traefik.frontend.auth.basic=${BASIC_AUTH}" # This allows Nextcloud to send email straight out of the box without # having to rely on an external provider like SendGrid or MailGun. # It makes an SMTP host available at the hostname "mail". mail: image: bytemark/smtp restart: always networks: - frontend