Skip to content

Instantly share code, notes, and snippets.

@maksimhn

maksimhn/docker-compose.yml

Created July 26, 2022 19:09
Show Gist options
  • Save maksimhn/613e185551bfe6c600ea4ce266bc6962 to your computer and use it in GitHub Desktop.
Save maksimhn/613e185551bfe6c600ea4ce266bc6962 to your computer and use it in GitHub Desktop.
Download ZIP
Self-hosting
Raw
docker-compose.yml
# Run nextcloud-restore-application-data.sh to restore application data if needed.
# Run nextcloud-restore-database.sh to restore database if needed.
# docker-compose -p nextcloud up -d
volumes:
nextcloud-data:
nextcloud-postgres:
nextcloud-data-backups:
nextcloud-postgres-backups:
traefik-certificates:
services:
postgres:
image: postgres:13.3
volumes:
- nextcloud-postgres:/var/lib/postgresql/data
env_file:
- secrets.env
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -h 127.0.0.1"]
interval: 10s
timeout: 5s
retries: 3
start_period: 60s
restart: unless-stopped
redis:
image: redis:alpine
restart: unless-stopped
healthcheck:
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
nextcloud:
image: nextcloud:24.0-apache
volumes:
- nextcloud-data:/var/www/html
env_file:
- secrets.env
environment:
REDIS_HOST: redis
POSTGRES_HOST: postgres
DB_PORT: 5432
OVERWRITECLIURL: "https://nextcloud.${HOST}"
OVERWRITEPROTOCOL: https
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.nc.rule=Host(`nextcloud.${HOST}`)"
- "traefik.http.routers.nc.service=nc"
- "traefik.http.routers.nc.entrypoints=websecure"
- "traefik.http.services.nc.loadbalancer.server.port=80"
- "traefik.http.routers.nc.tls=true"
- "traefik.http.routers.nc.tls.certresolver=letsencrypt"
- "traefik.http.services.nc.loadbalancer.passhostheader=true"
- "traefik.http.middlewares.compresstraefik.compress=true"
- "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nc-header.headers.stsPreload=true"
- "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.nc.middlewares=nc-redirectregex,nc-header,compresstraefik"
- "traefik.http.middlewares.nc-redirectregex.redirectregex.permanent=true"
- "traefik.http.middlewares.nc-redirectregex.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nc-redirectregex.redirectregex.replacement=https://${1}/remote.php/dav/"
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
user: 1000:1000
depends_on:
traefik:
condition: service_healthy
ports:
- "8096:8096"
- "8920:8920"
- "7359:7359/udp"
- "1900:1900/udp"
env_file:
- secrets.env
volumes:
- /Users/admin/Downloads/Jelly/config:/config
- /Users/admin/Downloads/Jelly/cache:/cache
- /Volumes/Box/Share/Media:/media
environment:
- VIRTUAL_HOST="jellyfin.${HOST}"
- PUID=1000
- PGID=1000
- TZ=US/Pacific
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${HOST}`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
code-server:
image: lscr.io/linuxserver/code-server:latest
container_name: code-server
environment:
- PUID=1000
- PGID=1000
- TZ=US/Pacific
- PASSWORD="${CODE_AUTH_PASSWORD}"
- SUDO_PASSWORD="${CODE_SUDO_PASSWORD}"
- PROXY_DOMAIN="code.${HOST}"
- DEFAULT_WORKSPACE=/config/workspace
- DOCKER_MODS=linuxserver/mods:code-server-npmglobal|linuxserver/mods:code-server-npmglobal|linuxserver/mods:code-server-nvm|linuxserver/mods:code-server-dotnet
volumes:
- /Users/admin/Downloads/Code:/config
ports:
- 8443:8443
depends_on:
traefik:
condition: service_healthy
env_file:
- secrets.env
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.code.rule=Host(`code.${HOST}`)"
- "traefik.http.routers.code.entrypoints=websecure"
- "traefik.http.routers.code.tls.certresolver=letsencrypt"
- "traefik.http.services.code.loadbalancer.server.port=8443"
traefik:
image: traefik:2.4
command:
- "--log.level=WARN"
- "--accesslog=true"
- "--api.dashboard=true"
- "--api.insecure=true"
- "--ping=true"
- "--ping.entrypoint=ping"
- "--entryPoints.ping.address=:8082"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--providers.docker=true"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json"
- "--metrics.prometheus=true"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--global.checkNewVersion=true"
- "--global.sendAnonymousUsage=false"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik-certificates:/etc/traefik/acme
ports:
- "80:80"
- "443:443"
healthcheck:
test: ["CMD", "wget", "http://localhost:8082/ping","--spider"]
interval: 10s
timeout: 5s
retries: 3
start_period: 5s
env_file:
- secrets.env
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.${HOST}`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
- "traefik.http.routers.dashboard.middlewares=authtraefik"
- "traefik.http.middlewares.authtraefik.basicauth.users=${TRAEFIK_PASSWORD_USER}:${TRAEFIK_PASSWORD_HASH}"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
backups:
# Image tag (replace with yours)
image: postgres:13.3
# Database backups prune interval (replace with yours). Default is 7 days.
# find /srv/nextcloud-postgres/backups -type f -mtime +7 | xargs rm -f
# Application data backups prune interval (replace with yours). Default is 7 days.
# find /srv/nextcloud-application-data/backups -type f -mtime +7 | xargs rm -f
# Nextcloud backups interval (replace with yours). Default is 1 day.
# sleep 24h
# Run nextcloud-restore-application-data.sh to restore application data if needed.
# Run nextcloud-restore-database.sh to restore database if needed.
command: sh -c 'sleep 30m
&& while true; do
PGPASSWORD="$$(echo $${POSTGRES_PASSWORD})"
pg_dump
-h postgres
-p 5432
-d ${POSTGRES_DB}
-U ${POSTGRES_USER} | gzip > /srv/nextcloud-postgres/backups/nextcloud-postgres-backup-$$(date "+%Y-%m-%d_%H-%M").gz
&& tar -zcpf /srv/nextcloud-application-data/backups/nextcloud-application-data-backup-$$(date "+%Y-%m-%d_%H-%M").tar.gz /var/www/html
&& find /srv/nextcloud-postgres/backups -type f -mtime +7 | xargs rm -f
&& find /srv/nextcloud-application-data/backups -type f -mtime +7 | xargs rm -f;
sleep 24h; done'
volumes:
- nextcloud-data:/var/www/html
- nextcloud-data-backups:/srv/nextcloud-application-data/backups
- nextcloud-postgres-backups:/srv/nextcloud-postgres/backups
env_file:
- secrets.env
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
nextcloud:
condition: service_healthy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment