From b4c13f6d19f612158f225e8a62e06d97f2ecb02d Mon Sep 17 00:00:00 2001 From: "Thomas.G" Date: Tue, 7 Oct 2025 11:30:07 +0200 Subject: [PATCH 1/7] feat(docker): add networks to fit with nextcloud-infra project --- .gitignore | 1 + docker-compose.yml | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/.gitignore b/.gitignore index d6588b0e..9756529c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .idea files +.env \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 8fc39152..a8c46cce 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,6 +6,7 @@ services: - POSTGRES_USER=${DB_USER} - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=${DB_NAME} + - POSTGRES_HOSTNAME=${DB_HOST} - REDIS_HOST=${REDIS_HOST} - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} @@ -23,6 +24,8 @@ services: volumes: - nextcloud-config:/var/www/html/config - nextcloud-data:/var/www/html/data + networks: + - worker-network deploy: placement: constraints: @@ -34,6 +37,8 @@ services: volumes: - nextcloud-config:/var/www/html/config - nextcloud-data:/var/www/html/data + networks: + - worker-network deploy: placement: constraints: @@ -46,6 +51,9 @@ services: DOMAIN: ${DOMAIN} volumes: - nextcloud-data:/var/www/html/data + networks: + - proxy-network + - worker-network deploy: placement: constraints: @@ -61,6 +69,14 @@ services: - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https - traefik.http.services.${COMPOSE_PROJECT_NAME:-nextcloud}.loadbalancer.server.port=80 +networks: + proxy-network: + external: true + name: proxy-network + worker-network: + external: true + name: worker-network + volumes: nextcloud-config: driver: local -- GitLab From 5b605f0dd2a090e24f37e86ca995baf21abf6365 Mon Sep 17 00:00:00 2001 From: "Thomas.G" Date: Thu, 9 Oct 2025 11:37:36 +0200 Subject: [PATCH 2/7] fix: deployment problems --- .gitignore | 3 ++- docker-compose.yml | 25 ++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 9756529c..986991d2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .idea files -.env \ No newline at end of file +.env +troubleshoot/ diff --git a/docker-compose.yml b/docker-compose.yml index a8c46cce..79f88aa8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,6 @@ services: - POSTGRES_USER=${DB_USER} - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=${DB_NAME} - - POSTGRES_HOSTNAME=${DB_HOST} - REDIS_HOST=${REDIS_HOST} - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} @@ -58,16 +57,16 @@ services: placement: constraints: - node.role == worker - labels: - - traefik.enable=true - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.rule=Host(`${DOMAIN}`) - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.entrypoints=websecure - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.tls.certresolver=letsencrypt - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.rule=Host(`${DOMAIN}`) - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.entrypoints=web - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.middlewares=https-redirect - - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https - - traefik.http.services.${COMPOSE_PROJECT_NAME:-nextcloud}.loadbalancer.server.port=80 + labels: + - traefik.enable=true + - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.rule=Host(`${DOMAIN}`) + - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.entrypoints=websecure + - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.tls.certresolver=letsencrypt + - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.rule=Host(`${DOMAIN}`) + - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.entrypoints=web + - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.middlewares=https-redirect + - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https + - traefik.http.services.${COMPOSE_PROJECT_NAME:-nextcloud}.loadbalancer.server.port=80 networks: proxy-network: @@ -83,10 +82,10 @@ volumes: driver_opts: type: none o: bind - device: "${SHARED_STORAGE_PATH}/config" + device: "${SHARED_STORAGE_PATH}/config/" nextcloud-data: driver: local driver_opts: type: none o: bind - device: "${SHARED_STORAGE_PATH}/data" + device: "${SHARED_STORAGE_PATH}/data/" -- GitLab From f85e871715fdf9deba8f16824ccf2d1b90c724b2 Mon Sep 17 00:00:00 2001 From: "Thomas.G" Date: Thu, 9 Oct 2025 16:07:55 +0200 Subject: [PATCH 3/7] fix(docker-compose): try different traefik labels on nginx service 404 error atm --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 79f88aa8..397b02e0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -46,7 +46,7 @@ services: nginx: image: ${NGINX_DOCKER_IMG} environment: - NEXTCLOUD_ADDR: ${NEXTCLOUD_ADDR:-nextcloud:9000} + NEXTCLOUD_ADDR: ${COMPOSE_PROJECT_NAME}_nextcloud:9000 DOMAIN: ${DOMAIN} volumes: - nextcloud-data:/var/www/html/data @@ -62,6 +62,7 @@ services: - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.rule=Host(`${DOMAIN}`) - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.entrypoints=websecure - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.tls.certresolver=letsencrypt + - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.middlewares=nextcloud-headers@file - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.rule=Host(`${DOMAIN}`) - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.entrypoints=web - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.middlewares=https-redirect -- GitLab From f27716f80661f1c82e8e675fa890063d4be27e23 Mon Sep 17 00:00:00 2001 From: Nicolas Gelot Date: Fri, 10 Oct 2025 10:58:38 +0200 Subject: [PATCH 4/7] feat: add local support without created external volumes or networks --- .env.example | 2 +- README.md | 1 - docker-compose.local.yml | 18 +++++++++++++++++- docker-compose.yml | 29 +++++++++++++++-------------- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/.env.example b/.env.example index 3a4146be..ebd69efb 100644 --- a/.env.example +++ b/.env.example @@ -4,7 +4,7 @@ COMPOSE_FILE=docker-compose.yml:docker-compose.local.yml # Server DOMAIN=localhost -SHARED_STORAGE_PATH=./nextcloud-shared-storage +SHARED_STORAGE_PATH=/mnt/shared_storage/nextcloud # mail SMTP_SECURE=tls diff --git a/README.md b/README.md index 327e5bc7..630ea2f7 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ By default, the `slim` Murena Workspace is configured. `slim` Murena Workspace ``` cp .env.example .env -mkdir -p nextcloud-shared-storage/{config,data} docker compose up --build -d ``` diff --git a/docker-compose.local.yml b/docker-compose.local.yml index 1b121a54..cc751254 100644 --- a/docker-compose.local.yml +++ b/docker-compose.local.yml @@ -13,6 +13,8 @@ services: interval: 10s timeout: 5s retries: 5 + networks: + - worker-network redis: image: redis:7.4-alpine @@ -22,10 +24,14 @@ services: interval: 10s timeout: 5s retries: 5 + networks: + - worker-network syslog: image: jumanjiman/rsyslog restart: unless-stopped + networks: + - worker-network nextcloud: build: @@ -53,5 +59,15 @@ services: depends_on: - nextcloud -volumes: +volumes: !override db: + nextcloud-config: + nextcloud-data: + +networks: + proxy-network: + external: false + name: proxy-network + worker-network: + external: false + name: worker-network diff --git a/docker-compose.yml b/docker-compose.yml index 397b02e0..2f65ff4a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,6 +25,7 @@ services: - nextcloud-data:/var/www/html/data networks: - worker-network + hostname: ${DB_USER}-nextcloud deploy: placement: constraints: @@ -46,7 +47,7 @@ services: nginx: image: ${NGINX_DOCKER_IMG} environment: - NEXTCLOUD_ADDR: ${COMPOSE_PROJECT_NAME}_nextcloud:9000 + NEXTCLOUD_ADDR: ${DB_USER}-nextcloud:9000 DOMAIN: ${DOMAIN} volumes: - nextcloud-data:/var/www/html/data @@ -57,17 +58,17 @@ services: placement: constraints: - node.role == worker - labels: - - traefik.enable=true - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.rule=Host(`${DOMAIN}`) - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.entrypoints=websecure - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.tls.certresolver=letsencrypt - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}.middlewares=nextcloud-headers@file - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.rule=Host(`${DOMAIN}`) - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.entrypoints=web - - traefik.http.routers.${COMPOSE_PROJECT_NAME:-nextcloud}-http.middlewares=https-redirect - - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https - - traefik.http.services.${COMPOSE_PROJECT_NAME:-nextcloud}.loadbalancer.server.port=80 + labels: + - traefik.enable=true + - traefik.http.routers.${DB_USER}-nextcloud.rule=Host(`${DOMAIN}`) + - traefik.http.routers.${DB_USER}-nextcloud.entrypoints=websecure + - traefik.http.routers.${DB_USER}-nextcloud.tls.certresolver=letsencrypt + - traefik.http.routers.${DB_USER}-nextcloud.middlewares=nextcloud-headers@file + - traefik.http.routers.${DB_USER}-nextcloud-http.rule=Host(`${DOMAIN}`) + - traefik.http.routers.${DB_USER}-nextcloud-http.entrypoints=web + - traefik.http.routers.${DB_USER}-nextcloud-http.middlewares=https-redirect + - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https + - traefik.http.services.${DB_USER}-nextcloud.loadbalancer.server.port=80 networks: proxy-network: @@ -83,10 +84,10 @@ volumes: driver_opts: type: none o: bind - device: "${SHARED_STORAGE_PATH}/config/" + device: "${SHARED_STORAGE_PATH}/config" nextcloud-data: driver: local driver_opts: type: none o: bind - device: "${SHARED_STORAGE_PATH}/data/" + device: "${SHARED_STORAGE_PATH}/data" -- GitLab From 186d5bf65f64b75ceb3d790cc0f02c682ca11755 Mon Sep 17 00:00:00 2001 From: Nicolas Gelot Date: Fri, 10 Oct 2025 12:03:03 +0200 Subject: [PATCH 5/7] feat(traefik): reduce amount of labels --- docker-compose.yml | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2f65ff4a..3ad700a7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -58,17 +58,10 @@ services: placement: constraints: - node.role == worker - labels: - - traefik.enable=true - - traefik.http.routers.${DB_USER}-nextcloud.rule=Host(`${DOMAIN}`) - - traefik.http.routers.${DB_USER}-nextcloud.entrypoints=websecure - - traefik.http.routers.${DB_USER}-nextcloud.tls.certresolver=letsencrypt - - traefik.http.routers.${DB_USER}-nextcloud.middlewares=nextcloud-headers@file - - traefik.http.routers.${DB_USER}-nextcloud-http.rule=Host(`${DOMAIN}`) - - traefik.http.routers.${DB_USER}-nextcloud-http.entrypoints=web - - traefik.http.routers.${DB_USER}-nextcloud-http.middlewares=https-redirect - - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https - - traefik.http.services.${DB_USER}-nextcloud.loadbalancer.server.port=80 + labels: + - "traefik.enable=true" + - "traefik.http.routers.${DB_USER}-nextcloud.rule=Host(`${DOMAIN}`)" + - "traefik.http.services.${DB_USER}-nextcloud.loadbalancer.server.port=80" networks: proxy-network: -- GitLab From fd8832ba346ccf0bdfbbf4101e211f0067ab275a Mon Sep 17 00:00:00 2001 From: Nicolas Gelot Date: Fri, 10 Oct 2025 16:58:29 +0200 Subject: [PATCH 6/7] feat(proxy): add env vars to manage proxy config --- .env.example | 2 ++ docker-compose.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.env.example b/.env.example index ebd69efb..5fd859b3 100644 --- a/.env.example +++ b/.env.example @@ -30,6 +30,8 @@ NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim: NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_ADMIN_PASSWORD=@dm1n NEXTCLOUD_TRUSTED_DOMAINS=nginx +TRUSTED_PROXIES= +OVERWRITEPROTOCOL= SENTRY_DSN= SENTRY_PUBLIC_DSN= diff --git a/docker-compose.yml b/docker-compose.yml index 3ad700a7..5c0b2444 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,8 @@ services: - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} + - TRUSTED_PROXIES=${TRUSTED_PROXIES} + - OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL} - SMTP_SECURE=${SMTP_SECURE} - SMTP_PORT=${SMTP_PORT} - SMTP_NAME=${SMTP_NAME} -- GitLab From 57ea69ca12a623cb1fb1cf022a2a1d55eee8438c Mon Sep 17 00:00:00 2001 From: Nicolas Gelot Date: Fri, 10 Oct 2025 16:59:18 +0200 Subject: [PATCH 7/7] fix(nginx): use docker resolver with limited cache --- config/nginx/templates/default.conf.template | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/nginx/templates/default.conf.template b/config/nginx/templates/default.conf.template index a48e4ae6..fe2b6cf7 100644 --- a/config/nginx/templates/default.conf.template +++ b/config/nginx/templates/default.conf.template @@ -4,6 +4,9 @@ map $arg_v $asset_immutable { default ", immutable"; } +# use docker DNS resolver with limited cache value for nc update or scaling +resolver 127.0.0.11 valid=5s; + upstream php-handler { server ${NEXTCLOUD_ADDR}; } -- GitLab