diff options
author | Marc Brückner <m.brueckner90@gmail.com> | 2017-08-02 11:52:53 +0200 |
---|---|---|
committer | Tilo Spannagel <development@tilosp.de> | 2017-09-27 13:29:11 +0200 |
commit | e87d8d121700557b977bc442a42de024e33b67a6 (patch) | |
tree | 0f20467a1bb36c379df9f6da7af3dae491b67673 /.examples/docker-compose | |
parent | 83b027fbaedbd4c866f795308cedee4f8453c06a (diff) |
rework of docker-compose examples
Diffstat (limited to '.examples/docker-compose')
7 files changed, 301 insertions, 0 deletions
diff --git a/.examples/docker-compose/with-nginx-proxy/apache/caching.php b/.examples/docker-compose/with-nginx-proxy/apache/caching.php new file mode 100644 index 00000000..d97c77c2 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/caching.php @@ -0,0 +1,12 @@ +<? +$CONFIG = array ( + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => 'true', + 'redis' => + array ( + 'host' => 'redis', + 'port' => 6379, + ), +); +?> diff --git a/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml new file mode 100644 index 00000000..a186b95b --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml @@ -0,0 +1,79 @@ +version: '3' + +volumes: + certs: + conf.d: + vhost.d: + html: + nextcloud: + db: + +networks: + proxy-tier: + +services: + proxy: + image: jwilder/nginx-proxy + ports: + - 80:80 + - 443:443 + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + - ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro + networks: + - proxy-tier + labels: + - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy + restart: always + + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:rw + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + restart: always + + app: + image: nextcloud:apache + volumes: + - nextcloud:/var/www/html + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + networks: + - proxy-tier + - default + restart: always + + db: + image: mariadb + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_PASSWORD= + restart: always + + redis: + image: redis + restart: always + + collabora: + image: collabora/code + cap_add: + - MKNOD + environment: + - domain= + restart: always diff --git a/.examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/caching.php b/.examples/docker-compose/with-nginx-proxy/fpm/caching.php new file mode 100644 index 00000000..d97c77c2 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/caching.php @@ -0,0 +1,12 @@ +<? +$CONFIG = array ( + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => 'true', + 'redis' => + array ( + 'host' => 'redis', + 'port' => 6379, + ), +); +?> diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml new file mode 100644 index 00000000..756ebcdb --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml @@ -0,0 +1,86 @@ +version: '3' + +volumes: + certs: + conf.d: + vhost.d: + html: + nextcloud: + db: + +networks: + proxy-tier: + +services: + proxy: + image: jwilder/nginx-proxy + ports: + - 80:80 + - 443:443 + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + - ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro + networks: + - proxy-tier + labels: + - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy + restart: always + + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:rw + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + restart: always + + web: + image: nginx + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf:ro + - nextcloud:/var/www/html + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + networks: + - proxy-tier + - default + restart: always + + app: + image: nextcloud:fpm + volumes: + - nextcloud:/var/www/html + restart: always + + db: + image: mariadb + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_PASSWORD= + restart: always + + redis: + image: redis + restart: always + + collabora: + image: collabora/code + cap_add: + - MKNOD + environment: + - domain= + restart: always diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/nginx.conf b/.examples/docker-compose/with-nginx-proxy/fpm/nginx.conf new file mode 100644 index 00000000..40b0975a --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/nginx.conf @@ -0,0 +1,110 @@ +user www-data; + +events { + worker_connections 768; +} + +http { + upstream backend { + server app:9000; + } + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { + listen 80; + + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /var/www/html; + client_max_body_size 10G; # 0=unlimited - set max upload size + fastcgi_buffers 64 4K; + + gzip off; + + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + rewrite ^/.well-known/carddav /remote.php/dav/ permanent; + rewrite ^/.well-known/caldav /remote.php/dav/ permanent; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location / { + rewrite ^/remote/(.*) /remote.php last; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ =404; + } + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass backend; + fastcgi_intercept_errors on; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the location ~ \.php(?:$|/) { block + location ~* \.(?:css|js)$ { + add_header Cache-Control "public, max-age=7200"; + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + # Optional: Don't log access to other assets + location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { + access_log off; + } + + # collabora static files + location ^~ /loleaflet { + proxy_pass https://collabora:9980; + proxy_set_header Host $http_host; + } + + # collabora WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass https://collabora:9980; + proxy_set_header Host $http_host; + } + + # collabora websockets, download, presentation and image upload + location ^~ /lool { + proxy_pass https://collabora:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + } + } +} diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; |