Deploy Nextcloud with docker-compose, Traefik 2, PostgreSQL and Redis
I spent a day on deploying Nextcloud with docker-compose. Official nextcloud documentation recommends Nginx as a reverse proxy and docker-letsencrypt-Nginx-proxy-companion docker images. I believe that Traefik 2.0 is much better and easier.
This article is based on a single docker-compose.yml with traefik containers in the same network. If you prefer multi-network deployment which traefik container runs on a different network to handle other docker containers in different networks, see https://gist.github.com/ismailyenigul/0d25f37337bf9b56f537488670121365
Here is the quick documentation to deploy nextcloud with docker-compose.
First Create a docker network.
# docker network create nextcloudGet the docker-compose file from
Before deploying, update the parameters in docker-compose.yml
- myemail@gmail.com change this with your email address
- . TRUSTED_PROXIES values based on your ‘nextcloud network
- if you don’t want to allow iframe your domainremove
traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and
traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue - Change log level of traefik
— log.level=DEBUGwhen you verify all services are working.
# cat docker-compose.yml
version: '3.1'
volumes:
nextcloud-www:
driver: local
nextcloud-db:
driver: local
redis:
driver: local
letsencrypt:
driver: local
services:
traefik:
image: traefik:v2.2
container_name: traefik
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
networks:
- nextcloud
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
db:
restart: always
image: postgres:11
networks:
- nextcloud
environment:
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=password
- POSTGRES_DB=nextcloud
volumes:
- nextcloud-db:/var/lib/postgresql/data
redis:
image: redis:latest
restart: always
networks:
- nextcloud
volumes:
- redis:/var/lib/redis
nextcloud:
image: nextcloud:latest
restart: always
networks:
- nextcloud
depends_on:
- redis
- db
labels:
- traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
- traefik.http.routers.nextcloud.tls.certresolver=myresolver
- traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`)
- traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com
- traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net
- traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
- traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
- traefik.http.middlewares.nextcloud.headers.stsPreload=true
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
environment:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=password
- POSTGRES_HOST=db
- NEXTCLOUD_ADMIN_USER=admin
- NEXTCLOUD_ADMIN_PASSWORD=adminpass
- REDIS_HOST=redis
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com
- TRUSTED_PROXIES=172.18.0.0/16
volumes:
- nextcloud-www:/var/www/html
networks:
nextcloud:
external: true# docker-compose up -d
Ismail YENIGUL
Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬.
To join our community Slack team chat 🗣️ read our weekly Faun topics 🗞️, and connect with the community 📣 click here⬇
