From cf56039b3ca8473b8cc66916f7c3b3ab526aab00 Mon Sep 17 00:00:00 2001
From: dim <dim@localhost.local>
Date: Sun, 6 Oct 2024 21:58:39 +0200
Subject: [PATCH] Ajouter nextcloud/docker-compose.yml

---
 nextcloud/docker-compose.yml | 239 +++++++++++++++++++++++++++++++++++
 1 file changed, 239 insertions(+)
 create mode 100644 nextcloud/docker-compose.yml

diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml
new file mode 100644
index 0000000..508d77c
--- /dev/null
+++ b/nextcloud/docker-compose.yml
@@ -0,0 +1,239 @@
+networks:
+  nextcloud-network:
+    external: true
+  onlyoffice-network:
+    external: true
+  web:
+    external: true
+  ldap:
+    driver: bridge
+    external: true
+volumes:
+  nextcloud-data:
+  redis-nextcloud-data:
+  redis-onlyoffice-document-data:
+  rabbitmq-onlyoffice-document-data:
+  onlyoffice-document-data:
+  onlyoffice-document-log:
+  onlyoffice-document-cache-files:
+  onlyoffice-document-public-files:
+  onlyoffice-document-fonts:
+  nextcloud-postgres:
+  nextcloud-postgres-backup:
+  onlyoffice-document-postgres:
+  nextcloud-data-backups:
+  nextcloud-database-backups:
+
+services:
+  postgres-nextcloud:
+    image: ${NEXTCLOUD_POSTGRES_IMAGE_TAG}
+    volumes:
+      - nextcloud-postgres:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
+      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
+      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
+    networks:
+      - nextcloud-network
+      - ldap
+    healthcheck:
+      test: [ "CMD", "pg_isready", "-q", "-d", "${NEXTCLOUD_DB_NAME}", "-U", "${NEXTCLOUD_DB_USER}" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 60s
+    restart: unless-stopped
+
+  redis-nextcloud:
+    image: ${NEXTCLOUD_REDIS_IMAGE_TAG}
+    command: ["redis-server", "--requirepass", "$NEXTCLOUD_REDIS_PASSWORD"]
+    volumes:
+      - redis-nextcloud-data:/data
+    networks:
+      - nextcloud-network
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 60s
+    restart: unless-stopped
+
+  nextcloud:
+    image: ${NEXTCLOUD_IMAGE_TAG}
+    volumes:
+      - nextcloud-data:${DATA_PATH}
+    environment:
+      TZ: ${NEXTCLOUD_TIMEZONE}
+      POSTGRES_HOST: postgres-nextcloud
+      DB_PORT: 5432
+      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
+      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
+      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
+      REDIS_HOST: redis-nextcloud
+      REDIS_HOST_PORT: 6379
+      REDIS_HOST_PASSWORD: ${NEXTCLOUD_REDIS_PASSWORD}
+      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USERNAME}
+      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
+      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_HOSTNAME}
+      OVERWRITECLIURL: ${NEXTCLOUD_URL}
+      OVERWRITEPROTOCOL: https
+      OVERWRITEHOST: ${NEXTCLOUD_HOSTNAME}
+      TRUSTED_PROXIES: 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8 fc00::/7 fe80::/10 2001:db8::/32
+    networks:
+      - ldap
+      - nextcloud-network
+      - web
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:80/"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 90s
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUD_HOSTNAME}`)"
+      - "traefik.http.routers.nextcloud.service=nextcloud"
+      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+      - "traefik.http.routers.nextcloud.tls=true"
+      - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
+      - "traefik.http.services.nextcloud.loadbalancer.passhostheader=true"
+      - "traefik.http.middlewares.nextcloud-header.headers.referrerPolicy=no-referrer"
+      - "traefik.http.middlewares.nextcloud-header.headers.stsSeconds=15552000"
+      - "traefik.http.middlewares.nextcloud-header.headers.forceSTSHeader=true"
+      - "traefik.http.middlewares.nextcloud-header.headers.stsPreload=true"
+      - "traefik.http.middlewares.nextcloud-header.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.nextcloud-header.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.nextcloud-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
+      - "traefik.docker.network=web"
+      - homepage.group=Work
+      - homepage.name=Cloud
+      - homepage.href=https://<nextcloud URL>
+      - homepage.description=Nextcloud
+      - homepage.icon=nextcloud.png
+
+    restart: unless-stopped
+    depends_on:
+      postgres-nextcloud:
+        condition: service_healthy
+      redis-nextcloud:
+        condition: service_healthy
+
+  nextcloud-cron:
+    image: ${NEXTCLOUD_IMAGE_TAG}
+    entrypoint: /cron.sh
+    volumes:
+      - nextcloud-data:${DATA_PATH}
+    networks:
+      - nextcloud-network
+
+  postgres-onlyoffice-document:
+    image: ${ONLYOFFICE_DOCUMENT_POSTGRES_IMAGE_TAG}
+    volumes:
+      - onlyoffice-document-postgres:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: ${ONLYOFFICE_DOCUMENT_DB_NAME}
+      POSTGRES_USER: ${ONLYOFFICE_DOCUMENT_DB_USER}
+      POSTGRES_HOST_AUTH_METHOD: trust
+    networks:
+      - onlyoffice-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 60s
+    restart: unless-stopped
+
+  redis-onlyoffice-document:
+    image: ${ONLYOFFICE_DOCUMENT_REDIS_IMAGE_TAG}
+    volumes:
+      - redis-onlyoffice-document-data:/data
+    networks:
+      - onlyoffice-network
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 60s
+    restart: unless-stopped
+
+  rabbitmq-onlyoffice-document:
+    image: ${ONLYOFFICE_DOCUMENT_RABBITMQ_IMAGE_TAG}
+    volumes:
+      - rabbitmq-onlyoffice-document-data:/bitnami/rabbitmq/mnesia
+      - ./advanced.config:/bitnami/rabbitmq/conf/advanced.config:ro
+    environment:
+      RABBITMQ_USERNAME: ${ONLYOFFICE_DOCUMENT_RABBITMQ_USER}
+      RABBITMQ_PASSWORD: ${ONLYOFFICE_DOCUMENT_RABBITMQ_PASSWORD}
+      POSTGRES_PASSWORD: ${ONLYOFFICE_DOCUMENT_DB_PASSWORD}
+      RABBITMQ_MANAGEMENT_ALLOW_WEB_ACCESS: true
+
+    networks:
+      - onlyoffice-network
+    healthcheck:
+      test: rabbitmq-diagnostics -q ping
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 90s
+    restart: unless-stopped
+
+  onlyoffice-document:
+    image: ${ONLYOFFICE_DOCUMENT_IMAGE_TAG}
+    volumes:
+      - onlyoffice-document-data:/var/www/onlyoffice/Data
+      - onlyoffice-document-log:/var/log/onlyoffice
+      - onlyoffice-document-cache-files:/var/lib/onlyoffice/documentserver/App_Data/cache/files
+      - onlyoffice-document-public-files:/var/www/onlyoffice/documentserver-example/public/files
+      - onlyoffice-document-fonts:/usr/share/fonts
+    environment:
+      DB_TYPE: postgres
+      DB_HOST: postgres-onlyoffice-document
+      DB_PORT: 5432
+      DB_NAME: ${ONLYOFFICE_DOCUMENT_DB_NAME}
+      DB_USER: ${ONLYOFFICE_DOCUMENT_DB_USER}
+      DB_PWD: ${ONLYOFFICE_DOCUMENT_DB_PASSWORD}
+      AMQP_URI: amqp://${ONLYOFFICE_DOCUMENT_RABBITMQ_USER}:${ONLYOFFICE_DOCUMENT_RABBITMQ_PASSWORD}@rabbitmq-onlyoffice-document
+      REDIS_SERVER_HOST: redis-onlyoffice-document
+      REDIS_SERVER_PORT: 6379
+      JWT_ENABLED: true
+      JWT_SECRET: ${ONLYOFFICE_DOCUMENT_JWT_SECRET}
+      JWT_HEADER: Authorization
+      JWT_IN_BODY: 'true'
+      TRUSTED_PROXIES: 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8 fc00::/7 fe80::/10 2001:db8::/32
+
+    networks:
+      - onlyoffice-network
+      - nextcloud-network
+      - web
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.onlyoffice-document.rule=Host(`${ONLYOFFICE_DOCUMENT_HOSTNAME}`)"
+      - "traefik.http.routers.onlyoffice-document.service=onlyoffice-document"
+      - "traefik.http.routers.onlyoffice-document.entrypoints=websecure"
+      - "traefik.http.services.onlyoffice-document.loadbalancer.server.port=80"
+      - "traefik.http.routers.onlyoffice-document.tls=true"
+      - "traefik.http.routers.onlyoffice-document.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.onlyoffice-document.middlewares=compresstraefik,onlyoffice-document-header"
+      - "traefik.http.middlewares.compresstraefik.compress=true"
+      - "traefik.http.middlewares.onlyoffice-document-header.headers.referrerPolicy=no-referrer"
+      - "traefik.http.middlewares.onlyoffice-document-header.headers.stsSeconds=15552000"
+      - "traefik.http.middlewares.onlyoffice-document-header.headers.forceSTSHeader=true"
+      - "traefik.http.middlewares.onlyoffice-document-header.headers.stsPreload=true"
+      - "traefik.http.middlewares.onlyoffice-document-header.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.onlyoffice-document-header.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.onlyoffice-document-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
+      - "traefik.docker.network=web"
+
+    restart: unless-stopped
+    depends_on:
+      postgres-onlyoffice-document:
+        condition: service_healthy
+      rabbitmq-onlyoffice-document:
+        condition: service_healthy
+      nextcloud:
+        condition: service_healthy