open-productive-stack/nextcloud/docker-compose.yml

# Nextcloud-Stack
services:
  nextcloud:
    image: nextcloud:32-fpm
    container_name: nextcloud
    depends_on:
      - nextcloud-redis
    environment:
      - DOMAIN=${DOMAIN}
      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER:-admin}
      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD:-admin}
      - NEXTCLOUD_DEFAULT_PHONE_REGION=DE
      - NEXTCLOUD_DEFAULT_LANGUAGE=${NEXTCLOUD_DEFAULT_LANGUAGE:-de}
      - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
      - POSTGRES_DB=${NEXTCLOUD_DB_NAME}
      - POSTGRES_HOST=${NEXTCLOUD_DB_HOST}
      - POSTGRES_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
      - POSTGRES_USER=${NEXTCLOUD_DB_USER}
      - OVERWRITEPROTOCOL=https
      - OVERWRITEHOST=${NEXTCLOUD_DOMAIN}
      - REDIS_HOST=nextcloud-redis
      - TRUSTED_PROXIES=172.22.0.0/16 172.19.0.0/16
      - COLLABORA_DOMAIN=${COLLABORA_DOMAIN}
      - TALK_DOMAIN=${TALK_DOMAIN}
      - TALK_TURN_SECRET=${TALK_TURN_SECRET}
      - TALK_SIGNALING_SECRET=${TALK_SIGNALING_SECRET}
    labels:
      - "traefik.enable=false"
    volumes:
      - nextcloud-data:/var/www/html
      - ./hooks/post-installation:/docker-entrypoint-hooks.d/post-installation
      - ./php/opcache.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:ro
    expose:
      - 80
      - 9000
    networks:
      - nextcloud
      - traefik
      - database
    restart: unless-stopped

  nextcloud-reverse-proxy:
    container_name: nextcloud-reverse-proxy
    image: nginx:1.27
    depends_on:
      - nextcloud
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.nextcloud-reverse-proxy.rule=Host(`${NEXTCLOUD_DOMAIN}`)"
      - "traefik.http.routers.nextcloud-reverse-proxy.entrypoints=web,websecure"
      - "traefik.http.routers.nextcloud-reverse-proxy.middlewares=https-redirect"
      - "traefik.http.routers.nextcloud-reverse-proxy.tls=true"
      - "traefik.http.routers.nextcloud-reverse-proxy.tls.certresolver=le"
      - "traefik.http.services.nextcloud-reverse-proxy.loadbalancer.server.port=80"
    volumes:
      - ./reverse-proxy/nginx.conf:/etc/nginx/nginx.conf
      - nextcloud-data:/var/www/html
    networks:
      - nextcloud
      - traefik
    restart: unless-stopped

  nextcloud-redis:
    image: redis:alpine
    container_name: nextcloud-redis
    networks:
      - nextcloud
    restart: unless-stopped

  collabora:
    image: collabora/code:latest
    container_name: nextcloud-collabora
    environment:
      - domain=${NEXTCLOUD_DOMAIN}
      - aliasgroup1=https://${NEXTCLOUD_DOMAIN}:443
      - username=${COLLABORA_USERNAME}
      - password=${COLLABORA_PASSWORD}
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:logging.level=warning
      - dictionaries=de_DE en_GB en_US
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN}`)"
      - "traefik.http.routers.collabora.entrypoints=web,websecure"
      - "traefik.http.routers.collabora.middlewares=https-redirect"
      - "traefik.http.routers.collabora.tls=true"
      - "traefik.http.routers.collabora.tls.certresolver=le"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
      - "traefik.http.services.collabora.loadbalancer.server.scheme=http"
    networks:
      - nextcloud
      - traefik
    restart: unless-stopped
    cap_add:
      - MKNOD
      - SYS_ADMIN
    security_opt:
      - apparmor:unconfined

  nc-talk:
    container_name: nc-talk
    image: ghcr.io/nextcloud-releases/aio-talk:latest
    init: true
    ports:
      - "3478:3478/tcp"
      - "3478:3478/udp"
    environment:
      - NC_DOMAIN=${NEXTCLOUD_DOMAIN}
      - TALK_HOST=${TALK_DOMAIN}
      - TURN_SECRET=${TALK_TURN_SECRET}
      - SIGNALING_SECRET=${TALK_SIGNALING_SECRET}
      - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
      - TZ=${TZ:-Europe/Berlin}
      - TALK_PORT=3478
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.nc-talk.rule=Host(`${TALK_DOMAIN}`)"
      - "traefik.http.routers.nc-talk.entrypoints=websecure"
      - "traefik.http.routers.nc-talk.middlewares=https-redirect"
      - "traefik.http.routers.nc-talk.tls=true"
      - "traefik.http.routers.nc-talk.tls.certresolver=le"
      - "traefik.http.services.nc-talk.loadbalancer.server.port=8081"
    networks:
      - nextcloud
      - traefik
    restart: unless-stopped

volumes:
  nextcloud-data:
    name: nextcloud-data

networks:
  database:
    external: true
  nextcloud:
    external: true
  traefik:
    external: true