From a87b027fed16a2fb73c2b670156d9be78bcccb9e Mon Sep 17 00:00:00 2001
From: Noah Petherbridge <root@kirsle.net>
Date: Thu, 5 Sep 2019 10:41:23 -0700
Subject: [PATCH] nextcloud WIP

---
 docker-compose.yml            | 77 +++++++++++++++++++----------------
 nginx/default-www/index.html  |  9 ++++
 nginx/dhparam.pem             |  8 ++++
 nginx/nginx.conf              |  8 ++--
 nginx/sites-enabled/blog      | 18 --------
 nginx/sites-enabled/default   |  3 --
 nginx/sites-enabled/gitea     | 10 ++---
 nginx/sites-enabled/nextcloud | 18 ++++++++
 8 files changed, 86 insertions(+), 65 deletions(-)
 create mode 100644 nginx/default-www/index.html
 create mode 100644 nginx/dhparam.pem
 delete mode 100644 nginx/sites-enabled/blog
 create mode 100644 nginx/sites-enabled/nextcloud

diff --git a/docker-compose.yml b/docker-compose.yml
index a4d0627..94c61e6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,8 +14,7 @@ version: "3"
 # - https://git.kirsle.lh    for Gitea
 #
 # Exported ports:
-# - 80 (nginx)
-# - 443 (nginx)
+# - 444 (nginx SSL port 443)
 # - 22 (gitea-ssh)
 
 # Define named networks to isolate the apps from each other. Each app will
@@ -23,12 +22,10 @@ version: "3"
 networks:
   default:
     driver: bridge
-  redis:
-    driver: bridge
-  blog:
-    driver: bridge
   gitea:
     driver: bridge
+  nextcloud:
+    driver: bridge
 
 # Named volumes to let the apps store their own data persistently on disk
 # between reboots. They end up somewhere at /var/lib/docker/volumes on the
@@ -38,7 +35,9 @@ volumes:
     driver: local
   gitea-data:
     driver: local
-  redis-data:
+  nextcloud-db:
+    driver: local
+  nextcloud-data:
     driver: local
 
 services:
@@ -48,46 +47,25 @@ services:
     image: nginx
     restart: always
     ports:
-      - "80:80"
-      - "443:443"
+      - "444:443"  # SSL port, my router won't forward 443 inbound =(
     volumes:
       - "./nginx/sites-enabled:/etc/nginx/sites-enabled:z"
       - "./nginx/nginx.conf:/etc/nginx/nginx.conf:z"
       - "./nginx/ssl_params:/etc/nginx/ssl_params:z"
+      - "./nginx/dhparam.pem:/etc/nginx/dhparam.pem:z"
       - "./ssl/snakeoil.key:/etc/nginx/certs/privkey.pem:z"
       - "./ssl/snakeoil.pem:/etc/nginx/certs/fullchain.pem:z"
+      - "./nginx/default-www:/var/www/html:z"
     networks:
       - default
-      - blog
       - gitea
-
-  # shared Redis cache for various apps
-  redis:
-    image: redis
-    restart: always
-    expose:
-      - 6379
-    volumes:
-      - "redis-data:/data"
-    networks:
-      - redis
-
-  # My custom Go web blog for kirsle.net
-  # https://github.com/kirsle/blog/blob/master/Dockerfile
-  blog:
-    build: /home/kirsle/go/src/github.com/kirsle/blog
-    restart: always
-    expose:
-      - 80
-    volumes:
-      - "./www:/data/www:z"
-    networks:
-      - blog
-      - redis
+    links:
+      - gitea
+      - nextcloud
 
   # Postgres DB for gitea.
   gitea-postgres:
-    image: postgres:10.5
+    image: postgres:11.5
     restart: always
     environment:
       - "POSTGRES_USER=gitea"
@@ -101,6 +79,7 @@ services:
   # Gitea git server.
   gitea:
     image: gitea/gitea:latest
+    hostname: gitea
     restart: always
     volumes:
       - "gitea-data:/data"
@@ -114,4 +93,30 @@ services:
       - DISABLE_REGISTRATION=true
     depends_on:
       - gitea-postgres
-      - nginx
+
+  # MariaDB for Nextcloud.
+  nextcloud-db:
+    image: mariadb
+    networks:
+      - nextcloud
+    volumes:
+      - "nextcloud-db:/var/lib/mysql"
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - MYSQL_ROOT_PASSWORD=ncrootpw
+      - MYSQL_PASSWORD=mysql
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+    restart: unless-stopped
+
+  # Nextcloud
+  nextcloud:
+    image: nextcloud:fpm
+    hostname: nextcloud
+    networks:
+      - nextcloud
+    depends_on:
+      - nextcloud-db
+    volumes:
+      - "nextcloud-data:/var/www/html"
+    restart: unless-stopped
diff --git a/nginx/default-www/index.html b/nginx/default-www/index.html
new file mode 100644
index 0000000..806a969
--- /dev/null
+++ b/nginx/default-www/index.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>ckir.net</title>
+	</head>
+	<body>
+		<h1>ckir.net</h1>
+	</body>
+</html>
diff --git a/nginx/dhparam.pem b/nginx/dhparam.pem
new file mode 100644
index 0000000..af38991
--- /dev/null
+++ b/nginx/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA90S5Kj7Lh0cHAY7OQVd498FhpumbKudj6O7wkR4AthSm/NMM3s37
+tfq3zNj/aoEXTkqx5IaiHwHSOgW+H3kJF9t5HqoGa76dWRnFXKZMNdXdVNll0Ajw
+k2KAU2KtKusxFPIQmquuF/FClWfw961HRulhksNqOYzguIex29FS5UOQOlvs+Pc0
+kb6TJ8MxNdMZx4W/0JYDvojAbZx64wn2Jlb5CxYhpTKtG4OYkr1F6DBBRpaDw6fM
+JFSgdw6EjO4/ZxrcSHrcrXyKBk1sSBbHTXjTAgFMr0yi9wChrCqKhRDTfWOe1XtP
+BtZFdtctJsu2MlEWNRgeYUdt9qhqn/ydqwIBAg==
+-----END DH PARAMETERS-----
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 6e57ea9..778d60d 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,3 +1,5 @@
+# vim:ft=nginx
+
 user www-data;
 worker_processes auto;
 pid /run/nginx.pid;
@@ -67,17 +69,17 @@ http {
 #mail {
 #	# See sample authentication script at:
 #	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-# 
+#
 #	# auth_http localhost/auth.php;
 #	# pop3_capabilities "TOP" "USER";
 #	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-# 
+#
 #	server {
 #		listen     localhost:110;
 #		protocol   pop3;
 #		proxy      on;
 #	}
-# 
+#
 #	server {
 #		listen     localhost:143;
 #		protocol   imap;
diff --git a/nginx/sites-enabled/blog b/nginx/sites-enabled/blog
deleted file mode 100644
index bfd5180..0000000
--- a/nginx/sites-enabled/blog
+++ /dev/null
@@ -1,18 +0,0 @@
-server {
-	server_name blog.kirsle.lh;
-	listen 80;
-	listen [::]:80;
-	listen 443 ssl;
-	listen [::]:443 ssl;
-
-	access_log /var/log/nginx/blog.access;
-	error_log /var/log/nginx/blog.error;
-
-	ssl_certificate /etc/nginx/certs/fullchain.pem;
-	ssl_certificate_key /etc/nginx/certs/privkey.pem;
-	include ssl_params;
-
-	location / {
-		proxy_pass http://blog/;
-	}
-}
diff --git a/nginx/sites-enabled/default b/nginx/sites-enabled/default
index df2fbb6..fdfdee3 100644
--- a/nginx/sites-enabled/default
+++ b/nginx/sites-enabled/default
@@ -14,9 +14,6 @@
 # Default server configuration
 #
 server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
 	# SSL configuration
 	#
 	listen 443 ssl default_server;
diff --git a/nginx/sites-enabled/gitea b/nginx/sites-enabled/gitea
index b0de7c0..196a0f1 100644
--- a/nginx/sites-enabled/gitea
+++ b/nginx/sites-enabled/gitea
@@ -1,9 +1,9 @@
+# vim:ft=nginx
+
 server {
-	server_name git.kirsle.lh;
-	listen 80;
-	listen [::]:80;
-	listen 443 ssl;
-	listen [::]:443 ssl;
+	server_name git.ckir.net git.caskir.com;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
 
 	access_log /var/log/nginx/gitea.access;
 	error_log /var/log/nginx/gitea.error;
diff --git a/nginx/sites-enabled/nextcloud b/nginx/sites-enabled/nextcloud
new file mode 100644
index 0000000..8a42ebe
--- /dev/null
+++ b/nginx/sites-enabled/nextcloud
@@ -0,0 +1,18 @@
+# vim:ft=nginx
+
+server {
+	server_name cloud.ckir.net cloud.caskir.com;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	access_log /var/log/nginx/gitea.access;
+	error_log /var/log/nginx/gitea.error;
+
+	ssl_certificate /etc/nginx/certs/fullchain.pem;
+	ssl_certificate_key /etc/nginx/certs/privkey.pem;
+	include ssl_params;
+
+	location / {
+		proxy_pass http://nextcloud:9000;
+	}
+}