nextcloud WIP

docker-compose.yml

@@ -14,8 +14,7 @@ version: "3"
 # - https://git.kirsle.lh    for Gitea
 #
 # Exported ports:
-# - 80 (nginx)
+# - 444 (nginx SSL port 443)
-# - 443 (nginx)
 # - 22 (gitea-ssh)
 
 # Define named networks to isolate the apps from each other. Each app will
@@ -23,12 +22,10 @@ version: "3"
 networks:
   default:
     driver: bridge
-  redis:
-    driver: bridge
-  blog:
-    driver: bridge
   gitea:
     driver: bridge
+  nextcloud:
+    driver: bridge
 
 # Named volumes to let the apps store their own data persistently on disk
 # between reboots. They end up somewhere at /var/lib/docker/volumes on the
@@ -38,7 +35,9 @@ volumes:
     driver: local
   gitea-data:
     driver: local
-  redis-data:
+  nextcloud-db:
+    driver: local
+  nextcloud-data:
     driver: local
 
 services:
@@ -48,46 +47,25 @@ services:
     image: nginx
     restart: always
     ports:
-      - "80:80"
+      - "444:443"  # SSL port, my router won't forward 443 inbound =(
-      - "443:443"
     volumes:
       - "./nginx/sites-enabled:/etc/nginx/sites-enabled:z"
       - "./nginx/nginx.conf:/etc/nginx/nginx.conf:z"
       - "./nginx/ssl_params:/etc/nginx/ssl_params:z"
+      - "./nginx/dhparam.pem:/etc/nginx/dhparam.pem:z"
       - "./ssl/snakeoil.key:/etc/nginx/certs/privkey.pem:z"
       - "./ssl/snakeoil.pem:/etc/nginx/certs/fullchain.pem:z"
+      - "./nginx/default-www:/var/www/html:z"
     networks:
       - default
-      - blog
       - gitea
-
+    links:
-  # shared Redis cache for various apps
+      - gitea
-  redis:
+      - nextcloud
-    image: redis
-    restart: always
-    expose:
-      - 6379
-    volumes:
-      - "redis-data:/data"
-    networks:
-      - redis
-
-  # My custom Go web blog for kirsle.net
-  # https://github.com/kirsle/blog/blob/master/Dockerfile
-  blog:
-    build: /home/kirsle/go/src/github.com/kirsle/blog
-    restart: always
-    expose:
-      - 80
-    volumes:
-      - "./www:/data/www:z"
-    networks:
-      - blog
-      - redis
 
   # Postgres DB for gitea.
   gitea-postgres:
-    image: postgres:10.5
+    image: postgres:11.5
     restart: always
     environment:
       - "POSTGRES_USER=gitea"
@@ -101,6 +79,7 @@ services:
   # Gitea git server.
   gitea:
     image: gitea/gitea:latest
+    hostname: gitea
     restart: always
     volumes:
       - "gitea-data:/data"
@@ -114,4 +93,30 @@ services:
       - DISABLE_REGISTRATION=true
     depends_on:
       - gitea-postgres
-      - nginx
+
+  # MariaDB for Nextcloud.
+  nextcloud-db:
+    image: mariadb
+    networks:
+      - nextcloud
+    volumes:
+      - "nextcloud-db:/var/lib/mysql"
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - MYSQL_ROOT_PASSWORD=ncrootpw
+      - MYSQL_PASSWORD=mysql
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+    restart: unless-stopped
+
+  # Nextcloud
+  nextcloud:
+    image: nextcloud:fpm
+    hostname: nextcloud
+    networks:
+      - nextcloud
+    depends_on:
+      - nextcloud-db
+    volumes:
+      - "nextcloud-data:/var/www/html"
+    restart: unless-stopped

nginx/default-www/index.html

@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>ckir.net</title>
+	</head>
+	<body>
+		<h1>ckir.net</h1>
+	</body>
+</html>

nginx/dhparam.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA90S5Kj7Lh0cHAY7OQVd498FhpumbKudj6O7wkR4AthSm/NMM3s37
+tfq3zNj/aoEXTkqx5IaiHwHSOgW+H3kJF9t5HqoGa76dWRnFXKZMNdXdVNll0Ajw
+k2KAU2KtKusxFPIQmquuF/FClWfw961HRulhksNqOYzguIex29FS5UOQOlvs+Pc0
+kb6TJ8MxNdMZx4W/0JYDvojAbZx64wn2Jlb5CxYhpTKtG4OYkr1F6DBBRpaDw6fM
+JFSgdw6EjO4/ZxrcSHrcrXyKBk1sSBbHTXjTAgFMr0yi9wChrCqKhRDTfWOe1XtP
+BtZFdtctJsu2MlEWNRgeYUdt9qhqn/ydqwIBAg==
+-----END DH PARAMETERS-----

nginx/nginx.conf

@@ -1,3 +1,5 @@
+# vim:ft=nginx
+
 user www-data;
 worker_processes auto;
 pid /run/nginx.pid;
@@ -67,17 +69,17 @@ http {
 #mail {
 #	# See sample authentication script at:
 #	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-# 
+#
 #	# auth_http localhost/auth.php;
 #	# pop3_capabilities "TOP" "USER";
 #	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-# 
+#
 #	server {
 #		listen     localhost:110;
 #		protocol   pop3;
 #		proxy      on;
 #	}
-# 
+#
 #	server {
 #		listen     localhost:143;
 #		protocol   imap;

nginx/sites-enabled/blog

@@ -1,18 +0,0 @@
-server {
-	server_name blog.kirsle.lh;
-	listen 80;
-	listen [::]:80;
-	listen 443 ssl;
-	listen [::]:443 ssl;
-
-	access_log /var/log/nginx/blog.access;
-	error_log /var/log/nginx/blog.error;
-
-	ssl_certificate /etc/nginx/certs/fullchain.pem;
-	ssl_certificate_key /etc/nginx/certs/privkey.pem;
-	include ssl_params;
-
-	location / {
-		proxy_pass http://blog/;
-	}
-}

nginx/sites-enabled/default

@@ -14,9 +14,6 @@
 # Default server configuration
 #
 server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
 	# SSL configuration
 	#
 	listen 443 ssl default_server;

nginx/sites-enabled/gitea

@@ -1,9 +1,9 @@
+# vim:ft=nginx
+
 server {
-	server_name git.kirsle.lh;
+	server_name git.ckir.net git.caskir.com;
-	listen 80;
+	listen 443 ssl http2;
-	listen [::]:80;
+	listen [::]:443 ssl http2;
-	listen 443 ssl;
-	listen [::]:443 ssl;
 
 	access_log /var/log/nginx/gitea.access;
 	error_log /var/log/nginx/gitea.error;

nginx/sites-enabled/nextcloud

@@ -0,0 +1,18 @@
+# vim:ft=nginx
+
+server {
+	server_name cloud.ckir.net cloud.caskir.com;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	access_log /var/log/nginx/gitea.access;
+	error_log /var/log/nginx/gitea.error;
+
+	ssl_certificate /etc/nginx/certs/fullchain.pem;
+	ssl_certificate_key /etc/nginx/certs/privkey.pem;
+	include ssl_params;
+
+	location / {
+		proxy_pass http://nextcloud:9000;
+	}
+}