version: '2' services: {{- if eq .Values.COLLABORA "true"}} collabora: image: collabora/code:latest cap_add: - MKNOD # Ability to create special files (https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 environment: domain: collabora.${TRAEFIK_HOST} expose: - "9980" labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true ### Start Web Segment traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 traefik.frontend.rule: Host:collabora.${TRAEFIK_HOST} traefik.port: "9980" ### End Web Segment networks: - public-proxy restart: on-failure {{- end}} nextcloud: image: nextcloud:stable-apache dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 environment: MYSQL_HOST: mysql MYSQL_DATABASE: nextcloud_db MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} NEXTCLOUD_ADMIN_USER: ${NC_ADMIN} NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS} expose: - "80" labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true ### Start Web Segment traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.port: "80" ### End Web Segment links: {{- if eq .Values.COLLABORA "true"}} - collabora {{- end}} - mysql {{- if eq .Values.REDIS "true"}} - redis {{- end}} networks: - public-proxy {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" {{- end}} restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Configuration:/var/www/html/config # Nextcloud configuration files - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file mysql: image: mysql:latest dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 environment: MYSQL_DATABASE: nextcloud_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} networks: db-admin: aliases: - nextcloud # This should allow access from "mysql.nextcloud.rancher.internal" restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} redis: image: redis:latest dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 labels: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system {{- end}} networks: db-admin: external: true # Created by Adminer or phpMyAdmin stack public-proxy: external: true # Created by Traefik stack