version: '2' services: db: image: mariadb:latest restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed volumes: - database:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD={{ nextcloud.db.rootpassword }} - MYSQL_PASSWORD={{ nextcloud.db.password }} - MYSQL_DATABASE={{ nextcloud.db.name }} - MYSQL_USER={{ nextcloud.db.user }} labels: - "com.centurylinklabs.watchtower.scope=update" networks: - backend app: image: registry.tobiasmanske.de/nextcloud:main restart: always links: - db volumes: - nc_config:/var/www/html/config - nc_custom_apps:/var/www/html/custom_apps - nc_data:/var/www/data environment: - MYSQL_PASSWORD={{ nextcloud.db.password }} - MYSQL_DATABASE={{ nextcloud.db.name }} - MYSQL_USER={{ nextcloud.db.user }} - MYSQL_HOST=db networks: - backend - gateway - default labels: - "traefik.enable=true" - "traefik.http.routers.nextcloud.rule=Host(`wolke.chaoswg.org`)" - "traefik.http.routers.nextcloud.entryPoints=websecure" - "traefik.http.services.nextcloud.loadbalancer.server.port=80" - "traefik.http.middlewares.nextcloud.headers.customrequestheaders.Front-End-Https=on" - "traefik.http.middlewares.nextcloud.headers.customresponseheaders.Strict-Transport-Security=max-age=15768000; includeSubDomains;" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" - "traefik.http.middlewares.compression.compress=true" - "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud-dav,compression" - "com.centurylinklabs.watchtower.scope=update" volumes: nc_config: nc_custom_apps: nc_data: database: networks: gateway: external: true name: gateway backend: internal: true