前言
OCI的ARM方案實在很香,弄個Nextcloud也很不錯,而Nextcloud要用Traefik來做reserve proxy就有點…
作法
Docker-compose.yml內容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| services:
nextcloud:
image: nextcloud
container_name: nextcloud
restart: always
environment:
- SQLITE_DATABASE=${Database_name_you_like}
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.example.com
- TRUSTED_PROXIES=${Ip_range_for_containers/mask}
volumes:
- /var/lib/docker/volumes/nextcloud/app:/var/www/html
- /Folder/you/can/storage/data:/var/www/html/data
labels:
- traefik.enable=true
- traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
- traefik.http.routers.nextcloud.tls.certresolver=myresolver
- traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)
- traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://example.com
- traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' example.com *.example.net
- traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
- traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
- traefik.http.middlewares.nextcloud.headers.stsPreload=true
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
networks:
default:
external: true
name: traefik_backend
|
說真的,Nextcloud因為他的安全機制所以搞的超級麻煩的…
首先是不能用linuxserver.io的image, 因為他是Nginx+SSL已經弄好的traefik必死
另外也不能用fpm的image會有各種奇怪的問題
最終找到這篇
Deploy Nextcloud with docker-compose, Traefik 2, PostgreSQL and Redis
人家寫得很完整,也很有用…但是我還看不懂…
注意事項
官方的Image預設的uid是33(沒錯就是這麼詭異的…)所以要特別注意
另外因為我是用sqlite所以資料庫會一併扔到/var/html/data也就是我另外mount的volume去