stacks env

2026-03-17 15:30:01 +00:00
parent 59cc0c0bab
commit 1f7ed5071d
4 changed files with 366 additions and 0 deletions
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@@ -0,0 +1,167 @@
+services:
+  nextcloud-db:
+    image: mariadb:lts
+    container_name: nextcloud-db
+    restart: unless-stopped
+    command: >
+      --transaction-isolation=READ-COMMITTED
+      --binlog-format=ROW
+      --character-set-server=utf8mb4
+      --collation-server=utf8mb4_general_ci
+    environment:
+      TZ: ${TZ}
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+    volumes:
+      - /opt/nextcloud/db:/var/lib/mysql:Z
+    networks:
+      - nextcloud_internal
+
+  nextcloud-redis:
+    image: redis:7-alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    command: redis-server --save 60 1 --loglevel warning
+    environment:
+      TZ: ${TZ}
+    volumes:
+      - /opt/nextcloud/redis:/data:Z
+    networks:
+      - nextcloud_internal
+
+  nextcloud:
+    image: nextcloud:33-apache
+    container_name: nextcloud
+    restart: unless-stopped
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    environment:
+      TZ: ${TZ}
+      MYSQL_HOST: nextcloud-db
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      REDIS_HOST: nextcloud-redis
+
+      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
+      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
+      NEXTCLOUD_TRUSTED_DOMAINS: ${NC_DOMAIN} nextcloud localhost
+
+      TRUSTED_PROXIES: ${TRUSTED_PROXIES}
+      OVERWRITEHOST: ${NC_DOMAIN}
+      OVERWRITEPROTOCOL: https
+      OVERWRITECLIURL: https://${NC_DOMAIN}
+
+      PHP_MEMORY_LIMIT: 2048M
+      PHP_UPLOAD_LIMIT: 16G
+    volumes:
+      - /opt/nextcloud/html:/var/www/html:Z
+      - /opt/nextcloud/config:/var/www/html/config:Z
+      - /opt/nextcloud/data:/var/www/html/data:Z
+      - /opt/nextcloud/custom_apps:/var/www/html/custom_apps:Z
+      - /opt/nextcloud/themes:/var/www/html/themes:Z
+
+      # Opcional: exponer archivo final de Paperless en Nextcloud como solo lectura
+      - /opt/paperless/media:/mnt/paperless-media:ro,Z
+    networks:
+      - nextcloud_internal
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+
+      - traefik.http.routers.nextcloud.rule=Host(`${NC_DOMAIN}`)
+      - traefik.http.routers.nextcloud.entrypoints=websecure
+      - traefik.http.routers.nextcloud.tls=true
+      - traefik.http.routers.nextcloud.tls.certresolver=${TRAEFIK_CERTRESOLVER}
+      - traefik.http.routers.nextcloud.middlewares=nc-dav,nc-secure-headers
+
+      - traefik.http.middlewares.nc-dav.redirectregex.permanent=true
+      - traefik.http.middlewares.nc-dav.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav
+      - traefik.http.middlewares.nc-dav.redirectregex.replacement=https://$${1}/remote.php/dav
+
+      - traefik.http.middlewares.nc-secure-headers.headers.stsSeconds=31536000
+      - traefik.http.middlewares.nc-secure-headers.headers.stsIncludeSubdomains=true
+      - traefik.http.middlewares.nc-secure-headers.headers.stsPreload=true
+      - traefik.http.middlewares.nc-secure-headers.headers.contentTypeNosniff=true
+      - traefik.http.middlewares.nc-secure-headers.headers.browserXssFilter=true
+
+      - traefik.http.services.nextcloud.loadbalancer.server.port=80
+
+  nextcloud-cron:
+    image: nextcloud:33-apache
+    container_name: nextcloud-cron
+    restart: unless-stopped
+    depends_on:
+      - nextcloud
+    entrypoint: /cron.sh
+    environment:
+      TZ: ${TZ}
+      MYSQL_HOST: nextcloud-db
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      REDIS_HOST: nextcloud-redis
+    volumes:
+      - /opt/nextcloud/html:/var/www/html:Z
+      - /opt/nextcloud/config:/var/www/html/config:Z
+      - /opt/nextcloud/data:/var/www/html/data:Z
+      - /opt/nextcloud/custom_apps:/var/www/html/custom_apps:Z
+      - /opt/nextcloud/themes:/var/www/html/themes:Z
+
+      # Opcional: exponer archivo final de Paperless en Nextcloud como solo lectura
+      - /opt/paperless/media:/mnt/paperless-media:ro,Z
+    networks:
+      - nextcloud_internal
+
+  onlyoffice-documentserver:
+    image: onlyoffice/documentserver:9.3.1
+    container_name: onlyoffice-documentserver
+    restart: unless-stopped
+    environment:
+      TZ: ${TZ}
+      JWT_ENABLED: "true"
+      JWT_SECRET: ${OO_JWT_SECRET}
+      JWT_HEADER: Authorization
+      SECURE_LINK_SECRET: ${OO_SECURE_LINK_SECRET}
+      ALLOW_PRIVATE_IP_ADDRESS: "true"
+    volumes:
+      - /opt/onlyoffice/logs:/var/log/onlyoffice:Z
+      - /opt/onlyoffice/data:/var/www/onlyoffice/Data:Z
+      - /opt/onlyoffice/lib:/var/lib/onlyoffice:Z
+      - /opt/onlyoffice/postgresql:/var/lib/postgresql:Z
+#- /opt/onlyoffice/plugins:/var/www/onlyoffice/documentserver/sdkjs-plugins:Z
+    networks:
+      - nextcloud_internal
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+
+      - traefik.http.routers.onlyoffice.rule=Host(`${OO_DOMAIN}`)
+      - traefik.http.routers.onlyoffice.entrypoints=websecure
+      - traefik.http.routers.onlyoffice.tls=true
+      - traefik.http.routers.onlyoffice.tls.certresolver=${TRAEFIK_CERTRESOLVER}
+      - traefik.http.routers.onlyoffice.middlewares=oo-secure-headers,oo-forwarded
+
+      - traefik.http.middlewares.oo-secure-headers.headers.stsSeconds=31536000
+      - traefik.http.middlewares.oo-secure-headers.headers.stsIncludeSubdomains=true
+      - traefik.http.middlewares.oo-secure-headers.headers.stsPreload=true
+      - traefik.http.middlewares.oo-secure-headers.headers.contentTypeNosniff=true
+
+      - traefik.http.middlewares.oo-forwarded.headers.customRequestHeaders.X-Forwarded-Proto=https
+      - traefik.http.middlewares.oo-forwarded.headers.customRequestHeaders.X-Forwarded-Host=${OO_DOMAIN}
+      - traefik.http.middlewares.oo-forwarded.headers.customRequestHeaders.X-Forwarded-Port=443
+      - traefik.http.middlewares.oo-forwarded.headers.customRequestHeaders.X-Forwarded-Ssl=on
+
+      - traefik.http.services.onlyoffice.loadbalancer.server.port=80
+
+networks:
+  nextcloud_internal:
+    driver: bridge
+
+  proxy:
+    external: true
--- a/nextcloud/stack.env
+++ b/nextcloud/stack.env
@@ -0,0 +1,13 @@
+TZ=Europe/Madrid
+NC_DOMAIN=nextcloud.example.com
+OO_DOMAIN=onlyoffice.example.com
+TRAEFIK_CERTRESOLVER=letsencrypt
+TRUSTED_PROXIES=10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+MYSQL_ROOT_PASSWORD=change_me_mysql_root_password_long_and_secure
+MYSQL_DATABASE=nextcloud
+MYSQL_USER=nextcloud
+MYSQL_PASSWORD=change_me_nextcloud_db_password_long_and_secure
+NEXTCLOUD_ADMIN_USER=admin
+NEXTCLOUD_ADMIN_PASSWORD=change_me_nextcloud_admin_password_long_and_secure
+OO_JWT_SECRET=change_me_onlyoffice_jwt_secret_long_and_random
+OO_SECURE_LINK_SECRET=change_me_onlyoffice_secure_link_secret_long_and_random