Photo by Aili Chen / Unsplash

Installer NextCloud sur votre serveur avec Docker et SSL

3 juil. 2022

Dans cet article nous allons :

  • Installer une stack NextCloud / MariaDB / Redis
  • Le rendre accessible via https (cf article #traefik)

On va pas tergiverser longtemps, il nous faut un docker-compose et basta :)

Personnellement j'utilise la version Nextcloud de Wonderfall. Elle me convient très bien.

Docker-compose.yml et .env

On va se créer un fichier .env du style : 

#########
# MYSQL #
#########
MYSQL_ROOT_PASSWORD="MyVerySecurePasswordRoot"
# NEXTCLOUD
MYSQL_USER_NEXTCLOUD="nextcloud-user"
MYSQL_PASSWORD_NEXTCLOUD="MyVerySecurePasswordUser"
MYSQL_DATABASE_NEXTCLOUD="nextcloud-db"

PUID="1000"
PGID="997"
TZ="Europe/Paris"
USERDIR="/home/user"
DOMAINNAME="domain.com"

Puis notre docker compose

version: "3.6"

###########
# NETWORK #
###########
networks:
  traefik_proxy:
    external: true
  internal:
    driver: bridge

###########
# VOLUMES #
###########

volumes:
  nextcloud-db: {}
  nextcloud-redis: {}


############
# SERVICES #
############

services:

# NEXTCLOUD #
#############

  nextcloud-app:
    hostname: nextcloud
    container_name: nextcloud
    image: ghcr.io/wonderfall/nextcloud:latest
    restart: unless-stopped
    stdin_open: true
    tty: true
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    networks:
      - traefik_proxy
      - internal
    environment:
      UPLOAD_MAX_SIZE: 10G
      APC_SHM_SIZE: 256M
      MEMORY_LIMIT: 4G
      CRON_PERIOD: 15m
      TZ: ${TZ}
      DOMAIN: localhost
      DB_TYPE: mysql
      DB_NAME: ${MYSQL_DATABASE_NEXTCLOUD}
      DB_USER: ${MYSQL_USER_NEXTCLOUD}
      DB_PASSWORD: ${MYSQL_PASSWORD_NEXTCLOUD}
      DB_HOST: nextcloud-db
    volumes:
      - ${USERDIR}/docker/nextcloud/data:/data
      - ${USERDIR}/docker/nextcloud/config:/nextcloud/config
      - ${USERDIR}/docker/nextcloud/apps:/nextcloud/apps2
      - ${USERDIR}/docker/nextcloud/themes:/nextcloud/themes
    healthcheck:
      test: ["CMD", "curl", "-f", "http://127.0.0.1:8888"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 1m
    labels:
      traefik.enable: true
      traefik.docker.network: traefik_proxy
      traefik.http.routers.nextcloud.entrypoints: websecure
      traefik.http.routers.nextcloud.rule: Host(`cloud.${DOMAINNAME}`)
      traefik.http.routers.nextcloud.service: nextcloud
      traefik.http.services.nextcloud.loadbalancer.server.port: 8888
      traefik.http.routers.nextcloud.middlewares: nextcloud,nextcloud_redirect
      traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue: ALLOW-FROM https://cloud.${DOMAINNAME}
      traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy: frame-ancestors 'self' ${DOMAINNAME} *.${DOMAINNAME}
      traefik.http.middlewares.nextcloud.headers.stsSeconds: 155520011
      traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains: true
      traefik.http.middlewares.nextcloud.headers.stsPreload: true
      traefik.http.middlewares.nextcloud.headers.customresponseheaders.X-Frame-Options: SAMEORIGIN
      traefik.http.middlewares.nextcloud_redirect.redirectregex.permanent: true
      traefik.http.middlewares.nextcloud-redirect.redirectRegex.regex: https://(.*)/.well-known/(card|cal)dav
      traefik.http.middlewares.nextcloud-redirect.redirectRegex.replacement: https://$${1}/remote.php/dav/
      traefik.http.middlewares.nextcloud_webfinger.redirectregex.permanent: true
      traefik.http.middlewares.nextcloud-webfinger.redirectRegex.regex: ^(/.well-known.*)
      traefik.http.middlewares.nextcloud-webfinger.redirectRegex.replacement: /index.php$${1}
      com.centurylinklabs.watchtower.enable: true


# MYSQL #
#########

  nextcloud-db:
    hostname: nextcloud-db
    container_name: nextcloud-db
    image: lscr.io/linuxserver/mariadb
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "--silent"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 1m
    volumes:
      - nextcloud-db:/config
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      MYSQL_DATABASE: ${MYSQL_DATABASE_NEXTCLOUD}
      MYSQL_USER: ${MYSQL_USER_NEXTCLOUD}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD_NEXTCLOUD}
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
    networks:
      - internal
    labels:
      com.centurylinklabs.watchtower.enable: true

# Redis #
#########
  nextcloud-redis:
    container_name: nextcloud-redis
    image: redis:alpine
    restart: unless-stopped
    user: ${PUID}:${PGID}
    healthcheck:
      test: ["CMD", "redis-cli","ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 1m
    volumes:
      - nextcloud-redis:/data
    networks:
      - internal
    labels:
      com.centurylinklabs.watchtower.enable: true

Puis un docker-compose up -d et hop voila vous aurez une instance NextCloud auto-hébergée.

Tom