version: '3' services: nextcloud: container_name: app-server image: nextcloud:20-fpm stdin_open: true tty: true restart: always expose: - '80' - '9000' volumes: - app_data:/var/www/html networks: - ldap - default environment: MYSQL_PASSWORD: MYSQL_DATABASE: MYSQL_USER: MYSQL_HOST: cron: container_name: cron image: nextcloud:20-fpm restart: always volumes: - app_data:/var/www/html entrypoint: /cron.sh networks: - ldap - default db: image: mariadb restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: - db:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: MYSQL_PASSWORD: MYSQL_DATABASE: MYSQL_USER: onlyoffice-document-server: container_name: onlyoffice-document-server image: onlyoffice/documentserver:latest stdin_open: true tty: true restart: always expose: - '80' - '443' volumes: - document_data:/var/www/onlyoffice/Data - document_log:/var/log/onlyoffice nginx: container_name: nginx-server image: nginx stdin_open: true tty: true restart: always volumes: - ./nginx.conf:/etc/nginx/nginx.conf - app_data:/var/www/html networks: - traefik - default labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - "traefik.http.routers.nextcloud.rule=Host(`${HOST}`)" - "traefik.http.routers.nextcloud.tls.certresolver=myresolver" - "traefik.http.routers.nextcloud.entrypoints=web,websecure" - "traefik.http.routers.nextcloud.middlewares=nextcloud-caldav@docker,nextcloud-hardening@docker" - "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent=true" - "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav" - "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement=https://$${1}/remote.php/dav/" - "traefik.http.middlewares.nextcloud-hardening.headers.sslredirect=true" - "traefik.http.middlewares.nextcloud-hardening.headers.forceSTSHeader=true" - "traefik.http.middlewares.nextcloud-hardening.headers.stsIncludeSubdomains=true" - "traefik.http.middlewares.nextcloud-hardening.headers.stsSeconds=15552000" - "traefik.http.middlewares.nextcloud-hardening.headers.stsPreload=true" - "traefik.http.middlewares.nextcloud-hardening.headers.referrerPolicy=no-referrer" - "traefik.http.middlewares.nextcloud-hardening.headers.customFrameOptionsValue=SAMEORIGIN" volumes: document_data: document_log: app_data: db: networks: ldap: external: true traefik: external: true