diff --git a/.env.sample b/.env.sample index f7fa027..774278c 100644 --- a/.env.sample +++ b/.env.sample @@ -2,6 +2,9 @@ TRAEFIK_DOMAIN=mydomain.com ACME_MAIL=my-email@my-provider.com +# General settings +TZ="Europe/Paris" + # HTTP Auth HTTP_USER=myuser HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes! @@ -10,12 +13,15 @@ HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes! PGID=1000 PUID=1000 +# Database (for Owncloud) +MYSQL_ROOT_PASSWORD=h4ckMePleAse889912101 +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud +MYSQL_PASSWORD=h4ckMePleAse4256718 + # Nextcloud NEXTCLOUD_ADMIN_USER=admin -NEXTCLOUD_ADMIN_PASSWORD=nextcloud_admin_password -NEXTCLOUD_DB_NAME=nextcloud_db_name -NEXTCLOUD_DB_USER=nextcloud -NEXTCLOUD_DB_PASSWORD=nextcloud_db_password +NEXTCLOUD_ADMIN_PASSWORD=h4ckMePleAse873214668 # Portainer PORTAINER_ADMIN_PASSWORD=h4ckMePleAse \ No newline at end of file diff --git a/README.md b/README.md index d89e463..ffdad28 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,8 @@ seedbox and personal media server. | Jackett | jackett.yourdomain.com | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett) | *latest* | Tracker indexer | | JDownloader | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest* | Direct downloader | | Tautulli (plexPy) | tautulli.yourdomain.com | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli) | *latest* | Plex stats and admin| -| NextCloud | nextcloud.yourdomain.com | [wonderfall/nextcloud](https://hub.docker.com/r/wonderfall/nextcloud) | *latest* | Files management | +| NextCloud | nextcloud.yourdomain.com | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) | *latest* | Files management | +| NextCloud-db (MariaDB) | not reachable | [mariadb](https://hub.docker.com/r/_/mariadb) | *10* | DB for Nextcloud | | Portainer | portainer.yourdomain.com | [portainer/portainer](https://hub.docker.com/r/portainer/portainer) | *latest* | Container management| | Netdata | netdata.yourdomain.com | [netdata/netdata](https://hub.docker.com/r/netdata/netdata) | *latest* | Server monitoring | | Duplicati | duplicati.yourdomain.com | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest* | Backups | diff --git a/docker-compose.yml b/docker-compose.yml index 99429fb..13731e5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,8 @@ services: image: traefik container_name: traefik restart: always - command: --certificatesresolvers.le.acme.email=${ACME_MAIL} + command: + - --certificatesresolvers.le.acme.email=${ACME_MAIL} ports: - "80:80" - "443:443" @@ -13,13 +14,13 @@ services: - /var/run/docker.sock:/var/run/docker.sock - ./traefik:/etc/traefik:ro - configtraefik:/config:ro + environment: + - TZ=${TZ} labels: - "traefik.enable=true" # Docker labels for enabling Traefik dashboard - "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.traefik.entrypoints=secure" - "traefik.http.routers.traefik.service=api@internal" - - "traefik.http.routers.traefik.tls.certresolver=le" - "traefik.http.routers.traefik.middlewares=common-auth@file" deluge: @@ -33,12 +34,10 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.routers.deluge.rule=Host(`deluge.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.deluge.entrypoints=secure" - - "traefik.http.routers.deluge.tls.certresolver=le" - "traefik.http.routers.deluge.middlewares=common-auth@file" plex: @@ -58,14 +57,12 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} - VERSION=latest labels: - "traefik.enable=true" - "traefik.http.services.plex-seedbox.loadbalancer.server.port=32400" - "traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.plex.entrypoints=secure" - - "traefik.http.routers.plex.tls.certresolver=le" jackett: image: linuxserver/jackett @@ -78,12 +75,10 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.routers.jackett.rule=Host(`jackett.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.jackett.entrypoints=secure" - - "traefik.http.routers.jackett.tls.certresolver=le" - "traefik.http.routers.jackett.middlewares=common-auth@file" sonarr: @@ -97,12 +92,10 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.sonarr.entrypoints=secure" - - "traefik.http.routers.sonarr.tls.certresolver=le" - "traefik.http.routers.sonarr.middlewares=common-auth@file" radarr: @@ -116,12 +109,10 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.radarr.entrypoints=secure" - - "traefik.http.routers.radarr.tls.certresolver=le" - "traefik.http.routers.radarr.middlewares=common-auth@file" bazarr: @@ -134,12 +125,10 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.routers.bazarr.rule=Host(`bazarr.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.bazarr.entrypoints=secure" - - "traefik.http.routers.bazarr.tls.certresolver=le" - "traefik.http.routers.bazarr.middlewares=common-auth@file" lidarr: @@ -152,12 +141,10 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.routers.lidarr.rule=Host(`lidarr.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.lidarr.entrypoints=secure" - - "traefik.http.routers.lidarr.tls.certresolver=le" - "traefik.http.routers.lidarr.middlewares=common-auth@file" tautulli: @@ -170,12 +157,10 @@ services: environment: - PGID=${PGID} - PUID=${PUID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.routers.tautulli.rule=Host(`tautulli.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.tautulli.entrypoints=secure" - - "traefik.http.routers.tautulli.tls.certresolver=le" jdownloader: image: jlesage/jdownloader-2 @@ -187,40 +172,50 @@ services: environment: - USER_ID=${PUID} - GROUP_ID=${PGID} - - TZ=Europe/Paris + - TZ=${TZ} labels: - "traefik.enable=true" - "traefik.http.services.jdownloader-seedbox.loadbalancer.server.port=5800" - "traefik.http.routers.jdownloader.rule=Host(`jdownloader.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.jdownloader.entrypoints=secure" - - "traefik.http.routers.jdownloader.tls.certresolver=le" - "traefik.http.routers.jdownloader.middlewares=common-auth@file" + nextcloud-db: + image: mariadb:10 + container_name: nextcloud-db + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + restart: always + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - TZ=${TZ} + volumes: + - nextclouddb:/var/lib/mysql + labels: + - "traefik.enable=false" + + # See init-setup-nextcloud.sh for first install nextcloud: - image: wonderfall/nextcloud + depends_on: + - nextcloud-db + image: linuxserver/nextcloud container_name: nextcloud restart: always + environment: + - PGID=${PGID} + - PUID=${PUID} + - TZ=${TZ} volumes: - confignextcloud:/config - nextclouddata:/data - torrents:/torrents - config:/seedbox-config - environment: - - GID=${PGID} - - UID=${PUID} - - TZ=Europe/Paris - - ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - - ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - - DOMAIN=nextcloud.${TRAEFIK_DOMAIN} - - DB_TYPE=sqlite3 - - DB_NAME=${NEXTCLOUD_DB_NAME} - - DB_USER=${NEXTCLOUD_DB_USER} - - DB_PASSWORD=${NEXTCLOUD_DB_PASSWORD} labels: - "traefik.enable=true" - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.nextcloud.entrypoints=secure" - - "traefik.http.routers.nextcloud.tls.certresolver=le" + - "traefik.http.services.nextcloud-seedbox.loadbalancer.server.scheme=https" + - "traefik.http.services.nextcloud-seedbox.loadbalancer.server.port=443" portainer: image: portainer/portainer @@ -232,8 +227,6 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.portainer.rule=Host(`portainer.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.portainer.entrypoints=secure" - - "traefik.http.routers.portainer.tls.certresolver=le" netdata: image: netdata/netdata @@ -253,8 +246,6 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.netdata.rule=Host(`netdata.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.netdata.entrypoints=secure" - - "traefik.http.routers.netdata.tls.certresolver=le" - "traefik.http.routers.netdata.middlewares=common-auth@file" duplicati: @@ -264,7 +255,7 @@ services: environment: - PUID=${PUID} - PGID=${PGID} - - TZ=Europe/Paris + - TZ=${TZ} volumes: - configduplicati:/config - backups:/backups @@ -272,8 +263,6 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.duplicati.rule=Host(`duplicati.${TRAEFIK_DOMAIN}`)" - - "traefik.http.routers.duplicati.entrypoints=secure" - - "traefik.http.routers.duplicati.tls.certresolver=le" - "traefik.http.routers.duplicati.middlewares=common-auth@file" networks: @@ -326,6 +315,10 @@ volumes: driver: local-persist driver_opts: mountpoint: /data/config/jdownloader + nextclouddb: + driver: local-persist + driver_opts: + mountpoint: /data/nextcloud-db confignextcloud: driver: local-persist driver_opts: diff --git a/init-setup-nextcloud.sh b/init-setup-nextcloud.sh new file mode 100755 index 0000000..2973cc4 --- /dev/null +++ b/init-setup-nextcloud.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +echo "[$0] Loading variables..." +source .env + +echo "[$0] Installing nextcloud..." +docker exec -it -u abc -w /config/www/nextcloud \ + nextcloud bash -c " \ + php occ maintenance:install \ + --database \"mysql\" \ + --database-host \"${MYSQL_DATABASE}\" \ + --database-name \"nextcloud-db\" \ + --database-user \"${MYSQL_USER}\" \ + --database-pass \"${MYSQL_PASSWORD}\" \ + --admin-user \"${NEXTCLOUD_ADMIN_USER}\" \ + --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" \ + --admin-email \"${ACME_MAIL}\" \ + --data-dir \"/data\" \ + " + +echo "[$0] Done." \ No newline at end of file diff --git a/traefik/traefik.yaml b/traefik/traefik.yaml index 4d9dc3d..a2dfe1a 100644 --- a/traefik/traefik.yaml +++ b/traefik/traefik.yaml @@ -1,6 +1,12 @@ api: dashboard: true +# Set Access logs timezone +accessLog: + fields: + names: + StartUTC: drop + providers: docker: endpoint: "unix:///var/run/docker.sock" @@ -26,6 +32,10 @@ entryPoints: middlewares: - security-headers@file +# Allow self-signed certificates for https backends (nextcloud for example) +serversTransport: + insecureSkipVerify: true + certificatesResolvers: le: acme: