Merge pull request #6 from jfroment/nextcloud-refactoring

Nextcloud refactoring

.env.sample

@@ -2,6 +2,9 @@
 TRAEFIK_DOMAIN=mydomain.com
 ACME_MAIL=my-email@my-provider.com
 
+# General settings
+TZ="Europe/Paris"
+
 # HTTP Auth
 HTTP_USER=myuser
 HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
@@ -10,12 +13,15 @@ HTTP_PASSWORD='mypassword_encoded' # Keep these simple quotes!
 PGID=1000
 PUID=1000
 
+# Database (for Owncloud)
+MYSQL_ROOT_PASSWORD=h4ckMePleAse889912101
+MYSQL_DATABASE=nextcloud
+MYSQL_USER=nextcloud
+MYSQL_PASSWORD=h4ckMePleAse4256718
+
 # Nextcloud
 NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=nextcloud_admin_password
+NEXTCLOUD_ADMIN_PASSWORD=h4ckMePleAse873214668
-NEXTCLOUD_DB_NAME=nextcloud_db_name
-NEXTCLOUD_DB_USER=nextcloud
-NEXTCLOUD_DB_PASSWORD=nextcloud_db_password
 
 # Portainer
 PORTAINER_ADMIN_PASSWORD=h4ckMePleAse

README.md

@@ -16,7 +16,8 @@ seedbox and personal media server.
 | Jackett              | jackett.yourdomain.com     | [linuxserver/jackett](https://hub.docker.com/r/linuxserver/jackett)    | *latest*                | Tracker indexer     |
 | JDownloader          | jdownloader.yourdomain.com | [jlesage/jdownloader-2](https://hub.docker.com/r/jlesage/jdownloader-2)| *latest*                | Direct downloader   |
 | Tautulli (plexPy)    | tautulli.yourdomain.com    | [linuxserver/tautulli](https://hub.docker.com/r/linuxserver/tautulli)  | *latest*                | Plex stats and admin|
-| NextCloud            | nextcloud.yourdomain.com   | [wonderfall/nextcloud](https://hub.docker.com/r/wonderfall/nextcloud)  | *latest*                | Files management    |
+| NextCloud            | nextcloud.yourdomain.com   | [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud)  | *latest*                | Files management    |
+| NextCloud-db (MariaDB) | not reachable   | [mariadb](https://hub.docker.com/r/_/mariadb)  | *10*                | DB for Nextcloud    |
 | Portainer            | portainer.yourdomain.com   | [portainer/portainer](https://hub.docker.com/r/portainer/portainer)    | *latest*                | Container management|
 | Netdata              | netdata.yourdomain.com     | [netdata/netdata](https://hub.docker.com/r/netdata/netdata)            | *latest*                | Server monitoring   |
 | Duplicati            | duplicati.yourdomain.com   | [linuxserver/duplicati](https://hub.docker.com/r/linuxserver/duplicati)| *latest*                | Backups             |

docker-compose.yml

@@ -5,7 +5,8 @@ services:
         image: traefik
         container_name: traefik
         restart: always
-        command: --certificatesresolvers.le.acme.email=${ACME_MAIL}
+        command: 
+            - --certificatesresolvers.le.acme.email=${ACME_MAIL}
         ports:
             - "80:80"
             - "443:443"
@@ -13,13 +14,13 @@ services:
             - /var/run/docker.sock:/var/run/docker.sock
             - ./traefik:/etc/traefik:ro
             - configtraefik:/config:ro
+        environment:
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             # Docker labels for enabling Traefik dashboard
             - "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.traefik.entrypoints=secure"
             - "traefik.http.routers.traefik.service=api@internal"
-            - "traefik.http.routers.traefik.tls.certresolver=le"
             - "traefik.http.routers.traefik.middlewares=common-auth@file"
 
     deluge:
@@ -33,12 +34,10 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.deluge.rule=Host(`deluge.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.deluge.entrypoints=secure"
-            - "traefik.http.routers.deluge.tls.certresolver=le"
             - "traefik.http.routers.deluge.middlewares=common-auth@file"
 
     plex:
@@ -58,14 +57,12 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
             - VERSION=latest
         labels:
             - "traefik.enable=true"
             - "traefik.http.services.plex-seedbox.loadbalancer.server.port=32400"
             - "traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.plex.entrypoints=secure"
-            - "traefik.http.routers.plex.tls.certresolver=le"
 
     jackett:
         image: linuxserver/jackett
@@ -78,12 +75,10 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.jackett.rule=Host(`jackett.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.jackett.entrypoints=secure"
-            - "traefik.http.routers.jackett.tls.certresolver=le"
             - "traefik.http.routers.jackett.middlewares=common-auth@file"
     
     sonarr:
@@ -97,12 +92,10 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.sonarr.rule=Host(`sonarr.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.sonarr.entrypoints=secure"
-            - "traefik.http.routers.sonarr.tls.certresolver=le"
             - "traefik.http.routers.sonarr.middlewares=common-auth@file"
 
     radarr:
@@ -116,12 +109,10 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.radarr.rule=Host(`radarr.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.radarr.entrypoints=secure"
-            - "traefik.http.routers.radarr.tls.certresolver=le"
             - "traefik.http.routers.radarr.middlewares=common-auth@file"
 
     bazarr:
@@ -134,12 +125,10 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.bazarr.rule=Host(`bazarr.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.bazarr.entrypoints=secure"
-            - "traefik.http.routers.bazarr.tls.certresolver=le"
             - "traefik.http.routers.bazarr.middlewares=common-auth@file"
 
     lidarr:
@@ -152,12 +141,10 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.lidarr.rule=Host(`lidarr.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.lidarr.entrypoints=secure"
-            - "traefik.http.routers.lidarr.tls.certresolver=le"
             - "traefik.http.routers.lidarr.middlewares=common-auth@file"
 
     tautulli:
@@ -170,12 +157,10 @@ services:
         environment:
             - PGID=${PGID}
             - PUID=${PUID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.tautulli.rule=Host(`tautulli.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.tautulli.entrypoints=secure"
-            - "traefik.http.routers.tautulli.tls.certresolver=le"
 
     jdownloader:
         image: jlesage/jdownloader-2
@@ -187,40 +172,50 @@ services:
         environment:
             - USER_ID=${PUID}
             - GROUP_ID=${PGID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         labels:
             - "traefik.enable=true"
             - "traefik.http.services.jdownloader-seedbox.loadbalancer.server.port=5800"
             - "traefik.http.routers.jdownloader.rule=Host(`jdownloader.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.jdownloader.entrypoints=secure"
-            - "traefik.http.routers.jdownloader.tls.certresolver=le"
             - "traefik.http.routers.jdownloader.middlewares=common-auth@file"
 
+    nextcloud-db:
+        image: mariadb:10
+        container_name: nextcloud-db
+        command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+        restart: always
+        environment:
+            - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+            - MYSQL_DATABASE=${MYSQL_DATABASE}
+            - MYSQL_USER=${MYSQL_USER}
+            - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+            - TZ=${TZ}
+        volumes: 
+            - nextclouddb:/var/lib/mysql
+        labels:
+            - "traefik.enable=false"
+
+    # See init-setup-nextcloud.sh for first install
     nextcloud:
-        image: wonderfall/nextcloud
+        depends_on:
+            - nextcloud-db
+        image: linuxserver/nextcloud
         container_name: nextcloud
         restart: always
+        environment:
+            - PGID=${PGID}
+            - PUID=${PUID}
+            - TZ=${TZ}
         volumes:
             - confignextcloud:/config
             - nextclouddata:/data
             - torrents:/torrents
             - config:/seedbox-config
-        environment:
-            - GID=${PGID}
-            - UID=${PUID}
-            - TZ=Europe/Paris
-            - ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
-            - ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
-            - DOMAIN=nextcloud.${TRAEFIK_DOMAIN}
-            - DB_TYPE=sqlite3
-            - DB_NAME=${NEXTCLOUD_DB_NAME}
-            - DB_USER=${NEXTCLOUD_DB_USER}
-            - DB_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.nextcloud.entrypoints=secure"
+            - "traefik.http.services.nextcloud-seedbox.loadbalancer.server.scheme=https"
-            - "traefik.http.routers.nextcloud.tls.certresolver=le"
+            - "traefik.http.services.nextcloud-seedbox.loadbalancer.server.port=443"
 
     portainer:
         image: portainer/portainer
@@ -232,8 +227,6 @@ services:
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.portainer.rule=Host(`portainer.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.portainer.entrypoints=secure"
-            - "traefik.http.routers.portainer.tls.certresolver=le"
 
     netdata:
         image: netdata/netdata
@@ -253,8 +246,6 @@ services:
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.netdata.rule=Host(`netdata.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.netdata.entrypoints=secure"
-            - "traefik.http.routers.netdata.tls.certresolver=le"
             - "traefik.http.routers.netdata.middlewares=common-auth@file"
 
     duplicati:
@@ -264,7 +255,7 @@ services:
         environment:
             - PUID=${PUID}
             - PGID=${PGID}
-            - TZ=Europe/Paris
+            - TZ=${TZ}
         volumes:
             - configduplicati:/config
             - backups:/backups
@@ -272,8 +263,6 @@ services:
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.duplicati.rule=Host(`duplicati.${TRAEFIK_DOMAIN}`)"
-            - "traefik.http.routers.duplicati.entrypoints=secure"
-            - "traefik.http.routers.duplicati.tls.certresolver=le"
             - "traefik.http.routers.duplicati.middlewares=common-auth@file"
 
 networks: 
@@ -326,6 +315,10 @@ volumes:
         driver: local-persist
         driver_opts:
             mountpoint: /data/config/jdownloader
+    nextclouddb:
+        driver: local-persist
+        driver_opts:
+            mountpoint: /data/nextcloud-db
     confignextcloud:
         driver: local-persist
         driver_opts:

init-setup-nextcloud.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+echo "[$0] Loading variables..."
+source .env
+
+echo "[$0] Installing nextcloud..."
+docker exec -it -u abc -w /config/www/nextcloud \
+  nextcloud bash -c " \
+    php occ maintenance:install \
+      --database \"mysql\" \
+      --database-host \"${MYSQL_DATABASE}\" \
+      --database-name \"nextcloud-db\" \
+      --database-user \"${MYSQL_USER}\" \
+      --database-pass \"${MYSQL_PASSWORD}\" \
+      --admin-user \"${NEXTCLOUD_ADMIN_USER}\" \
+      --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" \
+      --admin-email \"${ACME_MAIL}\" \
+      --data-dir \"/data\" \
+  "
+
+echo "[$0] Done."

traefik/traefik.yaml

@@ -1,6 +1,12 @@
 api:
   dashboard: true
 
+# Set Access logs timezone
+accessLog:
+  fields:
+    names:
+      StartUTC: drop
+
 providers:
   docker:
     endpoint: "unix:///var/run/docker.sock"
@@ -26,6 +32,10 @@ entryPoints:
       middlewares:
       - security-headers@file
 
+# Allow self-signed certificates for https backends (nextcloud for example)
+serversTransport:
+  insecureSkipVerify: true
+
 certificatesResolvers:
   le:
     acme: