From c4c80ff2edeb7516f760a66012f925162bf501d5 Mon Sep 17 00:00:00 2001 From: Myve Date: Fri, 14 Jun 2024 07:14:39 +0000 Subject: [PATCH] First commit --- .env | 153 +++ docker-compose.yaml | 1082 +++++++++++++++++ nextcloud/nginx.conf | 239 ++++ nextcloud/php-fpm.conf | 5 + onlyoffice/mysql/conf.d/onlyoffice.cnf | 5 + .../mysql/docker-entrypoint-initdb.d/setup.sh | 13 + stirling/tesseract.sh | 2 + 7 files changed, 1499 insertions(+) create mode 100644 .env create mode 100644 docker-compose.yaml create mode 100644 nextcloud/nginx.conf create mode 100644 nextcloud/php-fpm.conf create mode 100644 onlyoffice/mysql/conf.d/onlyoffice.cnf create mode 100644 onlyoffice/mysql/docker-entrypoint-initdb.d/setup.sh create mode 100644 stirling/tesseract.sh diff --git a/.env b/.env new file mode 100644 index 0000000..b180e0d --- /dev/null +++ b/.env @@ -0,0 +1,153 @@ +# Environment file for docker-compose.yaml +# Generate new passwords with: +# openssl rand -hex 32 + +# Fill in registry +REGISTRY= + +# Forgejo +FORGEJO_PORT=3000 +FORGEJO_SSH=2222 +FORGEJO_DBNAME=forgejo +FORGEJO_DBUSER=forgejo +FORGEJO_DBPASS=forgejo +FORGEJO_TITLE=Forgejo +FORGEJO_URL=http://localhost:${FORGEJO_PORT:-3000} + +# Dashy +DASHY_PORT=80 + +# Nextcloud +NEXTCLOUD_PORT=80 +NEXTCLOUD_DBNAME=nextcloud +NEXTCLOUD_DBUSER=nextcloud +NEXTCLOUD_DBPASS=nextcloud + +# Onlyoffice Document Server +ONLYOFFICE_DS_JWTSECRET=onlyoffice +ONLYOFFICE_DS_JWTHEADER=onlyoffice +ONLYOFFICE_DS_DBNAME=onlyoffice +ONLYOFFICE_DS_DBUSER=onlyoffice + +# Onlyoffice Community Server +ONLYOFFICE_CS_PORT=80 +ONLYOFFICE_CS_MACHINEKEY=onlyoffice +ONLYOFFICE_CS_DBNAME=onlyoffice +ONLYOFFICE_CS_DBROOT=onlyoffice +ONLYOFFICE_CS_DBUSER=onlyoffice +ONLYOFFICE_CS_DBPASS=onlyoffice + +# Jellyfin +JELLYFIN_PORT=8096 +JELLYFIN_MEDIA_DIR=/jellyfin + +# Matrix +MATRIX_PORT=8008 +MATRIX_DBNAME=synapse +MATRIX_DBUSER=synapse +MATRIX_DBPASS=synapse + +# Memos +MEMOS_PORT=5230 + +# Linkding +LINKDING_PORT=9090 +LINKDING_DBNAME=linkding +LINKDING_DBUSER=linkding +LINKDING_DBPASS=linkding +LINKDING_URL=http://localhost:${LINKDING_PORT:-9090} + +# Tandoor +TANDOOR_PORT=8080 +TANDOOR_SECRETKEY=tandoor +TANDOOR_DBNAME=tandoor +TANDOOR_DBUSER=tandoor +TANDOOR_DBPASS=tandoor + +# PasswordPusher +PWPUSHER_PORT=5100 +PWPUSHER_TITLE=PasswordPusher + +# Paperless +PAPERLESS_PORT=8000 +PAPERLESS_DBNAME=paperless +PAPERLESS_DBUSER=paperless +PAPERLESS_DBPASS=paperless +PAPERLESS_URL=http://localhost:${PAPERLESS_PORT:-8000} +PAPERLESS_SECRETKEY=paperless + +# Vikunja +VIKUNJA_PORT=3456 +VIKUNJA_DBNAME=vikunja +VIKUNJA_DBUSER=vikunja +VIKUNJA_DBPASS=vikunja +VIKUNJA_JWTSECRET=vikunja +VIKUNJA_URL=http://localhost:${VIKUNJA_PORT:-3456} + +# Psitransfer +PSITRANSFER_PORT=8080 +PSITRANSFER_UPLOADPASS= + +# Send +SEND_PORT=1443 +SEND_TITLE=Send + +# Stirling PDF +STIRLINGPDF_PORT=8080 + +# Neko +NEKO_PORT=8080 +NEKO_ADMINPASS=neko +NEKO_USERPASS=neko + +# Linkstack +LINKSTACK_PORT=443 +LINKSTACK_ADMIN=admin +LINKSTACK_DOMAIN=localhost + +# Commafeed +COMMAFEED_PORT=8082 +COMMAFEED_DBNAME=commafeed +COMMAFEED_DBUSER=commafeed +COMMAFEED_DBPASS=commafeed +COMMAFEED_URL=http://localhost:${COMMAFEED_PORT:-8082} + +# Fireshare +FIRESHARE_PORT= +FIRESHARE_ADMIN=admin +FIRESHARE_PASSWORD=fireshare +FIRESHARE_SECRET=fireshare +FIRESHARE_URL= + +# Shlink +SHLINK_WEBUI_PORT= +SHLINK_PORT= +SHLINK_URL= +SHLINK_DBNAME=shlink +SHLINK_DBUSER=shlink +SHLINK_DBPASS=shlink + +# Ghost +GHOST_PORT= +GHOST_URL= +GHOST_DBNAME=ghost +GHOST_DBPASS=ghost + +# Olivetin +OLIVETIN_PORT= + +# Vaultwarden +VAULTWARDEN_PORT= +VAULTWARDEN_URL= +VAULTWARDEN_DBPASS= + +# Ollama +OLLAMA_PORT= + +# Immich +IMMICH_PORT= +IMMICH_REDIS_HOST=immich-redis +IMMICH_DB_HOST=immich-postgresql +IMMICH_DB_NAME=immich +IMMICH_DB_USER=immich +IMMICH_DB_PASS=immich \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..bf49605 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,1082 @@ +services: + + # https://forgejo.org/docs/latest/admin/installation-docker/ + forgejo: + image: codeberg.org/forgejo/forgejo:7 + container_name: forgejo + restart: unless-stopped + ports: + - ${FORGEJO_PORT:-3000}:3000 + - ${FORGEJO_SSH:-2222}:22 + environment: + USER_UID: 1000 + USER_GID: 1000 + + FORGEJO__database__DB_TYPE: postgres + FORGEJO__database__HOST: forgejo-postgresql:5432 + FORGEJO__database__NAME: ${FORGEJO_DBNAME:-forgejo} + FORGEJO__database__USER: ${FORGEJO_DBUSER:-forgejo} + FORGEJO__database__PASSWD: ${FORGEJO_DBPASS:-forgejo} + + FORGEJO__DEFAULT__APP_NAME: ${FORGEJO_TITLE:-Forgejo} + FORGEJO__service__DISABLE_REGISTRATION: true + FORGEJO__service__SHOW_REGISTRATION_BUTTON: false + FORGEJO__other__SHOW_FOOTER_VERSION: false + FORGEJO__ui__SHOW_USER_EMAIL: false + + FORGEJO__repository__DEFAULT_BRANCH: master + FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true + FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true + FORGEJO__repository.upload__FILE_MAX_SIZE: 256 + FORGEJO__mirror__DEFAULT_INTERVAL: 24h + + FORGEJO__server__ROOT_URL: ${FORGEJO_URL:-http://localhost:${FORGEJO_PORT:-3000}} + FORGEJO__server__LANDING_PAGE: login + + FORGEJO__migrations__ALLOWED_DOMAINS: "*" + + FORGEJO__cache__ENABLED: true + FORGEJO__cache__ADAPTER: redis + FORGEJO__cache__HOST: redis://forgejo-redis:6379/0?pool_size=100&idle_timeout=180s + + FORGEJO__security__LOGIN_REMEMBER_DAYS: 365 + volumes: + - ./forgejo/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + depends_on: + - forgejo-postgresql + - forgejo-redis + networks: + - forgejo + forgejo-postgresql: + image: postgres:latest + container_name: forgejo-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${FORGEJO_DBNAME:-forgejo} + POSTGRES_USER: ${FORGEJO_DBUSER:-forgejo} + POSTGRES_PASSWORD: ${FORGEJO_DBPASS:-forgejo} + volumes: + - ./forgejo/postgresql:/var/lib/postgresql/data:rw + networks: + - forgejo + forgejo-redis: + image: redis:latest + container_name: forgejo-redis + restart: unless-stopped + volumes: + - ./forgejo/redis:/data + networks: + - forgejo + + # dashy (https://github.com/Lissy93/dashy/blob/master/docker-compose.yml) + dashy: + image: ${REGISTRY}/dashy + container_name: dashy + restart: unless-stopped + ports: + - ${DASHY_PORT:-80}:80 + environment: + NODE_ENV: production + healthcheck: + test: ['CMD', 'node', '/app/services/healthcheck'] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s + volumes: + - ./dashy/conf.yml:/app/public/conf.yml + networks: + - dashy + + # nextcloud (https://github.com/nextcloud/docker) + nextcloud-nginx: + image: ${REGISTRY}/nginx + container_name: nextcloud-nginx + restart: unless-stopped + ports: + - ${NEXTCLOUD_PORT:-80}:80 + volumes: + - ./nextcloud/nginx.conf:/etc/nginx/nginx.conf + - ./nextcloud/app:/var/www/html + depends_on: + - nextcloud + - onlyoffice-document-server + networks: + - workspace + nextcloud: + image: ${REGISTRY}/nextcloud + container_name: nextcloud + restart: unless-stopped + environment: + # Redis + REDIS_HOST: nextcloud-redis + # PostgreSQL + POSTGRES_HOST: nextcloud-postgresql + POSTGRES_DB: ${NEXTCLOUD_DBNAME:-nextcloud} + POSTGRES_USER: ${NEXTCLOUD_DBUSER:-nextcloud} + POSTGRES_PASSWORD: ${NEXTCLOUD_DBPASS:-nextcloud} + # PHP + PHP_MEMORY_LIMIT: 16G + PHP_UPLOAD_LIMIT: 0 + volumes: + - ./nextcloud/app:/var/www/html + - ./nextcloud/data:/var/www/html/data + - ./nextcloud/php-fpm.conf:/usr/local/etc/php-fpm.d/zz-zpmchildren.conf + depends_on: + - nextcloud-postgresql + - nextcloud-redis + networks: + - workspace + nextcloud-postgresql: + image: postgres:latest + container_name: nextcloud-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${NEXTCLOUD_DBNAME:-nextcloud} + POSTGRES_USER: ${NEXTCLOUD_DBUSER:-nextcloud} + POSTGRES_PASSWORD: ${NEXTCLOUD_DBPASS:-nextcloud} + volumes: + - ./nextcloud/postgresql:/var/lib/postgresql/data:rw + networks: + - workspace + nextcloud-redis: + image: redis:latest + container_name: nextcloud-redis + restart: unless-stopped + volumes: + - ./nextcloud/redis:/data + networks: + - workspace + + # Onlyoffice Document Server + onlyoffice-document-server: + image: ${REGISTRY}/onlyoffice/documentserver + container_name: onlyoffice-document-server + restart: unless-stopped + stdin_open: true + environment: + # JWT + JWT_ENABLED: true + JWT_SECRET: ${ONLYOFFICE_DS_JWTSECRET:-onlyoffice} + JWT_HEADER: ${ONLYOFFICE_DS_JWTHEADER:-onlyoffice} + # PostgreSQL + DB_TYPE: postgres + DB_HOST: onlyoffice-postgresql + DB_PORT: 5432 + DB_NAME: ${ONLYOFFICE_DS_DBNAME:-onlyoffice} + DB_USER: ${ONLYOFFICE_DS_DBUSER:-onlyoffice} + # Rabbitmq + AMQP_URI: amqp://guest:guest@onlyoffice-rabbitmq + # Redis + REDIS_SERVER_HOST: onlyoffice-redis + REDIS_SERVER_PORT: 6379 + volumes: + - ./onlyoffice/document/data:/var/www/onlyoffice/Data + - ./onlyoffice/document/log:/var/log/onlyoffice + - ./onlyoffice/document/fonts:/usr/share/fonts/truetype/custom + - ./onlyoffice/document/forgotten:/var/lib/onlyoffice/documentserver/App_Data/cache/files/forgotten + - ./onlyoffice/document/cache:/var/lib/onlyoffice + depends_on: + - onlyoffice-postgresql + - onlyoffice-rabbitmq + - onlyoffice-redis + networks: + - workspace + onlyoffice-postgresql: + image: postgres:latest + container_name: onlyoffice-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${ONLYOFFICE_DS_DBNAME:-onlyoffice} + POSTGRES_USER: ${ONLYOFFICE_DS_DBUSER:-onlyoffice} + POSTGRES_HOST_AUTH_METHOD: trust + volumes: + - ./onlyoffice/postgresql:/var/lib/postgresql:rw + networks: + - workspace + onlyoffice-redis: + image: redis:latest + container_name: onlyoffice-redis + restart: unless-stopped + volumes: + - ./onlyoffice/redis:/data + networks: + - workspace + onlyoffice-rabbitmq: + image: ${REGISTRY}/rabbitmq + container_name: onlyoffice-rabbitmq + restart: unless-stopped + networks: + - workspace + + # Onlyoffice Community Server + onlyoffice-community-server: + image: ${REGISTRY}/onlyoffice/communityserver + container_name: onlyoffice-community-server + restart: unless-stopped + ports: + - ${ONLYOFFICE_CS_PORT:-80}:80 + stdin_open: true + tty: true + privileged: true + cgroup: host + environment: + ONLYOFFICE_CORE_MACHINEKEY: ${ONLYOFFICE_CS_MACHINEKEY:-onlyoffice} + + CONTROL_PANEL_PORT_80_TCP_ADDR: onlyoffice-control-panel + CONTROL_PANEL_PORT_80_TCP: 80 + + DOCUMENT_SERVER_PORT_80_TCP_ADDR: onlyoffice-document-server + DOCUMENT_SERVER_JWT_ENABLED: true + DOCUMENT_SERVER_JWT_SECRET: ${ONLYOFFICE_DS_JWTSECRET:-onlyoffice} + DOCUMENT_SERVER_JWT_HEADER: ${ONLYOFFICE_DS_JWTHEADER:-onlyoffice} + + MYSQL_SERVER_HOST: onlyoffice-mysql-server + MYSQL_SERVER_DB_NAME: ${ONLYOFFICE_CS_DBNAME:-onlyoffice} + MYSQL_SERVER_ROOT_PASSWORD: ${ONLYOFFICE_CS_DBROOT:-onlyoffice} + MYSQL_SERVER_USER: ${ONLYOFFICE_CS_DBUSER:-onlyoffice} + MYSQL_SERVER_PASS: ${ONLYOFFICE_CS_DBPASS:-onlyoffice} + + REDIS_SERVER_HOST: onlyoffice-redis + + ELASTICSEARCH_SERVER_HOST: onlyoffice-elasticsearch + ELASTICSEARCH_SERVER_HTTPPORT: 9200 + volumes: + - ./onlyoffice/community/data:/var/www/onlyoffice/Data + - ./onlyoffice/community/log:/var/log/onlyoffice + - ./onlyoffice/document/data:/var/www/onlyoffice/DocumentServerData + - /sys/fs/cgroup:/sys/fs/cgroup:rw + depends_on: + - onlyoffice-mysql-server + - onlyoffice-document-server + - onlyoffice-elasticsearch + networks: + - workspace + dns: + - 127.0.0.53 + - 1.1.1.1 + - 9.9.9.9 + onlyoffice-mysql-server: + image: ${REGISTRY}/mysql + container_name: onlyoffice-mysql-server + restart: unless-stopped + environment: + MYSQL_ROOT_PASSWORD: ${ONLYOFFICE_CS_DBROOT:-onlyoffice} + stdin_open: true + tty: true + volumes: + - ./onlyoffice/mysql/conf.d:/etc/mysql/conf.d + - ./onlyoffice/mysql/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d + - ./onlyoffice/mysql/data:/var/lib/mysql + networks: + - workspace + onlyoffice-elasticsearch: + image: ${REGISTRY}/onlyoffice/elasticsearch + container_name: onlyoffice-elasticsearch + restart: unless-stopped + environment: + - discovery.type=single-node + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true" + - "indices.fielddata.cache.size=30%" + - "indices.memory.index_buffer_size=30%" + - "ingest.geoip.downloader.enabled=false" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65535 + hard: 65535 + volumes: + - ./onlyoffice/elasticsearch:/usr/share/elasticsearch/data + networks: + - workspace + onlyoffice-control-panel: + image: ${REGISTRY}/onlyoffice/controlpanel + container_name: onlyoffice-control-panel + restart: unless-stopped + stdin_open: true + tty: true + environment: + ONLYOFFICE_CORE_MACHINEKEY: ${ONLYOFFICE_CS_MACHINEKEY:-onlyoffice} + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./onlyoffice/controlpanel/data:/var/www/onlyoffice/Data + - ./onlyoffice/controlpanel/log:/var/log/onlyoffice + depends_on: + - onlyoffice-document-server + - onlyoffice-community-server + networks: + - workspace + + # jellyfin (https://jellyfin.org/docs/general/installation/container) + # https://jellyfin.org/docs/general/networking/nginx/ + jellyfin: + image: ${REGISTRY}/jellyfin + container_name: jellyfin + restart: unless-stopped + ports: + - ${JELLYFIN_PORT:-8096}:8096/tcp + user: 1000:984 + volumes: + - ./jellyfin/config:/config + - ./jellyfin/cache:/cache + - ${JELLYFIN_MEDIA_DIR:-/jellyfin}:/media:ro + networks: + - jellyfin + + # Matrix (https://github.com/element-hq/synapse) + # register_new_matrix_user -c homeserver.yaml http://localhost:8008 + matrix: + image: ${REGISTRY}/synapse + container_name: matrix + restart: unless-stopped + ports: + - ${MATRIX_PORT:-8008}:8008 + volumes: + - ./matrix/data:/data:rw + depends_on: + - matrix-postgresql + networks: + - matrix + matrix-postgresql: + image: postgres:latest + container_name: matrix-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${MATRIX_DBNAME:-synapse} + POSTGRES_USER: ${MATRIX_DBUSER:-synapse} + POSTGRES_PASSWORD: ${MATRIX_DBPASS:-synapse} + POSTGRES_INITDB_ARGS: --encoding=UTF8 --locale=C + volumes: + - ./matrix/postgresql:/var/lib/postgresql/data:rw + networks: + - matrix + + # memos (https://www.usememos.com/docs/install/self-hosting) + memos: + image: ${REGISTRY}/memos + container_name: memos + restart: unless-stopped + ports: + - ${MEMOS_PORT:-5230}:5230 + volumes: + - ./memos/data:/var/opt/memos + networks: + - memos + + # linkding (https://github.com/sissbruecker/linkding) + linkding: + image: ${REGISTRY}/linkding + container_name: linkding + restart: unless-stopped + ports: + - ${LINKDING_PORT:-9090}:9090 + environment: + LD_DB_ENGINE: postgres + LD_DB_HOST: linkding-postgresql + LD_DB_PORT: 5432 + LD_DB_DATABASE: ${LINKDING_DBNAME:-linkding} + LD_DB_USER: ${LINKDING_DBUSER:-linkding} + LD_DB_PASSWORD: ${LINKDING_DBPASS:-linkding} + + LD_DISABLE_BACKGROUND_TASKS: False + LD_DISABLE_URL_VALIDATION: False + LD_ENABLE_AUTH_PROXY: False + LD_CSRF_TRUSTED_ORIGINS: ${LINKDING_URL:-http://localhost:${LINKDING_PORT:-9090}} + volumes: + - ./linkding/data:/etc/linkding/data + depends_on: + - linkding-postgresql + networks: + - linkding + linkding-postgresql: + image: postgres:latest + container_name: linkding-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${LINKDING_DBNAME:-linkding} + POSTGRES_USER: ${LINKDING_DBUSER:-linkding} + POSTGRES_PASSWORD: ${LINKDING_DBPASS:-linkding} + volumes: + - ./linkding/postgresql:/var/lib/postgresql/data:rw + networks: + - linkding + + # tandoor (https://docs.tandoor.dev/install/docker) + tandoor: + image: ${REGISTRY}/recipes + container_name: tandoor + restart: unless-stopped + ports: + - ${TANDOOR_PORT:-8080}:8080 + environment: + TZ: UTC + SECRET_KEY: ${TANDOOR_SECRETKEY:-tandoor} + + # PostgreSQL + DB_ENGINE: django.db.backends.postgresql + POSTGRES_HOST: tandoor-postgresql + POSTGRES_PORT: 5432 + POSTGRES_DB: ${TANDOOR_DBNAME:-tandoor} + POSTGRES_USER: ${TANDOOR_DBUSER:-tandoor} + POSTGRES_PASSWORD: ${TANDOOR_DBPASS:-tandoor} + volumes: + - ./tandoor/staticfiles:/opt/recipes/staticfiles + - ./tandoor/mediafiles:/opt/recipes/mediafiles + depends_on: + - tandoor-postgresql + networks: + - tandoor + tandoor-postgresql: + image: postgres:latest + container_name: tandoor-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${TANDOOR_DBNAME:-tandoor} + POSTGRES_USER: ${TANDOOR_DBUSER:-tandoor} + POSTGRES_PASSWORD: ${TANDOOR_DBPASS:-tandoor} + volumes: + - ./tandoor/postgresql:/var/lib/postgresql/data:rw + networks: + - tandoor + + # passwordpusher (https://github.com/pglombardo/PasswordPusher/blob/master/containers/docker/docker-compose-ephemeral.yml) + passwordpusher: + image: ${REGISTRY}/pwpush + container_name: passwordpusher + restart: unless-stopped + ports: + - ${PWPUSHER_PORT:-5100}:5100 + environment: + PWP__BRAND__TITLE: ${PWPUSHER_TITLE:-PasswordPusher} + PWP__PW__EXPIRE_AFTER_DAYS_DEFAULT: 1 + PWP__PW__EXPIRE_AFTER_VIEWS_DEFAULT: 3 + PWP__PW__ENABLE_RETRIEVAL_STEP: false + PWP__PW__ENABLE_DELETABLE_PUSHES: false + PWP__BRAND__SHOW_FOOTER_MENU: false + PWP__SHOW_GDPR_CONSENT_BANNER: false + PWP__GEN__SEPARATORS: '-' + networks: + - passwordpusher + + # paperless (https://github.com/paperless-ngx/paperless-ngx/blob/dev/docker/compose/docker-compose.postgres.yml) + paperless: + image: ${REGISTRY}/paperless-ngx + container_name: paperless + restart: unless-stopped + ports: + - ${PAPERLESS_PORT:-8000}:8000 + healthcheck: + test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] + interval: 30s + timeout: 10s + retries: 5 + environment: + PAPERLESS_OCR_LANGUAGE: eng + + PAPERLESS_REDIS: redis://paperless-redis:6379 + + PAPERLESS_DBHOST: paperless-postgresql + PAPERLESS_DBNAME: ${PAPERLESS_DBNAME:-paperless} + PAPERLESS_DBUSER: ${PAPERLESS_DBUSER:-paperless} + PAPERLESS_DBPASS: ${PAPERLESS_DBPASS:-paperless} + + # PAPERLESS_URL: ${PAPERLESS_URL:-http://localhost:${PAPERLESS_PORT:-8000}} + PAPERLESS_CSRF_TRUSTED_ORIGINS: ${PAPERLESS_URL:-http://localhost:${PAPERLESS_PORT:-8000}} + + PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRETKEY:-paperless} + PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}' + volumes: + - ./paperless/data:/usr/src/paperless/data + - ./paperless/media:/usr/src/paperless/media + - ./paperless/export:/usr/src/paperless/export + - ./paperless/consume:/usr/src/paperless/consume + depends_on: + - paperless-postgresql + - paperless-redis + networks: + - paperless + paperless-postgresql: + image: postgres:latest + container_name: paperless-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${PAPERLESS_DBNAME:-paperless} + POSTGRES_USER: ${PAPERLESS_DBUSER:-paperless} + POSTGRES_PASSWORD: ${PAPERLESS_DBPASS:-paperless} + volumes: + - ./paperless/postgresql:/var/lib/postgresql/data:rw + networks: + - paperless + paperless-redis: + image: redis:latest + container_name: paperless-redis + restart: unless-stopped + volumes: + - ./paperless/redis:/data + networks: + - paperless + + # vikunja (https://vikunja.io/docs/docker-walkthrough) + # https://vikunja.io/docs/cli/#user + # Usage: + # $ vikunja user create + # Flags: + # -a, --avatar-provider: The avatar provider of the new user. Optional. + # -e, --email: The email address of the new user. + # -p, --password: The password of the new user. You will be asked to enter it if not provided through the flag. + # -u, --username: The username of the new user. + vikunja: + image: ${REGISTRY}/vikunja + container_name: vikunja + restart: unless-stopped + ports: + - ${VIKUNJA_PORT:-3456}:3456 + environment: + VIKUNJA_DATABASE_TYPE: postgres + VIKUNJA_DATABASE_HOST: vikunja-postgresql + VIKUNJA_DATABASE_DATABASE: ${VIKUNJA_DBNAME:-vikunja} + VIKUNJA_DATABASE_USER: ${VIKUNJA_DBUSER:-vikunja} + VIKUNJA_DATABASE_PASSWORD: ${VIKUNJA_DBPASS:-vikunja} + + VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJA_JWTSECRET:-vikunja} + + VIKUNJA_CACHE_ENABLED: 1 + VIKUNJA_CACHE_TYPE: redis + VIKUNJA_REDIS_ENABLED: 1 + VIKUNJA_REDIS_HOST: vikunja-redis:6379 + + VIKUNJA_SERVICE_FRONTENDURL: ${VIKUNJA_URL:-http://localhost:${VIKUNJA_PORT:-3456}} + VIKUNJA_SERVICE_ENABLEREGISTRATION: false + volumes: + - ./vikunja/data:/app/vikunja/files + depends_on: + - vikunja-postgresql + - vikunja-redis + networks: + - vikunja + vikunja-postgresql: + image: postgres:latest + container_name: vikunja-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${VIKUNJA_DBNAME:-vikunja} + POSTGRES_USER: ${VIKUNJA_DBUSER:-vikunja} + POSTGRES_PASSWORD: ${VIKUNJA_DBPASS:-vikunja} + volumes: + - ./vikunja/postgresql:/var/lib/postgresql/data:rw + networks: + - vikunja + vikunja-redis: + image: redis:latest + container_name: vikunja-redis + restart: unless-stopped + volumes: + - ./vikunja/redis:/data + networks: + - vikunja + + # psitransfer (https://github.com/psi-4ward/psitransfer) + psitransfer: + image: ${REGISTRY}/psitransfer + container_name: psitransfer + restart: unless-stopped + ports: + - ${PSITRANSFER_PORT:-8080}:8080 + environment: + PSITRANSFER_PORT: 8080 + PSITRANSFER_UPLOAD_PASS: ${PSITRANSFER_UPLOADPASS} + PSITRANSFER_DEFAULT_RETENTION: 3600 # or "one-time" + PSITRANSFER_RETENTIONS: '{"one-time":"One Time","300":"5 Minutes","3600":"1 Hour","86400":"1 Day","31536000":"1 Year"}' + PSITRANSFER_MAX_AGE: 31536000 + PSITRANSFER_MAX_FILE_SIZE: 0 + PSITRANSFER_MAX_BUCKET_SIZE: 0 + volumes: + - ./psitransfer:/data + networks: + - psitransfer + + # send (https://github.com/timvisee/send-docker-compose) + send: + image: ${REGISTRY}/send + container_name: send + restart: unless-stopped + ports: + - ${SEND_PORT:-1443}:1443 + volumes: + - ./send/uploads:/uploads + environment: + NODE_ENV: production + FILE_DIR: /uploads + DETECT_BASE_URL: true + CUSTOM_TITLE: ${SEND_TITLE:-Send} + + EXPIRE_TIMES_SECONDS: 300,3600,86400,31536000 + DEFAULT_EXPIRE_SECONDS: 300 + MAX_EXPIRE_SECONDS: 31536000 + + DOWNLOAD_COUNTS: 1,3 + DEFAULT_DOWNLOADS: 1 + MAX_DOWNLOADS: 3 + + MAX_FILE_SIZE: 107374182400 + REDIS_HOST: send-redis + depends_on: + - send-redis + networks: + - send + send-redis: + image: redis:latest + container_name: send-redis + restart: unless-stopped + volumes: + - ./send/redis:/data + networks: + - send + + # https://github.com/Stirling-Tools/Stirling-PDF + stirling-pdf: + image: ${REGISTRY}/s-pdf + container_name: stirling-pdf + restart: unless-stopped + ports: + - ${STIRLINGPDF_PORT:-8080}:8080 + environment: + DOCKER_ENABLE_SECURITY: true + volumes: + - ./stirling/tesseract-ocr:/usr/share/tesseract-ocr/5/tessdata + - ./stirling/config:/configs + networks: + - stirling-pdf + + # https://github.com/m1k1o/neko + neko: + image: ${REGISTRY}/neko + container_name: neko + restart: unless-stopped + shm_size: 2gb + ports: + - ${NEKO_PORT:-8080}:8080 + - 8081:8081/udp + environment: + NEKO_SCREEN: 1920x1080@60 + NEKO_PASSWORD_ADMIN: ${NEKO_ADMINPASS:-neko} + NEKO_PASSWORD: ${NEKO_USERPASS:-neko} + NEKO_UDPMUX: 8081 + NEKO_ICELITE: 1 + networks: + - neko + + # https://github.com/LinkStackOrg/linkstack-docker/blob/main/docker-compose.yml + linkstack: + image: ${REGISTRY}/linkstack + container_name: linkstack + restart: unless-stopped + ports: + - ${LINKSTACK_PORT:-443}:443 + environment: + TZ: UTC + SERVER_ADMIN: ${LINKSTACK_ADMIN:-admin} + HTTP_SERVER_NAME: ${LINKSTACK_DOMAIN:-localhost} + HTTPS_SERVER_NAME: ${LINKSTACK_DOMAIN:-localhost} + LOG_LEVEL: info + PHP_MEMORY_LIMIT: 256M + UPLOAD_MAX_FILESIZE: 8M + volumes: + - ./linkstack:/htdocs + networks: + - linkstack + + # https://hub.docker.com/r/athou/commafeed + commafeed: + image: ${REGISTRY}/commafeed + container_name: commafeed + restart: unless-stopped + ports: + - ${COMMAFEED_PORT:-8082}:8082 + environment: + # PostgreSQL + CF_DATABASE_DRIVERCLASS: org.postgresql.Driver + CF_DATABASE_URL: jdbc:postgresql://commafeed-postgresql:5432/${COMMAFEED_DBNAME:-commafeed} + CF_DATABASE_USER: ${COMMAFEED_DBUSER:-commafeed} + CF_DATABASE_PASSWORD: ${COMMAFEED_DBPASS:-commafeed} + # App settings + CF_APP_PUBLICURL: ${COMMAFEED_URL:-http://localhost:${COMMAFEED_PORT:-8082}} + CF_APP_IMAGEPROXYENABLED: true + CF_APP_STRICTPASSWORDPOLICY: false + # Redis + CF_APP_CACHE: redis + CF_REDIS_HOST: commafeed-redis + CF_REDIS_PORT: 6379 + volumes: + - ./commafeed/data:/commafeed/data + depends_on: + - commafeed-postgresql + - commafeed-redis + networks: + - commafeed + commafeed-postgresql: + image: postgres:latest + container_name: commafeed-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${COMMAFEED_DBNAME:-commafeed} + POSTGRES_USER: ${COMMAFEED_DBUSER:-commafeed} + POSTGRES_PASSWORD: ${COMMAFEED_DBPASS:-commafeed} + volumes: + - ./commafeed/postgresql:/var/lib/postgresql/data:rw + networks: + - commafeed + commafeed-redis: + image: redis:latest + container_name: commafeed-redis + restart: unless-stopped + volumes: + - ./commafeed/redis:/data + healthcheck: + test: redis-cli ping + networks: + - commafeed + + # https://github.com/ShaneIsrael/fireshare + fireshare: + image: ${REGISTRY}/fireshare + container_name: fireshare + restart: unless-stopped + ports: + - ${FIRESHARE_PORT:-8080}:80 + volumes: + - ./fireshare/data:/data + - ./fireshare/processed:/processed + - ./fireshare/videos:/videos + environment: + ADMIN_USERNAME: ${FIRESHARE_ADMIN:-admin} + ADMIN_PASSWORD: ${FIRESHARE_PASSWORD:-admin} + SECRET_KEY: ${FIRESHARE_SECRET:-secret} + MINUTES_BETWEEN_VIDEO_SCANS: 5 + THUMBNAIL_VIDEO_LOCATION: 0 + DOMAIN: ${FIRESHARE_URL:-localhost} + PUID: 1000 + PGID: 1000 + networks: + - fireshare + + # https://github.com/shlinkio/shlink/tree/develop + shlink-webui: + image: ${REGISTRY}/shlink-web-client + container_name: shlink-webui + restart: unless-stopped + ports: + - ${SHLINK_WEBUI_PORT:-8081}:8080 + volumes: + - ./shlink/servers.json:/usr/share/nginx/html/servers.json + networks: + - shlink + shlink: + image: ${REGISTRY}/shlink + container_name: shlink + restart: unless-stopped + ports: + - ${SHLINK_PORT:-8080}:8080 + environment: + DEFAULT_DOMAIN: ${SHLINK_URL:-http://localhost:${SHLINK_PORT:-8080}} + BASE_PATH: "/" + IS_HTTPS_ENABLED: true + DISABLE_TRACKING: true + + DB_DRIVER: postgres + DB_HOST: shlink-postgresql + DB_NAME: ${SHLINK_DBNAME:-shlink} + DB_USER: ${SHLINK_DBUSER:-shlink} + DB_PASSWORD: ${SHLINK_DBPASS:-shlink} + + REDIS_SERVERS: redis://shlink-redis:6379 + REDIS_PUB_SUB_ENABLED: true + networks: + - shlink + shlink-postgresql: + image: ${REGISTRY}/postgres + container_name: shlink-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${SHLINK_DBNAME:-shlink} + POSTGRES_USER: ${SHLINK_DBUSER:-shlink} + POSTGRES_PASSWORD: ${SHLINK_DBPASS:-shlink} + volumes: + - ./shlink/postgresql:/var/lib/postgresql/data:rw + networks: + - shlink + shlink-redis: + image: ${REGISTRY}/redis + container_name: shlink-redis + restart: unless-stopped + volumes: + - ./shlink/redis:/data + networks: + - shlink + + # https://docs.olivetin.app/install-compose.html + olivetin: + container_name: olivetin + image: ${REGISTRY}/olivetin + restart: unless-stopped + ports: + - ${OLIVETIN_PORT:-1337}:1337 + volumes: + - ./olivetin:/config + networks: + - olivetin + + # + ghost: + image: ${REGISTRY}/ghost + container_name: ghost + restart: unless-stopped + ports: + - ${GHOST_PORT:-2368}:2368 + environment: + url: ${GHOST_URL:-http://localhost:${GHOST_PORT:-2368}} + privacy__useTinfoil: true + + database__client: mysql + database__connection__host: ghost-mysql + database__connection__database: ${GHOST_DBNAME:-ghost} + database__connection__user: root + database__connection__password: ${GHOST_DBPASS:-ghost} + + adapters__cache__imageSizes__adapter: Redis + adapters__cache__imageSizes__host: ghost-redis + volumes: + - ./ghost/data:/var/lib/ghost/content + depends_on: + - ghost-mysql + networks: + - ghost + ghost-mysql: + image: ${REGISTRY}/mysql + container_name: ghost-mysql + restart: unless-stopped + environment: + MYSQL_ROOT_PASSWORD: ${GHOST_DBPASS:-ghost} + volumes: + - ./ghost/mysql:/var/lib/mysql + networks: + - ghost + ghost-redis: + image: ${REGISTRY}/redis + container_name: ghost-redis + restart: unless-stopped + volumes: + - ./ghost/redis:/data + networks: + - ghost + + # https://github.com/dani-garcia/vaultwarden + vaultwarden: + container_name: vaultwarden + image: ${REGISTRY}/vaultwarden + restart: unless-stopped + ports: + - ${VAULTWARDEN_PORT:-80}:80 + environment: + DATABASE_URL: postgresql://${VAULTWARDEN_DBUSER:-vaultwarden}:${VAULTWARDEN_DBPASS:-vaultwarden}@vaultwarden-postgresql:5432/${VAULTWARDEN_DBNAME:-vaultwarden} + DOMAIN: ${VAULTWARDEN_URL:-http://localhost:${VAULTWARDEN_PORT:-80}} + TRASH_AUTO_DELETE_DAYS: 30 + SIGNUPS_ALLOWED: false + volumes: + - ./vaultwarden/data:/data + depends_on: + - vaultwarden-postgresql + networks: + - vaultwarden + vaultwarden-postgresql: + image: ${REGISTRY}/postgres + container_name: vaultwarden-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${VAULTWARDEN_DBNAME:-vaultwarden} + POSTGRES_USER: ${VAULTWARDEN_DBUSER:-vaultwarden} + POSTGRES_PASSWORD: ${VAULTWARDEN_DBPASS:-vaultwarden} + volumes: + - ./vaultwarden/postgresql:/var/lib/postgresql/data:rw + networks: + - vaultwarden + + # https://github.com/open-webui/open-webui + ollama: + image: ${REGISTRY}/ollama + container_name: ollama + restart: unless-stopped + pull_policy: always + tty: true + volumes: + - ./ollama/app:/root/.ollama + networks: + - ollama + # deploy: + # resources: + # reservations: + # devices: + # - driver: nvidia + # count: 1 + # capabilities: + # - gpu + ollama-webui: + image: ${REGISTRY}/open-webui + container_name: ollama-webui + restart: unless-stopped + ports: + - ${OLLAMA_PORT:-8080}:8080 + environment: + OLLAMA_BASE_URL: http://ollama:11434 + CUSTOM_NAME: + WEBUI_NAME: + ENABLE_SIGNUP: False + DEFAULT_MODELS: llama3 + volumes: + - ./ollama/webui:/app/backend/data + depends_on: + - ollama + networks: + - ollama + + # https://immich.app/docs/install/docker-compose + immich-server: + image: ${REGISTRY}/immich-server + container_name: immich-server + restart: unless-stopped + command: ['start.sh', 'immich'] + ports: + - ${IMMICH_PORT:-2283}:3001 + environment: + REDIS_HOSTNAME: ${IMMICH_REDIS_HOST} + DB_HOSTNAME: ${IMMICH_DB_HOST} + DB_USERNAME: ${IMMICH_DB_USER} + DB_PASSWORD: ${IMMICH_DB_PASS} + DB_DATABASE_NAME: ${IMMICH_DB_NAME} + volumes: + - ./immich/library:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + depends_on: + - immich-redis + - immich-postgresql + networks: + - immich + immich-microservices: + image: ${REGISTRY}/immich-server + container_name: immich-microservices + restart: unless-stopped + command: ['start.sh', 'microservices'] + environment: + REDIS_HOSTNAME: ${IMMICH_REDIS_HOST} + DB_HOSTNAME: ${IMMICH_DB_HOST} + DB_USERNAME: ${IMMICH_DB_USER} + DB_PASSWORD: ${IMMICH_DB_PASS} + DB_DATABASE_NAME: ${IMMICH_DB_NAME} + volumes: + - ./immich/library:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + depends_on: + - immich-redis + - immich-postgresql + # deploy: + # resources: + # reservations: + # devices: + # - driver: nvidia + # count: 1 + # capabilities: + # - gpu + # - compute + # - video + networks: + - immich + immich-machine-learning: + image: ${REGISTRY}/immich-machine-learning + container_name: immich-machine-learning + restart: unless-stopped + volumes: + - ./immich/model-cache:/cache + # deploy: + # resources: + # reservations: + # devices: + # - driver: nvidia + # count: 1 + # capabilities: + # - gpu + networks: + - immich + immich-redis: + image: ${REGISTRY}/redis + container_name: immich-redis + restart: unless-stopped + networks: + - immich + immich-postgresql: + #image: tensorchord/pgvecto-rs:pg16-v0.2.1 + image: ${REGISTRY}/pgvecto-rs + container_name: immich-postgresql + restart: unless-stopped + environment: + POSTGRES_DB: ${IMMICH_DB_NAME} + POSTGRES_USER: ${IMMICH_DB_USER} + POSTGRES_PASSWORD: ${IMMICH_DB_PASS} + volumes: + - ./immich/postgresql:/var/lib/postgresql/data:rw + networks: + - immich + +networks: + matrix: + external: false + memos: + external: false + linkding: + external: false + tandoor: + external: false + passwordpusher: + external: false + paperless: + external: false + vikunja: + external: false + psitransfer: + external: false + send: + external: false + stirling-pdf: + external: false + dashy: + external: false + linkstack: + external: false + commafeed: + external: false + forgejo: + external: false + workspace: + external: false + neko: + external: false + jellyfin: + external: false + fireshare: + external: false + olivetin: + external: false + shlink: + external: false + ghost: + external: false + vaultwarden: + external: false + ollama: + external: false + immich: + external: false \ No newline at end of file diff --git a/nextcloud/nginx.conf b/nextcloud/nginx.conf new file mode 100644 index 0000000..34ca044 --- /dev/null +++ b/nextcloud/nginx.conf @@ -0,0 +1,239 @@ +# https://github.com/nextcloud/docker/raw/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +# https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud/raw/master/nginx.conf + +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + # Prevent nginx HTTP Server Detection + server_tokens off; + + keepalive_timeout 65; + + # Set the `immutable` cache control options only for assets with a cache busting `v` argument + map $arg_v $asset_immutable { + "" ""; + default "immutable"; + } + + map $http_host $this_host { + "" $host; + default $http_host; + } + + map $http_x_forwarded_proto $the_scheme { + default $http_x_forwarded_proto; + "" $scheme; + } + + map $http_x_forwarded_host $the_host { + default $http_x_forwarded_host; + "" $this_host; + } + + upstream php-handler { + server nextcloud:9000; + } + + #gzip on; + + server { + listen 80; + + # HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + + # set max upload size and increase upload timeout: + client_max_body_size 0; + client_body_timeout 300s; + fastcgi_buffers 64 4K; + + # The settings allows you to optimize the HTTP2 bandwidth. + # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ + # for tuning hints + client_body_buffer_size 512k; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; + + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Onlyoffice + location ~* ^/ds-vpath/ { + rewrite /ds-vpath/(.*) /$1 break; + proxy_pass http://onlyoffice-document-server; + proxy_redirect off; + + client_max_body_size 100m; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $the_host/ds-vpath; + proxy_set_header X-Forwarded-Proto $the_scheme; + } + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; + + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + fastcgi_param HTTPS on; + + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; + + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + + fastcgi_max_temp_file_size 0; + } + + # Javascript mimetype fixes for nginx + # Note: The block below should be removed, and the js|mjs section should be + # added to the block below this one. This is a temporary fix until Nginx + # upstream fixes the js mime-type + location ~* \.(?:js|mjs)$ { + types { + text/javascript js mjs; + } + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; + } + + # Serve static files + location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; + } + } +} diff --git a/nextcloud/php-fpm.conf b/nextcloud/php-fpm.conf new file mode 100644 index 0000000..808c2e0 --- /dev/null +++ b/nextcloud/php-fpm.conf @@ -0,0 +1,5 @@ +[www] +pm = ondemand +pm.max_children = 300 +pm.process_idle_timeout = 30s +pm.max_requests = 500 \ No newline at end of file diff --git a/onlyoffice/mysql/conf.d/onlyoffice.cnf b/onlyoffice/mysql/conf.d/onlyoffice.cnf new file mode 100644 index 0000000..40dcce1 --- /dev/null +++ b/onlyoffice/mysql/conf.d/onlyoffice.cnf @@ -0,0 +1,5 @@ +[mysqld] +sql_mode = 'NO_ENGINE_SUBSTITUTION' +max_connections = 1000 +max_allowed_packet = 1048576000 +group_concat_max_len = 2048 \ No newline at end of file diff --git a/onlyoffice/mysql/docker-entrypoint-initdb.d/setup.sh b/onlyoffice/mysql/docker-entrypoint-initdb.d/setup.sh new file mode 100644 index 0000000..9eb38c6 --- /dev/null +++ b/onlyoffice/mysql/docker-entrypoint-initdb.d/setup.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +mysql -uroot -p${ONLYOFFICE_CS_DBROOT:-onlyoffice} <