Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-16 13:39:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bunkerweb/examples/nextcloud/docker-compose.yml
TheophileDiot 03e98985ea Migrate more examples and lint
2022-12-02 15:37:23 +01:00

128 lines
4.5 KiB
YAML
Raw Blame History

version: "3"
x-bunkerweb-env: &bunkerweb-env
DATABASE_URI: "mariadb+pymysql://${NEXTCLOUD_USER:-user}:${NEXTCLOUD_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.0
ports:
- 80:8080
- 443:8443
# ⚠️ read this if you use local folders for volumes ⚠️
# bunkerweb runs as an unprivileged user with UID/GID 101
# don't forget to edit the permissions of the files and folders accordingly
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
# more info at https://docs.bunkerweb.io
volumes:
- bw-data:/data
environment:
<<: *bunkerweb-env
SERVER_NAME: "www.example.com" # replace with your domain
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
AUTO_LETS_ENCRYPT: "yes"
DISABLE_DEFAULT_SERVER: "yes"
MAX_CLIENT_SIZE: "10G"
USE_CLIENT_CACHE: "yes"
SERVE_FILES: "no"
ALLOWED_METHODS: "GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS"
X_FRAME_OPTIONS: "SAMEORIGIN"
USE_GZIP: "yes"
BAD_BEHAVIOR_STATUS_CODES: "400 401 403 405 444"
USE_REVERSE_PROXY: "yes"
REVERSE_PROXY_URL: "/"
REVERSE_PROXY_HOST: "http://mync"
LIMIT_REQ_URL_1: "/apps"
LIMIT_REQ_RATE_1: "5r/s"
LIMIT_REQ_URL_2: "/apps/text/session/sync"
LIMIT_REQ_RATE_2: "8r/s"
LIMIT_REQ_URL_3: "/core/preview"
LIMIT_REQ_RATE_3: "5r/s"
CUSTOM_CONF_MODSEC_CRS_nextcloud: "\
SecAction \
\"id:900130,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_nextcloud=1\"
# WebDAV
SecAction \
\"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
CUSTOM_CONF_MODSEC_nextcloud: "\
SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\""
labels:
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.0
depends_on:
- mybunker
environment:
<<: *bunkerweb-env
DOCKER_HOST: "tcp://docker-proxy:2375"
volumes:
- bw-data:/data
networks:
- bw-universe
- net-docker
docker-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- CONTAINERS=1
networks:
- net-docker
mync:
image: nextcloud:24-apache
volumes:
- ./nc-files:/var/www/html
environment:
- NEXTCLOUD_ADMIN_USER=admin # replace with the admin username
- NEXTCLOUD_ADMIN_PASSWORD=changeme # replace with a stronger password
- NEXTCLOUD_TRUSTED_DOMAINS=www.example.com # replace with your domain(s)
- TRUSTED_PROXIES=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
- APACHE_DISABLE_REWRITE_IP=1
- MYSQL_HOST=mydb
- MYSQL_DATABASE=${NEXTCLOUD_DATABASE:-nextclouddb}
- MYSQL_USER=${NEXTCLOUD_USER:-user}
- MYSQL_PASSWORD=${NEXTCLOUD_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
networks:
- bw-services
mydb:
image: mariadb:10.5
volumes:
- db-data:/var/lib/mysql
environment:
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${NEXTCLOUD_USER:-user}\"; CREATE USER \"${NEXTCLOUD_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${NEXTCLOUD_DATABASE:-nextclouddb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${NEXTCLOUD_DATABASE:-nextclouddb}.* TO \"${NEXTCLOUD_USER:-user}\"@\"%\" IDENTIFIED BY \"${NEXTCLOUD_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${NEXTCLOUD_USER:-user}\"@\"%\" IDENTIFIED BY \"${NEXTCLOUD_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
networks:
- bw-universe
- bw-services
volumes:
bw-data:
db-data:
networks:
bw-universe:
ipam:
driver: default
config:
- subnet: 10.20.30.0/24
bw-services:
net-docker:
Reference in a new issue View git blame Copy permalink