Found this super useful! I am coming from podman and I’ve used the following set-up for local HTTPS using the nextcloud-fpm container. I’ve adapted your config based on my post in HTTPS on LAN - Access via different host.
Set-up a pod
podman pod create --name nextcloud -p 4080:80 -p 4443:443
Container creation
Mariadb
podman run --detach \
--env MYSQL_DATABASE=nextcloud \
--env MYSQL_USER=nextcloud \
--env MYSQL_PASSWORD= \
--env MYSQL_ROOT_PASSWORD= \
--volume nextcloud-db:/var/lib/mysql \
--pod nextcloud \
--name db \
docker.io/library/mariadb:10
Nextcloud
podman run --detach \
--env MYSQL_HOST=nextcloud-db \
--env MYSQL_DATABASE=nextcloud \
--env MYSQL_USER=nextcloud \
--env MYSQL_PASSWORD= \
--volume nextcloud:/var/www/html \
--pod nextcloud \
--name app \
docker.io/library/nextcloud:21-fpm
Caddy
podman run --detach \
--volume $PWD/Caddyfile:/etc/caddy/Caddyfile:Z \
--volume nextcloud-caddy:/data \
--name web \
--pod nextcloud \
--volumes-from app \
caddy
Caddyfile
https:// {
root * /var/www/html
file_server
php_fastcgi app:9000
header {
# enable HSTS
# Strict-Transport-Security max-age=31536000;
}
tls internal {
on_demand
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}