CADDY DOCKER PROXY EXAMPLE
Run Nextcloud with just a few labels, nothing else!
I managed to figure out how to get Nextcloud 21 working with an A+ security rating, with the fastest options possible. There are so many nextcloud+caddy examples out there, most don’t work, are outdated or only work in a specific environment. Also, none of them use the setup simplicity docker-compose offers with docker-caddy-proxy.
This version is for everyone and contains the basics you need for the fastest Nextcloud experience. :
- Redis for caching
- PostgreSQL as it is the fastest database
- FPM version of Nextcloud
- Caddy as both reverse proxy and webserver, no need for nginx
Note: I used Nextcloud for a few days and immediately switched back to FileRun.
If you do not need calendar/contacts and all those extras, FileRun is the way to go in my opinion. Nextcloud does not even come close in speed (even with all that effort, it is still a bit slow), usability, user friendly UI etc is just much better thought through with FileRun.
Also, Nextcloud lacks proper documentation on how to install it with the fastest components + get A+ rating. Since it took quite some effort, I am sharing it here, even though I stopped using it!
(note an updated version is on github, link below)
version: "2.3"
services:
##
## To expose Nextcloud securely, Caddy is the easiest way to go.
##_____________________ Caddy [CLOUD/web-proxy]
caddy:
container_name: caddy-proxy
image: lucaslorentz/caddy-docker-proxy:ci-alpine
restart: always
networks:
- web-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $DOCKERDIR/caddy/caddy_data:/data
- $DOCKERDIR/caddy/config:/config
- $DOCKERDIR/nextcloud/var/www/html:/nextcloud/var/www/html
- $DOCKERDIR/nextcloud/var/data:/nextcloud/var/nextdata
ports:
- 80:80
- 443:443
##
##____________________ NextCloud TESTED V21.0 [CLOUD/Files/NextCloud]
nextcloud:
image: nextcloud:21-fpm
container_name: nextcloud
restart: always
mem_limit: 2048m
mem_reservation: 512m
networks:
- web-proxy
- nextcloud
depends_on:
- nextcloud-db
- nextcloud-cache
environment:
NEXTCLOUD_DATA_DIR: /var/nextdata
NEXTCLOUD_TRUSTED_DOMAINS: next.$DOMAIN
NEXTCLOUD_ADMIN_USER: $USER1
NEXTCLOUD_ADMIN_PASSWORD: $USER1PW
POSTGRES_HOST: nextcloud-db
POSTGRES_DB: nextcloud
POSTGRES_USER: $USER
POSTGRES_PASSWORD: $PW_INT
REDIS_HOST: nextcloud-cache
REDIS_HOST_PASSWORD: $PW_INT
SMTP_HOST: $SMTPHOST
SMTP_SECURE: tls
SMTP_NAME: $SMTPUSER
SMTP_PASSWORD: $SMTPPASS
SMTP_FROM_ADDRESS: $EMAIL
SMTP_PORT: 587
volumes:
# the actual data of the Nextcloud:
- $DOCKERDIR/nextcloud/var/nextdata:/var/nextdata
# Main folder needed for updating:
- $DOCKERDIR/nextcloud/var/www/html:/var/www/html
# local configuration
- $DOCKERDIR/nextcloud/var/www/html/config:/var/www/html/config
# Custom settings for php fpm to make nextcloud work. The default settings resulted in the error:
# WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
- $DOCKERDIR/nextcloud/etc/www-custom.ini:/usr/local/etc/php-fpm.d/zz-custom.conf
labels:
caddy: next.$DOMAIN
caddy.tls: $EMAIL
caddy.file_server: ""
caddy.root: "* /nextcloud/var/www/html"
caddy.php_fastcgi: "{{upstreams 9000}}"
caddy.php_fastcgi.root: "/var/www/html"
caddy.php_fastcgi.env: "front_controller_active true"
caddy.encode: gzip
caddy.redir_0: "/.well-known/carddav /remote.php/dav 301"
caddy.redir_1: "/.well-known/caldav /remote.php/dav 301"
caddy.header.Strict-Transport-Security: '"max-age=15768000;includeSubDomains;preload"' # Required for Nextcloud
##____________________ NextCloud [CLOUD/Files/NextCloud/database]
nextcloud-db:
container_name: nextcloud-db
image: postgres:12-alpine
restart: always
networks:
- nextcloud
environment:
POSTGRES_USER: $USER
POSTGRES_PASSWORD: $PW_INT
volumes:
- $DOCKERDIR/nextcloud/db:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
##____________________ NextCloud [CLOUD/Files/NextCloud/cache]
nextcloud-cache:
container_name: nextcloud-cache
image: redis:alpine
restart: always
mem_limit: 2048m
mem_reservation: 512m
networks:
- nextcloud
command: redis-server --requirepass $PW_INT
#
networks:
web-proxy:
driver: bridge
nextcloud:
driver: bridge
feel free to use “volumes from” in the caddy container instead of that single nextcloud volume, see the example on github here: