Documentation and examples update for use with docker compose v2 (#2201)

* Update examples section according to the latest docker compose requirements. Signed-off-by: Kaloyan Nikolov <[email protected]> * Minor readme updates to match the changes for the compose v2 syntax. Signed-off-by: Kaloyan Nikolov <[email protected]> * Fix wrong environment variable Signed-off-by: Kaloyan Nikolov <[email protected]> * Add missing headers to fpm config Signed-off-by: Kaloyan Nikolov <[email protected]> * Fix cache control Signed-off-by: Kaloyan Nikolov <[email protected]> * Add mjs file extension in a proper way. Signed-off-by: Kaloyan Nikolov <[email protected]> * Typos fixed, minor clarification changes Signed-off-by: Kaloyan Nikolov <[email protected]> * Removed logging from compose files. Signed-off-by: Kaloyan Nikolov <[email protected]> * Restored MariaDB to 10.6 as per docs suggestions Signed-off-by: Kaloyan Nikolov <[email protected]> * Remove extra nginx volume Signed-off-by: Kaloyan Nikolov <[email protected]> * Removed GH specific markdown from Readme, change mariadb to recommended version Signed-off-by: Kaloyan Nikolov <[email protected]> * typo Signed-off-by: Kaloyan Nikolov <[email protected]> * Update .examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml Signed-off-by: J0WI <[email protected]> * Update to correct MariaDB command Signed-off-by: Kaloyan Nikolov <[email protected]> * Updated compose files for mariadb to match current docs Signed-off-by: Kaloyan Nikolov <[email protected]> * Update outdated docker-compose command in Readme Signed-off-by: Kaloyan Nikolov <[email protected]> * Added back --log-bin to MariaDB command. See PR 1881 Signed-off-by: Kaloyan Nikolov <[email protected]> * Remove wrongly added logging to Readme.MD Signed-off-by: Kaloyan Nikolov <[email protected]> * Use proper name for --log-bin param Signed-off-by: Kaloyan Nikolov <[email protected]> --------- Signed-off-by: Kaloyan Nikolov <[email protected]> Signed-off-by: J0WI <[email protected]> Co-authored-by: J0WI <[email protected]>
nextcloud · Oct 7, 2024 · 38994cb · 38994cb
1 parent 9ff7b6a
commit 38994cb
Show file tree

Hide file tree

Showing 14 changed files with 144 additions and 154 deletions.
diff --git a/.examples/README.md b/.examples/README.md
@@ -66,9 +66,9 @@ The following Dockerfile commands are also necessary for a sucessfull cron insta
 
 ## docker-compose
 In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
-Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information.
+Before running the examples you have to modify the `db.env` and `compose.yaml` file and fill in your custom information.
 
-The docker-compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file.
+The docker compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `compose.yaml` file.
 
 
 ### insecure
@@ -78,10 +78,10 @@ For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
 
 To use this example complete the following steps:
 
-1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=`
+1. if you use mariadb or mysql choose a root password for the database in `compose.yaml` behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+4. start nextcloud with `docker compose up -d`
 
 
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
@@ -97,13 +97,13 @@ This combination of the [nginxproxy/nginx-proxy](https://github.com/nginx-proxy/
 
 To use this example complete the following steps:
 
-1. open `docker-compose.yml`
+1. open `compose.yaml`
    1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
    2. enter a valid email behind `LETSENCRYPT_EMAIL=`
    3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+4. start nextcloud with `docker compose up -d`
 
 
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
diff --git a/...nsecure/mariadb/apache/docker-compose.yml → ...pose/insecure/mariadb/apache/compose.yaml b/...nsecure/mariadb/apache/docker-compose.yml → ...pose/insecure/mariadb/apache/compose.yaml
@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6

diff --git a/...e/insecure/mariadb/fpm/docker-compose.yml → ...compose/insecure/mariadb/fpm/compose.yaml b/...e/insecure/mariadb/fpm/docker-compose.yml → ...compose/insecure/mariadb/fpm/compose.yaml
@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6

diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
@@ -162,24 +165,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            default_type "text/javascript";
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {

diff --git a/...secure/postgres/apache/docker-compose.yml → ...ose/insecure/postgres/apache/compose.yaml b/...secure/postgres/apache/docker-compose.yml → ...ose/insecure/postgres/apache/compose.yaml
@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: postgres:alpine
@@ -41,4 +39,4 @@ services:
 
 volumes:
   db:
-  nextcloud:
+  nextcloud:
diff --git a/.../insecure/postgres/fpm/docker-compose.yml → ...ompose/insecure/postgres/fpm/compose.yaml b/.../insecure/postgres/fpm/docker-compose.yml → ...ompose/insecure/postgres/fpm/compose.yaml
@@ -1,11 +1,9 @@
-version: '3'
-
 services:
   db:
     image: postgres:alpine
     restart: always
     volumes:
-      - db:/var/lib/postgresql/data:z
+      - db:/var/lib/postgresql/data:Z
     env_file:
       - db.env
 

diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
@@ -162,23 +165,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {

diff --git a/...x-proxy/mariadb/apache/docker-compose.yml → ...h-nginx-proxy/mariadb/apache/compose.yaml b/...x-proxy/mariadb/apache/docker-compose.yml → ...h-nginx-proxy/mariadb/apache/compose.yaml
@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6
@@ -34,6 +32,10 @@ services:
     depends_on:
       - db
       - redis
+      # Added proxy container dependency below. 
+      # It is unclear on when or why it happens, but sometimes NC manages to start before the proxy 
+      #  and it breaks for whatever weird reason resulting in the need of manual proxy container restart.
+      - proxy
     networks:
       - proxy-tier
       - default
@@ -55,18 +57,21 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
       - vhost.d:/etc/nginx/vhost.d:z
       - html:/usr/share/nginx/html:z
+      - dhparam:/etc/nginx/dhparam:z
       - /var/run/docker.sock:/tmp/docker.sock:z,ro
     networks:
       - proxy-tier
 
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
+    environment:
+      - DEFAULT_EMAIL=
     volumes:
       - certs:/etc/nginx/certs:z
       - acme:/etc/acme.sh:z
@@ -100,6 +105,7 @@ volumes:
   acme:
   vhost.d:
   html:
+  dhparam:
 
 networks:
   proxy-tier:
diff --git a/...ginx-proxy/mariadb/fpm/docker-compose.yml → ...with-nginx-proxy/mariadb/fpm/compose.yaml b/...ginx-proxy/mariadb/fpm/docker-compose.yml → ...with-nginx-proxy/mariadb/fpm/compose.yaml
@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6
@@ -31,6 +29,7 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
 
   web:
     build: ./web
@@ -64,7 +63,7 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
       - certs:/etc/nginx/certs:z,ro
       - vhost.d:/etc/nginx/vhost.d:z
@@ -76,6 +75,8 @@ services:
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
+    environment:
+      - DEFAULT_EMAIL=
     volumes:
       - certs:/etc/nginx/certs:z
       - acme:/etc/acme.sh:z

diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
@@ -162,23 +165,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {

diff --git a/...-proxy/postgres/apache/docker-compose.yml → ...-nginx-proxy/postgres/apache/compose.yaml b/...-proxy/postgres/apache/docker-compose.yml → ...-nginx-proxy/postgres/apache/compose.yaml
@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: postgres:alpine
@@ -29,6 +27,7 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
     networks:
       - proxy-tier
       - default
@@ -50,9 +49,9 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
       - vhost.d:/etc/nginx/vhost.d:z
       - html:/usr/share/nginx/html:z
       - /var/run/docker.sock:/tmp/docker.sock:z,ro

diff --git a/...inx-proxy/postgres/fpm/docker-compose.yml → ...ith-nginx-proxy/postgres/fpm/compose.yaml b/...inx-proxy/postgres/fpm/docker-compose.yml → ...ith-nginx-proxy/postgres/fpm/compose.yaml
@@ -26,6 +26,7 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
 
   web:
     build: ./web
@@ -59,7 +60,7 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
       - certs:/etc/nginx/certs:z,ro
       - vhost.d:/etc/nginx/vhost.d:z
@@ -77,6 +78,8 @@ services:
       - vhost.d:/etc/nginx/vhost.d:z
       - html:/usr/share/nginx/html:z
       - /var/run/docker.sock:/var/run/docker.sock:z,ro
+    environment:
+      - DEFAULT_EMAIL=
     networks:
       - proxy-tier
     depends_on: