Infra/nextcloud/docker-compose.yml

# Nextcloud on port 8088 with Postgres and pgAdmin
# ------------------------------------------------
# Quick start:
#   docker compose up -d  # (Compose V2 syntax; no `version:` key)

name: nextcloud-stack

services:
  db:
    image: postgres:16-alpine
    container_name: nextcloud-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: changeme
      TZ: Europe/Paris
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - ~/Applications/data/nextcloud/db_data:/var/lib/postgresql/data
    networks:
      - nextcloud-net

  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud-app
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
    environment:
      POSTGRES_HOST: db
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: changeme

      NEXTCLOUD_ADMIN_USER: admin
      NEXTCLOUD_ADMIN_PASSWORD: adminpass

      NEXTCLOUD_TRUSTED_DOMAINS: cloud.goutailler-olivier.com
      NEXTCLOUD_OVERWRITEHOST: cloud.goutailler-olivier.com
      NEXTCLOUD_OVERWRITEPROTOCOL: https

      NEXTCLOUD_TRUSTED_PROXIES: 172.23.0.0/16

      APACHE_DISABLE_REWRITE_IP: "1"
      PHP_MEMORY_LIMIT: 1G
      PHP_UPLOAD_LIMIT: 2G
      TZ: Europe/Paris
    volumes:
      - ~/Applications/data/nextcloud/nextcloud_app:/var/www/html
      - ~/Applications/data/nextcloud/nextcloud_data:/var/www/html/data
    networks:
      - nextcloud-net
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.nextcloud.rule=Host(`cloud.goutailler-olivier.com`)
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.routers.nextcloud.tls.certresolver=le
      - traefik.http.services.nextcloud.loadbalancer.server.port=80
      - traefik.docker.network=proxy
      # (optionnel) quelques en-têtes de sécurité
      - traefik.http.routers.nextcloud.middlewares=nc-sec
      - traefik.http.middlewares.nc-sec.headers.stsSeconds=31536000
      - traefik.http.middlewares.nc-sec.headers.stsIncludeSubdomains=true
      - traefik.http.middlewares.nc-sec.headers.stsPreload=true
      - traefik.http.middlewares.nc-sec.headers.contentTypeNosniff=true
      - traefik.http.middlewares.nc-sec.headers.browserXssFilter=true

  pgadmin:
    image: dpage/pgadmin4:latest
    container_name: nextcloud-pgadmin
    restart: unless-stopped
    environment:
      PGADMIN_DEFAULT_EMAIL: admin@example.com
      PGADMIN_DEFAULT_PASSWORD: adminpass
      PGADMIN_CONFIG_SERVER_MODE: 'False'
      TZ: Europe/Paris
    volumes:
      - ~/Applications/data/nextcloud/pgadmin_data:/var/lib/pgadmin
      - ~/Applications/data/nextcloud/pgadmin/servers.json:/pgadmin4/servers.json:ro
    networks:
      - nextcloud-net

networks:
  nextcloud-net:
    driver: bridge
  proxy:
    external: true
    name: proxy