Update nextcloud app to use separate proxy and fpm services

This commit is contained in:
Ethan Paul 2021-04-30 20:20:22 -04:00
parent a7012abf28
commit 1490774f4a
No known key found for this signature in database
GPG Key ID: D0E2CBF1245E92BF
3 changed files with 83 additions and 6 deletions

View File

@ -22,6 +22,9 @@ volumes:
config: config:
name: datastore{{ omni_compose_apps.nextcloud.datastore }}/config name: datastore{{ omni_compose_apps.nextcloud.datastore }}/config
driver: glusterfs driver: glusterfs
proxy:
name: datastore{{ omni_compose_apps.nextcloud.datastore }}/proxy
driver: glusterfs
services: services:
@ -49,19 +52,39 @@ services:
deploy: deploy:
replicas: 1 replicas: 1
server: proxy:
image: nextcloud:{{ omni_compose_apps.nextcloud.versions.server | default(omni_compose_apps.nextcloud.versions.default) }} image: nginx:{{ omni_compose_apps.nextcloud.versions.proxy | default(omni_compose_apps.nextcloud.versions.default) }}
hostname: nextcloud-server hostname: nextcloud-proxy
networks: networks:
- nextcloud - nextcloud
depends_on: depends_on:
- database - server
- cache
ports: ports:
- published: {{ omni_compose_apps.nextcloud.published.ports.80 }} - published: {{ omni_compose_apps.nextcloud.published.ports.80 }}
target: 80 target: 80
protocol: tcp protocol: tcp
mode: ingress mode: ingress
volumes:
- type: volume
source: config
target: /usr/share/nginx/nextcloud
read_only: true
- type: volume
source: proxy
target: /etc/nginx/conf.d
read_only: true
deploy:
replicas: 1
server:
image: nextcloud:{{ omni_compose_apps.nextcloud.versions.server | default(omni_compose_apps.nextcloud.versions.default) }}
hostname: nextcloud-server
user: "{{ omni_compose_apps.nextcloud.account.uid }}"
networks:
- nextcloud
depends_on:
- database
- cache
volumes: volumes:
- type: volume - type: volume
source: data source: data

View File

@ -0,0 +1,50 @@
server {
listen 80;
root /usr/share/nginx/nextcloud;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass server:9000;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED /var/www/html$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /var/www/html/;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
}
}

View File

@ -122,6 +122,10 @@ omni_compose_apps:
networks: networks:
main: 192.168.107.0/24 main: 192.168.107.0/24
versions: versions:
server: 21.0.1 proxy: latest
server: 21.0.1-fpm
database: "10" database: "10"
cache: "6.2" cache: "6.2"
assets:
- src: nginx/nextcloud-proxy.conf
name: proxy/nextcloud.conf