Installation Docker mit MariaDB SSL

Beschreibung:

Nextcloud installation via docker-compose script.
Wir nutzen für das Letsencrypt cert das image linuxserver/swag.
Dies ist ein image was letsencrypt und den nginx vereint

Installation

Vorbereitung

Docker und Verzeichnisse anlegen

apt install docker.io docker-compose apparmor
mkdir -p /root/nextcloud/mariadb/data
mkdir -p /root/nextcloud/data
mkdir -p /root/nextcloud/letsencrypt

.env Datei

Am Anfang setzten wir staging auf true.
Damit testen wir ob alles in ordnung ist beim Zertifikat holen.
Wenn alles klappt dann auf false stellen.

root@cloud:~/nextcloud/letsencrypt/nginx/proxy-confs# cd ..
root@cloud:~/nextcloud/letsencrypt/nginx# cd ..
root@cloud:~/nextcloud/letsencrypt# cd ..
root@cloud:~/nextcloud# cat .env
# Datenbank Konfiguration
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextclouduser
MYSQL_PASSWORD=nextcloudpassword
MYSQL_ROOT_PASSWORD=rootpassword

# Volumes
NEXTCLOUD_ROOT_PATH=/root/nextcloud
NEXTCLOUD_DATA_PATH=/root/nextcloud/data
DB_DATA_PATH=/root/nextcloud/mariadb/data
LETSENCRYPT_DATA_PATH=/root/nextcloud/letsencrypt

# Netzwerk
VIRTUAL_HOST=cloud.banane.com
LETSENCRYPT_HOST=cloud.banane.com
LETSENCRYPT_EMAIL=info@banane.com
#subdomains (wildcard,www,customdomain or nothing
SUBDOMAINS=
STAGING=true  # Schaltet den Testmodus ein

Nextcloud.conf

Diese muss im Verzeichnis vom docker-compose file liegen

nano /root/nextcloud/nextcloud.conf

Dort den Servernamen noch anpassen an die subdomain in unserem Fall banane.*

## Version 2023/06/24
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.example.com/',
#  'overwritehost' => 'nextcloud.example.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.example.com',
#  ),

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name banane.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app app;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        # Hide proxy response headers from Nextcloud that conflict with ssl.conf
        # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
        proxy_hide_header Referrer-Policy;
        proxy_hide_header X-Content-Type-Options;
        proxy_hide_header X-Frame-Options;
        proxy_hide_header X-XSS-Protection;

        # Disable proxy buffering
        proxy_buffering off;
    }
}

Die composer Datei

version: '3.8'

services:
  db:
    image: mariadb
    restart: always
    volumes:
      - ${DB_DATA_PATH}:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}

  app:
    image: nextcloud
    restart: always
    volumes:
      - ${NEXTCLOUD_DATA_PATH}:/var/www/html
    environment:
      - MYSQL_HOST=db
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
    depends_on:
      - db

  letsencrypt:
    image: linuxserver/swag
    restart: always
    volumes:
      - ${LETSENCRYPT_DATA_PATH}:/config
      - ${NEXTCLOUD_ROOT_PATH}/nextcloud.conf:/config/nginx/site-confs/nextcloud.conf

    environment:
      - URL=${VIRTUAL_HOST}
      - SUBDOMAINS=${SUBDOMAINS}
      - VALIDATION=http
      - EMAIL=${LETSENCRYPT_EMAIL}
      - STAGING=${STAGING}
    depends_on:
      - app
    ports:
      - "80:80"
      - "443:443"


networks:
  default:
    external:
      name: nginx-proxy

Das Docker netzwerk nginx-proxy anlegen

docker network create nginx-proxy

Starten und schauen ob certificate erstellt wird.

docker-compose logs -f letsencrypt

Wenn Zertifiakte erfolgreich erstellt, dann Staging auf False stellen in der .env Datei und Container neustarten

docker-compose restart letsencrypt

Nun wieder ins logging schauen

docker-compose logs -f letsencrypt

Nun ist die Nextcloud instance erreichbar und es kann ein Admin Passwort vergeben werden