Get nextcloud working

With whoami and gitea working (although I haven't rebuilt yet)

.env.example

@@ -4,7 +4,6 @@
 
 # Storage
 STORAGE_PATH=/mnt/storage/docker-data
-MEDIA_PATH=/mnt/storage
 
 # User
 USER_UID=1000
@@ -12,7 +11,6 @@ USER_GID=1000
 
 # Domain
 DOMAIN=sjhl.nz
-DOMAIN_WWW=__CHANGEME__
 
 # Timezone
 TZ=Pacific/Auckland

Makefile

@@ -1,14 +1,28 @@
 SERVICES=traefik whoami gitea nextcloud devbox
 
-.PHONY: up down restart backup init-env env-sync docs generate-docs serve-docs logs status
+.PHONY: up down restart backup init-env env-sync docs generate-docs serve-docs logs status up-% down-%
 
 up:
-	@for svc in $(SERVICES); do \
+	for svc in $(SERVICES); do \
 		if [ -f "$$svc/docker-compose.yml" ]; then \
 			echo "Starting $$svc..."; \
-			(cd $$svc && docker compose up -d); \
+			(cd $$svc && docker compose --env-file ../.env `if [ -f .env ]; then echo --env-file .env; fi` up -d); \
 		fi; \
-	done
+	done; \
+
+up-%:
+	@svc=$*; \
+	if [ -f "$$svc/docker-compose.yml" ]; then \
+		echo "Starting $$svc..."; \
+		(cd $$svc && docker compose --env-file ../.env `if [ -f .env ]; then echo --env-file .env; fi` up -d); \
+	fi
+
+down-%:
+	@svc=$*; \
+	if [ -f "$$svc/docker-compose.yml" ]; then \
+		echo "Stopping $$svc..."; \
+		(cd $$svc && docker compose down); \
+	fi
 
 down:
 	@for svc in $(SERVICES); do \

nextcloud/docker-compose.yml

@@ -4,7 +4,7 @@ services:
     container_name: nextcloud-aio-mastercontainer
     restart: always
     ports:
-      - "${AIO_PORT:-8081}:8080"
+      - "${AIO_PORT}:8080"
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -15,8 +15,6 @@ services:
     networks:
       - nextcloud-aio
       - web
-    env_file:
-      - ../.env
 
 volumes:
   nextcloud_aio_mastercontainer:
@@ -25,3 +23,5 @@ networks:
   nextcloud-aio:
   web:
     external: true
+
+

traefik/.env.example

@@ -1,6 +1,6 @@
 # traefik/.env
 # Copy to .env and fill in real values. NEVER commit .env.
 
-TRAEFIK_DASHBOARD_PORT=8082
+TRAEFIK_DASHBOARD_PORT=8080
 ACME_EMAIL=letsencrypt@example.com
 DASHBOARD_BASIC_AUTH=admin:$$apr1$$changeme$$REPLACE_WITH_HTPASSWD_HASH

traefik/README.md

@@ -1,3 +1 @@
-THis is the project
-
-More information hear.
+This is the core proxy that protects my server. It handles SSL termination, routing, and the dashboard for monitoring. I use Traefik's Docker provider to automatically discover services and route traffic based on labels in their `docker-compose.yml` files.

traefik/docker-compose.yml

@@ -6,11 +6,12 @@ services:
     ports:
       - "80:80"
       - "443:443"
-      - "${TRAEFIK_DASHBOARD_PORT:-8082}:8080"
+      - "${TRAEFIK_DASHBOARD_PORT}:8080"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ${STORAGE_PATH}/traefik/certs:/certs:rw
-      - ${STORAGE_PATH}/traefik/dynamic:/dynamic:ro
+      - ./dynamic:/dynamic:ro
+      - ${STORAGE_PATH}/traefik/letsencrypt:/letsencrypt
     networks:
       - web
     security_opt:
@@ -23,6 +24,7 @@ services:
       - "traefik.http.routers.dashboard.rule=Host(`dashboard.${DOMAIN}`)"
       - "traefik.http.routers.dashboard.service=api@internal"
       - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
     command:
       - "--entrypoints.web.address=:80"
       - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
@@ -31,6 +33,8 @@ services:
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       - "--providers.docker.network=web"
+      - "--api.dashboard=true"
+      - "--api.insecure=false"
       - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
       - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
       - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
@@ -40,6 +44,9 @@ services:
       - "--providers.file.directory=/dynamic"
       - "--providers.file.watch=true"
 
+    environment:
+      - DOMAIN=${DOMAIN}
+
 networks:
   web:
     external: true

traefik/dynamic/nextcloud.yml

@@ -0,0 +1,38 @@
+http:
+  routers:
+    nextcloud:
+      rule: 'Host(`nextcloud.{{ env "DOMAIN" }}`)'
+      entryPoints:
+        - websecure
+      service: nextcloud
+      middlewares:
+        - nextcloud-chain
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    nextcloud:
+      loadBalancer:
+        servers:
+          - url: "http://nextcloud-aio-apache:11000"
+
+  middlewares:
+    nextcloud-secure-headers:
+      headers:
+        hostsProxyHeaders:
+          - X-Forwarded-Host
+        customRequestHeaders:
+          X-Forwarded-Proto: https
+        referrerPolicy: same-origin
+
+    nextcloud-dav:
+      redirectRegex:
+        regex: "^https://([^/]+)/.well-known/(card|cal)dav"
+        replacement: "https://${1}/remote.php/dav/"
+        permanent: true
+
+    nextcloud-chain:
+      chain:
+        middlewares:
+          - nextcloud-dav
+          - nextcloud-secure-headers

traefik/dynamic/tls.yaml

@@ -0,0 +1,4 @@
+tls:
+  certificates:
+    - certFile: /certs/local.crt
+      keyFile: /certs/local.key

whoami/docker-compose.yml

@@ -10,6 +10,7 @@ services:
       - "traefik.http.routers.whoami.entrypoints=websecure"
       - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
       - "traefik.http.routers.whoami.tls=true"
+      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
 
 networks:
   web: