version: '3'

networks:
  web:
    external: true
  internal:
    external: false

services:
  db:
    image: postgres:12-alpine
    container_name: postgresql-nextcloud
    restart: always
    volumes:
      - ./db:/var/lib/postgresql/data
    env_file:
      - db.env
    networks:
      - web

  app:
    image: nextcloud:apache
    container_name: nextcloud
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
      - traefik.http.routers.nextcloud-http.entrypoints=web
      - traefik.http.routers.nextcloud-http.rule=Host(`cloud.claudiofaoro.com`)
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.routers.nextcloud.rule=Host(`cloud.claudiofaoro.com`)
      - traefik.http.routers.nextcloud.tls=true
      - traefik.http.routers.nextcloud.tls.certresolver=lets-encrypt
#      - traefik.port=80
      - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://cloud.claudiofaoro.com
      - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' cloud.claudiofaoro.com *.claudiofaoro.com
      - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
      - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
      - traefik.http.middlewares.nextcloud.headers.stsPreload=true
      - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN
      - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
      - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
    volumes:
      - ./nextcloud:/var/www/html
      - ./uploadsize.ini:/usr/local/etc/php/conf.d/uploadsize.ini
    environment:
      - POSTGRES_HOST=db
#      - TRUSTED_PROXIES= 172.18.0.5/16
    env_file:
      - db.env
    depends_on:
      - db
    networks:
      - web

  onlyoffice:
    image: onlyoffice/documentserver
    container_name: onlyoffice
    restart: always
    labels:
      - traefik.enable=true
      - traefik.http.routers.onlyoffice.middlewares=onlyoffice
      - traefik.http.routers.onlyoffice-http.entrypoints=web
      - traefik.http.routers.onlyoffice-http.rule=Host(`onlyoffice.claudiofaoro.com`)
      - traefik.http.routers.onlyoffice.entrypoints=websecure
      - traefik.http.routers.onlyoffice.rule=Host(`onlyoffice.claudiofaoro.com`)
      - traefik.http.routers.onlyoffice.tls=true
      - traefik.http.routers.onlyoffice.tls.certresolver=lets-encrypt
      - traefik.port=80
      - traefik.docker.network=web
      - traefik.http.middlewares.onlyoffice.headers.customFrameOptionsValue=ALLOW-FROM https://onlyoffice.claudiofaoro.com
      - traefik.http.middlewares.onlyoffice.headers.contentSecurityPolicy=frame-ancestors 'self' onlyoffice.claudiofaoro.com *.claudiofaoro.com
      - traefik.http.middlewares.onlyoffice.headers.stsSeconds=155520011
      - traefik.http.middlewares.onlyoffice.headers.stsIncludeSubdomains=true
      - traefik.http.middlewares.onlyoffice.headers.stsPreload=true
      - traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https
    volumes:
      - ./oo-logs:/var/log/onlyoffice
      - ./oo-cache:/var/lib/onlyoffice
    environment:
      JWT_ENABLED: "true"
      JWT_SECRET: insertcode
    networks:
      - web
volumes:
  db:
  nextcloud:
  oo-logs:
  oo-cache: