version: '3.8'
services:
knvpn-client:
image: qmcgaw/gluetun
container_name: knvpn-client
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=$VPN_PROVIDER
- VPN_TYPE=$VPN_TYPE
- TZ=$TZ
- WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL=25s
- DOT_PROVIDERS=$DOT_PROVIDERS
- WIREGUARD_MTU=$WIREGUARD_MTU
- FIREWALL_VPN_INPUT_PORTS="80,443"
# - FIREWALL_INPUT_PORTS="80,443"
# - FIREWALL_OUTBOUND_SUBNETS="172.129.0.0/24,10.8.0.0/24"
# ports:
# - '80:80'
# - '443:443'
# - '81:81'
# - '1337:1337'
# - 3000:3000
# - 3001:3001
networks:
knet-node:
ipv4_address: 172.129.0.2
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: 10m
volumes:
# - $DOCKERDIR/kmvpn-client/start.sh:/start.sh
- $DOCKERDIR/knvpn-client/$WG_CONFIG:/gluetun/wireguard/wg0.conf
- $DOCKERDIR/knvpn-client/post-rules.txt:/iptables/post-rules.txt
- /etc/hosts:/etc/hosts:ro
# entrypoint: ["sh", "/start.sh"]
# knnginx
knnginx:
image: nginx:latest
restart: unless-stopped
container_name: knnginx
depends_on:
- knvpn-client
- nextcloud-aio-mastercontainer
- knvault
ports:
- 80:80
- 443:443
volumes:
- $DOCKERDIR/knnginx/nginx.conf:/etc/nginx/nginx.conf:ro
- $DOCKERDIR/knnginx/fullchain.pem:/etc/nginx/fullchain.pem:ro
- $DOCKERDIR/knnginx/privkey.pem:/etc/nginx/privkey.pem:ro
# network_mode: "service:knvpn-client"
networks:
knet-node:
ipv4_address: 172.129.0.3
nextcloud-aio:
logging:
driver: "json-file"
options:
max-size: 10m
## nginx proxy manager as reverse-proxy
# knnpm:
# image: 'jc21/nginx-proxy-manager:latest'
# restart: unless-stopped
# container_name: knnpm
# depends_on:
# - kndb_npm
# - knvpn-client
# ports:
# - '80:80'
# - '81:81'
# - '443:443'
# environment:
# - "DB_MYSQL_HOST=172.129.0.3"
# - "DB_MYSQL_PORT=3306"
# - "DB_MYSQL_USER=npm"
# - "DB_MYSQL_PASSWORD=$NPM_DB_PASSWORD"
# - "DB_MYSQL_NAME=npm"
# - TZ="$TZ"
# volumes:
# - $DOCKERDIR/knnpm/data:/data
# - $DOCKERDIR/knnpm/letsencrypt:/etc/letsencrypt
# network_mode: "service:knvpn-client"
# networks:
# knet-node:
# ipv4_address: 172.129.0.7
# network_mode: bridge
# logging:
# driver: "json-file"
# options:
# max-size: 10m
## mariadb for npm
# kndb_npm:
# image: 'jc21/mariadb-aria:latest'
# restart: unless-stopped
# container_name: kndb_npm
# environment:
# - "MYSQL_ROOT_PASSWORD=$NPM_ROOT_PASSWORD"
# - "MYSQL_DATABASE=npm"
# - "MYSQL_USER=npm"
# - "MYSQL_PASSWORD=$NPM_DB_PASSWORD"
# - TZ="$TZ"
# volumes:
# - $DOCKERDIR/kndb_npm/data/mysql:/var/lib/mysql
# networks:
# knet-node:
# ipv4_address: 172.129.0.3
# network_mode: bridge
# logging:
# driver: "json-file"
# options:
# max-size: 10m
# knnc:
# # container_name: nextcloud
# restart: unless-stopped
# image: nextcloud:latest
# container_name: knnc
# # ports:
# # - 127.0.0.1:1337:1337 #Port change
# volumes:
# - $DOCKERDIR/knnc/apps:/var/www/html/apps
# - $DOCKERDIR/knnc/custom_apps:/var/www/html/custom_apps
# - $DOCKERDIR/knnc/config:/var/www/html/config
# - $DOCKERDIR2/knnc/data:/var/www/html/data
# - $DOCKERDIR/knnc/ports.conf:/etc/apache2/ports.conf
# - $DOCKERDIR/knnc/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:ro
# # - /etc/resolv.conf:/etc/resolv.conf:ro
# depends_on:
# - kndb_nc
# - knredis
# environment:
# NEXTCLOUD_ADMIN_PASSWORD: $NEXTCLOUD_ADMIN_PASSWORD
# NEXTCLOUD_ADMIN_USER: $NEXTCLOUD_ADMIN_USER
# NEXTCLOUD_HOSTNAME: $NEXTCLOUD_HOSTNAME
# NEXTCLOUD_TRUSTED_DOMAINS: $NEXTCLOUD_TRUSTED_DOMAINS
# PHP_MEMORY_LIMIT: 8G
# PHP_UPLOAD_LIMIT: 64G
# APACHE_BODY_LIMIT: 0
# REDIS_HOST: knredis
# REDIS_HOST_PASSWORD: $REDIS_PW
# TRUSTED_PROXIES: $TRUSTED_PROXIES
# OVERWRITEPROTOCOL: $OVERWRITEPROTOCOL
# OVERWRITECLIURL: $OVERWRITECLIURL
# # PHP_MAX_EXECUTION_TIME: 999999
# # PHP_MAX_INPUT_TIME: 99999
# # network_mode: "service:knvpn-client"
# networks:
# knet-node:
# ipv4_address: 172.129.0.6
# logging:
# driver: "json-file"
# options:
# max-size: 10m
# kndb_nc:
# # container_name: maria-db
# restart: unless-stopped
# image: mariadb:latest
# command: --innodb-read-only-compressed=OFF #Maria-DB fix
# environment:
# MYSQL_ROOT_PASSWORD: $MYSQL_ROOT_PASSWORD
# MYSQL_DATABASE: kndb_nc
# MYSQL_USER: kndb_nc
# MYSQL_PASSWORD: $MYSQL_PASSWORD
# container_name: kndb_nc
# volumes:
# - $DOCKERDIR/kndb_nc/mariadb:/var/lib/mysql
# - $DOCKERDIR/kndb_nc/my.cnf:/etc/mysql/my.cnf
# networks:
# knet-node:
# ipv4_address: 172.129.0.4
# logging:
# driver: "json-file"
# options:
# max-size: 10m
# knredis:
# image: redis:latest
# container_name: knredis
# restart: unless-stopped
# command: redis-server --requirepass $REDIS_PW
# networks:
# knet-node:
# ipv4_address: 172.129.0.5
# # network_mode: bridge
# # volumes:
# # - $DOCKERDIR/knredis/data:/var/lib/redis
# # - $DOCKERDIR/knredis/redis.conf:/usr/local/etc/redis/redis.conf
# logging:
# driver: "json-file"
# options:
# max-size: 10m
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
# network_mode: bridge # add to the same network as docker run would do
ports:
# - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- 8080:8080
# - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
environment: # Is needed when using any of the options below
SKIP_DOMAIN_VALIDATION: true
AIO_DISABLE_BACKUP_SECTION: ${AIO_DISABLE_BACKUP_SECTION:-false} # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
APACHE_PORT: ${APACHE_PORT:-11000} # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
APACHE_IP_BINDING: ${APACHE_IP_BINDING:-127.0.0.1} # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
BORG_RETENTION_POLICY: ${BORG_RETENTION_POLICY:---keep-within=7d --keep-weekly=4 --keep-monthly=6} # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
COLLABORA_SECCOMP_DISABLED: ${COLLABORA_SECCOMP_DISABLED:-false} # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
NEXTCLOUD_DATADIR: ${NEXTCLOUD_DATADIR} # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
# NEXTCLOUD_MOUNT: ${NEXTCLOUD_MOUNT} # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
NEXTCLOUD_UPLOAD_LIMIT: ${NEXTCLOUD_UPLOAD_LIMIT:-50G} # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
NEXTCLOUD_MAX_TIME: ${NEXTCLOUD_MAX_TIME:-360000} # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
NEXTCLOUD_MEMORY_LIMIT: ${NEXTCLOUD_MEMORY_LIMIT:-4096M} # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
NEXTCLOUD_TRUSTED_CACERTS_DIR: ${NEXTCLOUD_TRUSTED_CACERTS_DIR:-/path/to/my/cacerts} # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
NEXTCLOUD_STARTUP_APPS: ${NEXTCLOUD_STARTUP_APPS:-deck twofactor_totp tasks calendar contacts notes} # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
NEXTCLOUD_ADDITIONAL_APKS: ${NEXTCLOUD_ADDITIONAL_APKS:-imagemagick} # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: ${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS:-imagick} # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
NEXTCLOUD_ENABLE_DRI_DEVICE: ${NEXTCLOUD_ENABLE_DRI_DEVICE:-true} # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
NEXTCLOUD_KEEP_DISABLED_APPS: ${NEXTCLOUD_KEEP_DISABLED_APPS:-false} # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
TALK_PORT: ${TALK_PORT:-3478} # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
WATCHTOWER_DOCKER_SOCKET_PATH: ${WATCHTOWER_DOCKER_SOCKET_PATH:-/var/run/docker.sock} # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
# security_opt: ["label:disable"] # Is needed when using SELinux
networks:
knet-node:
ipv4_address: 172.129.0.4
# network_mode: bridge
logging:
driver: "json-file"
options:
max-size: 10m
# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
# caddy:
# image: caddy:alpine
# restart: always
# container_name: caddy
# volumes:
# - ./Caddyfile:/etc/caddy/Caddyfile
# - ./certs:/certs
# - ./config:/config
# - ./data:/data
# - ./sites:/srv
# network_mode: "host"
## vaultwarden as password-manager
knvault:
image: vaultwarden/server:latest-alpine
container_name: knvault
restart: unless-stopped
environment:
DOMAIN: $DOMAINVAULT
SIGNUPS_ALLOWED: "true"
volumes:
- $DOCKERDIR/knvault/:/data/
# ports:
# - 8081:80
networks:
knet-node:
ipv4_address: 172.129.0.5
# network_mode: bridge
logging:
driver: "json-file"
options:
max-size: 10m
## portainer
knport:
image: portainer/portainer-ce:latest
container_name: knport
ports:
- 127.0.0.1:9443:9443
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
networks:
knet-node:
ipv4_address: 172.129.0.250
logging:
driver: "json-file"
options:
max-size: 10m
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
portainer_data:
name: portainer_data
networks:
knet-node:
name: knet-node
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
com.docker.network.bridge.name: knet-node
# com.docker.network.driver.mtu: 1412
ipam:
driver: default
config:
- subnet: 172.129.0.0/24
gateway: 172.129.0.1
nextcloud-aio:
name: nextcloud-aio
# external: true
