diff --git a/.env b/.env index 5fb7301..00a5575 100644 --- a/.env +++ b/.env @@ -3,10 +3,10 @@ TZ=Europe/Rome NEXTCLOUD_DOMAIN=drive.pyconetwork.it NEXTCLOUD_DOMAIN_REGEX=drive\\.pyconetwork\\.it TRUSTED_PROXY_IP=192.168.4.4 +TRUSTED_PROXIES=192.168.4.4 172.30.0.10 -# Porte pubblicate sul nodo Docker: il reverse proxy punta qui. -NEXTCLOUD_PORT=8282 -COLLABORA_PORT=9980 +# Unica porta pubblicata sul nodo Docker: il reverse proxy punta a nginx. +NGINX_PORT=8383 MYSQL_DATABASE=nextcloud MYSQL_USER=nextcloud diff --git a/docker-compose.yml b/docker-compose.yml index adb70f4..4835573 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,19 @@ services: + nginx: + image: nginx:1.27-alpine + container_name: nextcloud-nginx + restart: unless-stopped + depends_on: + - app + - collabora + ports: + - "${NGINX_PORT}:80" + volumes: + - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro + networks: + nextcloud_internal: + ipv4_address: 172.30.0.10 + db: image: mariadb:11.4 container_name: nextcloud-db @@ -30,8 +45,8 @@ services: depends_on: - db - redis - ports: - - "${NEXTCLOUD_PORT}:80" + expose: + - "80" environment: MYSQL_HOST: db MYSQL_DATABASE: ${MYSQL_DATABASE} @@ -40,7 +55,7 @@ services: REDIS_HOST: redis REDIS_HOST_PASSWORD: ${REDIS_PASSWORD} NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN} - TRUSTED_PROXIES: ${TRUSTED_PROXY_IP} + TRUSTED_PROXIES: ${TRUSTED_PROXIES} OVERWRITEHOST: ${NEXTCLOUD_DOMAIN} OVERWRITEPROTOCOL: https OVERWRITECLIURL: https://${NEXTCLOUD_DOMAIN} @@ -56,8 +71,8 @@ services: image: collabora/code:latest container_name: collabora restart: unless-stopped - ports: - - "${COLLABORA_PORT}:9980" + expose: + - "9980" environment: domain: ${NEXTCLOUD_DOMAIN_REGEX} username: ${COLLABORA_USERNAME} @@ -77,3 +92,6 @@ volumes: networks: nextcloud_internal: driver: bridge + ipam: + config: + - subnet: 172.30.0.0/24 diff --git a/nginx/default.conf b/nginx/default.conf new file mode 100644 index 0000000..2ee12c3 --- /dev/null +++ b/nginx/default.conf @@ -0,0 +1,79 @@ +upstream nextcloud_upstream { + server app:80; +} + +upstream collabora_upstream { + server collabora:9980; +} + +server { + listen 80; + server_name _; + + client_max_body_size 20G; + proxy_read_timeout 3600; + proxy_connect_timeout 3600; + proxy_send_timeout 3600; + + location / { + proxy_pass http://nextcloud_upstream; + proxy_http_version 1.1; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto https; + } + + location ^~ /cool { + proxy_pass http://collabora_upstream; + proxy_http_version 1.1; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location ^~ /hosting/discovery { + proxy_pass http://collabora_upstream; + proxy_http_version 1.1; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + + location ^~ /loleaflet { + proxy_pass http://collabora_upstream; + proxy_http_version 1.1; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + + location ^~ /browser { + proxy_pass http://collabora_upstream; + proxy_http_version 1.1; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + + location ^~ /ws { + proxy_pass http://collabora_upstream; + proxy_http_version 1.1; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +}