Docker compose project in Portainer

dnilgreb · July 16, 2024, 2:59pm

Hi,

I´m not very experienced in Docker, so this will be sort of a newbie question.
I am running a bunch of containers under Portainer, and am now trying to add Nextcloud.

I found a Nexcloud project including everything I need here:
https://github.com/bentolor/docker-nextcloud-collabora-postgresql-letsencrypt/tree/master

But it also has subfolders and files, and I am curious as to how I would include them via Portainer. Or am i going about it in the wrong way? I suspect I need a Volume (or several) and place files in the correct place or something?

rimelek · July 16, 2024, 9:27pm

Personal opinion, but I would not use Portainer for everything. Browsing, playing with containers, okay, but most of the descriptions will be for plain Docker commands or Docker Compose. Not to mention how important it could be to reproduce what you already done before without relying on a webinterface and the availability of Portainer. About handling volumes and folders in Portainer, you could try to ask in the Portainer community, but as far as I remember, you can create volumes from Portainer and also bind mount folders using absolute path.

dnilgreb · July 21, 2024, 11:01am

I have now worked on this for a few days. I´ve come as far as deploying a docker compose that works and contains everything I need. Once I got iy up and running, I wanted to put my user data outside of the docker host (VM).

So, I created an NFS share which I mounted on the docker host, which i then map to the path where tha nextcloud-data volume lives.
After this, I get a privacy error in the browser: NET::ERR_CERT_AUTHORITY_INVALID. However, I can´t find an error in the nextcloud container or in traefik or anything like that. When I change it back, which is to remove the mount, deleting all containers and volumes, and start again, the error persists. I setup a new DNS name and changed it, and then it worked. Did the same thing again, mounting the share, and the same error happens. And it still persists after removing tha share again.

I´m at my wits end, and not very docker savvy. Could someone help me with finding tha problem here?
My docker compose looks like this:

networks:
  nextcloud-network:
    external: true
  traefik-network:
    external: true

volumes:
  nextcloud-data:
  redis-data:
  nextcloud-postgres:
  nextcloud-postgres-backup:
  nextcloud-data-backups:
  nextcloud-database-backups:
  traefik-certificates:

services:
  postgres:
    container_name: postgres
    image: ${NEXTCLOUD_POSTGRES_IMAGE_TAG}
    volumes:
      - nextcloud-postgres:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
    networks:
      - nextcloud-network
    healthcheck:
      test: [ "CMD", "pg_isready", "-q", "-d", "${NEXTCLOUD_DB_NAME}", "-U", "${NEXTCLOUD_DB_USER}" ]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 60s
    restart: unless-stopped

  redis:
    image: ${NEXTCLOUD_REDIS_IMAGE_TAG}
    container_name: redis
    command: ["redis-server", "--requirepass", "$NEXTCLOUD_REDIS_PASSWORD"]
    volumes:
      - redis-data:/data
    networks:
      - nextcloud-network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 60s
    restart: unless-stopped

  nextcloud:
    image: ${NEXTCLOUD_IMAGE_TAG}
    container_name: nextcloud
    volumes:
      - nextcloud-data:${DATA_PATH}


    environment:
      TZ: ${NEXTCLOUD_TIMEZONE}
      POSTGRES_HOST: postgres
      DB_PORT: 5432
      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
      REDIS_HOST: redis
      REDIS_HOST_PORT: 6379
      REDIS_HOST_PASSWORD: ${NEXTCLOUD_REDIS_PASSWORD}
      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USERNAME}
      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_HOSTNAME}
      TRUSTED_PROXIES: 172.25.0.2
      OVERWRITECLIURL: ${NEXTCLOUD_URL}
      OVERWRITEPROTOCOL: https
      OVERWRITEHOST: ${NEXTCLOUD_HOSTNAME}
    networks:
      - nextcloud-network
      - traefik-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:80/"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 90s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUD_HOSTNAME}`)"
      - "traefik.http.routers.nextcloud.service=nextcloud"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
      - "traefik.http.services.nextcloud.loadbalancer.passhostheader=true"
      - "traefik.http.routers.nextcloud.middlewares=compresstraefik"
      - "traefik.http.middlewares.compresstraefik.compress=true"
      - "traefik.docker.network=traefik-network"
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
      traefik:
        condition: service_healthy
        
  nextcloud-collabora:
    image: collabora/code
    container_name: collabora
    restart: unless-stopped
    ports:
      - 127.0.0.1:9980:9980
    expose:
      - "9980"      
    environment:
      #should work as "domain=cloud1\.nextcloud\.com|cloud2\.nextcloud\.com"
      - domain=cloud\.example\.com
      - 'dictionaries=en_US,se_SE'
      - VIRTUAL_PROTO=http
      - VIRTUAL_PORT=9980
      - VIRTUAL_HOST=office.example.com
      - username=collabora
      - password=<omitted>
      - "extra_params=--o:ssl.enable=false  --o:ssl.termination=true"
    networks:
      - nextcloud-network
      - traefik-network
    cap_add:
      - MKNOD
    tty: true
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-network"
      - "traefik.http.routers.collabora.rule=Host(`office.example.com`)"
      - "traefik.http.routers.collabora.entrypoints=web"
      - "traefik.http.middlewares.collabora-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.collabora.middlewares=collabora-https-redirect"
      - "traefik.http.routers.collabora-secure.entrypoints=websecure"
      - "traefik.http.routers.collabora-secure.rule=Host(`office.example.com`)"
      - "traefik.http.routers.collabora-secure.tls=true"
      - "traefik.http.routers.collabora-secure.tls.certresolver=letsencrypt"

  traefik:
    image: ${TRAEFIK_IMAGE_TAG}
    container_name: traefik
    command:
      - "--log.level=${TRAEFIK_LOG_LEVEL}"
      - "--accesslog=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--ping=true"
      - "--ping.entrypoint=ping"
      - "--entryPoints.ping.address=:8082"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedByDefault=false"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json"
      - "--metrics.prometheus=true"
      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
      - "--global.checkNewVersion=true"
      - "--global.sendAnonymousUsage=false"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik-certificates:/etc/traefik/acme
    networks:
      - traefik-network
    ports:
      - "80:80"
      - "8081:8080"
      - "443:443"
    healthcheck:
      test: ["CMD", "wget", "http://localhost:8082/ping","--spider"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 5s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOSTNAME}`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
      - "traefik.http.routers.dashboard.middlewares=authtraefik"
      - "traefik.http.middlewares.authtraefik.basicauth.users=${TRAEFIK_BASIC_AUTH}"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    restart: unless-stopped

  backups:
    image: ${NEXTCLOUD_POSTGRES_IMAGE_TAG}
    container_name: nextcloud-backups
    command: >-
      sh -c 'sleep $BACKUP_INIT_SLEEP &&
      while true; do
        pg_dump -h postgres -p 5432 -d $NEXTCLOUD_DB_NAME -U $NEXTCLOUD_DB_USER | gzip > $POSTGRES_BACKUPS_PATH/$POSTGRES_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").gz &&
        tar -zcpf $DATA_BACKUPS_PATH/$DATA_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").tar.gz $DATA_PATH &&
        find $POSTGRES_BACKUPS_PATH -type f -mtime +$POSTGRES_BACKUP_PRUNE_DAYS | xargs rm -f &&
        find $DATA_BACKUPS_PATH -type f -mtime +$DATA_BACKUP_PRUNE_DAYS | xargs rm -f;
        sleep $BACKUP_INTERVAL; done'
    volumes:
      - nextcloud-postgres-backup:/var/lib/postgresql/data
      - nextcloud-data:${DATA_PATH}
      - nextcloud-data-backups:${DATA_BACKUPS_PATH}
      - nextcloud-database-backups:${POSTGRES_BACKUPS_PATH}
    environment:
      NEXTCLOUD_DB_NAME: ${NEXTCLOUD_DB_NAME}
      NEXTCLOUD_DB_USER: ${NEXTCLOUD_DB_USER}
      PGPASSWORD: ${NEXTCLOUD_DB_PASSWORD}
      BACKUP_INIT_SLEEP: ${BACKUP_INIT_SLEEP}
      BACKUP_INTERVAL: ${BACKUP_INTERVAL}
      POSTGRES_BACKUP_PRUNE_DAYS: ${POSTGRES_BACKUP_PRUNE_DAYS}
      DATA_BACKUP_PRUNE_DAYS: ${DATA_BACKUP_PRUNE_DAYS}
      POSTGRES_BACKUPS_PATH: ${POSTGRES_BACKUPS_PATH}
      DATA_BACKUPS_PATH: ${DATA_BACKUPS_PATH}
      DATA_PATH: ${DATA_PATH}
      POSTGRES_BACKUP_NAME: ${POSTGRES_BACKUP_NAME}
      DATA_BACKUP_NAME: ${DATA_BACKUP_NAME}
    networks:
      - nextcloud-network
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy