From 84abb843db593ef26cd9eb52270fe8611ec9c9a0 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Sat, 10 Sep 2022 15:52:59 -0400 Subject: [PATCH] Initial commit --- README.md | 103 +++++++++++++++++++++++++++++++++++++ container-compose.prod.yml | 7 +++ container-compose.yml | 54 +++++++++++++++++++ examples/nc.toml | 10 ++++ 4 files changed, 174 insertions(+) create mode 100644 README.md create mode 100644 container-compose.prod.yml create mode 100644 container-compose.yml create mode 100644 examples/nc.toml diff --git a/README.md b/README.md new file mode 100644 index 0000000..0f37002 --- /dev/null +++ b/README.md @@ -0,0 +1,103 @@ +# NextCloud Container + +## Running in a local development environment + +### With traefik + +This is done to because step closer to what a typical production deployment +looks like. + +1. Create a web network, if it doesn't exist: + +``` +podman network exist web || podman network create web +``` + +2. Start traefik, if it isn't already running: + +``` +cd /path/to/traefik_project +podman-compose up -d +``` + +3. Copy the traefix router & service configuration + +``` +cd /path/to/nextcloud_project +cp examples/nc.toml /path/to/traefik_project/conf.d/ +``` + +4. Start nextcloud + +``` +podman-compose up -d +``` + +5. Access at http://nc.localhost:8080 + +## Backing up the database + +``` +podman-compose exec nc-db mysqldump nextcloud | gzip -9 > nextcloud.sql.gz +``` + +## Production deployments + +Rootless container for NextCloud with the frontend being provided by Traefik, +which is running as a rootful container to bind to ports 80 and 443. + +1. Create a user for the NextCloud application (eg. nextcloud) +2. Enable linger for the user +3. Create the web network if it doesn't exist + +``` +sudo -u nextcloud podman network exists web || sudo -u nextcloud podman network create web +``` + +4. Deploy traefik configuration for the application, eg. + +``` +DEST_DIR=$(sudo podman volume inspect --format "{{.Mountpoint}}" traefik_config) +sudo cp /path/to/nextcloud/examples/nc.toml "${DEST_DIR}/" +sudo sed -i 's/nc\.localhost/HOSTNAME/g' "${DEST_DIR}/nc.toml" +sudo sed -i 's/http:\/\/nextcloud/http:\/\/localhost:9000/' "${DEST_DIR}/nc.toml" +``` + +5. Deploy a podman-compose configuration file, eg. + +``` +# ~/.config/containers/compose/projects/nextcloud +COMPOSE_PROJECT_DIR=/home/nextcloud/.../nc/ +COMPOSE_FILE="container-compose.yml container-compose.prod.yml" +COMPOSE_PATH_SEPARATOR=: +COMPOSE_PROJECT_NAME=nc +``` + +6. Deploy a systemd service file for NextCloud, eg. + +``` +# /etc/systemd/user/nextcloud.service +[Unit] +Description=Nextcloud Rootless Pod + +[Service] +User=nextcloud +Type=simple +EnvironmentFile=%h/.config/containers/compose/projects/nc.env +ExecStartPre=-podman-compose up --no-start +ExecStartPre=/usr/bin/podman pod start pod_nc +ExecStart=podman-compose wait +ExecStop=/usr/bin/podman pod stop pod_nc +``` + +7. Reload systemd units + +8. Deploy any necessary environment secret to the `.env` file, eg. + * `MARIADB_PASSWORD` + * `NC_TRUSTED_DOMAINS` + +9. Start + +``` +sudo -u nextcloud systemd --user enable --now nextcloud.service +``` diff --git a/container-compose.prod.yml b/container-compose.prod.yml new file mode 100644 index 0000000..95f6414 --- /dev/null +++ b/container-compose.prod.yml @@ -0,0 +1,7 @@ +--- +version: '3' + +services: + nextcloud: + ports: + - '9000:80' diff --git a/container-compose.yml b/container-compose.yml new file mode 100644 index 0000000..4a09013 --- /dev/null +++ b/container-compose.yml @@ -0,0 +1,54 @@ +--- +version: '3' + +networks: + default: + web: + external: true + +volumes: + apps: + data: + config: + nextcloud: + db: + +services: + nc-db: + image: docker.io/mariadb:10.5 + restart: always + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + volumes: + - db:/var/lib/mysql + environment: + - MARIADB_AUTO_UPGRADE=1 + - MARIADB_ROOT_HOST=localhost + - MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=yes + - MARIADB_DATABASE=nextcloud + - "MARIADB_PASSWORD=${MARIADB_PASSWORD:-secret}" + - MARIADB_USER=nextcloud + + nextcloud: + image: docker.io/nextcloud:latest + restart: always + networks: + - default + - web + volumes: + - nextcloud:/var/www/html + - apps:/var/www/html/custom_apps + - config:/var/www/html/config + - data:/var/www/html/data + environment: + - "NEXTCLOUD_TRUSTED_DOMAINS=${NC_TRUSTED_DOMAINS:-nc.localhost}" + - "MYSQL_PASSWORD=${MARIADB_PASSWORD:-secret}" + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_HOST=nc-db + - REDIS_HOST=nc-redis + depends_on: + - nc-db + - nc-redis + + nc-redis: + image: docker.io/redis:latest diff --git a/examples/nc.toml b/examples/nc.toml new file mode 100644 index 0000000..db48858 --- /dev/null +++ b/examples/nc.toml @@ -0,0 +1,10 @@ +[http] + [http.routers] + [http.routers.nc] + entryPoints = ["http"] + rule = "Host(`nc.localhost`)" + service = "nc" + [http.services] + [http.services.nc.loadBalancer] + [[http.services.nc.loadBalancer.servers]] + url = "http://nextcloud/"