skylab/omni-ansible
Archived
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update nextcloud app to use separate proxy and fpm services

Browse Source
This commit is contained in:
Ethan Paul
2021-04-30 20:20:22 -04:00
parent a7012abf28
commit 1490774f4a
3 changed files with 83 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
resources/docker-compose/nextcloud.yaml.j2
View File

@@ -22,6 +22,9 @@ volumes:
config:
name: datastore{{ omni_compose_apps.nextcloud.datastore }}/config
driver: glusterfs
proxy:
name: datastore{{ omni_compose_apps.nextcloud.datastore }}/proxy
driver: glusterfs
services:
@@ -49,19 +52,39 @@ services:
deploy:
replicas: 1
server:
image: nextcloud:{{ omni_compose_apps.nextcloud.versions.server | default(omni_compose_apps.nextcloud.versions.default) }}
hostname: nextcloud-server
proxy:
image: nginx:{{ omni_compose_apps.nextcloud.versions.proxy | default(omni_compose_apps.nextcloud.versions.default) }}
hostname: nextcloud-proxy
networks:
- nextcloud
depends_on:
- database
- cache
- server
ports:
- published: {{ omni_compose_apps.nextcloud.published.ports.80 }}
target: 80
protocol: tcp
mode: ingress
volumes:
- type: volume
source: config
target: /usr/share/nginx/nextcloud
read_only: true
- type: volume
source: proxy
target: /etc/nginx/conf.d
read_only: true
deploy:
replicas: 1
server:
image: nextcloud:{{ omni_compose_apps.nextcloud.versions.server | default(omni_compose_apps.nextcloud.versions.default) }}
hostname: nextcloud-server
user: "{{ omni_compose_apps.nextcloud.account.uid }}"
networks:
- nextcloud
depends_on:
- database
- cache
volumes:
- type: volume
source: data

50
resources/nginx/nextcloud-proxy.conf Normal file
View File

@@ -0,0 +1,50 @@
server {
listen 80;
root /usr/share/nginx/nextcloud;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass server:9000;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED /var/www/html$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /var/www/html/;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
}
}

6
vars/applications.yaml
View File

@@ -122,6 +122,10 @@ omni_compose_apps:
networks:
main: 192.168.107.0/24
versions:
server: 21.0.1
proxy: latest
server: 21.0.1-fpm
database: "10"
cache: "6.2"
assets:
- src: nginx/nextcloud-proxy.conf
name: proxy/nextcloud.conf