nextcloud-traefik2-multi-network-deployment

nextcloud-traefik2-multi-network-deployment.yml

## Trafik Multi Network Deployment

1. Create Traefik network

` # docker network  create --driver=bridge --attachable --internal=false traefik `

2. Edit `traefik2/docker-compose.yml`
    - Change ACME email
    - Change --providers.docker.network=traefik value if you created different network then `traefik`

3. Deploy traefik

 `docker-compose -f traefik2/docker-compose.yml up -d`

4. Edit `nextcloud/docker-compose.yml`
    - Change traefik.http.routers.nextcloud.rule Host
    - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy`
      if you dont need to iframe access from your external website
    - Change PostgreSQL environments
    - Edit `TRUSTED_PROXIES` with your traefik network address
5. Deploy nextcloud

 `docker-compose -f nextcloud/docker-compose.yml up -d`
 
 
$ cat traefik2/docker-compose.yml
 
 # Create  network first
# docker network  create --driver=bridge --attachable --internal=false traefik
#NOTES:
#1. [email protected] 
# cat docker-compose.yml

version: '3.3'

volumes:
  letsencrypt:
    driver: local


services:

  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.network=traefik"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "[email protected]"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - 80:80
      - 443:443
    networks:
      - default
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - letsencrypt:/letsencrypt

networks:
  default:
    external:
      name: traefik


$ cat nextcloud/docker-compose.yml

# Create netxcloud network first
# docker network create nextcloud
#NOTES:
#1. [email protected] 
#2. TRUSTED_PROXIES values based on your 'traefik docker network run docker network inspect traefik' to see the network
#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and  
#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain


version: '3.3'

volumes:
  nextcloud-www:
    driver: local
  nextcloud-db:
    driver: local
  redis:
    driver: local


services:

  db:
    restart: always
    image: postgres:11
    networks:
      - nextcloud
    environment:
    - POSTGRES_USER=nextcloud
    - POSTGRES_PASSWORD=password
    - POSTGRES_DB=nextcloud
    volumes:
    - nextcloud-db:/var/lib/postgresql/data
  redis:
    image: redis:latest
    restart: always
    networks:
      - nextcloud
    volumes:
      - redis:/var/lib/redis

  nextcloud:
    image: nextcloud:latest
    restart: always
    networks:
      - default
      - nextcloud
    depends_on:
      - redis
      - db
    labels:
      - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
      - traefik.http.routers.nextcloud.tls.certresolver=myresolver
      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`)
      - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com
      - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net
      - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
      - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
      - traefik.http.middlewares.nextcloud.headers.stsPreload=true
      - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
      - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
    environment:
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=password
      - POSTGRES_HOST=db
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=adminpass
      - REDIS_HOST=redis
      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com
      - TRUSTED_PROXIES=172.19.0.0/16
    volumes:
      - nextcloud-www:/var/www/html

networks:
  default:
    external:
      name: traefik

  nextcloud:
      internal: true
 
 

404 means that treafik can't map your requested hostname to the nextcloud container.
you can check traefik container logs. Above apache logs is not an issue.
Ensure that Host value - traefik.http.routers.nextcloud.rule=Host(nextcloud.mydomain.com) is same as your domain name.

Hi, thanks for sharing your compose files. I have a question I am trying to get nextcloud working with:
"traefik.http.routers.nextcloud-secure.rule=Host(my.example.net)" && PathPrefix(/nx)"

and somehow I can't get it working I allways get redirection errors have you ever tryed a solution like that? with traefik 1 it worked like a charm but somehow I can't get it running with traefik 2.

Greetings and thanks
wHyEt

Hi @wHyEt
Please check https://docs.traefik.io/migration/v1-to-v2/#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services

 - "traefik.http.routers.router0.rule=Host(`test.localhost`) && PathPrefix(`/test`)"

Hi @ismailyenigul
thanks a lot for your files, help me so much.

I have one question, when deploy nextcloud file, this created another internal network
b81dd7d84cf0 nextcloud bridge local 1265ff7689c2 nextcloud_nextcloud bridge local
Do you know what happened?
I copy/paste your code, change domains and create network nextcloud that you say for persistent network. I want to add another service, in future.

thx