services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    hostname: db
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    environment:
      POSTGRES_DB: ${NEXTCLOUD_POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    networks:
      - nextcloud-net

  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    hostname: redis
    restart: always
    networks:
      - nextcloud-net

  nextcloud:
    image: nextcloud:apache
    hostname: cloud.${DOMAIN}
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      POSTGRES_HOST: db
      REDIS_HOST: redis
      POSTGRES_DB: ${NEXTCLOUD_POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      # NEXTCLOUD_TRUSTED_DOMAINS: cloud.${DOMAIN}
      # NEXTCLOUD_TRUSTED_PROXIES: ${NEXTCLOUD_TRUSTED_PROXIES}
    depends_on:
      - db
      - redis
    networks:
      - traefik-public
      - nextcloud-net
    deploy:
      restart_policy:
        condition: any
        delay: 5s
        max_attempts: 3
      labels:
        - traefik.enable=true
        - traefik.swarm.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.nextcloud.entrypoints=https
        - traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)
        - "traefik.http.routers.nextcloud.tls=true"
        - traefik.http.routers.nextcloud.tls.certresolver=le
        - traefik.http.routers.nextcloud.service=nextcloud
        - traefik.http.services.nextcloud.loadbalancer.server.port=80
        - "traefik.http.services.nextcloud.loadbalancer.passHostHeader=true"
        #Middlerwares
        # - "traefik.http.routers.nextcloud.middlewares=limit@docker,nextcloudHeader,compresstraefik" #adds limit and headers MWs to router in Traefik,  
        # #Compress
        # - "traefik.http.middlewares.compresstraefik.compress=true"      
        # #HSTS
        # - "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000"
        # - "traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true"
        # - "traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true"
        # - "traefik.http.middlewares.nextcloudHeader.headers.forceSTSHeader=true"
        # - "traefik.http.middlewares.nextcloudHeader.headers.hostsProxyHeaders=X-Forwarded-Host"
        # #Buffering
        # - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10737418240"
        # - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000"   #200000000
        # - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000"
        # #DAV
        # - "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
        # - "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://cloud.${DOMAIN}/remote.php/dav/"
        # - "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true"
        - "traefik.http.routers.nextcloud.middlewares=nextcloud_redirectregex@swarm"
        - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true"
        - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
        - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav"

  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  # web:
  #   image: nginx:alpine-slim
  #   environment:
  #     - DOMAIN=${DOMAIN}
  #   restart: always
  #   expose:
  #     - "80"
  #   volumes:
  #     # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
  #     - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
  #     # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
  #     - nextcloud:/var/www/html:z,ro
  #   depends_on:
  #     - app
  #   networks:
  #     - traefik-public
  #     - nextcloud-net
  #   deploy:
  #     restart_policy:
  #       condition: any
  #       delay: 5s
  #       max_attempts: 3
  #     labels:
  #       - traefik.enable=true
  #       - traefik.swarm.network=traefik-public
  #       - traefik.constraint-label=traefik-public
  #       - traefik.http.routers.nextcloud.entrypoints=https
  #       - traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)
  #       - traefik.http.routers.nextcloud.tls.certresolver=le
  #       - traefik.http.routers.nextcloud.service=nextcloud
  #       - traefik.http.services.nextcloud.loadbalancer.server.port=80

  cron:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    networks:
      - nextcloud-net
    depends_on:
      - db
      - redis

volumes:
  db:
  nextcloud:

networks:
  traefik-public:
    external: true
  nextcloud-net:
    driver: overlay
    attachable: true