Initial backup import

2026-03-28 10:48:09 +01:00
commit de4ae83476
118 changed files with 1388 additions and 0 deletions
--- a/root/docker/nextcloud/Dockerfile
+++ b/root/docker/nextcloud/Dockerfile
@@ -0,0 +1,19 @@
+FROM nextcloud:fpm
+
+USER root
+
+COPY certs/focus-on-it-ca.crt /usr/local/share/ca-certificates/focus-on-it-ca.crt
+RUN update-ca-certificates
+
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends \
+    smbclient \
+    ldap-utils \
+    libldap2-dev \
+    libssl-dev \
+    wait-for-it \
+ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
+ && docker-php-ext-install ldap \
+ && rm -rf /var/lib/apt/lists/*
+
+# KEIN USER www-data hier
--- a/root/docker/nextcloud/data/nginx/conf.d/nextcloud.conf
+++ b/root/docker/nextcloud/data/nginx/conf.d/nextcloud.conf
@@ -0,0 +1,81 @@
+server {
+    listen 80;
+    server_name _;
+
+    root /var/www/html;
+    index index.php index.html /index.php$request_uri;
+
+    client_max_body_size 10G;
+    client_body_timeout 300s;
+    fastcgi_buffers 64 4K;
+
+    gzip off;
+
+    add_header Referrer-Policy "no-referrer" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Permitted-Cross-Domain-Policies "none" always;
+    add_header X-Robots-Tag "noindex, nofollow" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /.well-known/carddav {
+        return 301 /remote.php/dav;
+    }
+
+    location = /.well-known/caldav {
+        return 301 /remote.php/dav;
+    }
+
+    location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+    location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+    location / {
+        try_files $uri $uri/ /index.php$request_uri;
+    }
+
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        deny all;
+    }
+
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ \.php(?:$|/) {
+        rewrite ^/(?!index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|.+/richdocumentscode/proxy) /index.php$request_uri;
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        set $path_info $fastcgi_path_info;
+
+        try_files $fastcgi_script_name =404;
+
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        fastcgi_param HTTPS on;
+        fastcgi_param modHeadersAvailable true;
+        fastcgi_param front_controller_active true;
+        fastcgi_pass nextcloud-app:9000;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+        fastcgi_read_timeout 3600;
+    }
+
+    location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        try_files $uri /index.php$request_uri;
+        expires 6M;
+        access_log off;
+    }
+
+    location ~ \.(?:mp4|webm|avif|bmp|html|ttf|woff2?)$ {
+        try_files $uri /index.php$request_uri;
+        expires 6M;
+        access_log off;
+    }
+}
--- a/root/docker/nextcloud/data/nginx/nginx.conf
+++ b/root/docker/nextcloud/data/nginx/nginx.conf
@@ -0,0 +1,22 @@
+user  nginx;
+worker_processes  auto;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    types {
+        text/javascript  mjs;
+    }
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    tcp_nopush      on;
+    tcp_nodelay     on;
+    keepalive_timeout  65;
+    client_max_body_size 10G;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/root/docker/nextcloud/docker-compose.yml
+++ b/root/docker/nextcloud/docker-compose.yml
@@ -0,0 +1,97 @@
+services:
+  nextcloud-db:
+    image: mariadb:11
+    container_name: nextcloud-db
+    restart: unless-stopped
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    environment:
+      MYSQL_ROOT_PASSWORD: aMdZqdgztQbadb3yes05
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: ZDFnJGCBo0PHvq58KItT
+      TZ: Europe/Berlin
+    volumes:
+      - /root/docker/nextcloud/data/db:/var/lib/mysql
+    networks:
+      - nextcloud-internal
+
+  nextcloud-redis:
+    image: redis:7-alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    command: redis-server --appendonly yes
+    volumes:
+      - /root/docker/nextcloud/data/redis:/data
+    networks:
+      - nextcloud-internal
+
+  nextcloud-app:
+    build: .
+    container_name: nextcloud-app
+    restart: unless-stopped
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    command: >
+      /bin/sh -c "
+      wait-for-it nextcloud-db:3306 --timeout=60 &&
+      wait-for-it nextcloud-redis:6379 --timeout=60 &&
+      exec php-fpm
+      "
+    environment:
+      MYSQL_HOST: nextcloud-db
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: ZDFnJGCBo0PHvq58KItT
+      REDIS_HOST: nextcloud-redis
+      TZ: Europe/Berlin
+    volumes:
+      - /srv/nextcloud-data-local/nextcloud:/var/www/html
+    networks:
+      - nextcloud-internal
+  nextcloud-cron:
+    build: .
+    container_name: nextcloud-cron
+    restart: unless-stopped
+    depends_on:
+       - nextcloud-app
+    entrypoint: /cron.sh
+    environment:
+       MYSQL_HOST: nextcloud-db
+       MYSQL_DATABASE: nextcloud
+       MYSQL_USER: nextcloud
+       MYSQL_PASSWORD: ZDFnJGCBo0PHvq58KItT
+       REDIS_HOST: nextcloud-redis
+       TZ: Europe/Berlin
+    volumes:
+      - /srv/nextcloud-data-local/nextcloud:/var/www/html
+    networks:
+      - nextcloud-internal
+     
+  nextcloud-nginx:
+    image: nginx:alpine
+    container_name: nextcloud-nginx
+    restart: unless-stopped
+    depends_on:
+      - nextcloud-app
+    volumes:
+      - /srv/nextcloud-data-local/nextcloud:/var/www/html:ro
+      - /root/docker/nextcloud/data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - /root/docker/nextcloud/data/nginx/conf.d:/etc/nginx/conf.d:ro
+    networks:
+      - nextcloud-internal
+      - webproxy-net
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=webproxy-net
+      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.focus-on-it.net`)
+      - traefik.http.routers.nextcloud.entrypoints=websecure
+      - traefik.http.routers.nextcloud.tls=true
+      - traefik.http.routers.nextcloud.tls.certresolver=le
+      - traefik.http.routers.nextcloud.middlewares=nextcloud-headers@file
+      - traefik.http.services.nextcloud.loadbalancer.server.port=80
+networks:
+  nextcloud-internal:
+    driver: bridge
+  webproxy-net:
+    external: true
--- a/root/docker/nextcloud/start.sh
+++ b/root/docker/nextcloud/start.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/Webserver/start.sh
+
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# Stack sauber stoppen und entfernen (Container weg, Volumes bleiben!)
+docker compose down
+
+# Images aktualisieren
+docker compose pull
+
+# Neu erstellen und starten
+docker compose up -d --build --force-recreate --remove-orphans
+
+# Optional: alte Images aufräumen
+docker image prune -f