--- services: opencloud: image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # release notes: https://docs.opencloud.eu/opencloud_release_notes.html user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: proxy_net: extra_hosts: - "${OC_DOMAIN:-cloud.opencloud.test}:host-gateway" entrypoint: - /bin/sh # run opencloud init to initialize a configuration file with random secrets # it will fail on subsequent runs, because the config file already exists # therefore we ignore the error and then start the opencloud server command: ["-c", "opencloud init || true; opencloud server"] environment: # enable services that are not started automatically OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES} OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} OC_LOG_LEVEL: ${LOG_LEVEL:-info} OC_LOG_COLOR: "true" OC_LOG_PRETTY: "true" # do not use SSL between the reverse proxy and OpenCloud PROXY_TLS: "false" # INSECURE: needed if OpenCloud / reverse proxy is using self generated certificates OC_INSECURE: "${INSECURE:-false}" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" # demo users IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" # admin password IDM_ADMIN_PASSWORD: "${INITIAL_ADMIN_PASSWORD}" # email server (if configured) NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}" NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}" NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications }" NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}" NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}" NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE:-false}" NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}" NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}" FRONTEND_ARCHIVER_MAX_SIZE: "10000000000" FRONTEND_CHECK_FOR_UPDATES: "${CHECK_FOR_UPDATES:-true}" # control the password enforcement and policy for public shares OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:-true}" OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:-false}" OC_PASSWORD_POLICY_DISABLED: "${OC_PASSWORD_POLICY_DISABLED:-false}" OC_PASSWORD_POLICY_MIN_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_CHARACTERS:-8}" OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:-1}" OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:-1}" OC_PASSWORD_POLICY_MIN_DIGITS: "${OC_PASSWORD_POLICY_MIN_DIGITS:-1}" OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:-1}" volumes: # configure the .env file to use own paths instead of docker internal volumes - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud deploy: resources: limits: cpus: '4' memory: 4G reservations: cpus: '2' memory: 2G healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9200/"] interval: 30s timeout: 10s retries: 3 start_period: 60s logging: driver: ${LOG_DRIVER:-json-file} options: max-size: "100m" max-file: "5" restart: always labels: - "traefik.enable=true" - "traefik.http.routers.opencloud.rule=Host(`${OC_DOMAIN:-cloud.opencloud.test}`)" - "traefik.http.routers.opencloud.entrypoints=websecure" - "traefik.http.routers.opencloud.tls.certresolver=letsencrypt" - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "homepage.group=Dev" - "homepage.name=OpenCloud" - "homepage.icon=owncloud.png" - "homepage.href=https://${OC_DOMAIN:-cloud.opencloud.test}" networks: opencloud-net: driver: bridge proxy_net: name: proxy_net external: true