nextcloud use nfs share

2025-03-27 21:43:31 +01:00 · 2025-03-27 21:43:31 +01:00 · 1f296c13b5
commit 1f296c13b5
parent ad81e83c56
2 changed files with 84 additions and 0 deletions
--- a/nextcloud/docker-compose/nextcloud/docker-compose.yaml
+++ b/nextcloud/docker-compose/nextcloud/docker-compose.yaml
@ -2,6 +2,10 @@ version: '2'

 volumes:
  nextcloud:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.2.57,nolock,soft,rw"
+      device: ":/schneider/nextcloud"
  db:

 services:
--- a/nextcloud/rschneider@hu/nextcloud.rschneider.hu.conf
+++ b/nextcloud/rschneider@hu/nextcloud.rschneider.hu.conf
@ -0,0 +1,80 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+server {
+    listen 80;
+    listen [::]:80;            # comment to disable IPv6
+
+    if ($scheme = "http") {
+        return 301 https://$host$request_uri;
+    }
+    if ($http_x_forwarded_proto = "http") {
+        return 301 https://$host$request_uri;
+    }
+
+    listen 443 ssl http2;      # for nginx versions below v1.25.1
+    listen [::]:443 ssl http2; # for nginx versions below v1.25.1 - comment to disable IPv6
+
+    # listen 443 ssl;      # for nginx v1.25.1+
+    # listen [::]:443 ssl; # for nginx v1.25.1+ - keep comment to disable IPv6
+    # http2 on;            # uncomment to enable HTTP/2 - supported on nginx v1.25.1+
+
+    # listen 443 quic reuseport;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport
+    # listen [::]:443 quic reuseport;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6
+    # http3 on;                                 # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # quic_gso on;                              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # quic_retry on;                            # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # quic_bpf on;                              # improves  HTTP/3 / QUIC - supported on nginx v1.25.0+, if nginx runs as a docker container you need to give it privileged permission to use this option
+    # add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+
+    proxy_buffering off;
+    proxy_request_buffering off;
+
+    client_max_body_size 0;
+    client_body_buffer_size 512k;
+    # http3_stream_buffer_size 512k; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    proxy_read_timeout 86400s;
+
+    server_name nextcloud.rschneider.hu;
+
+    location / {
+        proxy_pass http://${nuc}:4430${nuc}:4430$request_uri; # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-Scheme $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header Early-Data $ssl_early_data;
+
+        # Websocket
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    # If running nginx on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine,
+    # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain.
+    # In this case the subdomain should already be secured without additional actions
+    # ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
+    # ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
+
+    ssl_certificate /etc/nginx/ssl/live/nextcloud.rschneider.hu/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/nextcloud.rschneider.hu/privkey.pem;
+
+    ssl_dhparam /etc/dhparam; # curl -L https://ssl-config.mozilla.org/ffdhe2048.txt -o /etc/dhparam
+
+    ssl_early_data on;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:10m;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ecdh_curve x25519:x448:secp521r1:secp384r1:secp256r1;
+
+    ssl_prefer_server_ciphers on;
+    ssl_conf_command Options PrioritizeChaCha;
+    ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
+}