Select Git revision
docker-compose.yml 1.68 KiB
---
version: '3.5'
services:
proxy:
build:
context: ./
# command: ["nginx", "-g", "daemon off;"]
hostname: &hostname nextcloud.shore.co.il
networks:
default:
aliases:
- nextcloud.shore.co.il
- git.shore.co.il
- lam.shore.co.il
- mta-sts.shore.co.il
- code.shore.co.il
- vouch.shore.co.il
ports:
- '80:80'
- '443:443'
restart: always
volumes:
- '/var/www/www.shore.co.il/.well-known/acme-challenge:/var/www/www.shore.co.il/.well-known/acme-challenge:ro'
- '/var/ssl/site.key:/var/ssl/site.key:ro'
- '/var/ssl/site.crt:/var/ssl/site.crt:ro'
- '/var/ssl/mail.key:/var/ssl/mail.key:ro'
- '/var/ssl/mail.crt:/var/ssl/mail.crt:ro'
- '/var/ssl/dhparams:/var/ssl/dhparams:ro'
vouch:
environment:
OAUTH_AUTH_URL: https://nextcloud.shore.co.il/apps/oauth2/authorize
OAUTH_CALLBACK_URLS: https://vouch.shore.co.il/auth
OAUTH_CLIENT_ID: "${VOUCH_OAUTH_CLIENT_ID}"
# yamllint disable-line rule:line-length
OAUTH_CLIENT_SECRET: "${VOUCH_OAUTH_CLIENT_SECRET}" # pragma: allowlist secret
OAUTH_PROVIDER: nextcloud
OAUTH_SCOPES: 'openid,email.profile'
OAUTH_TOKEN_URL: https://nextcloud.shore.co.il/apps/oauth2/api/v1/token
# yamllint disable-line rule:line-length
OAUTH_USER_INFO_URL: https://nextcloud.shore.co.il/ocs/v2.php/cloud/user?format=json
VOUCH_DOMAINS: shore.co.il
VOUCH_JWT_MAXAGE: 10080 # 1 week.
VOUCH_JWT_SECRET: "${VOUCH_JWT_SECRET}" # pragma: allowlist secret
image: quay.io/vouch/vouch-proxy:alpine-0.36.0
restart: always
networks:
default:
name: shore