Documentation and examples update for use with docker compose v2 (#2201)

* Update examples section according to the latest docker compose requirements.

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Minor readme updates to match the changes for the compose v2 syntax.

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Fix wrong environment variable

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Add missing headers to fpm config

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Fix  cache control

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Add mjs file extension in a proper way.

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Typos fixed, minor clarification changes

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Removed logging from compose files.

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Restored MariaDB to 10.6 as per docs suggestions

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Remove extra nginx volume

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Removed GH specific markdown from Readme, change mariadb to recommended version

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* typo

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Update .examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml

Signed-off-by: J0WI <J0WI@users.noreply.github.com>

* Update to correct MariaDB command

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Updated compose files for mariadb to match current docs

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Update outdated docker-compose command in Readme

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Added back --log-bin to MariaDB command. See PR 1881

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Remove wrongly added logging to Readme.MD

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

* Use proper name for --log-bin param

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>

---------

Signed-off-by: Kaloyan Nikolov <tzerber@gmail.com>
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
Co-authored-by: J0WI <J0WI@users.noreply.github.com>

Author: tzerber

.examples/README.md

@@ -66,9 +66,9 @@ The following Dockerfile commands are also necessary for a sucessfull cron insta
 
 ## docker-compose
 In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
-Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information.
+Before running the examples you have to modify the `db.env` and `compose.yaml` file and fill in your custom information.
 
-The docker-compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file.
+The docker compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `compose.yaml` file.
 
 
 ### insecure
@@ -78,10 +78,10 @@ For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
 
 To use this example complete the following steps:
 
-1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=`
+1. if you use mariadb or mysql choose a root password for the database in `compose.yaml` behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+4. start nextcloud with `docker compose up -d`
 
 
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
@@ -97,13 +97,13 @@ This combination of the [nginxproxy/nginx-proxy](https://github.com/nginx-proxy/
 
 To use this example complete the following steps:
 
-1. open `docker-compose.yml`
+1. open `compose.yaml`
    1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
    2. enter a valid email behind `LETSENCRYPT_EMAIL=`
    3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+4. start nextcloud with `docker compose up -d`
 
 
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.

…secure/mariadb/apache/docker-compose.yml …ose/insecure/mariadb/apache/compose.yaml.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml renamed to .examples/docker-compose/insecure/mariadb/apache/compose.yaml .examples/docker-compose/insecure/mariadb/apache/docker-compose.yml renamed to .examples/docker-compose/insecure/mariadb/apache/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6

…/insecure/mariadb/fpm/docker-compose.yml …ompose/insecure/mariadb/fpm/compose.yaml.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml renamed to .examples/docker-compose/insecure/mariadb/fpm/compose.yaml .examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml renamed to .examples/docker-compose/insecure/mariadb/fpm/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6

.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
@@ -162,24 +165,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            default_type "text/javascript";
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {

…ecure/postgres/apache/docker-compose.yml …se/insecure/postgres/apache/compose.yaml.examples/docker-compose/insecure/postgres/apache/docker-compose.yml renamed to .examples/docker-compose/insecure/postgres/apache/compose.yaml .examples/docker-compose/insecure/postgres/apache/docker-compose.yml renamed to .examples/docker-compose/insecure/postgres/apache/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: postgres:alpine
@@ -41,4 +39,4 @@ services:
 
 volumes:
   db:
-  nextcloud:
+  nextcloud:

…insecure/postgres/fpm/docker-compose.yml …mpose/insecure/postgres/fpm/compose.yaml.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml renamed to .examples/docker-compose/insecure/postgres/fpm/compose.yaml .examples/docker-compose/insecure/postgres/fpm/docker-compose.yml renamed to .examples/docker-compose/insecure/postgres/fpm/compose.yaml

@@ -1,11 +1,9 @@
-version: '3'
-
 services:
   db:
     image: postgres:alpine
     restart: always
     volumes:
-      - db:/var/lib/postgresql/data:z
+      - db:/var/lib/postgresql/data:Z
     env_file:
       - db.env
 

.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
@@ -162,23 +165,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {

…-proxy/mariadb/apache/docker-compose.yml …-nginx-proxy/mariadb/apache/compose.yaml.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml renamed to .examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml .examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml renamed to .examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6
@@ -34,6 +32,10 @@ services:
     depends_on:
       - db
       - redis
+      # Added proxy container dependency below. 
+      # It is unclear on when or why it happens, but sometimes NC manages to start before the proxy 
+      #  and it breaks for whatever weird reason resulting in the need of manual proxy container restart.
+      - proxy
     networks:
       - proxy-tier
       - default
@@ -55,18 +57,21 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
       - vhost.d:/etc/nginx/vhost.d:z
       - html:/usr/share/nginx/html:z
+      - dhparam:/etc/nginx/dhparam:z
       - /var/run/docker.sock:/tmp/docker.sock:z,ro
     networks:
       - proxy-tier
 
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
+    environment:
+      - DEFAULT_EMAIL=
     volumes:
       - certs:/etc/nginx/certs:z
       - acme:/etc/acme.sh:z
@@ -100,6 +105,7 @@ volumes:
   acme:
   vhost.d:
   html:
+  dhparam:
 
 networks:
   proxy-tier:

…inx-proxy/mariadb/fpm/docker-compose.yml …ith-nginx-proxy/mariadb/fpm/compose.yaml.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml renamed to .examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml .examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml renamed to .examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
   db:
     image: mariadb:10.6
@@ -31,6 +29,7 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
 
   web:
     build: ./web
@@ -64,7 +63,7 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
       - certs:/etc/nginx/certs:z,ro
       - vhost.d:/etc/nginx/vhost.d:z
@@ -76,6 +75,8 @@ services:
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
+    environment:
+      - DEFAULT_EMAIL=
     volumes:
       - certs:/etc/nginx/certs:z
       - acme:/etc/acme.sh:z

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
@@ -162,23 +165,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {