one-click-apps/public/v4/apps/nextcloud.yml

captainVersion: 4
services:
    $$cap_appname-db:
        documentation: Taken from https://hub.docker.com/_/mariadb
        image: mariadb:$$cap_mariadb_version
        volumes:
            - $$cap_appname-db-data:/var/lib/mysql
        restart: always
        environment:
            MYSQL_ROOT_PASSWORD: $$cap_db_pass
            MYSQL_DATABASE: nextcloud
            MYSQL_USER: $$cap_db_user
            MYSQL_PASSWORD: $$cap_db_pass
        caproverExtra:
            notExposeAsWebApp: 'true'
    $$cap_appname-redis:
        documentation: Taken from https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
        image: redis:$$cap_redis_version
        restart: always
        caproverExtra:
            notExposeAsWebApp: 'true'
    $$cap_appname:
        depends_on:
            - $$cap_appname-db
            - $$cap_appname-redis
        documentation: Taken from https://hub.docker.com/_/nextcloud
        image: nextcloud:$$cap_nextcloud_version
        volumes:
            - $$cap_appname-data:/var/www/html
        restart: always
        environment:
            OVERWRITEPROTOCOL: $$cap_http_https_cors
            MYSQL_DATABASE: nextcloud
            MYSQL_USER: $$cap_db_user
            MYSQL_PASSWORD: $$cap_db_pass
            MYSQL_HOST: srv-captain--$$cap_appname-db
            REDIS_HOST: srv-captain--$$cap_appname-redis
            NEXTCLOUD_ADMIN_USER: $$cap_admin_user
            NEXTCLOUD_ADMIN_PASSWORD: $$cap_admin_pass
            NEXTCLOUD_TRUSTED_DOMAINS: $$cap_appname.$$cap_root_domain $$cap_hostnames
    $$cap_appname-cron:
        depends_on:
            - $$cap_appname-db
            - $$cap_appname-redis
            - $$cap_appname
        documentation: https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
        restart: always
        volumes:
            - $$cap_appname-data:/var/www/html
        caproverExtra:
            dockerfileLines:
                - FROM nextcloud:$$cap_nextcloud_version
                - 'ENTRYPOINT [ "/cron.sh" ] '
            notExposeAsWebApp: 'true'
caproverOneClickApp:
    variables:
        - id: $$cap_nextcloud_version
          label: NextCloud Version
          defaultValue: 25.0.6
          description: >-
              Check out their Docker page for the valid tags https://hub.docker.com/_/nextcloud?tab=tags


              Do not use fpm versions.              
          validRegex: /^((?!fpm)\S)+$/
        - id: $$cap_redis_version
          label: Redis Version
          defaultValue: 6.2.12
          description: Check out their Docker page for the valid tags https://hub.docker.com/_/redis?tab=tags
          validRegex: /^([^\s^\/])+$/
        - id: $$cap_mariadb_version
          label: MariaDB (database) version
          defaultValue: 10.6.12
          description: Check out their Docker page for the valid tags https://hub.docker.com/_/mariadb?tab=tags
          validRegex: /^([^\s^\/])+$/
        - id: $$cap_db_user
          label: database user
          defaultValue: nextcloud
          description: Username for the database using mysql.
          validRegex: /^([a-zA-Z0-9])+$/
        - id: $$cap_db_pass
          label: database password
          defaultValue: $$cap_gen_random_hex(32)
          description: Password for the database user and root using mysql.
          validRegex: /.{1,}/
        - id: $$cap_admin_user
          label: admin name
          defaultValue: admin
          description: Name of the Nextcloud admin user.
          validRegex: /^([a-zA-Z0-9\@\.])+$/
        - id: $$cap_admin_pass
          label: admin password
          description: Password for the Nextcloud admin user.
          validRegex: /.{8,}/
        - id: $$cap_http_https_cors
          label: Protocol of proxy
          defaultValue: https
          description: Choose either http or https. cors configuration to login are set by the docker image, if you do not set this same as your proxy configuration, login will fail
          validRegex: /^http[s]?$/
        - id: $$cap_hostnames
          label: hostnames
          description: Add all your additional hostnames where nextcloud will be exposed separated by space char. After first run, this variables are not reloaded by nextcloud and you will have to change the configuration according to the nextcloud's documentation.
    instructions:
        start: A safe home for all your data. Access & share your files, calendars, contacts, mail & more from any device, on your terms. http://Nextcloud.com
        end: >-
            NextCloud is deployed and will be available on few minutes as $$cap_appname.

            If you set the cors sections to https, please enable https on your app. If you do not activate it you will have an error.


            For better performances and compliance, click on "edit default nginx configuration" button then
            below "proxy_set_header X-Forwarded-Proto $scheme;"
            add "add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;"  into the nginx configuration.

            You can see HSTS parts of the nextcloud security documentation https://docs.nextcloud.com/server/21/admin_manual/installation/harden_server.html for further informations


            You can also scan your nextcloud instance on https://scan.nextcloud.com/            
    displayName: nextcloud
    isOfficial: true
    description: Nextcloud is a suite of client-server software for creating and using file hosting services
    documentation: Taken from https://hub.docker.com/_/nextcloud