nextcloud-compose/.env at main · BWibo/nextcloud-compose · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# General settings
# Domain used for trusted domains (config.php)
DOMAIN=localhost

# Domains for TLS certificates. Items separated by comma + space: ", "
TLS_DOMAINS="localhost, nextcloud.local"
ADMIN_EMAIL=a@b.de

# Caddy TLS directive settings
# https://caddyserver.com/docs/caddyfile/directives/tls
# Use this for self-signed certificates, e.g. in your LAN
# CADDY_TLS="tls internal"

# Usage of own certificates
# CADDY_TLS="tls /certs/fullchain.pem /certs/key.key"

# Caddy header debug. Selects a Caddyfile snippet at parse time.
#   debug_headers_off (default) — no extra logging or endpoints.
#   debug_headers_on            — JSON access log to stdout
#                                 (visible via `docker compose logs caddy`)
#                                 plus a /caddy-debug-headers endpoint that
#                                 echoes back the trusted-proxy / real-IP
#                                 related request headers (X-Forwarded-For,
#                                 X-Forwarded-Proto, X-Forwarded-Host,
#                                 X-Real-IP, Forwarded, Host) along with
#                                 Caddy's parsed remote_ip and client_ip.
# After changing, run ./caddy_update.sh.
CADDY_DEBUG_SNIPPET=debug_headers_off

# Caddy per-site access log. Selects a Caddyfile snippet at parse time.
#   access_log_off (default) — no access log emitted.
#   access_log_on            — JSON access log to stdout
#                              (visible via `docker compose logs caddy`)
# After changing, run ./caddy_update.sh.
CADDY_ACCESS_LOG_SNIPPET=access_log_off

# Caddy trusted proxies. Space-separated CIDRs of upstream reverse proxies
# whose X-Forwarded-* headers Caddy should honor for real-client-IP.
# Example for a single dual-stack home-LAN proxy:
CADDY_TRUSTED_PROXIES="172.32.0.0/16 fd00::0/8"

# Nextcloud
NEXTCLOUD_VERSION=33.0.3-fpm
NEXTCLOUD_ADMIN_USER=admin
NEXTCLOUD_ADMIN_PASSWORD=changeMe

# Nextcloud PHP settings
PHP_MEMORY_LIMIT=1024M
PHP_UPLOAD_LIMIT=16G

# DB
POSTGRES_VERSION=16-alpine
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud
POSTGRES_PASSWORD=changeMe

# Docker settings
DOCKER_LOGGING_MAX_SIZE=5m
DOCKER_LOGGING_MAX_FILE=3

# Docker network
# The "net" bridge runs dual-stack (IPv4 + IPv6 ULA).
# CADDY_IP / CADDY_IP_V6 must lie inside the corresponding subnet.
# All other containers get random addresses from each subnet via Docker's IPAM.
#
# IMPORTANT: DOCKER_NET_SUBNET and DOCKER_NET_SUBNET_V6 must NOT overlap with
# any network the host is already attached to (LAN, VPN, other Docker
# bridges, WireGuard / Tailscale ranges, ISP CGNAT space, etc.). An overlap
# silently breaks routing — the host will prefer the more specific route
# and connections to those LAN hosts from inside containers, or to the
# containers from the LAN, will black-hole.
# Pick a private range that's free in your environment:
#   IPv4: anywhere in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
#   IPv6: any ULA prefix in fd00::/8 (RFC 4193), ideally a randomly chosen
#         /48 to avoid future collisions.
DOCKER_NET_SUBNET=172.20.0.0/24
DOCKER_NET_SUBNET_V6=fd20:20::/64
CADDY_IP=172.20.0.10
CADDY_IP_V6=fd20:20::10