@rangerelf

rangerelf@alien.top · 7 months ago

Sure:

POSTGRES

---
version: '3.8'
services:
  postgres:
    container_name: postgres
    image: postgres:14-alpine
    environment:
      POSTGRES_PASSWORD: "XXXXXXXXXXXXXXXX"
      PGDATA: "/var/lib/postgresql/data/pgdata"
    volumes:
      - type: bind
        source: ./data
        target: /var/lib/postgresql/data
      - type: volume
        source: postgres-socket
        target: /run/postgresql
    logging:
      driver: json-file
      options:
        max-size: 2m
    restart: unless-stopped
networks:
  default:
    external:
      name: backend
volumes:
  postgres-socket:
    name: postgres-socket

REDIS

---
version: '3.8'
services:
  redis:
    image: redis:7.2-alpine
    command:
      - /data/redis.conf
      - --loglevel
      - verbose
    volumes:
      - type: bind
        source: ./data
        target: /data
      - type: volume
        source: redis-socket
        target: /var/run
    logging:
      driver: json-file
      options:
        max-size: 2m
    restart: unless-stopped
networks:
  default:
    external:
      name: backend
volumes:
  redis-socket:
    name: redis-socket

Here’s redis.conf, it took me a couple of tries to get it just right:

# create a unix domain socket to listen on
unixsocket /var/run/redis/redis.sock
unixsocketperm 666
# protected-mode no
requirepass rrrrrrrrrrrrr
bind 0.0.0.0
port 6379
tcp-keepalive 300
daemonize no
stop-writes-on-bgsave-error no
rdbcompression yes
rdbchecksum yes
# maximum memory allowed for redis
maxmemory 50M
# how redis will evice old objects - least recently used
maxmemory-policy allkeys-lru
# logging
# levels: debug verbose notice warning
loglevel notice
logfile ""
always-show-logo yes

NEXTCLOUD

---
version: '3.8'
services:
  nextcloud:
    image: nextcloud:27-fpm
    env_file:
      - data/environment.txt
    volumes:
      - type: bind
        source: ./data/html
        target: /var/www/html
      - type: volume
        source: redis-socket
        target: /redis
      - type: volume
        source: postgres-socket
        target: /postgres
      - type: tmpfs
        target: /tmp:exec
      - type: bind
        source: ./data/zz-docker.conf
        target: /usr/local/etc/php-fpm.d/zz-docker.conf
      - type: bind
        source: ./data/opcache_cli.conf
        target: /usr/local/etc/php/conf.d/opcache_cli.conf
    networks:
      - web
      - backend
    logging:
      driver: json-file
      options:
        max-size: 2m
    restart: unless-stopped
  crond:
    image: nextcloud:27-fpm
    entrypoint: /cron.sh
    env_file:
      - data/environment.txt
    volumes:
      - type: bind
        source: ./data/html
        target: /var/www/html
      - type: bind
        source: ./data/zz-docker.conf
        target: /usr/local/etc/php-fpm.d/zz-docker.conf
      - type: volume
        source: redis-socket
        target: /redis
      - type: volume
        source: postgres-socket
        target: /postgres
      - type: tmpfs
        target: /tmp:exec
    networks:
      - web
      - backend
    logging:
      driver: json-file
      options:
        max-size: 2m
    restart: unless-stopped
  collabora:
    image: collabora/code:23.05.5.4.1
    privileged: true
    environment:
      extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
      aliasgroup1: 'https://my.nextcloud.domain.org:443'
    cap_add:
      - MKNOD
    networks:
      - web
    logging:
      driver: json-file
      options:
        max-size: 2m
    restart: unless-stopped
networks:
  backend:
    external:
      name: backend
  web:
    external:
      name: web
volumes:
  redis-socket:
    name: redis-socket
  postgres-socket:
    name: postgres-socket

The environment.txt file is hostnames, logins, passwords, etc…

POSTGRES_DB=nextcloud
POSTGRES_USER=xxxxxxx
POSTGRES_PASSWORD=yyyyyyyyyyyyyyyyyyy
POSTGRES_SERVER=postgres
POSTGRES_HOST=/postgres/.s.PGSQL.5432
NEXTCLOUD_ADMIN_USER=aaaaa
NEXTCLOUD_ADMIN_PASSWORD=hhhhhhhhhhhhhhhhhhh
REDIS_HOST=redis
REDIS_HOST_PORT=6379
REDIS_HOST_PASSWORD=rrrrrrrrrrrrr

The zz-docker.conf file sets some process tuning and log format, some might not even be necessary:

[global]
daemonize = no
error_log = /proc/self/fd/2
log_limit = 8192

[www]
access.log = /proc/self/fd/2
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
catch_workers_output = yes
decorate_workers_output = no
clear_env = no

user = www-data
group = www-data

listen = 9000
listen = /var/www/html/.fpm-sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
listen.backlog = 512

pm = dynamic
pm.max_children = 16
pm.start_servers = 6
pm.min_spare_servers = 4
pm.max_spare_servers = 6
pm.process_idle_timeout = 30s;
pm.max_requests = 512

The opcache_cli.conf file has a single line:

opcache.enable_cli=1

I don’t remember why it’s there but it’s working so I’m not touching it :-D

Good luck :-)

rangerelf@alien.top · 7 months ago

I have both Postgres and Redis talking to Nextcloud through their respective unix sockets; I store the sockets in a named volume, so I can mount it on whatever containers need to reach them.

rangerelf@alien.top · 7 months ago

Not OP, but I run it on docker with postgres and redis, behind a reverse proxy. All apps on NC have pretty good performance and haven’t had any weird issues. It’s on an old xeon with 32gb and on spinning rust.