---
title: Nextcloud & Collabora
description: How to configure a properly working setup using Traefik
published: true
date: 2020-05-07T11:33:22.135Z
tags: 
---

# Requirements

Our setup relies heavily on `traefik` and won't work without it. See our traefik configuration page on how to prepare your system to accept this configuration.

# docker-compose.yml

```
version: '3'

services:

  nginx:
    image: nginx:alpine
    restart: unless-stopped
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./nextcloud:/var/www/html
    labels:
      - traefik.enable=true
      - traefik.http.routers.cloud.entryPoints=web-secure
      - traefik.http.routers.cloud.rule=Host(`cloud.fosc.space`)
      - traefik.http.routers.cloud.tls.certresolver=default
      - traefik.http.routers.cloud.middlewares=cloud@docker
      - traefik.http.middlewares.cloud.headers.customFrameOptionsValue=SAMEORIGIN
      - traefik.http.middlewares.cloud.headers.framedeny=true
      - traefik.http.middlewares.cloud.headers.sslredirect=true
      - traefik.http.middlewares.cloud.headers.stsSeconds=15552000
    depends_on:
      - fpm

  fpm:
    image: nextcloud
    restart: unless-stopped
    volumes:
      - ./nextcloud:/var/www/html
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=cloud.fosc.space
      - REDIS_HOST=redis
      - MYSQL_HOST=mariadb
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=hunter2
      - MYSQL_DATABASE=nextcloud
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=hunter2
    depends_on:
      - mariadb
      - redis
      - cron

  mariadb:
    image: mariadb
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=hunter2
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=hunter2
      - MYSQL_DATABASE=nextcloud
    volumes:
      - ./db:/var/lib/mysql

  collabora:
    image: collabora/code
    restart: unless-stopped
    environment:
      - username=admin
      - password=hunter3
      - DONT_GEN_SSL_CERT=true
      - "domain=cloud\\.fosc\\.space"
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:storage.wopi.host[0]=::ffff:[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:net.post_allow.host[0]=::ffff:[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:storage.wopi.host[1]=[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:net.post_allow.host[1]=[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:storage.wopi.host[2]=cloud.fosc.space"
    labels:
      - traefik.enable=true
      - traefik.http.routers.coll.entryPoints=web-secure
      - traefik.http.routers.coll.rule=Host(`collabora.fosc.space`)
      - traefik.http.routers.coll.tls.certresolver=default
      - traefik.http.services.coll.loadbalancer.server.port=9980

  redis:
    image: redis:alpine
    restart: unless-stopped

  cron:
    image: nextcloud
    restart: always
    volumes:
      - ./nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - mariadb
      - redis
```

# Nextcloud configuration
Once everything is up and running, install the Collabora plugin for Nextcloud and configure the following in its settings page:

> URL (and Port) of Collabora Online-server:
`https://collabora.fosc.space:443`
{.is-info}

# Quirks
> To get rid of the secure proxy warning, add a `NEXTCLOUD_TRUSTED_PROXIES` entry to Nextcloud's config.php with your host's hostname or IP address. For some reason, this configuration is not exposed via environment variables and cannot be fixed from docker-compose.