Documentation and examples update for use with docker compose v2

.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml → .examples/docker-compose/insecure/mariadb/apache/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
  image: mariadb:10.6

.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml → .examples/docker-compose/insecure/mariadb/fpm/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
  image: mariadb:10.6

.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
  include mime.types;
  default_type application/octet-stream;
+ types {
+ text/javascript mjs;
+ }
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
  # Set the `immutable` cache control options only for assets with a cache busting `v` argument
  map $arg_v $asset_immutable {
  "" "";
- default "immutable";
+ default ", immutable";
  }
 
  #gzip on;
@@ -162,24 +165,16 @@ http {
  fastcgi_max_temp_file_size 0;
  }
 
- # Javascript mimetype fixes for nginx
- # Note: The block below should be removed, and the js|mjs section should be
- # added to the block below this one. This is a temporary fix until Nginx 
- # upstream fixes the js mime-type
- location ~* \.(?:js|mjs)$ {
- types { 
- text/javascript js mjs;
- } 
- default_type "text/javascript";
- try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
- access_log off;
- }
-
  # Serve static files
- location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+ location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
  try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+ add_header Cache-Control "public, max-age=15778463$asset_immutable";
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
  access_log off; # Optional: Don't log access to assets
 
  location ~ \.wasm$ {

.examples/docker-compose/insecure/postgres/apache/docker-compose.yml → .examples/docker-compose/insecure/postgres/apache/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
  image: postgres:alpine
@@ -41,4 +39,4 @@ services:
 
 volumes:
  db:
- nextcloud:
+ nextcloud:

.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml → .examples/docker-compose/insecure/postgres/fpm/compose.yaml

@@ -1,11 +1,9 @@
-version: '3'
-
 services:
  db:
  image: postgres:alpine
  restart: always
  volumes:
- - db:/var/lib/postgresql/data:z
+ - db:/var/lib/postgresql/data:Z
  env_file:
  - db.env
 

.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
  include mime.types;
  default_type application/octet-stream;
+ types {
+ text/javascript mjs;
+ }
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
  # Set the `immutable` cache control options only for assets with a cache busting `v` argument
  map $arg_v $asset_immutable {
  "" "";
- default "immutable";
+ default ", immutable";
  }
 
  #gzip on;
@@ -162,23 +165,16 @@ http {
  fastcgi_max_temp_file_size 0;
  }
 
- # Javascript mimetype fixes for nginx
- # Note: The block below should be removed, and the js|mjs section should be
- # added to the block below this one. This is a temporary fix until Nginx 
- # upstream fixes the js mime-type
- location ~* \.(?:js|mjs)$ {
- types { 
- text/javascript js mjs;
- } 
- try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
- access_log off;
- }
-
  # Serve static files
- location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+ location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
  try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+ add_header Cache-Control "public, max-age=15778463$asset_immutable";
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
  access_log off; # Optional: Don't log access to assets
 
  location ~ \.wasm$ {

.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
  image: mariadb:10.6
@@ -34,6 +32,10 @@ services:
  depends_on:
  - db
  - redis
+ # Added proxy container dependency below. 
+ # It is unclear on when or why it happens, but sometimes NC manages to start before the proxy 
+ # and it breaks for whatever weird reason resulting in the need of manual proxy container restart.
+ - proxy
  networks:
  - proxy-tier
  - default
@@ -55,18 +57,21 @@ services:
  - 80:80
  - 443:443
  labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+ - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
  volumes:
- - certs:/etc/nginx/certs:z,ro
+ - certs:/etc/nginx/certs:ro:z
  - vhost.d:/etc/nginx/vhost.d:z
  - html:/usr/share/nginx/html:z
+ - dhparam:/etc/nginx/dhparam:z
  - /var/run/docker.sock:/tmp/docker.sock:z,ro
  networks:
  - proxy-tier
 
  letsencrypt-companion:
  image: nginxproxy/acme-companion
  restart: always
+ environment:
+ - DEFAULT_EMAIL=
  volumes:
  - certs:/etc/nginx/certs:z
  - acme:/etc/acme.sh:z
@@ -100,6 +105,7 @@ volumes:
  acme:
  vhost.d:
  html:
+ dhparam:
 
 networks:
  proxy-tier:

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
  image: mariadb:10.6
@@ -31,6 +29,7 @@ services:
  depends_on:
  - db
  - redis
+ - proxy
 
  web:
  build: ./web
@@ -64,7 +63,7 @@ services:
  - 80:80
  - 443:443
  labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+ - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
  volumes:
  - certs:/etc/nginx/certs:z,ro
  - vhost.d:/etc/nginx/vhost.d:z
@@ -76,6 +75,8 @@ services:
  letsencrypt-companion:
  image: nginxproxy/acme-companion
  restart: always
+ environment:
+ - DEFAULT_EMAIL=
  volumes:
  - certs:/etc/nginx/certs:z
  - acme:/etc/acme.sh:z

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
  include mime.types;
  default_type application/octet-stream;
+ types {
+ text/javascript mjs;
+ }
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
  # Set the `immutable` cache control options only for assets with a cache busting `v` argument
  map $arg_v $asset_immutable {
  "" "";
- default "immutable";
+ default ", immutable";
  }
 
  #gzip on;
@@ -162,23 +165,16 @@ http {
  fastcgi_max_temp_file_size 0;
  }
 
- # Javascript mimetype fixes for nginx
- # Note: The block below should be removed, and the js|mjs section should be
- # added to the block below this one. This is a temporary fix until Nginx 
- # upstream fixes the js mime-type
- location ~* \.(?:js|mjs)$ {
- types { 
- text/javascript js mjs;
- } 
- try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
- access_log off;
- }
-
  # Serve static files
- location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+ location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
  try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+ add_header Cache-Control "public, max-age=15778463$asset_immutable";
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
  access_log off; # Optional: Don't log access to assets
 
  location ~ \.wasm$ {

.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml

@@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
  image: postgres:alpine
@@ -29,6 +27,7 @@ services:
  depends_on:
  - db
  - redis
+ - proxy
  networks:
  - proxy-tier
  - default
@@ -50,9 +49,9 @@ services:
  - 80:80
  - 443:443
  labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+ - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
  volumes:
- - certs:/etc/nginx/certs:z,ro
+ - certs:/etc/nginx/certs:ro:z
  - vhost.d:/etc/nginx/vhost.d:z
  - html:/usr/share/nginx/html:z
  - /var/run/docker.sock:/tmp/docker.sock:z,ro

.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml

@@ -26,6 +26,7 @@ services:
  depends_on:
  - db
  - redis
+ - proxy
 
  web:
  build: ./web
@@ -59,7 +60,7 @@ services:
  - 80:80
  - 443:443
  labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+ - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
  volumes:
  - certs:/etc/nginx/certs:z,ro
  - vhost.d:/etc/nginx/vhost.d:z
@@ -77,6 +78,8 @@ services:
  - vhost.d:/etc/nginx/vhost.d:z
  - html:/usr/share/nginx/html:z
  - /var/run/docker.sock:/var/run/docker.sock:z,ro
+ environment:
+ - DEFAULT_EMAIL=
  networks:
  - proxy-tier
  depends_on:

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
  include mime.types;
  default_type application/octet-stream;
+ types {
+ text/javascript mjs;
+ }
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
@@ -30,7 +33,7 @@ http {
  # Set the `immutable` cache control options only for assets with a cache busting `v` argument
  map $arg_v $asset_immutable {
  "" "";
- default "immutable";
+ default ", immutable";
  }
 
  #gzip on;
@@ -162,23 +165,16 @@ http {
  fastcgi_max_temp_file_size 0;
  }
 
- # Javascript mimetype fixes for nginx
- # Note: The block below should be removed, and the js|mjs section should be
- # added to the block below this one. This is a temporary fix until Nginx 
- # upstream fixes the js mime-type
- location ~* \.(?:js|mjs)$ {
- types { 
- text/javascript js mjs;
- } 
- try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
- access_log off;
- }
-
  # Serve static files
- location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+ location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
  try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+ add_header Cache-Control "public, max-age=15778463$asset_immutable";
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
  access_log off; # Optional: Don't log access to assets
 
  location ~ \.wasm$ {