Xwiki | Docker Swarm Stack
Text Only
version: "3.7"
services:
nginx:
image: nginx:stable-alpine
volumes:
- ./nginx-conf:/etc/nginx/conf.d
- ./ssl:/etc/nginx/ssl
# - /webfolder:/var/www/html/webfolder
networks:
- durbok-net
deploy:
placement:
constraints:
- node.role == manager
replicas: 1
restart_policy:
condition: on-failure
ports:
- 80:80
- 443:443
mysql:
image: mysql:5.7
hostname: mysql-5
command: '--character-set-server=utf8 --collation-server=utf8_bin --explicit-defaults-for-timestamp=1'
networks:
- durbok-net
deploy:
placement:
constraints:
- node.role == manager
replicas: 1
restart_policy:
condition: on-failure
volumes:
- ./db-data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: xwiki
MYSQL_USER: xwiki
MYSQL_PASSWORD: xwiki
MYSQL_DATABASE: xwiki
xwiki:
image: xwiki:stable-mysql-tomcat
volumes:
- ./xwiki-data:/usr/local/xwiki
environment:
# - XWIKI_VERSION=xwiki
- DB_USER=xwiki
- DB_PASSWORD=xwiki
- DB_DATABASE=xwiki
- DB_HOST=xwiki_mysql
# - INDEX_HOST=xwiki-index
networks:
- durbok-net
ports:
- 8080:8080
deploy:
placement:
constraints:
- node.role == manager
replicas: 1
restart_policy:
condition: on-failure
networks:
durbok-net:
networks:
durbok-net:
external: true
Nginx Config Example
Nginx Configuration File
server {
listen 80;
listen [::]:80;
server_name your.domain.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name your.domain.com;
error_log /var/log/nginx/your.domain.com_error.log;
access_log /var/log/nginx/your.domain.com_access.log;
location ^~ {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 256M;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_pass http://xwiki_xwiki:8080;
proxy_read_timeout 90;
}
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}
add_header Content-Security-Policy upgrade-insecure-requests;
ssl_certificate /etc/nginx/ssl/ssl.pem;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
# ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
#SSL Security
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#XP and IE6 support
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
proxy_set_header X-Forwarded-For $remote_addr;
#Compress and optimize delivery of files
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed by gzip module
}