name:wireguardservices:wireguard:image:ghcr.io/wg-easy/wg-easy:${WG_EASY_VERSION}container_name:wg-easyrestart:alwaysenvironment:    -WG_HOST=${WG_EASY_DOMAIN}    -PASSWORD_HASH=${WG_EASY_PASSWORD}ports:    -51820:51820/udp    -51821:51821/tcp    -443:443    -80:80volumes:    -"~/.wg-easy:/etc/wireguard"cap_add:    -NET_ADMIN    -SYS_MODULEsysctls:    -net.ipv4.ip_forward=1    -net.ipv4.conf.all.src_valid_mark=1networks:    -proxynetworks:proxy:name:proxyexternal:true

name:nginxservices:proxy:image:nginxproxy/nginx-proxy:${NGINX_PROXY_VERSION}container_name:nginx-proxyrestart:alwaysvolumes:    -"/home/admin/nginx/data/conf:/etc/nginx/conf.d"    -"/home/admin/nginx/data/vhost:/etc/nginx/vhost.d:ro"    -"/home/admin/nginx/data/html:/usr/share/nginx/html:ro"    -"/home/admin/nginx/data/dhparam:/etc/nginx/dhparam:ro"    -"/home/admin/nginx/data/certs:/etc/nginx/certs:ro"    -"/var/run/docker.sock:/tmp/docker.sock:ro"network_mode:container:wg-easyacme:image:nginxproxy/acme-companion:${NGINX_ACME_COMPANION_VERSION}container_name:nginx-acmerestart:alwaysdepends_on:    -proxyenvironment:DEFAULT_EMAIL:${EMAIL}NGINX_PROXY_CONTAINER:nginx-proxyACME_CHALLENGE:DNS-01ACMESH_DNS_API_CONFIG:|-      DNS_API: ${DNS_API}      DEDYN_TOKEN: ${DEDYN_TOKEN}volumes:    -"/home/admin/nginx/data/conf:/etc/nginx/conf.d:ro"    -"/home/admin/nginx/data/vhost:/etc/nginx/vhost.d:ro"    -"/home/admin/nginx/data/html:/usr/share/nginx/html:ro"    -"/home/admin/nginx/data/dhparam:/etc/nginx/dhparam:ro"    -"/home/admin/nginx/data/certs:/etc/nginx/certs:rw"    -"/home/admin/nginx/acme:/etc/acme.sh"    -"/var/run/docker.sock:/var/run/docker.sock:ro"network_mode:container:wg-easy

name:owncloudservices:ocis:image:owncloud/ocis:latestuser:1001:1001container_name:owncloud-infinite-scalerestart:alwaysenvironment:    -OCIS_INSECURE=false# required if you use a reverse proxy with SSL support in front    -PROXY_HTTP_ADDR=0.0.0.0:${PORT}    -OCIS_URL=https://${OWNCLOUD_DOMAIN}# adjust to your FQDN domain; https required    -PROXY_TLS=false    -OCIS_LOG_LEVEL=warn,error    -OCIS_LOG_PRETTY=true#nginx proxy    -VIRTUAL_HOST=${OWNCLOUD_DOMAIN}    -VIRTUAL_PORT=${PORT}    -LETSENCRYPT_HOST=${OWNCLOUD_DOMAIN}#storage    -STORAGE_USERS_DRIVER=posix    -STORAGE_USERS_POSIX_ROOT=./fs# will redirect to data/fs    -STORAGE_USERS_POSIX_WATCH_TYPE=inotifywait    -STORAGE_USERS_ID_CACHE_STORE=nats-js-kv    -STORAGE_USERS_ID_CACHE_STORE_NODES=localhost:9233    -STORAGE_USERS_POSIX_USE_SPACE_GROUPS=truevolumes:    -"/home/cloud/owncloud/config:/etc/ocis:rw"    -"/home/cloud/owncloud/data:/var/lib/ocis:rw"network_mode:container:wg-easy

# nginx-proxy version : 1.7.0# Networks available to the container running docker-gen (which are assumed to# match the networks available to the container running nginx):#     proxy# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the# scheme used to connect to this servermap$http_x_forwarded_proto$proxy_x_forwarded_proto{  default$http_x_forwarded_proto;''$scheme;}map$http_x_forwarded_host$proxy_x_forwarded_host{  default$http_x_forwarded_host;''$host;}# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the# server port the client connected tomap$http_x_forwarded_port$proxy_x_forwarded_port{  default$http_x_forwarded_port;''$server_port;}# Include the port in the Host header sent to the container if it is non-standardmap$server_port$host_port{  default :$server_port;80'';443'';}# If the request from the downstream client has an "Upgrade:" header (set to any# non-empty value), pass "Connection: upgrade" to the upstream (backend) server.# Otherwise, the value for the "Connection" header depends on whether the user# has enabled keepalive to the upstream server.map$http_upgrade$proxy_connection{  default upgrade;''$proxy_connection_noupgrade;}map$upstream_keepalive$proxy_connection_noupgrade{  # Preserve nginx's default behavior (send "Connection: close").  default close;  # Use an empty string to cancel nginx's default behavior.  true'';}# Abuse the map directive (see <https://stackoverflow.com/q/14433309>) to ensure# that $upstream_keepalive is always defined.  This is necessary because:#   - The $proxy_connection variable is indirectly derived from#     $upstream_keepalive, so $upstream_keepalive must be defined whenever#     $proxy_connection is resolved.#   - The $proxy_connection variable is used in a proxy_set_header directive in#     the http block, so it is always fully resolved for every request -- even#     those where proxy_pass is not used (e.g., unknown virtual host).map""$upstream_keepalive{  # The value here should not matter because it should always be overridden in  # a location block (see the "location" template) for all requests where the  # value actually matters.  default false;}# Apply fix for very long server namesserver_names_hash_bucket_size128;# Default dhparamssl_dhparam /etc/nginx/dhparam/dhparam.pem;# Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_protomap$proxy_x_forwarded_proto$proxy_x_forwarded_ssl{  default off;  https on;}gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;log_format vhost escape=default'$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_addr"';access_log off;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305';ssl_prefer_server_ciphers off;error_log /dev/stderr;resolver127.0.0.11;# HTTP 1.1 supportproxy_http_version 1.1;proxy_set_header Host$host$host_port;proxy_set_header Upgrade$http_upgrade;proxy_set_header Connection$proxy_connection;proxy_set_header X-Real-IP$remote_addr;proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Host$proxy_x_forwarded_host;proxy_set_header X-Forwarded-Proto$proxy_x_forwarded_proto;proxy_set_header X-Forwarded-Ssl$proxy_x_forwarded_ssl;proxy_set_header X-Forwarded-Port$proxy_x_forwarded_port;proxy_set_header X-Original-URI$request_uri;# Mitigate httpoxy attack (see README for details)proxy_set_header Proxy"";server{server_name _; # This is just an invalid value which will never trigger on a real hostname.server_tokens off;access_log /var/log/nginx/access.log vhost;  http2 on;listen80;listen443ssl;ssl_session_cache shared:SSL:50m;ssl_session_tickets off;  # No default certificate found, so reject SSL handshake;  ssl_reject_handshake on;location ^~ /{return503;}}# owncloud.domain.com/upstream owncloud.domain.com{  # Container: owncloud-infinite-scale  #     networks:  #         (none)  #     IPv4 address: (none usable)  #     IPv6 address: (none usable)  #     exposed ports (first ten): 9200/tcp  #     default port: 9200  #     using port: 9200  # Fallback entryserver127.0.0.1:9200; # by default this is127.0.0.1 down, however i need it to be127.0.0.1:{OWNCLOUD_VIRTUAL_PORT}keepalive 2; # required otherwise owncloud wont work..?}server{server_name owncloud.domain.com;access_log /var/log/nginx/access.log vhost;listen80;  # Do not HTTPS redirect Let's Encrypt ACME challengelocation ^~ /.well-known/acme-challenge/{auth_basic off;auth_request off;allow all;root /usr/share/nginx/html;try_files$uri =404;break;}location /{if($request_method~(OPTIONS|POST|PUT|PATCH|DELETE)){return301 https://$host$request_uri;}return301 https://$host$request_uri;}}server{server_name owncloud.domain.com;access_log /var/log/nginx/access.log vhost;  http2 on;listen443ssl;ssl_session_timeout5m;ssl_session_cache shared:SSL:50m;ssl_session_tickets off;ssl_certificate /etc/nginx/certs/owncloud.domain.com.crt;ssl_certificate_key /etc/nginx/certs/owncloud.domain.com.key;ssl_dhparam /etc/nginx/certs/owncloud.domain.com.dhparam.pem;ssl_stapling on;ssl_stapling_verify on;ssl_trusted_certificate /etc/nginx/certs/owncloud.domain.com.chain.pem;set$sts_header"";if($https){set$sts_header"max-age=31536000";}add_header Strict-Transport-Security$sts_header always;location /{proxy_passhttp://owncloud.domain.com;set$upstream_keepalive true;}}