gstone/nextcloud-selfhosted
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

switch nextcloud to FPM + Nginx for better static file performance

Browse Source 
Replace the all-in-one Apache image with nextcloud:33-fpm and an Nginx
sidecar that serves static assets directly with gzip compression and
cache headers, avoiding the prefork concurrency bottleneck.
This commit is contained in:
Thomas Gräfenstein
2026-03-22 17:00:33 +01:00
parent c0c20a42ed
commit 4329cfd3f2
3 changed files with 94 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
caddy/Caddyfile
View File

@@ -9,14 +9,10 @@
} }
nextcloud.t-gstone.de { nextcloud.t-gstone.de {
encode zstd gzip reverse_proxy nextcloud-nginx:80
reverse_proxy nextcloud:80
header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
request_body { request_body {
max_size 10G max_size 10G
} }

32
nextcloud/docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
nextcloud: nextcloud:
image: nextcloud:33-apache image: nextcloud:33-fpm
container_name: nextcloud container_name: nextcloud
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
@@ -19,6 +19,29 @@ services:
- ${DATA_ROOT}/nextcloud/data:/var/www/html/data - ${DATA_ROOT}/nextcloud/data:/var/www/html/data
- ./hooks/post-installation.sh:/docker-entrypoint-hooks.d/post-installation/post-installation.sh:ro - ./hooks/post-installation.sh:/docker-entrypoint-hooks.d/post-installation/post-installation.sh:ro
- ./hooks/post-upgrade.sh:/docker-entrypoint-hooks.d/post-upgrade/post-upgrade.sh:ro - ./hooks/post-upgrade.sh:/docker-entrypoint-hooks.d/post-upgrade/post-upgrade.sh:ro
networks:
- nextcloud-internal
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
nginx:
image: nginx:alpine
container_name: nextcloud-nginx
restart: unless-stopped
depends_on:
- nextcloud
volumes:
- ${DATA_ROOT}/nextcloud/html:/var/www/html:ro
- ${DATA_ROOT}/nextcloud/data:/var/www/html/data:ro
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
healthcheck:
test: ["CMD-SHELL", "wget -q --spider http://localhost/status.php || exit 1"]
interval: 30s
timeout: 10s
retries: 3
networks: networks:
- proxy - proxy
- nextcloud-internal - nextcloud-internal
@@ -27,11 +50,6 @@ services:
options: options:
max-size: "10m" max-size: "10m"
max-file: "3" max-file: "3"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/status.php"]
interval: 30s
timeout: 10s
retries: 3
postgres: postgres:
image: postgres:17-alpine image: postgres:17-alpine
@@ -68,7 +86,7 @@ services:
max-file: "3" max-file: "3"
cron: cron:
image: nextcloud:33-apache image: nextcloud:33-fpm
container_name: nextcloud-cron container_name: nextcloud-cron
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:

68
nextcloud/nginx.conf Normal file
View File

@@ -0,0 +1,68 @@
upstream php-handler {
server nextcloud:9000;
}
server {
listen 80;
server_name _;
client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_types application/javascript application/json text/css text/plain text/xml application/xml image/svg+xml;
root /var/www/html;
index index.php index.html /index.php$request_uri;
# Redirect well-known URLs
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known { return 301 /index.php$uri; }
}
# Deny access to internal paths
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Serve static files directly
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
expires 6M;
access_log off;
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d;
access_log off;
}
# PHP handling
location ~ \.php(?:$|/) {
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Default handler
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}