changes
This commit is contained in:
parent
e44e9c3d9c
commit
a475010975
7
README.md
Normal file
7
README.md
Normal file
@ -0,0 +1,7 @@
|
||||
Init:
|
||||
|
||||
`sudo git clone git@rozenlab.com:leo/server-origin.git && cd server-origin && sudo install.sh DOMAIN_NAME`
|
||||
|
||||
`sudo git pull git@rozenlab.com:leo/server-origin.git`
|
||||
|
||||
|
4
backups.cfg
Normal file
4
backups.cfg
Normal file
@ -0,0 +1,4 @@
|
||||
# /data/appdata/gitea
|
||||
# /data/appdata/pgadmin
|
||||
# /data/logs
|
||||
/data
|
3
config/backups.list
Normal file
3
config/backups.list
Normal file
@ -0,0 +1,3 @@
|
||||
# /sample/folder/
|
||||
/data/appdata/gitea/
|
||||
/data/projects/
|
2
config/cron.list
Normal file
2
config/cron.list
Normal file
@ -0,0 +1,2 @@
|
||||
0 8 * * * ./data/backup/all.sh
|
||||
# 0 9 * * * ./data/backup/remote-backup.sh
|
2
cron.cfg
Normal file
2
cron.cfg
Normal file
@ -0,0 +1,2 @@
|
||||
0 8 * * * ./data/backup/all.sh
|
||||
# 0 9 * * * ./data/backup/remote-backup.sh
|
@ -1,7 +0,0 @@
|
||||
set -e
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
sudo docker network create proxynet
|
||||
sudo git clone https://git.rozenlab.com/leo/repo-server.git
|
||||
|
||||
echo "Traefik OK"
|
72
gitea.yml
72
gitea.yml
@ -1,72 +0,0 @@
|
||||
services:
|
||||
gitea:
|
||||
image: gitea/gitea:1.22.0
|
||||
container_name: gitea
|
||||
env_file:
|
||||
- ./secrets/vars.env
|
||||
environment:
|
||||
- APP_NAME="Gitea"
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- USER=git
|
||||
- RUN_MODE=prod
|
||||
- DOMAIN=gitea.${DOMAIN}
|
||||
|
||||
- SSH_DOMAIN=gitea.${DOMAIN}
|
||||
- HTTP_PORT=3000
|
||||
- ROOT_URL=https://git.${DOMAIN}
|
||||
- SSH_PORT=222
|
||||
- SSH_LISTEN_PORT=22
|
||||
- GITEA__cache__ENABLED=true
|
||||
- GITEA__cache__ADAPTER=redis
|
||||
- GITEA__cache__HOST=redis://gitea-cache:6379/0?pool_size=100&idle_timeout=180s
|
||||
- GITEA__cache__ITEM_TTL=24h
|
||||
|
||||
- GITEA__database__DB_TYPE=postgres
|
||||
- GITEA__database__HOST=postgres:5432
|
||||
- GITEA__database__NAME=gitea
|
||||
- GITEA__database__USER=gitea
|
||||
- GITEA__database__PASSWD=${GITEA_DB_PW}
|
||||
restart: always
|
||||
networks:
|
||||
- proxynet
|
||||
depends_on:
|
||||
gitea-cache:
|
||||
condition: service_started
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.gitea.rule=Host(`git.${DOMAIN}`)"
|
||||
- "traefik.http.routers.gitea.entrypoints=https"
|
||||
- "traefik.http.routers.gitea.service=gitea-service"
|
||||
- "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "1m"
|
||||
volumes:
|
||||
- ./data/gitea:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "222:22"
|
||||
|
||||
gitea-cache:
|
||||
container_name: gitea-cache
|
||||
image: redis:7.2.5-alpine3.20
|
||||
restart: always
|
||||
networks:
|
||||
- proxynet
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "ping"]
|
||||
interval: 15s
|
||||
timeout: 3s
|
||||
retries: 30
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "1m"
|
||||
|
||||
networks:
|
||||
proxynet:
|
||||
external: true
|
@ -1,14 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||
CREATE USER checkers WITH ENCRYPTED PASSWORD '477iyetc44i2th6za8r7';
|
||||
CREATE DATABASE checkers;
|
||||
GRANT ALL PRIVILEGES ON DATABASE checkers TO checkers;
|
||||
ALTER DATABASE checkers OWNER TO checkers;
|
||||
|
||||
CREATE USER gitea WITH ENCRYPTED PASSWORD 'irvjyvqp8c94e8tf2gq5';
|
||||
CREATE DATABASE gitea;
|
||||
GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
|
||||
ALTER DATABASE gitea OWNER TO gitea;
|
||||
EOSQL
|
109
install.sh
Normal file
109
install.sh
Normal file
@ -0,0 +1,109 @@
|
||||
#!/bin/bash
|
||||
|
||||
#SECRETS_STORE=/data/secrets/secrets.env
|
||||
GIT_SSH_DOMAIN=rozenlab.com
|
||||
GIT_USER=leo
|
||||
PGUSER=admin
|
||||
PGDATABASE=postgres
|
||||
LETSENCRYPT_EMAIL=426742@gmail.com
|
||||
TRAEFIKLOGLEVEL=DEBUG # / INFO / ERROR
|
||||
ADMINEMAIL=426742@gmail.com
|
||||
STARTDIR=server-origin
|
||||
SSHPORT=2525
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script requires superuser rights. Running with sudo..."
|
||||
exec sudo "$0" "$@"
|
||||
fi
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "Please provide the DOMAIN_NAME as an argument"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#if [ -f $SECRETS_STORE ]; then
|
||||
# source $SECRETS_STORE
|
||||
#fi
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' EXIT
|
||||
set -e
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
$DOMAIN=$1
|
||||
#$SERVER_TYPE=dev
|
||||
|
||||
mkdir -p /data
|
||||
chown usradmin:usradmin /data
|
||||
chmod 770 /data
|
||||
|
||||
cd /data
|
||||
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/utils.git
|
||||
cd /data/utils
|
||||
#bash init-server.sh
|
||||
bash init-docker.sh
|
||||
|
||||
docker network create proxynet
|
||||
|
||||
# SSH config:
|
||||
#bash ssh-port.sh $SSHPORT
|
||||
#ssh-keygen -t ed25519 -C "$ADMINEMAIL"
|
||||
|
||||
bash cron-list.sh
|
||||
|
||||
# create global environment vars:
|
||||
bash global-env.sh SERVER_DOMAIN $DOMAIN
|
||||
bash global-env.sh POSTGRES_USER $PGUSER
|
||||
bash global-env.sh POSTGRES_DB $PGDATABASE
|
||||
bash global-env.sh TRAEFIK_LOG_LEVEL $TRAEFIKLOGLEVEL
|
||||
bash global-env.sh ADMIN_EMAIL $ADMINEMAIL
|
||||
bash global-env.sh SRV_START_DIR $STARTDIR
|
||||
|
||||
|
||||
#bash global-env.sh SERVER_TYPE $SERVER_TYPE
|
||||
|
||||
cd /data
|
||||
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/backup.git
|
||||
|
||||
|
||||
cd /data/utils
|
||||
#bash env-gen.sh LE_EMAIL "$LETSENCRYPT_EMAIL"
|
||||
|
||||
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/traefik.git
|
||||
cd traefik
|
||||
sudo docker compose up -d
|
||||
|
||||
|
||||
cd /data/utils
|
||||
bash env-gen.sh POSTGRES_PASSWORD
|
||||
|
||||
cd /data
|
||||
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/postgres.git
|
||||
cd postgres
|
||||
sudo docker compose up -d
|
||||
|
||||
# pgadmin install:
|
||||
mkdir -p /data/appdata/pgadmin
|
||||
chown -R 5050:5050 /data/appdata/pgadmin
|
||||
cd /data
|
||||
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/pgadmin.git
|
||||
cd pgadmin
|
||||
sudo docker compose up -d
|
||||
|
||||
ln -s /data/blog-frontend/main /data/www
|
||||
cd /data
|
||||
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/nginx-main.git
|
||||
cd nginx-main
|
||||
sudo docker compose up -d
|
||||
|
||||
cd /data
|
||||
git clone git@$GIT_SSH_DOMAIN:$GIT_USER/gitea.git
|
||||
cd gitea
|
||||
cd /data/utils
|
||||
bash env-gen.sh GITEA__database__PASSWD
|
||||
bash init-db.sh gitea $GITEA__database__PASSWD
|
||||
sudo docker compose up -d
|
||||
|
||||
|
||||
trap - EXIT
|
||||
echo "Install server-origin complete"
|
16
nginx.yml
16
nginx.yml
@ -1,16 +0,0 @@
|
||||
services:
|
||||
nginx:
|
||||
container_name: nginx
|
||||
image: nginx:1.27.0-alpine3.19
|
||||
restart: always
|
||||
networks:
|
||||
- proxynet
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.nginx.rule=Host(`${DOMAIN}`)"
|
||||
volumes:
|
||||
- ./www/main:/usr/share/nginx/html
|
||||
|
||||
networks:
|
||||
proxynet:
|
||||
external: true
|
25
pgadmin.yml
25
pgadmin.yml
@ -1,25 +0,0 @@
|
||||
services:
|
||||
pgadmin:
|
||||
container_name: pgadmin
|
||||
image: dpage/pgadmin4:8.6
|
||||
restart: always
|
||||
networks:
|
||||
- proxynet
|
||||
user: '$UID:$GID'
|
||||
env_file:
|
||||
- ./secrets/vars.env
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.pgadmin.rule=Host(`pgadmin.${DOMAIN}`)"
|
||||
- "traefik.http.routers.pgadmin.middlewares=pgadmin-auth"
|
||||
- "traefik.http.middlewares.pgadmin-auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
|
||||
environment:
|
||||
PGADMIN_CONFIG_SERVER_MODE: 'False'
|
||||
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
|
||||
volumes:
|
||||
- ./data/pgadmin:/var/lib/pgadmin
|
||||
- ./secrets/httpauth:/httpauth
|
||||
|
||||
networks:
|
||||
proxynet:
|
||||
external: true
|
33
postgres.yml
33
postgres.yml
@ -1,33 +0,0 @@
|
||||
services:
|
||||
postgres:
|
||||
container_name: postgres
|
||||
image: postgres:16.3-alpine3.19
|
||||
restart: always
|
||||
networks:
|
||||
- proxynet
|
||||
env_file:
|
||||
- ./secrets/vars.env
|
||||
environment:
|
||||
PG_DATA: /var/lib/postgresql/data
|
||||
POSTGRES_USER: admin
|
||||
POSTGRES_DB: postgres
|
||||
volumes:
|
||||
- ./data/pgdata:/var/lib/postgresql/data
|
||||
- ./init-db/init-database.sh:/docker-entrypoint-initdb.d/init-database.sh
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.tcp.routers.postgresql.rule=HostSNI(`*`)"
|
||||
- "traefik.tcp.services.postgresql.loadbalancer.server.port=5432"
|
||||
- "traefik.tcp.routers.postgresql.entrypoints=postgres"
|
||||
|
||||
initContainers:
|
||||
container_name: volume-permissions
|
||||
image: busybox:1.36.1-glibc
|
||||
command: >
|
||||
sh -c "chmod 755 /init-db/init-database.sh"
|
||||
volumes:
|
||||
- ./init-db:/init-db
|
||||
|
||||
networks:
|
||||
proxynet:
|
||||
external: true
|
21
run-checkerwars.sh
Normal file
21
run-checkerwars.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
DEV_ENV="/data/secrets/dev.env"
|
||||
INSTALL_DIR="/data/install"
|
||||
|
||||
trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
|
||||
set -e
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
source $DEV_ENV
|
||||
|
||||
bash $INSTALL_DIR/remote.sh $SERVER_BEGETCW_HOST $SERVER_BEGETCW_PASSWORD
|
||||
|
||||
trap - ERR
|
||||
echo "server-origin install complete"
|
@ -1 +0,0 @@
|
||||
admin:$apr1$yqPJkrsT$3QLU4eis81kl81STzRmQK/
|
File diff suppressed because one or more lines are too long
@ -1,23 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID3DCCAsSgAwIBAgIUYxNh6S3Y0G/QO+A+l/Cuj9H4HcswDQYJKoZIhvcNAQEL
|
||||
BQAwfjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO
|
||||
ZXcgWW9yazEMMAoGA1UECgwDTEVPMQwwCgYDVQQLDANMZW8xDDAKBgNVBAMMA0xl
|
||||
bzEfMB0GCSqGSIb3DQEJARYQNDI2NzQyQGdtYWlsLmNvbTAeFw0yNDA1MzExODU0
|
||||
MjRaFw0yNzAyMjQxODU0MjRaME4xCzAJBgNVBAYTAkNBMQ0wCwYDVQQIDAROb25l
|
||||
MQswCQYDVQQHDAJOQjENMAsGA1UECgwETm9uZTEUMBIGA1UEAwwLY3dzZXJ2ZXIu
|
||||
aG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj5S01nzA7rE+ZGVoX
|
||||
OKVXV+8pvMh5vUOYa1/mgu0epVKyuGlo3Yh36VyXKVhfyjz1oxaYDQyoo0AV53oq
|
||||
+yB5qmjSEFevrMYTQvJkNlXeKR7gYd1KGBTgCopH4t9yoY+Nj5vbNxjvaJKgN9+c
|
||||
7JaUaOA7+3vb2D2e4PAngfJd9now3S+9mbYMN2/oLkZrWea/jcPGpn0xvFRdm8C3
|
||||
K9uEChbLzy1yYakp9qL2EU9sW9KiK89ekUYJmeSJwTiPxlu37eK+vRrDX69g2kz1
|
||||
fKCsw0IWP1eUVzQujv42uyBP6PHchydT4v8y24Mr19OAK57pu2/s+NSTNDnW5B4P
|
||||
kg8RAgMBAAGjgYEwfzAfBgNVHSMEGDAWgBR7tnajbyUDVGrenFewhqX6XqkUrTAJ
|
||||
BgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAlBgNVHREEHjAcggtjd3NlcnZlci5obYIN
|
||||
Ki5jd3NlcnZlci5obTAdBgNVHQ4EFgQUZNPvtUIP2wdNdguNWyTnte8KecwwDQYJ
|
||||
KoZIhvcNAQELBQADggEBAEfzFLDMTbeaDDMesshTur6xUwfMr9jzcU6BMlZ8vaRt
|
||||
6zqlBH9zV5tkyAaiiyjHIKU7NIh3KGhm+XdqOGOSl11jX/X09mw792lrCemmzHeC
|
||||
xhEoVetBsyRPs2ie/uzWkCV6wrq9MYAz8T0DeiJfW6uVy61Jg1JtOCbdWp5wBkco
|
||||
pp8ZNIV2LBwoo7YXbGGN0zO6ozoUwOjNazV+Zytog35W8MOv5XPuZBxDE0UR+Bba
|
||||
eiquGSRlfNcWDRxvEZDciLqxgv283+XdglxcCwVcXg+Qk1Tul7BSM4rI0W9B3ox3
|
||||
3Y2AhMKxqpJEpXa4yu6w4qW/fc54zVQsJbEfNgMRJ4g=
|
||||
-----END CERTIFICATE-----
|
@ -1,28 +0,0 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCj5S01nzA7rE+Z
|
||||
GVoXOKVXV+8pvMh5vUOYa1/mgu0epVKyuGlo3Yh36VyXKVhfyjz1oxaYDQyoo0AV
|
||||
53oq+yB5qmjSEFevrMYTQvJkNlXeKR7gYd1KGBTgCopH4t9yoY+Nj5vbNxjvaJKg
|
||||
N9+c7JaUaOA7+3vb2D2e4PAngfJd9now3S+9mbYMN2/oLkZrWea/jcPGpn0xvFRd
|
||||
m8C3K9uEChbLzy1yYakp9qL2EU9sW9KiK89ekUYJmeSJwTiPxlu37eK+vRrDX69g
|
||||
2kz1fKCsw0IWP1eUVzQujv42uyBP6PHchydT4v8y24Mr19OAK57pu2/s+NSTNDnW
|
||||
5B4Pkg8RAgMBAAECggEAEAcUcb78j4ldS2KQTd8LRExkJhfBHy6kEp7FhRxepfWS
|
||||
7clc/ZVUiC15EYtIii2T4o2tYvc7uq4kUUAO0W83kM5aa9iPSq3BvRZ579TkdtJc
|
||||
o6LOajWKrRI6zabhJSuphzV5D2oG9TqrxCFSq9zzKNZMv3DrfudZt1TWB3cMxaVx
|
||||
poPh+wceJgOC0EtfGU/HaNbZY6eRawH4YmjhILTwt2q2tdKXy+b/FbKRzGbGp1cE
|
||||
IdnyAbP4rjEarcf0w4DH68jZ2nPAj/Yfx9sZETZqXakIXoo0TKz1cRGfbBis2qCn
|
||||
ZGhosi3ru/oE0faL8DoZMAeIYWZDuWj0eObT4vhTQQKBgQDkbCXmXxvY/Mq/6Qu9
|
||||
nri3v1gqkmccMFq+QSogLmV4n97pRN+99x1e4MVruejUl/VDybjI0aCdGAaAXREr
|
||||
BBwefleqWZ1SRATee8bkftoYefpddK62wMDk6AFOHMbC3ZDcr+MVcOIpjNf8cwys
|
||||
2Q0N67RUN791ZtoArAfS8KNyGQKBgQC3rq+Eh4zLo7Wr+FZJLnT6FyqvRd1QXaLM
|
||||
ihRBw5wHZ9imGJksCVrwWDmViyTh9cRTxhysNi7WUDYWcs2/1iNzpVMMmr6Zakbk
|
||||
8oqu864DQyVSafCzFexsg2zf2HFZ62S+fmnyjBnNi0LioiF5Ocqq81+6KvPnjfKx
|
||||
kFiG9vrTuQKBgCjc3/rSUN0EfBDQ0/TcDBdy94bGIgP88n7OkYaoRibKEsqQM6Z8
|
||||
KpjqhOa8n1ZIyOuTjqb+OUlhHuifvY6AcbdSysQCvA4XdPeIFRCTUNjIGW3WjdrL
|
||||
qLZKetFKfJQnpt6T6H/RbeQY+hqDSmUxfxBadiwKvQl3mNA99jhaLCMhAoGAA9ZB
|
||||
UlpmhYZ48Auy+bpftS2wtZKXCeu6z9z+iVUluD3iF64h3PqhDK47HbWXYqT4oetc
|
||||
g/hpyA5K4vMo+x3lBbBpaLT+0EOZEYVDgl4Sv3yyleMipQsLMkUYjCCAVamGJDiN
|
||||
zARDMbj7/7H1UwvzANkuobvt9mNPs4fZYZBdMvkCgYEA0F7UjhiE05p9B/o4RIzi
|
||||
mNSfvOW1sQRnMnlbSdaTgPpB3IogzxidfzDIFkDzNoiL4xrgppBMWIsSxrMXVeJf
|
||||
K6cOtYG7Q+chOut/9RkefQZBuz+PTcGYlMxGGfeUM8JMK+Stx3LT/K9bHb+BQtK0
|
||||
8cb4frLS5SNja/8nc0aa7oM=
|
||||
-----END PRIVATE KEY-----
|
@ -1,5 +0,0 @@
|
||||
POSTGRES_PASSWORD=5w5oaorg63mhrn7ybm8t
|
||||
PGADMIN_DEFAULT_EMAIL=426742@gmail.com
|
||||
PGADMIN_DEFAULT_PASSWORD=upu9s546b8ndyoeq4v3d
|
||||
LE_EMAIL=426742@gmail.com
|
||||
GITEA_DB_PW=irvjyvqp8c94e8tf2gq5
|
30
start.sh
30
start.sh
@ -2,28 +2,22 @@
|
||||
|
||||
set -e
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "Please provide the environment type as an argument"
|
||||
exit 1
|
||||
fi
|
||||
echo "Start all..."
|
||||
|
||||
ENV_TYPE="$1" # dev / prod
|
||||
# traefik run:
|
||||
sudo docker start traefik
|
||||
|
||||
echo "Start server on environment $ENV_TYPE..."
|
||||
# postgres run:
|
||||
sudo docker start postgres
|
||||
|
||||
#Traefik run:
|
||||
sudo docker compose --env-file .env.$ENV_TYPE -f traefik.yml up -d
|
||||
# pgadmin run:
|
||||
sudo docker start pgadmin
|
||||
|
||||
#Gitea run:
|
||||
sudo docker compose --env-file .env.$ENV_TYPE -f gitea.yml up -d
|
||||
# nginx-main run:
|
||||
sudo docker start nginx-main
|
||||
|
||||
#Postgres run:
|
||||
sudo docker compose -f postgres.yml up -d
|
||||
# gitea run:
|
||||
sudo docker start gitea
|
||||
|
||||
#Pgadmin run:
|
||||
sudo docker compose --env-file .env.$ENV_TYPE -f pgadmin.yml up -d
|
||||
|
||||
#Nginx run:
|
||||
sudo docker compose --env-file .env.$ENV_TYPE -f nginx.yml up -d
|
||||
|
||||
echo "All successfully started to environment $ENV_TYPE."
|
||||
echo "All containers successfully started
|
23
stop.sh
Normal file
23
stop.sh
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
echo "Stop all..."
|
||||
|
||||
# traefik run:
|
||||
sudo docker stop traefik
|
||||
|
||||
# postgres run:
|
||||
sudo docker stop postgres
|
||||
|
||||
# pgadmin run:
|
||||
sudo docker stop pgadmin
|
||||
|
||||
# nginx-main run:
|
||||
sudo docker stop nginx-main
|
||||
|
||||
# gitea run:
|
||||
sudo docker stop gitea
|
||||
|
||||
|
||||
echo "All containers successfully stopped
|
69
traefik.yml
69
traefik.yml
@ -1,69 +0,0 @@
|
||||
services:
|
||||
traefik:
|
||||
container_name: traefik
|
||||
image: traefik:v3.0.1
|
||||
restart: always
|
||||
networks:
|
||||
- proxynet
|
||||
env_file:
|
||||
- ./secrets/vars.env
|
||||
command:
|
||||
- "--providers.file.filename=/traefik/certs.yml"
|
||||
- "--api.insecure=false"
|
||||
- "--api.dashboard=true"
|
||||
- "--providers.docker"
|
||||
- "--log.level=DEBUG"
|
||||
- '--log=true'
|
||||
#- "--log.level=INFO"
|
||||
- "--providers.docker.exposedByDefault=false"
|
||||
- "--providers.docker.network=repo-server_proxynet"
|
||||
#Entrypoints:
|
||||
- "--entrypoints.http.address=:80"
|
||||
- "--entrypoints.https.address=:443"
|
||||
- "--entrypoints.postgres.address=:5432"
|
||||
- "--entrypoints.http.http.redirections.entrypoint.to=https"
|
||||
- "--entrypoints.http.http.redirections.entrypoint.scheme=https"
|
||||
#SSL Let's Encrypt:
|
||||
- "--entrypoints.https.http.tls.certResolver=${CERT_RESOLVER}"
|
||||
- "--certificatesresolvers.le.acme.tlschallenge=true"
|
||||
- "--certificatesresolvers.le.acme.email=${LE_EMAIL}"
|
||||
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
|
||||
#Dashboard secure:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
|
||||
- "traefik.http.routers.dashboard.entrypoints=https"
|
||||
- "traefik.http.routers.dashboard.tls=true"
|
||||
- "traefik.http.routers.dashboard.service=api@internal"
|
||||
- "traefik.http.routers.dashboard.middlewares=auth"
|
||||
- "traefik.http.middlewares.auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "5432:5432"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./secrets/letsencrypt:/letsencrypt
|
||||
- ./secrets/httpauth:/httpauth
|
||||
- ./traefik/certs.yml:/traefik/certs.yml
|
||||
- ./secrets/selfsigned:/secrets/selfsigned
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "1m"
|
||||
|
||||
initContainers:
|
||||
container_name: volume-permissions
|
||||
image: busybox:1.36.1-glibc
|
||||
|
||||
command: >
|
||||
sh -c "touch /letsencrypt/acme.json &&
|
||||
chmod -Rv 600 /letsencrypt/* &&
|
||||
chown 65532:65532 /letsencrypt/acme.json"
|
||||
volumes:
|
||||
- ./secrets/letsencrypt:/letsencrypt
|
||||
|
||||
networks:
|
||||
proxynet:
|
||||
driver: bridge
|
||||
external: false
|
@ -1,4 +0,0 @@
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: "/secrets/selfsigned/selfsigned.crt"
|
||||
keyFile: "/secrets/selfsigned/selfsigned.key"
|
@ -1,10 +0,0 @@
|
||||
<!doctype html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Docker Nginx</title>
|
||||
</head>
|
||||
<body>
|
||||
<h2>Hello from Nginx container</h2>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user