create

.dockerignore

@@ -0,0 +1,2 @@
+/secrets
+/.git

.env.dev

@@ -0,0 +1,2 @@
+DOMAIN=corp.hm
+CERT_RESOLVER=local

.env.prod

@@ -0,0 +1,2 @@
+DOMAIN=checkerwars.com
+CERT_RESOLVER=le

dev.sh

@@ -0,0 +1 @@
+docker compose --env-file .env.dev -f docker-compose.yml up

docker-compose.yml

@@ -0,0 +1,81 @@
+name: "server"
+
+services:
+  traefik:
+    extends:
+      file: traefik.yml
+      service: traefik
+    networks:
+      - proxynet
+
+  nginx:
+    extends:
+      file: nginx.yml
+      service: nginx
+    networks:
+      - proxynet
+      
+  nginx-demo:
+    extends:
+      file: nginx-demo.yml
+      service: nginx-demo
+    networks:
+      - proxynet
+      
+  node-demo:
+    extends:
+      file: node-demo.yml
+      service: node-demo
+    networks:
+      - proxynet
+      #- internal
+
+  postgres:
+    extends:
+      file: postgres.yml
+      service: postgres
+    networks:
+      - proxynet
+      #- internal
+
+  pgadmin:
+    extends:
+      file: pgadmin.yml
+      service: pgadmin
+    networks:
+      - proxynet
+
+  gitea:
+    extends:
+      file: gitea.yml
+      service: gitea
+    networks:
+      - proxynet
+      
+  gitea-cache:
+    extends:
+      file: gitea-cache.yml
+      service: gitea-cache
+    networks:
+      - proxynet
+      
+  initContainers:
+    container_name: volume-permissions
+    image: busybox:1.36.1-glibc
+    
+    command: >
+      sh -c "touch /letsencrypt/acme.json &&
+             chmod -Rv 600 /letsencrypt/* &&
+             chown 65532:65532 /letsencrypt/acme.json &&
+             chmod 755 /init-db/init-database.sh"
+    #command: ["sh", "-c", "touch /letsencrypt/acme.json && chmod -Rv 600 /letsencrypt/* && chown 65532:65532 /letsencrypt/acme.json && chmod 755 /init-db/init-database.sh"]
+    volumes:
+      - ./secrets/letsencrypt:/letsencrypt
+      - ./init-db:/init-db
+
+networks:
+  proxynet:
+    driver: bridge
+    external: false
+  #internal:
+    

gitea-cache.yml

@@ -0,0 +1,16 @@
+services:
+  gitea-cache:
+    container_name: gitea-cache
+    image: redis:7.2.5-alpine3.20
+    restart: always
+    networks:
+      - proxynet
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 15s
+      timeout: 3s
+      retries: 30
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"

gitea.yml

@@ -0,0 +1,57 @@
+services:
+  gitea:
+    image: gitea/gitea:1.22.0
+    container_name: gitea
+    env_file:
+      - ./secrets/vars.env
+    environment:
+      - APP_NAME="Gitea"
+      - USER_UID=1000
+      - USER_GID=1000
+      - USER=git
+      - RUN_MODE=prod
+      - DOMAIN=gitea.${DOMAIN}
+      
+      - SSH_DOMAIN=gitea.${DOMAIN}
+      - HTTP_PORT=3000
+      - ROOT_URL=https://gitea.${DOMAIN}
+      - SSH_PORT=222
+      - SSH_LISTEN_PORT=22
+      #- DB_TYPE=sqlite3
+      - GITEA__cache__ENABLED=true
+      - GITEA__cache__ADAPTER=redis
+      - GITEA__cache__HOST=redis://gitea-cache:6379/0?pool_size=100&idle_timeout=180s
+      - GITEA__cache__ITEM_TTL=24h
+
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=postgres:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=${GITEA_DB_PW}
+    restart: always
+    networks:
+      - proxynet
+    depends_on:
+      traefik:
+        condition: service_started
+      postgres:
+        condition: service_started
+      gitea-cache:
+        condition: service_started
+    labels: 
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
+      - "traefik.http.routers.gitea.entrypoints=https"
+      - "traefik.http.routers.gitea.service=gitea-service"
+      - "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+    volumes:
+      - ./data/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "222:22"

init-db/checkers.sql

@@ -0,0 +1,3 @@
+CREATE DATABASE checkers;
+CREATE USER checkers WITH ENCRYPTED PASSWORD '477iyetc44i2th6za8r7';
+GRANT ALL PRIVILEGES ON DATABASE checkers TO checkers;

init-db/init-database.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+	CREATE USER checkers WITH ENCRYPTED PASSWORD '477iyetc44i2th6za8r7';
+    CREATE DATABASE checkers;
+    GRANT ALL PRIVILEGES ON DATABASE checkers TO checkers;
+	ALTER DATABASE checkers OWNER TO checkers;
+	
+	CREATE USER gitea WITH ENCRYPTED PASSWORD 'irvjyvqp8c94e8tf2gq5';
+    CREATE DATABASE gitea;
+    GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
+	ALTER DATABASE gitea OWNER TO gitea;
+EOSQL

nginx.yml

@@ -0,0 +1,12 @@
+services:
+  nginx:
+    container_name: nginx
+    image: nginx:1.27.0-alpine3.19
+    restart: always
+    networks:
+      - proxynet
+    labels: 
+      - "traefik.enable=true"
+      - "traefik.http.routers.nginx.rule=Host(`${DOMAIN}`)"
+    volumes:
+      - ./www/main:/usr/share/nginx/html

pgadmin.yml

@@ -0,0 +1,21 @@
+services:
+  pgadmin:
+    container_name: pgadmin
+    image: dpage/pgadmin4:8.6
+    restart: always
+    networks:
+      - proxynet
+    user: '$UID:$GID'
+    env_file:
+      - ./secrets/vars.env
+    labels:
+       - "traefik.enable=true"
+       - "traefik.http.routers.pgadmin.rule=Host(`pgadmin.${DOMAIN}`)"
+       - "traefik.http.routers.pgadmin.middlewares=pgadmin-auth"
+       - "traefik.http.middlewares.pgadmin-auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
+    environment:
+       PGADMIN_CONFIG_SERVER_MODE: 'False'
+       PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
+    volumes:
+      - ./data/pgadmin:/var/lib/pgadmin
+      - ./secrets/httpauth:/httpauth

postgres.yml

@@ -0,0 +1,22 @@
+services:
+  postgres:
+    container_name: postgres
+    image: postgres:16.3-alpine3.19
+    restart: always
+    networks:
+      - proxynet
+    env_file:
+      - ./secrets/vars.env
+    environment:
+      PG_DATA: /var/lib/postgresql/data
+      POSTGRES_USER: admin
+      POSTGRES_DB: postgres
+    volumes:
+      - ./data/pgdata:/var/lib/postgresql/data
+      #- ./init-db:/docker-entrypoint-initdb.d
+      - ./init-db/init-database.sh:/docker-entrypoint-initdb.d/init-database.sh
+    labels:
+      - "traefik.enable=true"
+      - "traefik.tcp.routers.postgresql.rule=HostSNI(`*`)"
+      - "traefik.tcp.services.postgresql.loadbalancer.server.port=5432"
+      - "traefik.tcp.routers.postgresql.entrypoints=postgres"

prod.sh

@@ -0,0 +1 @@
+docker compose --env-file .env.prod -f docker-compose.yml up

readme.md

@@ -0,0 +1 @@
+Srerver Docker Config

secrets/development.env

@@ -0,0 +1,25 @@
+PORT=5000
+POSTGRES_HOST=postgres
+POSTGRES_USER=checkers
+POSTGRES_DB=checkers
+POSTGRESS_PASSWORD=477iyetc44i2th6za8r7
+POSTGRES_PASSWORD=477iyetc44i2th6za8r7
+POSTGRESS_PORT=5432
+POSTGRES_PORT=5432
+PRIVATE_KEY=secret_key_safasf
+JWT_ACCESS_SECRET=7xTJ7WmRGZHGZGRih9w6pLSLvcbz2jpM
+JWT_REFRESH_SECRET=ikuwEkxy2xctmSpQLpfw4vdGs6bk9dq3
+SMTP_HOST="smtp.beget.com"
+SMTP_PORT=465
+X_SMTP_USER=checkers@rozenlab.com
+SMTP_USER=messenger@rozenlab.com
+X_SMTP_PASSWORD=X$sory79bak3yen3jzba
+SMTP_PASSWORD=M$sory79bak3yen3jzba
+API_URL=https://chback.rozenlab.com:7878
+XCLIENT_URL=https://192.168.1.2:9500
+CLIENT_URL=https://localhost
+ACCESS_TOKEN_MAX_AGE=70d
+REFRESH_TOKEN_MAX_AGE=70d
+COOKIE_REFRESH_TOKEN_MAX_AGE=6048000000
+XHTTPS_ENABLE=false
+HTTPS_ENABLE=true

secrets/httpauth/usersfile.htpasswd

@@ -0,0 +1 @@
+admin:$apr1$yqPJkrsT$3QLU4eis81kl81STzRmQK/

secrets/selfsigned/selfsigned.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIUYxNh6S3Y0G/QO+A+l/Cuj9H4HcswDQYJKoZIhvcNAQEL
+BQAwfjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO
+ZXcgWW9yazEMMAoGA1UECgwDTEVPMQwwCgYDVQQLDANMZW8xDDAKBgNVBAMMA0xl
+bzEfMB0GCSqGSIb3DQEJARYQNDI2NzQyQGdtYWlsLmNvbTAeFw0yNDA1MzExODU0
+MjRaFw0yNzAyMjQxODU0MjRaME4xCzAJBgNVBAYTAkNBMQ0wCwYDVQQIDAROb25l
+MQswCQYDVQQHDAJOQjENMAsGA1UECgwETm9uZTEUMBIGA1UEAwwLY3dzZXJ2ZXIu
+aG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj5S01nzA7rE+ZGVoX
+OKVXV+8pvMh5vUOYa1/mgu0epVKyuGlo3Yh36VyXKVhfyjz1oxaYDQyoo0AV53oq
++yB5qmjSEFevrMYTQvJkNlXeKR7gYd1KGBTgCopH4t9yoY+Nj5vbNxjvaJKgN9+c
+7JaUaOA7+3vb2D2e4PAngfJd9now3S+9mbYMN2/oLkZrWea/jcPGpn0xvFRdm8C3
+K9uEChbLzy1yYakp9qL2EU9sW9KiK89ekUYJmeSJwTiPxlu37eK+vRrDX69g2kz1
+fKCsw0IWP1eUVzQujv42uyBP6PHchydT4v8y24Mr19OAK57pu2/s+NSTNDnW5B4P
+kg8RAgMBAAGjgYEwfzAfBgNVHSMEGDAWgBR7tnajbyUDVGrenFewhqX6XqkUrTAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAlBgNVHREEHjAcggtjd3NlcnZlci5obYIN
+Ki5jd3NlcnZlci5obTAdBgNVHQ4EFgQUZNPvtUIP2wdNdguNWyTnte8KecwwDQYJ
+KoZIhvcNAQELBQADggEBAEfzFLDMTbeaDDMesshTur6xUwfMr9jzcU6BMlZ8vaRt
+6zqlBH9zV5tkyAaiiyjHIKU7NIh3KGhm+XdqOGOSl11jX/X09mw792lrCemmzHeC
+xhEoVetBsyRPs2ie/uzWkCV6wrq9MYAz8T0DeiJfW6uVy61Jg1JtOCbdWp5wBkco
+pp8ZNIV2LBwoo7YXbGGN0zO6ozoUwOjNazV+Zytog35W8MOv5XPuZBxDE0UR+Bba
+eiquGSRlfNcWDRxvEZDciLqxgv283+XdglxcCwVcXg+Qk1Tul7BSM4rI0W9B3ox3
+3Y2AhMKxqpJEpXa4yu6w4qW/fc54zVQsJbEfNgMRJ4g=
+-----END CERTIFICATE-----

secrets/selfsigned/selfsigned.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCj5S01nzA7rE+Z
+GVoXOKVXV+8pvMh5vUOYa1/mgu0epVKyuGlo3Yh36VyXKVhfyjz1oxaYDQyoo0AV
+53oq+yB5qmjSEFevrMYTQvJkNlXeKR7gYd1KGBTgCopH4t9yoY+Nj5vbNxjvaJKg
+N9+c7JaUaOA7+3vb2D2e4PAngfJd9now3S+9mbYMN2/oLkZrWea/jcPGpn0xvFRd
+m8C3K9uEChbLzy1yYakp9qL2EU9sW9KiK89ekUYJmeSJwTiPxlu37eK+vRrDX69g
+2kz1fKCsw0IWP1eUVzQujv42uyBP6PHchydT4v8y24Mr19OAK57pu2/s+NSTNDnW
+5B4Pkg8RAgMBAAECggEAEAcUcb78j4ldS2KQTd8LRExkJhfBHy6kEp7FhRxepfWS
+7clc/ZVUiC15EYtIii2T4o2tYvc7uq4kUUAO0W83kM5aa9iPSq3BvRZ579TkdtJc
+o6LOajWKrRI6zabhJSuphzV5D2oG9TqrxCFSq9zzKNZMv3DrfudZt1TWB3cMxaVx
+poPh+wceJgOC0EtfGU/HaNbZY6eRawH4YmjhILTwt2q2tdKXy+b/FbKRzGbGp1cE
+IdnyAbP4rjEarcf0w4DH68jZ2nPAj/Yfx9sZETZqXakIXoo0TKz1cRGfbBis2qCn
+ZGhosi3ru/oE0faL8DoZMAeIYWZDuWj0eObT4vhTQQKBgQDkbCXmXxvY/Mq/6Qu9
+nri3v1gqkmccMFq+QSogLmV4n97pRN+99x1e4MVruejUl/VDybjI0aCdGAaAXREr
+BBwefleqWZ1SRATee8bkftoYefpddK62wMDk6AFOHMbC3ZDcr+MVcOIpjNf8cwys
+2Q0N67RUN791ZtoArAfS8KNyGQKBgQC3rq+Eh4zLo7Wr+FZJLnT6FyqvRd1QXaLM
+ihRBw5wHZ9imGJksCVrwWDmViyTh9cRTxhysNi7WUDYWcs2/1iNzpVMMmr6Zakbk
+8oqu864DQyVSafCzFexsg2zf2HFZ62S+fmnyjBnNi0LioiF5Ocqq81+6KvPnjfKx
+kFiG9vrTuQKBgCjc3/rSUN0EfBDQ0/TcDBdy94bGIgP88n7OkYaoRibKEsqQM6Z8
+KpjqhOa8n1ZIyOuTjqb+OUlhHuifvY6AcbdSysQCvA4XdPeIFRCTUNjIGW3WjdrL
+qLZKetFKfJQnpt6T6H/RbeQY+hqDSmUxfxBadiwKvQl3mNA99jhaLCMhAoGAA9ZB
+UlpmhYZ48Auy+bpftS2wtZKXCeu6z9z+iVUluD3iF64h3PqhDK47HbWXYqT4oetc
+g/hpyA5K4vMo+x3lBbBpaLT+0EOZEYVDgl4Sv3yyleMipQsLMkUYjCCAVamGJDiN
+zARDMbj7/7H1UwvzANkuobvt9mNPs4fZYZBdMvkCgYEA0F7UjhiE05p9B/o4RIzi
+mNSfvOW1sQRnMnlbSdaTgPpB3IogzxidfzDIFkDzNoiL4xrgppBMWIsSxrMXVeJf
+K6cOtYG7Q+chOut/9RkefQZBuz+PTcGYlMxGGfeUM8JMK+Stx3LT/K9bHb+BQtK0
+8cb4frLS5SNja/8nc0aa7oM=
+-----END PRIVATE KEY-----

secrets/vars.env

@@ -0,0 +1,5 @@
+POSTGRES_PASSWORD=5w5oaorg63mhrn7ybm8t
+PGADMIN_DEFAULT_EMAIL=426742@gmail.com
+PGADMIN_DEFAULT_PASSWORD=upu9s546b8ndyoeq4v3d
+LE_EMAIL=426742@gmail.com
+GITEA_DB_PW=irvjyvqp8c94e8tf2gq5

traefik.yml

@@ -0,0 +1,57 @@
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:v3.0.1
+    restart: always
+    networks:
+      - proxynet
+    env_file:
+      - ./secrets/vars.env
+    command: 
+      #tls:
+        #certificates:
+          #- certFile: /secrets/selfsigned/selfsigned.crt
+            #keyFile: /secrets/selfsigned/selfsigned.key
+     - "--providers.file.filename=/traefik/certs.yml"
+     - "--api.insecure=false"
+     - "--api.dashboard=true" 
+     - "--providers.docker"
+     - "--log.level=DEBUG"
+     - '--log=true'
+     #- "--log.level=INFO"
+     - "--providers.docker.exposedByDefault=false"
+     - "--providers.docker.network=server_proxynet"
+    #Entrypoints:
+     - "--entrypoints.http.address=:80"
+     - "--entrypoints.https.address=:443"
+     - "--entrypoints.postgres.address=:5432"
+     - "--entrypoints.http.http.redirections.entrypoint.to=https"
+     - "--entrypoints.http.http.redirections.entrypoint.scheme=https"
+    #SSL Let's Encrypt:
+     - "--entrypoints.https.http.tls.certResolver=${CERT_RESOLVER}"
+     - "--certificatesresolvers.le.acme.tlschallenge=true"
+     - "--certificatesresolvers.le.acme.email=${LE_EMAIL}"
+     - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
+     #Dashboard secure:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
+      - "traefik.http.routers.dashboard.entrypoints=https"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.usersfile=/httpauth/usersfile.htpasswd"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "5432:5432"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./secrets/letsencrypt:/letsencrypt
+      - ./secrets/httpauth:/httpauth
+      - ./traefik/certs.yml:/traefik/certs.yml
+      - ./secrets/selfsigned:/secrets/selfsigned
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"

traefik/certs.yml

@@ -0,0 +1,4 @@
+tls:
+  certificates:
+    - certFile: "/secrets/selfsigned/selfsigned.crt"
+      keyFile: "/secrets/selfsigned/selfsigned.key"

www/demo/index.html

@@ -0,0 +1,10 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Docker Nginx</title>
+</head>
+<body>
+  <h2>DEMO</h2>
+</body>
+</html>

www/main/index.html

@@ -0,0 +1,10 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Docker Nginx</title>
+</head>
+<body>
+  <h2>Hello from Nginx container</h2>
+</body>
+</html>