Merged in Master

.gitignore

@@ -6,4 +6,7 @@
 !/*
 
 # Allow assets folder
-!assets/**
+!assets/**
+
+# Don't allow .env files, just env-exmaple files
+!.env-example

TraefikVPN/docker-compose.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    command:
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik-insecure.entrypoints=web"
+
+      - "traefik.http.routers.traefik.rule=Host(`traefik.vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    name: proxy

VPN/docker-compose.yml

@@ -0,0 +1,25 @@
+version: "3.8"
+services:
+  dockovpn:
+    image: alekslitvinenk/openvpn
+    cap_add:
+        - NET_ADMIN
+    ports:
+        - 1194:1194/udp # Expose tcp if you defined HOST_TUN_PROTOCOL=tcp
+    environment:
+        HOST_ADDR: vpn.luke-else.co.uk # Your VPN server address 
+    volumes:
+        - ./openvpn_conf:/opt/Dockovpn_data
+    labels:
+      ## Expose vpn Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.vpn-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.vpn-insecure.rule=Host(`vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.vpn-insecure.entrypoints=web"
+
+      - "traefik.http.routers.vpn.rule=Host(`vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.vpn.entrypoints=websecure"
+      - "traefik.http.routers.vpn.tls.certresolver=myresolver"
+    restart: always

todo.md

@@ -15,7 +15,7 @@
 - Setup unattended upgrades
 - Install docker, docker-compose and apache utils.
 
-## Traefik + TraefikRunner
+## Traefik + TraefikRunner + Traefik VPN
 
 - Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
 - Ensure email address is correct
@@ -35,8 +35,6 @@ Create a .env file with the following content:
 ```sh
 ACKEE_USERNAME=luke-else
 ACKEE_PASSWORD=XXX
-
-
 ```
 
 ## Websites

vpn-spindown.sh

@@ -0,0 +1,13 @@
+#Script file for spinning down all CICD relevant docker-containers
+
+cd ./VPN/
+docker compose down
+cd ..
+
+cd ./TraefikVPN/
+docker compose down
+cd ..
+
+docker rmi $(docker images -q)
+docker system prune -f
+docker volume prune -f

vpn-spinup.sh

@@ -0,0 +1,9 @@
+#Script file for spinning up all docker-containers
+
+cd ./TraefikRunner/
+docker compose pull && docker compose up -d
+cd ..
+
+cd ./VPN/
+docker compose pull && docker compose up -d
+cd ..