Merged in Master

This commit is contained in:
Luke Else 2025-05-30 20:51:59 +01:00
commit 9c7225e8ef
Signed by: luke-else
GPG Key ID: B44FAF5CD3964A56
6 changed files with 93 additions and 4 deletions

5
.gitignore vendored
View File

@ -6,4 +6,7 @@
!/*
# Allow assets folder
!assets/**
!assets/**
# Don't allow .env files, just env-exmaple files
!.env-example

View File

@ -0,0 +1,41 @@
version: "3.8"
services:
traefik:
image: "traefik:latest"
container_name: "traefik"
command:
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure"
- "traefik.http.routers.traefik-insecure.rule=Host(`traefik.vpn.luke-else.co.uk`)"
- "traefik.http.routers.traefik-insecure.entrypoints=web"
- "traefik.http.routers.traefik.rule=Host(`traefik.vpn.luke-else.co.uk`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
restart: unless-stopped
networks:
proxy:
name: proxy

25
VPN/docker-compose.yml Normal file
View File

@ -0,0 +1,25 @@
version: "3.8"
services:
dockovpn:
image: alekslitvinenk/openvpn
cap_add:
- NET_ADMIN
ports:
- 1194:1194/udp # Expose tcp if you defined HOST_TUN_PROTOCOL=tcp
environment:
HOST_ADDR: vpn.luke-else.co.uk # Your VPN server address
volumes:
- ./openvpn_conf:/opt/Dockovpn_data
labels:
## Expose vpn Through Trefik ##
- "traefik.enable=true" # <== Enable traefik to proxy this container
- "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.routers.vpn-insecure.middlewares=redirect-web-secure"
- "traefik.http.routers.vpn-insecure.rule=Host(`vpn.luke-else.co.uk`)"
- "traefik.http.routers.vpn-insecure.entrypoints=web"
- "traefik.http.routers.vpn.rule=Host(`vpn.luke-else.co.uk`)"
- "traefik.http.routers.vpn.entrypoints=websecure"
- "traefik.http.routers.vpn.tls.certresolver=myresolver"
restart: always

View File

@ -15,7 +15,7 @@
- Setup unattended upgrades
- Install docker, docker-compose and apache utils.
## Traefik + TraefikRunner
## Traefik + TraefikRunner + Traefik VPN
- Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
- Ensure email address is correct
@ -35,8 +35,6 @@ Create a .env file with the following content:
```sh
ACKEE_USERNAME=luke-else
ACKEE_PASSWORD=XXX
```
## Websites

13
vpn-spindown.sh Normal file
View File

@ -0,0 +1,13 @@
#Script file for spinning down all CICD relevant docker-containers
cd ./VPN/
docker compose down
cd ..
cd ./TraefikVPN/
docker compose down
cd ..
docker rmi $(docker images -q)
docker system prune -f
docker volume prune -f

9
vpn-spinup.sh Normal file
View File

@ -0,0 +1,9 @@
#Script file for spinning up all docker-containers
cd ./TraefikRunner/
docker compose pull && docker compose up -d
cd ..
cd ./VPN/
docker compose pull && docker compose up -d
cd ..