diff --git a/.gitignore b/.gitignore index e4f20ee..8c4ebe1 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,7 @@ !/* # Allow assets folder -!assets/** \ No newline at end of file +!assets/** + +# Don't allow .env files, just env-exmaple files +!.env-example diff --git a/TraefikVPN/docker-compose.yml b/TraefikVPN/docker-compose.yml new file mode 100644 index 0000000..529ce28 --- /dev/null +++ b/TraefikVPN/docker-compose.yml @@ -0,0 +1,41 @@ +version: "3.8" +services: + traefik: + image: "traefik:latest" + container_name: "traefik" + command: + - "--api.dashboard=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - "80:80" + - "443:443" + volumes: + - "./letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + networks: + - proxy + labels: + - "traefik.enable=true" + + - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https" + - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure" + - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.vpn.luke-else.co.uk`)" + - "traefik.http.routers.traefik-insecure.entrypoints=web" + + - "traefik.http.routers.traefik.rule=Host(`traefik.vpn.luke-else.co.uk`)" + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.routers.traefik.tls.certresolver=myresolver" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS" + restart: unless-stopped + +networks: + proxy: + name: proxy \ No newline at end of file diff --git a/VPN/docker-compose.yml b/VPN/docker-compose.yml new file mode 100644 index 0000000..083c676 --- /dev/null +++ b/VPN/docker-compose.yml @@ -0,0 +1,25 @@ +version: "3.8" +services: + dockovpn: + image: alekslitvinenk/openvpn + cap_add: + - NET_ADMIN + ports: + - 1194:1194/udp # Expose tcp if you defined HOST_TUN_PROTOCOL=tcp + environment: + HOST_ADDR: vpn.luke-else.co.uk # Your VPN server address + volumes: + - ./openvpn_conf:/opt/Dockovpn_data + labels: + ## Expose vpn Through Trefik ## + - "traefik.enable=true" # <== Enable traefik to proxy this container + + - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https" + - "traefik.http.routers.vpn-insecure.middlewares=redirect-web-secure" + - "traefik.http.routers.vpn-insecure.rule=Host(`vpn.luke-else.co.uk`)" + - "traefik.http.routers.vpn-insecure.entrypoints=web" + + - "traefik.http.routers.vpn.rule=Host(`vpn.luke-else.co.uk`)" + - "traefik.http.routers.vpn.entrypoints=websecure" + - "traefik.http.routers.vpn.tls.certresolver=myresolver" + restart: always \ No newline at end of file diff --git a/todo.md b/todo.md index 076a6f1..111f77e 100644 --- a/todo.md +++ b/todo.md @@ -15,7 +15,7 @@ - Setup unattended upgrades - Install docker, docker-compose and apache utils. -## Traefik + TraefikRunner +## Traefik + TraefikRunner + Traefik VPN - Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g` - Ensure email address is correct @@ -35,8 +35,6 @@ Create a .env file with the following content: ```sh ACKEE_USERNAME=luke-else ACKEE_PASSWORD=XXX - - ``` ## Websites diff --git a/vpn-spindown.sh b/vpn-spindown.sh new file mode 100644 index 0000000..a2c506b --- /dev/null +++ b/vpn-spindown.sh @@ -0,0 +1,13 @@ +#Script file for spinning down all CICD relevant docker-containers + +cd ./VPN/ +docker compose down +cd .. + +cd ./TraefikVPN/ +docker compose down +cd .. + +docker rmi $(docker images -q) +docker system prune -f +docker volume prune -f \ No newline at end of file diff --git a/vpn-spinup.sh b/vpn-spinup.sh new file mode 100644 index 0000000..544691f --- /dev/null +++ b/vpn-spinup.sh @@ -0,0 +1,9 @@ +#Script file for spinning up all docker-containers + +cd ./TraefikRunner/ +docker compose pull && docker compose up -d +cd .. + +cd ./VPN/ +docker compose pull && docker compose up -d +cd .. \ No newline at end of file