From 49b1cd26f43af883551d1b01272f3b83ca76bac4 Mon Sep 17 00:00:00 2001 From: Luke Else Date: Sun, 4 May 2025 17:09:07 +0100 Subject: [PATCH 1/6] Added VPN service to list of docker containers --- TraefikVPN/docker-compose.yml | 41 +++++++++++++++++++++++++++++++++++ VPN/docker-compose.yml | 25 +++++++++++++++++++++ vpn-spindown.sh | 13 +++++++++++ vpn-spinup.sh | 9 ++++++++ 4 files changed, 88 insertions(+) create mode 100644 TraefikVPN/docker-compose.yml create mode 100644 VPN/docker-compose.yml create mode 100644 vpn-spindown.sh create mode 100644 vpn-spinup.sh diff --git a/TraefikVPN/docker-compose.yml b/TraefikVPN/docker-compose.yml new file mode 100644 index 0000000..529ce28 --- /dev/null +++ b/TraefikVPN/docker-compose.yml @@ -0,0 +1,41 @@ +version: "3.8" +services: + traefik: + image: "traefik:latest" + container_name: "traefik" + command: + - "--api.dashboard=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - "80:80" + - "443:443" + volumes: + - "./letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + networks: + - proxy + labels: + - "traefik.enable=true" + + - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https" + - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure" + - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.vpn.luke-else.co.uk`)" + - "traefik.http.routers.traefik-insecure.entrypoints=web" + + - "traefik.http.routers.traefik.rule=Host(`traefik.vpn.luke-else.co.uk`)" + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.routers.traefik.tls.certresolver=myresolver" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS" + restart: unless-stopped + +networks: + proxy: + name: proxy \ No newline at end of file diff --git a/VPN/docker-compose.yml b/VPN/docker-compose.yml new file mode 100644 index 0000000..083c676 --- /dev/null +++ b/VPN/docker-compose.yml @@ -0,0 +1,25 @@ +version: "3.8" +services: + dockovpn: + image: alekslitvinenk/openvpn + cap_add: + - NET_ADMIN + ports: + - 1194:1194/udp # Expose tcp if you defined HOST_TUN_PROTOCOL=tcp + environment: + HOST_ADDR: vpn.luke-else.co.uk # Your VPN server address + volumes: + - ./openvpn_conf:/opt/Dockovpn_data + labels: + ## Expose vpn Through Trefik ## + - "traefik.enable=true" # <== Enable traefik to proxy this container + + - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https" + - "traefik.http.routers.vpn-insecure.middlewares=redirect-web-secure" + - "traefik.http.routers.vpn-insecure.rule=Host(`vpn.luke-else.co.uk`)" + - "traefik.http.routers.vpn-insecure.entrypoints=web" + + - "traefik.http.routers.vpn.rule=Host(`vpn.luke-else.co.uk`)" + - "traefik.http.routers.vpn.entrypoints=websecure" + - "traefik.http.routers.vpn.tls.certresolver=myresolver" + restart: always \ No newline at end of file diff --git a/vpn-spindown.sh b/vpn-spindown.sh new file mode 100644 index 0000000..a2c506b --- /dev/null +++ b/vpn-spindown.sh @@ -0,0 +1,13 @@ +#Script file for spinning down all CICD relevant docker-containers + +cd ./VPN/ +docker compose down +cd .. + +cd ./TraefikVPN/ +docker compose down +cd .. + +docker rmi $(docker images -q) +docker system prune -f +docker volume prune -f \ No newline at end of file diff --git a/vpn-spinup.sh b/vpn-spinup.sh new file mode 100644 index 0000000..544691f --- /dev/null +++ b/vpn-spinup.sh @@ -0,0 +1,9 @@ +#Script file for spinning up all docker-containers + +cd ./TraefikRunner/ +docker compose pull && docker compose up -d +cd .. + +cd ./VPN/ +docker compose pull && docker compose up -d +cd .. \ No newline at end of file From aa3d9c4ea2f874f8d773e9d2d3748a9523593df7 Mon Sep 17 00:00:00 2001 From: Luke Else Date: Sun, 4 May 2025 17:10:25 +0100 Subject: [PATCH 2/6] Added readme items for VPN setup --- todo.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/todo.md b/todo.md index 076a6f1..111f77e 100644 --- a/todo.md +++ b/todo.md @@ -15,7 +15,7 @@ - Setup unattended upgrades - Install docker, docker-compose and apache utils. -## Traefik + TraefikRunner +## Traefik + TraefikRunner + Traefik VPN - Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g` - Ensure email address is correct @@ -35,8 +35,6 @@ Create a .env file with the following content: ```sh ACKEE_USERNAME=luke-else ACKEE_PASSWORD=XXX - - ``` ## Websites From e557ae01526819e67765c8700268c2afd86af04e Mon Sep 17 00:00:00 2001 From: Luke Else Date: Fri, 30 May 2025 00:06:50 +0100 Subject: [PATCH 3/6] Added Merdiaan service --- .gitignore | 4 ++- Meridian/docker-compose.yml | 67 +++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 Meridian/docker-compose.yml diff --git a/.gitignore b/.gitignore index a1cf0fb..b3495e1 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,6 @@ # Allow docker-compose.yml !**/docker-compose.yml -!/* \ No newline at end of file +!/* + +.env \ No newline at end of file diff --git a/Meridian/docker-compose.yml b/Meridian/docker-compose.yml new file mode 100644 index 0000000..73e625e --- /dev/null +++ b/Meridian/docker-compose.yml @@ -0,0 +1,67 @@ +version: '3.8' + +services: + meridian: + container_name: meridian + image: aboveu/meridian:latest + env_file: + - .env + ports: + - "3000:3000" + depends_on: + - postgres + - flighttime + networks: + - internal + - proxy + labels: + ## Expose Meridian Through Trefik ## + - "traefik.enable=true" # <== Enable traefik to proxy this container + + - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https" + - "traefik.http.routers.meridian-insecure.middlewares=redirect-web-secure" + - "traefik.http.routers.meridian-insecure.rule=Host(`meridian.luke-else.co.uk`)" + - "traefik.http.routers.meridian-insecure.entrypoints=web" + + - "traefik.http.routers.meridian.rule=Host(`meridian.luke-else.co.uk`)" + - "traefik.http.routers.meridian.entrypoints=websecure" + - "traefik.http.routers.meridian.tls.certresolver=myresolver" + restart: unless-stopped + + postgres: + container_name: postgres + image: postgres:16 + env_file: + - .env + environment: + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASS} + volumes: + - pgdata:/var/lib/postgresql/data + - ./scripts/init_db.sql:/docker-entrypoint-initdb.d/1-init_db.sql:ro + - ./scripts/core_migration.sql:/docker-entrypoint-initdb.d/2-core_migrations.sql:ro + - ./scripts/airline_alliances.sql:/docker-entrypoint-initdb.d/3-airline_alliances.sql:ro + networks: + - internal + restart: unless-stopped + + flighttime: + container_name: flighttime + build: + context: ./flightTime + dockerfile: dockerfile + ports: + - "5000:5000" + networks: + - internal + restart: unless-stopped + +volumes: + pgdata: + +networks: + internal: + driver: bridge + proxy: + external: true \ No newline at end of file From 3dcc017007e594759fa800db7788cddfc7bcce33 Mon Sep 17 00:00:00 2001 From: Luke Else Date: Fri, 30 May 2025 00:09:11 +0100 Subject: [PATCH 4/6] Updated install instructions for Meridian --- main-spindown.sh | 4 ++++ main-spinup.sh | 4 ++++ todo.md | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/main-spindown.sh b/main-spindown.sh index f8b37c7..18ec992 100644 --- a/main-spindown.sh +++ b/main-spindown.sh @@ -4,6 +4,10 @@ cd ./Websites/ docker-compose down cd .. +cd ./Meridian/ +docker-compose down +cd .. + cd ./Tracking/ docker-compose down cd .. diff --git a/main-spinup.sh b/main-spinup.sh index 71b1811..2f03f0e 100644 --- a/main-spinup.sh +++ b/main-spinup.sh @@ -18,6 +18,10 @@ cd ./Websites/ docker-compose pull && docker-compose up -d cd .. +cd ./Meridian/ +docker-compose pull && docker-compose up -d +cd .. + cd ./Database/ docker-compose pull && docker-compose up -d cd .. diff --git a/todo.md b/todo.md index 111f77e..72ea731 100644 --- a/todo.md +++ b/todo.md @@ -52,3 +52,7 @@ ACKEE_PASSWORD=XXX - Ensure that mysql root password, user and default database are updated. - Ensure that mongo root password, and user are updated. - Ensure database ports are correctly assigned and do not have to pass through traefik. + +## Meridian + +- Copy .env_example to a .env file and insert all the correct params From f47c0ed774ee332d048e0b7e94af0eccc21236d6 Mon Sep 17 00:00:00 2001 From: Luke Else Date: Fri, 30 May 2025 00:20:04 +0100 Subject: [PATCH 5/6] Opted to use flighttime contained pushed to docker hub --- Meridian/docker-compose.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Meridian/docker-compose.yml b/Meridian/docker-compose.yml index 73e625e..8b868f8 100644 --- a/Meridian/docker-compose.yml +++ b/Meridian/docker-compose.yml @@ -48,9 +48,7 @@ services: flighttime: container_name: flighttime - build: - context: ./flightTime - dockerfile: dockerfile + image: aboveu/flighttime:latest ports: - "5000:5000" networks: From 98847c4bf373549541a7216d588322e3b1ebe68d Mon Sep 17 00:00:00 2001 From: Luke Else Date: Fri, 30 May 2025 00:38:19 +0100 Subject: [PATCH 6/6] Removed Meridian.. will try again some point soon --- Meridian/docker-compose.yml | 65 ------------------------------------- main-spindown.sh | 4 --- main-spinup.sh | 4 --- todo.md | 4 --- 4 files changed, 77 deletions(-) delete mode 100644 Meridian/docker-compose.yml diff --git a/Meridian/docker-compose.yml b/Meridian/docker-compose.yml deleted file mode 100644 index 8b868f8..0000000 --- a/Meridian/docker-compose.yml +++ /dev/null @@ -1,65 +0,0 @@ -version: '3.8' - -services: - meridian: - container_name: meridian - image: aboveu/meridian:latest - env_file: - - .env - ports: - - "3000:3000" - depends_on: - - postgres - - flighttime - networks: - - internal - - proxy - labels: - ## Expose Meridian Through Trefik ## - - "traefik.enable=true" # <== Enable traefik to proxy this container - - - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https" - - "traefik.http.routers.meridian-insecure.middlewares=redirect-web-secure" - - "traefik.http.routers.meridian-insecure.rule=Host(`meridian.luke-else.co.uk`)" - - "traefik.http.routers.meridian-insecure.entrypoints=web" - - - "traefik.http.routers.meridian.rule=Host(`meridian.luke-else.co.uk`)" - - "traefik.http.routers.meridian.entrypoints=websecure" - - "traefik.http.routers.meridian.tls.certresolver=myresolver" - restart: unless-stopped - - postgres: - container_name: postgres - image: postgres:16 - env_file: - - .env - environment: - POSTGRES_DB: ${POSTGRES_DB} - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASS} - volumes: - - pgdata:/var/lib/postgresql/data - - ./scripts/init_db.sql:/docker-entrypoint-initdb.d/1-init_db.sql:ro - - ./scripts/core_migration.sql:/docker-entrypoint-initdb.d/2-core_migrations.sql:ro - - ./scripts/airline_alliances.sql:/docker-entrypoint-initdb.d/3-airline_alliances.sql:ro - networks: - - internal - restart: unless-stopped - - flighttime: - container_name: flighttime - image: aboveu/flighttime:latest - ports: - - "5000:5000" - networks: - - internal - restart: unless-stopped - -volumes: - pgdata: - -networks: - internal: - driver: bridge - proxy: - external: true \ No newline at end of file diff --git a/main-spindown.sh b/main-spindown.sh index 18ec992..f8b37c7 100644 --- a/main-spindown.sh +++ b/main-spindown.sh @@ -4,10 +4,6 @@ cd ./Websites/ docker-compose down cd .. -cd ./Meridian/ -docker-compose down -cd .. - cd ./Tracking/ docker-compose down cd .. diff --git a/main-spinup.sh b/main-spinup.sh index 2f03f0e..71b1811 100644 --- a/main-spinup.sh +++ b/main-spinup.sh @@ -18,10 +18,6 @@ cd ./Websites/ docker-compose pull && docker-compose up -d cd .. -cd ./Meridian/ -docker-compose pull && docker-compose up -d -cd .. - cd ./Database/ docker-compose pull && docker-compose up -d cd .. diff --git a/todo.md b/todo.md index 72ea731..111f77e 100644 --- a/todo.md +++ b/todo.md @@ -52,7 +52,3 @@ ACKEE_PASSWORD=XXX - Ensure that mysql root password, user and default database are updated. - Ensure that mongo root password, and user are updated. - Ensure database ports are correctly assigned and do not have to pass through traefik. - -## Meridian - -- Copy .env_example to a .env file and insert all the correct params