Merge pull request 'TraefikIntegration' (#5 ) from TraefikIntegration into master

Reviewed-on: #5
Update Container documentation.
2023-08-08 21:50:40 +02:00 · 2023-08-08 20:31:25 +01:00 · 2023-08-08 20:23:18 +01:00 · 2023-08-07 23:01:29 +01:00 · 2023-08-07 22:39:34 +01:00 · 2023-08-07 22:33:38 +01:00
10 changed files with 204 additions and 98 deletions
--- a/Bitwarden/docker-compose.yml
+++ b/Bitwarden/docker-compose.yml
@ -8,4 +8,19 @@ services:
    container_name: vaultwarden
    volumes:
      - ./bitwarden/:/data/
-    restart: unless-stopped
+    networks:
      - proxy
    depends_on:
      - traefik
    labels:
      ## Expose Bitwarden Through Trefik ##
      - "traefik.enable=true" # <== Enable traefik to proxy this container
      - "traefik.http.services.bitwarden.loadbalancer.server.port=80"
      - "traefik.http.routers.bitwarden.rule=Host(`bitwarden.luke-else.co.uk`) || Host(`www.bitwarden.luke-else.co.uk`)"
      - "traefik.http.routers.bitwarden.entrypoints=websecure"
      - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
    restart: unless-stopped
 networks:
  proxy:
    external: true
--- a/Database/docker-compose.yml
+++ b/Database/docker-compose.yml
@ -6,33 +6,47 @@ services:
  mongodb:
    image: "mongo:latest"
    container_name: mongoDB
    volumes:
      - ./mongo/:/data/db
    ports:
      - "27017:27017"
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: rootpassword
    ports:
      - "27017:27017"
    volumes:
      - ./mongo/:/data/db
    restart: unless-stopped
 #MySQL (3306) + phpMyAdmin ()
  mysql:
    image: "mysql"
    container_name: MySQL
    volumes: 
      - ./mysql/:/var/lib/mysql
    ports:
      - "3306:3306"
    environment:
      MYSQL_ROOT_PASSWORD: rootpassword
      MYSQL_DATABASE: test_db
    ports:
      - "3306:3306"
    volumes: 
      - ./mysql/:/var/lib/mysql
    restart: unless-stopped
  phpMyAdmin:
    image: "phpmyadmin/phpmyadmin:latest"
    container_name: phpMyAdmin
    networks:
      - proxy
    depends_on:
      - mysql
      - traefik
    environment:
      PMA_HOST: mysql
    labels:
      ## Expose phpMyAdmin Through Trefik ##
      - "traefik.enable=true" # <== Enable traefik to proxy this container
      - "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
      - "traefik.http.routers.phpmyadmin.rule=Host(`mysql.luke-else.co.uk`) || Host(`www.mysql.luke-else.co.uk`)"
      - "traefik.http.routers.phpmyadmin.entrypoints=websecure"
      - "traefik.http.routers.phpmyadmin.tls.certresolver=myresolver"
    restart: unless-stopped
-    depends_on:
+
-      - mysql
+networks:
  proxy:
    external: true
--- a/Development/Gitea/docker-compose.yml
+++ b/Development/Gitea/docker-compose.yml
@ -1,11 +1,20 @@
 version: '3.8'
 services:
-
+  #gitea (222)
 #gitea (222)
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - proxy
    depends_on:
      - traefik
    ports:
      - "222:22"
    environment:
      - APP_NAME="gitea"
      - USER_UID=1000
@ -19,10 +28,15 @@ services:
      - SSH_PORT=222
      - SSH_LISTEN_PORT=22
      - DB_TYPE=sqlite3
-    ports:
+    labels:
-      - "222:22"
+      ## Expose Gitea Through Trefik ##
-    volumes:
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
-      - ./gitea:/data
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
-      - /etc/timezone:/etc/timezone:ro
+      - "traefik.http.routers.gitea.rule=Host(`git.luke-else.co.uk`) || Host(`www.git.luke-else.co.uk`)"
-      - /etc/localtime:/etc/localtime:ro
+      - "traefik.http.routers.gitea.entrypoints=websecure"
-    restart: unless-stopped
+      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
    restart: unless-stopped
 networks:
  proxy:
    external: true
--- a/NextCloud/docker-compose.yml
+++ b/NextCloud/docker-compose.yml
@ -1,29 +0,0 @@
 version: '3.8'
 services:
  db:
    image: mariadb
    container_name: nextclouddb
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MYSQL_PASSWORD=
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
  nextcloud:
    image: nextcloud
    container_name: nextcloud
    restart: always
    links:
      - db
    volumes:
      - ./nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
--- a/ReverseProxy/docker-compose.yml
+++ b/ReverseProxy/docker-compose.yml
@ -1,46 +0,0 @@
 version: '3.8'
 services:
  #nginx (80, 443, 8080)
  nginx:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: nginx
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '8080:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of 
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./nginx/data:/data
      - ./nginx/letsencrypt:/etc/letsencrypt
    restart: unless-stopped
    networks:
      - websites
      - gitea
      - databases
      - bitwarden
      - nextcloud
 networks:
  websites:
    name: websites_default
  gitea:
    name: gitea_default
  databases:
    name: database_default
  bitwarden:
    name: bitwarden_default
  nextcloud:
    name: nextcloud_default
--- a/Traefik/docker-compose.yml
+++ b/Traefik/docker-compose.yml
@ -0,0 +1,35 @@
 version: "3.8"
 services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    command:
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.luke-else.co.uk`) || Host('www.traefik.luke-else.co.uk')"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
    restart: unless-stopped
 networks:
  proxy:
    name: proxy
--- a/Websites/docker-compose.yml
+++ b/Websites/docker-compose.yml
@ -4,10 +4,21 @@ services:
 #Websites luke-else.co.uk (8000) snexo.co.uk (8001)
  luke-else.co.uk:
-    image: "php:apache"
+    image: "nginx:latest"
    container_name: luke-else.co.uk
    volumes:
-      - ./luke-else.co.uk/:/var/www/html
+      - ./luke-else.co.uk/:/usr/share/nginx/html
    networks:
      - proxy
    depends_on:
      - traefik
    labels:
      ## Expose luke-else Through Trefik ##
      - "traefik.enable=true" # <== Enable traefik to proxy this container
      - "traefik.http.services.personal.loadbalancer.server.port=80"
      - "traefik.http.routers.personal.rule=Host(`luke-else.co.uk`) || Host(`www.luke-else.co.uk`)"
      - "traefik.http.routers.personal.entrypoints=websecure"
      - "traefik.http.routers.personal.tls.certresolver=myresolver"
    restart: unless-stopped
  snexo.co.uk:
@ -15,4 +26,19 @@ services:
    container_name: snexo.co.uk
    volumes:
      - ./snexo.co.uk/:/var/www/html
-    restart: unless-stopped
+    networks:
      - proxy
    depends_on:
      - traefik
    labels:
      ## Expose Snexo Through Trefik ##
      - "traefik.enable=true" # <== Enable traefik to proxy this container
      - "traefik.http.services.snexo.loadbalancer.server.port=80"
      - "traefik.http.routers.snexo.rule=Host(`snexo.co.uk`) || Host(`www.snexo.co.uk`)"
      - "traefik.http.routers.snexo.entrypoints=websecure"
      - "traefik.http.routers.snexo.tls.certresolver=myresolver"
    restart: unless-stopped
 networks:
  proxy:
    external: true
--- a/spindown.sh
+++ b/spindown.sh
@ -0,0 +1,21 @@
 #Script file for spinning down all docker-containers
 cd ./Websites/
 docker-compose down
 cd ..
    cd ./Development/Gitea/
    docker-compose down
    cd ../..
 cd ./Database/
 docker-compose down
 cd ..
 cd ./Bitwarden/
 docker-compose down
 cd ..
 cd ./Traefik/
 docker-compose down
 cd ..
--- a/spinup.sh
+++ b/spinup.sh
@ -0,0 +1,21 @@
 #Script file for spinning up all docker-containers
 cd ./Traefik/
 docker-compose up -d
 cd ..
 cd ./Websites/
 docker-compose up -d
 cd ..
    cd ./Development/Gitea/
    docker-compose up -d
    cd ../..
 cd ./Database/
 docker-compose up -d
 cd ..
 cd ./Bitwarden/
 docker-compose up -d
 cd ..
--- a/todo.md
+++ b/todo.md
@ -0,0 +1,35 @@
 # ToDo Items
 ## General
 - Setup non root user
 - UFW should be setup to keep VPS secure and only allow for:
    - https
    - http
    - ssh
    - ftp
    - 27017
    - 3306
 - Install SSH keys
 - Setup unattended upgrades
 - Install docker, docker-compose and apache utils.
 ## Traefik
 - Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ```
 - Ensure email address is correct
 ## Gitea
 - Ensure that ports are assigned correctly for the system
 ## Websites
 - Ensure website files are copied over
 - Ensure that ports are assigned correctly for the system
 ## Bitwarden
 - Ensure that all data is fully encrypted during transfer.
 - Ensure that ports are assigned correctly for the system
 ## Database
 - Ensure that mysql root password, user and default database are updated.
 - Ensure that mongo root password, and user are updated.
 - Ensure database ports are correctly assigned and do not have to pass through traefik.
Author	SHA1	Message	Date
Luke Else	c83cf90b79	Merge pull request 'TraefikIntegration' (#5 ) from TraefikIntegration into master Reviewed-on: #5	2023-08-08 21:50:40 +02:00
Luke Else	a8c8135f77	Update Container documentation.	2023-08-08 20:31:25 +01:00
Luke Else	381a1126e2	Prepared all containers for final rollout	2023-08-08 20:23:18 +01:00
Luke Else	7a553128b1	Updated all containers to bring inline with needed Traefik config	2023-08-07 23:01:29 +01:00
Luke Else	97b4dc6a66	Added traefik to proxt container iteslf	2023-08-07 22:39:34 +01:00
Luke Else	1ee167aad3	Moved to a new container... hopefully we have the same results	2023-08-07 22:33:38 +01:00
Luke Else	dfadd63ea5	Updated traefik to use auth middleware	2023-08-07 22:22:15 +01:00
Luke Else	537da28dc4	Updated traefik to use auth middleware	2023-08-07 22:17:57 +01:00
Luke Else	d74540d2a2	Update ports, should be the final change tonight	2023-08-07 22:05:55 +01:00
Luke Else	75aa652d24	Updated gitea port]	2023-08-07 19:18:54 +01:00
Luke Else	025b45b6aa	Updated gitea port]	2023-08-07 19:14:41 +01:00
Luke Else	800fabfe85	Updated gitea port]	2023-08-07 19:11:59 +01:00
Luke Else	2277baea40	Updated gitea port]	2023-08-07 19:10:42 +01:00
Luke Else	1879a80f7f	Updated gitea port]	2023-08-07 19:09:21 +01:00
Luke Else	48ef532b55	Added gitea to traefik container	2023-08-07 19:07:14 +01:00
Luke Else	d16e075814	Added logging to traefik container	2023-08-07 19:04:20 +01:00
Luke Else	8e0b55d6dc	Changed domain name in test container	2023-08-07 18:59:50 +01:00
Luke Else	debad3648a	Removed network from test container	2023-08-07 18:57:43 +01:00
Luke Else	740026dd37	Removed network from test container	2023-08-07 18:57:21 +01:00
Luke Else	85d6afd6b6	Update gitea container for testing	2023-08-07 18:55:47 +01:00
Luke Else	f66d90eef7	Test to get traefik running	2023-08-07 18:47:49 +01:00
Luke Else	86bb3d49d6	#1 - Removed Jira Lined from spindown script	2022-11-18 17:50:48 +01:00
Luke Else	d535a8656f	#1 - Removed Jira Lines from spinup script	2022-11-18 17:50:18 +01:00
Luke Else	88b4133cf7	Removed Traefik Dependancy from each container	2022-11-16 14:29:19 +00:00
Luke Else	5bfb645b73	Create DockerCompose for Jira #1 - Removed Jira	2022-11-16 14:28:03 +00:00
Luke Else	fcef091eae	Update 'Traefik/docker-compose.yml'	2022-11-15 23:49:11 +01:00
Luke Else	d85fa37014	Update Networks defined in Traefik Container	2022-11-15 22:01:44 +01:00
Luke Else	4b33c0e406	Created 'Spin Up' and 'Spin Down'	2022-11-14 20:59:37 +00:00
Luke Else	448b5fb436	Created startup/shudown container script files	2022-11-03 16:39:09 +00:00
Luke Else	661cebcec0	Updated websites containers to use Traefik labels	2022-11-03 16:29:15 +00:00
Luke Else	463b9dc1f7	Updated NextCloud container to use Traefik labels	2022-11-03 16:26:54 +00:00
Luke Else	566dd8c965	Updated Development container to use Traefik labels	2022-11-03 16:23:23 +00:00
Luke Else	bd79b17c7f	Updated Database docker file to have Traefik Labels	2022-11-03 16:18:40 +00:00
Luke Else	86349c4b76	Updated Bitwarden docker file to have Traefik Labels	2022-11-03 16:16:12 +00:00
Luke Else	e59a398406	Merge pull request 'traefikintegration' (#4 ) from traefikintegration into TraefikIntegration Reviewed-on: #4	2022-11-02 20:30:03 +01:00
Luke Else	8c59c826e3	Updated Traefik container to expose api + doashboard, as well as setup entrypoints	2022-11-02 19:16:07 +00:00
Luke Else	df275b5e46	Removed nginx docker-compose file - Deprecated in favour of Traefik	2022-11-02 18:54:15 +00:00
Luke Else	3c41b74ffd	Updated environment variable order on Nextcloud compose file	2022-11-02 18:52:48 +00:00
Luke Else	cfe86a01a2	All containers that are exposed via proxy are now on their own correct networks and depend on traefik	2022-10-31 21:39:29 +00:00
Luke Else	b9b9380606	Changed reverseproxy network to traefik	2022-10-29 11:30:42 +01:00
Luke Else	8a4c6f256c	updated networks on lead contianer - All child containers now need to inherit networks from this container	2022-10-29 11:29:02 +01:00
Luke Else	a257b894e0	Created Jira + database container - Jira contains development netowkr yet to be implemented	2022-10-28 17:57:28 +01:00
Luke Else	94e6a63ea3	Moved gitea service into development folder - Jira addition to follow. Day1 - currently sat in traffic on the M20, only starting to starve slightly	2022-10-28 17:56:26 +01:00
Luke Else	f8134ea194	Temporary Traefik config - still has some leftover items from copied config. Additional changes requierd	2022-10-21 16:00:38 +01:00