FEAT: Added matarius web app

.gitignore

@@ -3,4 +3,10 @@
 
 # Allow docker-compose.yml
 !**/docker-compose.yml
-!/*
+!/*
+
+# Allow assets folder
+!assets/**
+
+# Don't allow .env files, just env-exmaple files
+!.env-example

Database/docker-compose.yml

@@ -8,8 +8,14 @@ services:
     container_name: mongoDB
     volumes:
       - ./mongo/:/data/db
-    ports:
-      - "27017:27017"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.tcp.routers.mongodb.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.mongodb.entrypoints=mongo"
+      - "traefik.tcp.routers.mongodb.service=mongodb"
+      - "traefik.tcp.services.mongodb.loadbalancer.server.port=27017"
     environment:
       MONGO_INITDB_ROOT_USERNAME: root
       MONGO_INITDB_ROOT_PASSWORD: rootpassword

Development/Gitea/docker-compose.yml

@@ -32,6 +32,13 @@ services:
       ## Expose Gitea Through Trefik ##
       - "traefik.enable=true" # <== Enable traefik to proxy this container
       
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolallowmethods=*"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolalloworiginlist=*"
+      - "traefik.http.middlewares.cors-gitea.headers.addvaryheader=true"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolallowcredentials=true"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolallowheaders=Content-Type,Authorization"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolmaxage=100"
+
       - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
       - "traefik.http.routers.gitea-insecure.middlewares=redirect-web-secure"
       - "traefik.http.routers.gitea-insecure.rule=Host(`git.luke-else.co.uk`)"
@@ -41,6 +48,7 @@ services:
       - "traefik.http.routers.gitea.rule=Host(`git.luke-else.co.uk`)"
       - "traefik.http.routers.gitea.entrypoints=websecure"
       - "traefik.http.routers.gitea.tls.certresolver=myresolver"
+      - "traefik.http.routers.gitea.middlewares=cors-gitea"
     restart: unless-stopped
 
 networks:

Misc/docker-compose.yml

@@ -1,7 +1,6 @@
 version: '3.8'
 
 services:
-  #Status Page ()
   status:
     image: louislam/uptime-kuma:latest
     container_name: status
@@ -34,8 +33,6 @@ services:
         - ./portainer-data:/data
       networks:
         - proxy
-      expose:
-          - 9000
       labels:
         ## Expose portainer Through Trefik ##
         - "traefik.enable=true" # <== Enable traefik to proxy this container
@@ -43,11 +40,10 @@ services:
         - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
         - "traefik.http.routers.portainer-insecure.middlewares=redirect-web-secure"
         - "traefik.http.routers.portainer-insecure.rule=Host(`portainer.luke-else.co.uk`)"
-        - "traefik.http.routers.portainer-insecure.loadbalancer.server.port=9000"
         - "traefik.http.routers.portainer-insecure.entrypoints=web"
 
         - "traefik.http.routers.portainer.rule=Host(`portainer.luke-else.co.uk`)"
-        - "traefik.http.routers.portainer.loadbalancer.server.port=9000"
+        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
         - "traefik.http.routers.portainer.entrypoints=websecure"
         - "traefik.http.routers.portainer.tls.certresolver=myresolver"
       restart: unless-stopped

Tracking/docker-compose.yml

@@ -0,0 +1,54 @@
+version: '3.8'
+
+services:
+  ackee:
+    image: electerious/ackee
+    container_name: ackee
+    environment:
+      - WAIT_HOSTS=mongo:27017
+      - ACKEE_MONGODB=mongodb://mongo-ackee:27017/ackee
+    env_file:
+      - .env
+    expose:
+      - 3000
+    networks:
+      - tracking
+      - proxy
+    labels:
+      ## Expose Ackee Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      # Enable CORS headers
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolallowmethods=*"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolalloworiginlist=https://luke-else.co.uk"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolallowcredentials=true"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolallowheaders=Content-Type,Authorization"
+      - "traefik.http.middlewares.cors-tracking.headers.addvaryheader=true"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolmaxage=100"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.ackee-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.ackee-insecure.rule=Host(`tracking.luke-else.co.uk`)"
+      - "traefik.http.routers.ackee-insecure.entrypoints=web"
+
+      - "traefik.http.routers.ackee.rule=Host(`tracking.luke-else.co.uk`)"
+      - "traefik.http.routers.ackee.entrypoints=websecure"
+      - "traefik.http.routers.ackee.tls.certresolver=myresolver"
+      - "traefik.http.routers.ackee.middlewares=cors-tracking"
+    depends_on:
+      - mongo
+    restart: unless-stopped
+
+  mongo:
+    image: mongo
+    container_name: mongo-ackee
+    volumes:
+      - ./data:/data/db
+    networks:
+      - tracking
+    restart: unless-stopped
+
+networks:
+  proxy:
+    external: true
+  tracking:

Traefik/docker-compose.yml

@@ -9,12 +9,15 @@ services:
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web.address=:80"
       - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.kafka.address=:9093"
+      - "--entrypoints.mongo.address=:27017"
       - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
       - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
       - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
     ports:
       - "80:80"
       - "443:443"
+      - "27017:27017"
     volumes:
       - "./letsencrypt:/letsencrypt"
       - "/var/run/docker.sock:/var/run/docker.sock:ro"

TraefikVPN/docker-compose.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    command:
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik-insecure.entrypoints=web"
+
+      - "traefik.http.routers.traefik.rule=Host(`traefik.vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    name: proxy

VPN/docker-compose.yml

@@ -0,0 +1,25 @@
+version: "3.8"
+services:
+  dockovpn:
+    image: alekslitvinenk/openvpn
+    cap_add:
+        - NET_ADMIN
+    ports:
+        - 1194:1194/udp # Expose tcp if you defined HOST_TUN_PROTOCOL=tcp
+    environment:
+        HOST_ADDR: vpn.luke-else.co.uk # Your VPN server address 
+    volumes:
+        - ./openvpn_conf:/opt/Dockovpn_data
+    labels:
+      ## Expose vpn Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.vpn-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.vpn-insecure.rule=Host(`vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.vpn-insecure.entrypoints=web"
+
+      - "traefik.http.routers.vpn.rule=Host(`vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.vpn.entrypoints=websecure"
+      - "traefik.http.routers.vpn.tls.certresolver=myresolver"
+    restart: always

Watchtower/docker-compose.yml

@@ -0,0 +1,9 @@
+version: "3.8"
+services:
+  watchtower:
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_POLL_INTERVAL=60

Websites/docker-compose.yml

@@ -22,6 +22,44 @@ services:
       - "traefik.http.routers.personal.tls.certresolver=myresolver"
     restart: unless-stopped
 
+  luke-else-dev:
+    image: git.luke-else.co.uk/luke-else/luke-else.co.uk:dev
+    container_name: luke-else-dev
+    networks:
+      - proxy
+    labels:
+      ## Expose luke-else Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.personal-dev-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.personal-dev-insecure.rule=Host(`dev.luke-else.co.uk`)"
+      - "traefik.http.routers.personal-dev-insecure.entrypoints=web"
+
+      - "traefik.http.routers.personal-dev.rule=Host(`dev.luke-else.co.uk`)"
+      - "traefik.http.routers.personal-dev.entrypoints=websecure"
+      - "traefik.http.routers.personal-dev.tls.certresolver=myresolver"
+    restart: unless-stopped
+
+  metarius:
+    image: git.luke-else.co.uk/luke-else/metarius:latest
+    container_name: metarius
+    networks:
+      - proxy
+    labels:
+      ## Expose metarius Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.metarius-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.metarius-insecure.rule=Host(`metarius.luke-else.co.uk`)"
+      - "traefik.http.routers.metarius-insecure.entrypoints=web"
+
+      - "traefik.http.routers.metarius.rule=Host(`metarius.luke-else.co.uk`)"
+      - "traefik.http.routers.metarius.entrypoints=websecure"
+      - "traefik.http.routers.metarius.tls.certresolver=myresolver"
+    restart: unless-stopped
+
   divine-couture:
     image: git.luke-else.co.uk/luke-else/divine-couture.co.uk:latest
     container_name: divine-couture

cicd-spindown.sh

@@ -8,4 +8,5 @@ docker compose down
 cd ..
 
 docker rmi $(docker images -q)
-docker system prune
+docker system prune -f
+docker volume prune -f

main-spindown.sh

@@ -4,6 +4,10 @@ cd ./Websites/
 docker-compose down
 cd ..
 
+cd ./Tracking/
+docker-compose down
+cd ..
+
 
     cd ./Development/Gitea/
     docker-compose down
@@ -21,9 +25,14 @@ cd ./Misc/
 docker-compose down
 cd ..
 
+cd ./Watchtower/
+docker-compose down
+cd ..
+
 cd ./Traefik/
 docker-compose down
 cd ..
 
 docker rmi $(docker images -q)
-docker system prune
+docker system prune -f
+docker volume prune -f

main-spinup.sh

@@ -10,6 +10,14 @@ cd ..
 
 sleep 20 # Allow Gitea + registry to start up before starting the rest of the services
 
+cd ./Watchtower/
+docker-compose pull && docker-compose up -d
+cd ..
+
+cd ./Tracking/
+docker-compose pull && docker-compose up -d
+cd ..
+
 cd ./Websites/
 docker-compose pull && docker-compose up -d
 cd ..

readme.md

@@ -0,0 +1,48 @@
+# Server Repository
+
+This repository contains various scripts and configurations for managing Docker containers and services.
+
+<p align="center">
+  <img src="assets/images/main.png" width="70%">
+</p>
+
+## Scripts
+
+- `cicd-spindown.sh`: Spins down all CICD relevant Docker containers.
+- `cicd-spinup.sh`: Spins up all CICD relevant Docker containers.
+- `main-spindown.sh`: Spins down all Docker containers.
+- `main-spinup.sh`: Spins up all Docker containers.
+
+## Services
+
+### Bitwarden
+
+Configuration for Bitwarden is located in [Bitwarden/docker-compose.yml](Bitwarden/docker-compose.yml).
+
+### Database
+
+Configuration for MongoDB is located in [Database/docker-compose.yml](Database/docker-compose.yml).
+
+### Misc
+
+Configuration for miscellaneous services is located in [Misc/docker-compose.yml](Misc/docker-compose.yml).
+
+### Tracking
+
+Configuration for tracking services is located in [Tracking/docker-compose.yml](Tracking/docker-compose.yml).
+
+### Traefik
+
+Configuration for Traefik is located in [Traefik/docker-compose.yml](Traefik/docker-compose.yml).
+
+### TraefikRunner
+
+Configuration for TraefikRunner is located in [TraefikRunner/docker-compose.yml](TraefikRunner/docker-compose.yml).
+
+### Websites
+
+Configuration for websites is located in [Websites/docker-compose.yml](Websites/docker-compose.yml).
+
+## ToDo
+
+See [todo.md](todo.md) for a list of tasks and configurations that need to be completed.

todo.md

@@ -10,13 +10,12 @@
    - ssh
    - ftp
    - 27017
-   - 3306
 
 - Install SSH keys
 - Setup unattended upgrades
 - Install docker, docker-compose and apache utils.
 
-## Traefik + TraefikRunner
+## Traefik + TraefikRunner + Traefik VPN
 
 - Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
 - Ensure email address is correct
@@ -29,6 +28,15 @@
 
 - Ensure that a registration token has been setup before continuing
 
+## Tracking
+
+Create a .env file with the following content:
+
+```sh
+ACKEE_USERNAME=luke-else
+ACKEE_PASSWORD=XXX
+```
+
 ## Websites
 
 - Ensure website files are copied over

vpn-spindown.sh

@@ -0,0 +1,13 @@
+#Script file for spinning down all CICD relevant docker-containers
+
+cd ./VPN/
+docker compose down
+cd ..
+
+cd ./TraefikVPN/
+docker compose down
+cd ..
+
+docker rmi $(docker images -q)
+docker system prune -f
+docker volume prune -f

vpn-spinup.sh

@@ -0,0 +1,9 @@
+#Script file for spinning up all docker-containers
+
+cd ./TraefikRunner/
+docker compose pull && docker compose up -d
+cd ..
+
+cd ./VPN/
+docker compose pull && docker compose up -d
+cd ..