luke-else/server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: luke-else:c83cf90b79f8508fa3303421f481c80943511476
Branches Tags
luke-else:main
..
compare: luke-else:289130f0856b360c36ee7ad9a058c96ff80570f8
Branches Tags
luke-else:main

No commits in common. "c83cf90b79f8508fa3303421f481c80943511476" and "289130f0856b360c36ee7ad9a058c96ff80570f8" have entirely different histories.
c83cf90b79 ... 289130f085

10 changed files with 98 additions and 204 deletions
Show Stats Expand all files Collapse all files

15
Bitwarden/docker-compose.yml
View File

@ -8,19 +8,4 @@ services:
container_name: vaultwarden container_name: vaultwarden
volumes: volumes:
- ./bitwarden/:/data/ - ./bitwarden/:/data/
networks:
- proxy
depends_on:
- traefik
labels:
## Expose Bitwarden Through Trefik ##
- "traefik.enable=true" # <== Enable traefik to proxy this container
- "traefik.http.services.bitwarden.loadbalancer.server.port=80"
- "traefik.http.routers.bitwarden.rule=Host(`bitwarden.luke-else.co.uk`) || Host(`www.bitwarden.luke-else.co.uk`)"
- "traefik.http.routers.bitwarden.entrypoints=websecure"
- "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
restart: unless-stopped restart: unless-stopped
networks:
proxy:
external: true

34
Database/docker-compose.yml
View File

@ -6,47 +6,33 @@ services:
mongodb: mongodb:
image: "mongo:latest" image: "mongo:latest"
container_name: mongoDB container_name: mongoDB
volumes:
- ./mongo/:/data/db
ports:
- "27017:27017"
environment: environment:
MONGO_INITDB_ROOT_USERNAME: root MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: rootpassword MONGO_INITDB_ROOT_PASSWORD: rootpassword
ports:
- "27017:27017"
volumes:
- ./mongo/:/data/db
restart: unless-stopped restart: unless-stopped
#MySQL (3306) + phpMyAdmin () #MySQL (3306) + phpMyAdmin ()
mysql: mysql:
image: "mysql" image: "mysql"
container_name: MySQL container_name: MySQL
volumes:
- ./mysql/:/var/lib/mysql
ports:
- "3306:3306"
environment: environment:
MYSQL_ROOT_PASSWORD: rootpassword MYSQL_ROOT_PASSWORD: rootpassword
MYSQL_DATABASE: test_db MYSQL_DATABASE: test_db
ports:
- "3306:3306"
volumes:
- ./mysql/:/var/lib/mysql
restart: unless-stopped restart: unless-stopped
phpMyAdmin: phpMyAdmin:
image: "phpmyadmin/phpmyadmin:latest" image: "phpmyadmin/phpmyadmin:latest"
container_name: phpMyAdmin container_name: phpMyAdmin
networks:
- proxy
depends_on:
- mysql
- traefik
environment: environment:
PMA_HOST: mysql PMA_HOST: mysql
labels:
## Expose phpMyAdmin Through Trefik ##
- "traefik.enable=true" # <== Enable traefik to proxy this container
- "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
- "traefik.http.routers.phpmyadmin.rule=Host(`mysql.luke-else.co.uk`) || Host(`www.mysql.luke-else.co.uk`)"
- "traefik.http.routers.phpmyadmin.entrypoints=websecure"
- "traefik.http.routers.phpmyadmin.tls.certresolver=myresolver"
restart: unless-stopped restart: unless-stopped
depends_on:
networks: - mysql
proxy:
external: true

28
Development/Gitea/docker-compose.yml → Gitea/docker-compose.yml
View File

@ -1,20 +1,11 @@
version: '3.8' version: '3.8'
services: services:
#gitea (222) #gitea (222)
gitea: gitea:
image: gitea/gitea:latest image: gitea/gitea:latest
container_name: gitea container_name: gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- proxy
depends_on:
- traefik
ports:
- "222:22"
environment: environment:
- APP_NAME="gitea" - APP_NAME="gitea"
- USER_UID=1000 - USER_UID=1000
@ -28,15 +19,10 @@ services:
- SSH_PORT=222 - SSH_PORT=222
- SSH_LISTEN_PORT=22 - SSH_LISTEN_PORT=22
- DB_TYPE=sqlite3 - DB_TYPE=sqlite3
labels: ports:
## Expose Gitea Through Trefik ## - "222:22"
- "traefik.enable=true" # <== Enable traefik to proxy this container volumes:
- "traefik.http.services.gitea.loadbalancer.server.port=3000" - ./gitea:/data
- "traefik.http.routers.gitea.rule=Host(`git.luke-else.co.uk`) || Host(`www.git.luke-else.co.uk`)" - /etc/timezone:/etc/timezone:ro
- "traefik.http.routers.gitea.entrypoints=websecure" - /etc/localtime:/etc/localtime:ro
- "traefik.http.routers.gitea.tls.certresolver=myresolver"
restart: unless-stopped restart: unless-stopped
networks:
proxy:
external: true

29
NextCloud/docker-compose.yml Normal file
View File

@ -0,0 +1,29 @@
version: '3.8'
services:
db:
image: mariadb
container_name: nextclouddb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- ./db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
nextcloud:
image: nextcloud
container_name: nextcloud
restart: always
links:
- db
volumes:
- ./nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db

46
ReverseProxy/docker-compose.yml Normal file
View File

@ -0,0 +1,46 @@
version: '3.8'
services:
#nginx (80, 443, 8080)
nginx:
image: 'jc21/nginx-proxy-manager:latest'
container_name: nginx
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '8080:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
# Uncomment the next line if you uncomment anything in the section
# environment:
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./nginx/data:/data
- ./nginx/letsencrypt:/etc/letsencrypt
restart: unless-stopped
networks:
- websites
- gitea
- databases
- bitwarden
- nextcloud
networks:
websites:
name: websites_default
gitea:
name: gitea_default
databases:
name: database_default
bitwarden:
name: bitwarden_default
nextcloud:
name: nextcloud_default

35
Traefik/docker-compose.yml
View File

@ -1,35 +0,0 @@
version: "3.8"
services:
traefik:
image: "traefik:latest"
container_name: "traefik"
command:
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.luke-else.co.uk`) || Host('www.traefik.luke-else.co.uk')"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
restart: unless-stopped
networks:
proxy:
name: proxy

30
Websites/docker-compose.yml
View File

@ -4,21 +4,10 @@ services:
#Websites luke-else.co.uk (8000) snexo.co.uk (8001) #Websites luke-else.co.uk (8000) snexo.co.uk (8001)
luke-else.co.uk: luke-else.co.uk:
image: "nginx:latest" image: "php:apache"
container_name: luke-else.co.uk container_name: luke-else.co.uk
volumes: volumes:
- ./luke-else.co.uk/:/usr/share/nginx/html - ./luke-else.co.uk/:/var/www/html
networks:
- proxy
depends_on:
- traefik
labels:
## Expose luke-else Through Trefik ##
- "traefik.enable=true" # <== Enable traefik to proxy this container
- "traefik.http.services.personal.loadbalancer.server.port=80"
- "traefik.http.routers.personal.rule=Host(`luke-else.co.uk`) || Host(`www.luke-else.co.uk`)"
- "traefik.http.routers.personal.entrypoints=websecure"
- "traefik.http.routers.personal.tls.certresolver=myresolver"
restart: unless-stopped restart: unless-stopped
snexo.co.uk: snexo.co.uk:
@ -26,19 +15,4 @@ services:
container_name: snexo.co.uk container_name: snexo.co.uk
volumes: volumes:
- ./snexo.co.uk/:/var/www/html - ./snexo.co.uk/:/var/www/html
networks:
- proxy
depends_on:
- traefik
labels:
## Expose Snexo Through Trefik ##
- "traefik.enable=true" # <== Enable traefik to proxy this container
- "traefik.http.services.snexo.loadbalancer.server.port=80"
- "traefik.http.routers.snexo.rule=Host(`snexo.co.uk`) || Host(`www.snexo.co.uk`)"
- "traefik.http.routers.snexo.entrypoints=websecure"
- "traefik.http.routers.snexo.tls.certresolver=myresolver"
restart: unless-stopped restart: unless-stopped
networks:
proxy:
external: true

21
spindown.sh
View File

@ -1,21 +0,0 @@
#Script file for spinning down all docker-containers
cd ./Websites/
docker-compose down
cd ..
cd ./Development/Gitea/
docker-compose down
cd ../..
cd ./Database/
docker-compose down
cd ..
cd ./Bitwarden/
docker-compose down
cd ..
cd ./Traefik/
docker-compose down
cd ..

21
spinup.sh
View File

@ -1,21 +0,0 @@
#Script file for spinning up all docker-containers
cd ./Traefik/
docker-compose up -d
cd ..
cd ./Websites/
docker-compose up -d
cd ..
cd ./Development/Gitea/
docker-compose up -d
cd ../..
cd ./Database/
docker-compose up -d
cd ..
cd ./Bitwarden/
docker-compose up -d
cd ..

35
todo.md
View File

@ -1,35 +0,0 @@
# ToDo Items
## General
- Setup non root user
- UFW should be setup to keep VPS secure and only allow for:
- https
- http
- ssh
- ftp
- 27017
- 3306
- Install SSH keys
- Setup unattended upgrades
- Install docker, docker-compose and apache utils.
## Traefik
- Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ```
- Ensure email address is correct
## Gitea
- Ensure that ports are assigned correctly for the system
## Websites
- Ensure website files are copied over
- Ensure that ports are assigned correctly for the system
## Bitwarden
- Ensure that all data is fully encrypted during transfer.
- Ensure that ports are assigned correctly for the system
## Database
- Ensure that mysql root password, user and default database are updated.
- Ensure that mongo root password, and user are updated.
- Ensure database ports are correctly assigned and do not have to pass through traefik.