Bitwarden/docker-compose.yml

@@ -8,4 +8,19 @@ services:
     container_name: vaultwarden
     volumes:
       - ./bitwarden/:/data/
+    networks:
+      - proxy
+    depends_on:
+      - traefik
+    labels:
+      ## Expose Bitwarden Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      - "traefik.http.services.bitwarden.loadbalancer.server.port=80"
+      - "traefik.http.routers.bitwarden.rule=Host(`bitwarden.luke-else.co.uk`) || Host(`www.bitwarden.luke-else.co.uk`)"
+      - "traefik.http.routers.bitwarden.entrypoints=websecure"
+      - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
     restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

Database/docker-compose.yml

@@ -6,33 +6,47 @@ services:
   mongodb:
     image: "mongo:latest"
     container_name: mongoDB
+    volumes:
+      - ./mongo/:/data/db
+    ports:
+      - "27017:27017"
     environment:
       MONGO_INITDB_ROOT_USERNAME: root
       MONGO_INITDB_ROOT_PASSWORD: rootpassword
-    ports:
-      - "27017:27017"
-    volumes:
-      - ./mongo/:/data/db
     restart: unless-stopped
 
 #MySQL (3306) + phpMyAdmin ()
   mysql:
     image: "mysql"
     container_name: MySQL
+    volumes: 
+      - ./mysql/:/var/lib/mysql
+    ports:
+      - "3306:3306"
     environment:
       MYSQL_ROOT_PASSWORD: rootpassword
       MYSQL_DATABASE: test_db
-    ports:
-      - "3306:3306"
-    volumes: 
-      - ./mysql/:/var/lib/mysql
     restart: unless-stopped
 
   phpMyAdmin:
     image: "phpmyadmin/phpmyadmin:latest"
     container_name: phpMyAdmin
-    environment:
-      PMA_HOST: mysql
-    restart: unless-stopped
+    networks:
+      - proxy
     depends_on:
       - mysql
+      - traefik
+    environment:
+      PMA_HOST: mysql
+    labels:
+      ## Expose phpMyAdmin Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      - "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
+      - "traefik.http.routers.phpmyadmin.rule=Host(`mysql.luke-else.co.uk`) || Host(`www.mysql.luke-else.co.uk`)"
+      - "traefik.http.routers.phpmyadmin.entrypoints=websecure"
+      - "traefik.http.routers.phpmyadmin.tls.certresolver=myresolver"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

Development/Gitea/docker-compose.yml

@@ -1,11 +1,20 @@
 version: '3.8'
 
 services:
-
-#gitea (222)
+  #gitea (222)
   gitea:
     image: gitea/gitea:latest
     container_name: gitea
+    volumes:
+      - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - proxy
+    depends_on:
+      - traefik
+    ports:
+      - "222:22"
     environment:
       - APP_NAME="gitea"
       - USER_UID=1000
@@ -19,10 +28,15 @@ services:
       - SSH_PORT=222
       - SSH_LISTEN_PORT=22
       - DB_TYPE=sqlite3
-    ports:
-      - "222:22"
-    volumes:
-      - ./gitea:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
+    labels:
+      ## Expose Gitea Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      - "traefik.http.routers.gitea.rule=Host(`git.luke-else.co.uk`) || Host(`www.git.luke-else.co.uk`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
     restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

NextCloud/docker-compose.yml

@@ -1,29 +0,0 @@
-version: '3.8'
-
-services:
-  db:
-    image: mariadb
-    container_name: nextclouddb
-    restart: always
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - ./db:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=
-      - MYSQL_PASSWORD=
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  nextcloud:
-    image: nextcloud
-    container_name: nextcloud
-    restart: always
-    links:
-      - db
-    volumes:
-      - ./nextcloud:/var/www/html
-    environment:
-      - MYSQL_PASSWORD=
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_HOST=db

ReverseProxy/docker-compose.yml

@@ -1,46 +0,0 @@
-version: '3.8'
-
-services:
-
-  #nginx (80, 443, 8080)
-  nginx:
-    image: 'jc21/nginx-proxy-manager:latest'
-    container_name: nginx
-    ports:
-      # These ports are in format <host-port>:<container-port>
-      - '80:80' # Public HTTP Port
-      - '443:443' # Public HTTPS Port
-      - '8080:81' # Admin Web Port
-      # Add any other Stream port you want to expose
-      # - '21:21' # FTP
-    # Uncomment the next line if you uncomment anything in the section
-    # environment:
-      # Uncomment this if you want to change the location of 
-      # the SQLite DB file within the container
-      # DB_SQLITE_FILE: "/data/database.sqlite"
-
-      # Uncomment this if IPv6 is not enabled on your host
-      # DISABLE_IPV6: 'true'
-    volumes:
-      - ./nginx/data:/data
-      - ./nginx/letsencrypt:/etc/letsencrypt
-    restart: unless-stopped
-
-    networks:
-      - websites
-      - gitea
-      - databases
-      - bitwarden
-      - nextcloud
-
-networks:
-  websites:
-    name: websites_default
-  gitea:
-    name: gitea_default
-  databases:
-    name: database_default
-  bitwarden:
-    name: bitwarden_default
-  nextcloud:
-    name: nextcloud_default

Traefik/docker-compose.yml

@@ -0,0 +1,35 @@
+version: "3.8"
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    command:
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.luke-else.co.uk`) || Host('www.traefik.luke-else.co.uk')"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    name: proxy

Websites/docker-compose.yml

@@ -4,10 +4,21 @@ services:
 
 #Websites luke-else.co.uk (8000) snexo.co.uk (8001)
   luke-else.co.uk:
-    image: "php:apache"
+    image: "nginx:latest"
     container_name: luke-else.co.uk
     volumes:
-      - ./luke-else.co.uk/:/var/www/html
+      - ./luke-else.co.uk/:/usr/share/nginx/html
+    networks:
+      - proxy
+    depends_on:
+      - traefik
+    labels:
+      ## Expose luke-else Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      - "traefik.http.services.personal.loadbalancer.server.port=80"
+      - "traefik.http.routers.personal.rule=Host(`luke-else.co.uk`) || Host(`www.luke-else.co.uk`)"
+      - "traefik.http.routers.personal.entrypoints=websecure"
+      - "traefik.http.routers.personal.tls.certresolver=myresolver"
     restart: unless-stopped
 
   snexo.co.uk:
@@ -15,4 +26,19 @@ services:
     container_name: snexo.co.uk
     volumes:
       - ./snexo.co.uk/:/var/www/html
+    networks:
+      - proxy
+    depends_on:
+      - traefik
+    labels:
+      ## Expose Snexo Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      - "traefik.http.services.snexo.loadbalancer.server.port=80"
+      - "traefik.http.routers.snexo.rule=Host(`snexo.co.uk`) || Host(`www.snexo.co.uk`)"
+      - "traefik.http.routers.snexo.entrypoints=websecure"
+      - "traefik.http.routers.snexo.tls.certresolver=myresolver"
     restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

spindown.sh

@@ -0,0 +1,21 @@
+#Script file for spinning down all docker-containers
+
+cd ./Websites/
+docker-compose down
+cd ..
+
+    cd ./Development/Gitea/
+    docker-compose down
+    cd ../..
+
+cd ./Database/
+docker-compose down
+cd ..
+
+cd ./Bitwarden/
+docker-compose down
+cd ..
+
+cd ./Traefik/
+docker-compose down
+cd ..

spinup.sh

@@ -0,0 +1,21 @@
+#Script file for spinning up all docker-containers
+
+cd ./Traefik/
+docker-compose up -d
+cd ..
+
+cd ./Websites/
+docker-compose up -d
+cd ..
+
+    cd ./Development/Gitea/
+    docker-compose up -d
+    cd ../..
+
+cd ./Database/
+docker-compose up -d
+cd ..
+
+cd ./Bitwarden/
+docker-compose up -d
+cd ..

todo.md

@@ -0,0 +1,35 @@
+# ToDo Items
+
+## General
+- Setup non root user
+- UFW should be setup to keep VPS secure and only allow for:
+    - https
+    - http
+    - ssh
+    - ftp
+    - 27017
+    - 3306
+- Install SSH keys
+- Setup unattended upgrades
+- Install docker, docker-compose and apache utils.
+
+
+## Traefik
+- Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ```
+- Ensure email address is correct
+
+## Gitea
+- Ensure that ports are assigned correctly for the system
+
+## Websites
+- Ensure website files are copied over
+- Ensure that ports are assigned correctly for the system
+
+## Bitwarden
+- Ensure that all data is fully encrypted during transfer.
+- Ensure that ports are assigned correctly for the system
+
+## Database
+- Ensure that mysql root password, user and default database are updated.
+- Ensure that mongo root password, and user are updated.
+- Ensure database ports are correctly assigned and do not have to pass through traefik.