TraefikIntegration #5
@ -8,4 +8,19 @@ services:
|
||||
container_name: vaultwarden
|
||||
volumes:
|
||||
- ./bitwarden/:/data/
|
||||
networks:
|
||||
- proxy
|
||||
depends_on:
|
||||
- traefik
|
||||
labels:
|
||||
## Expose Bitwarden Through Trefik ##
|
||||
- "traefik.enable=true" # <== Enable traefik to proxy this container
|
||||
- "traefik.http.services.bitwarden.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.bitwarden.rule=Host(`bitwarden.luke-else.co.uk`) || Host(`www.bitwarden.luke-else.co.uk`)"
|
||||
- "traefik.http.routers.bitwarden.entrypoints=websecure"
|
||||
- "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
@ -6,33 +6,47 @@ services:
|
||||
mongodb:
|
||||
image: "mongo:latest"
|
||||
container_name: mongoDB
|
||||
volumes:
|
||||
- ./mongo/:/data/db
|
||||
ports:
|
||||
- "27017:27017"
|
||||
environment:
|
||||
MONGO_INITDB_ROOT_USERNAME: root
|
||||
MONGO_INITDB_ROOT_PASSWORD: rootpassword
|
||||
ports:
|
||||
- "27017:27017"
|
||||
volumes:
|
||||
- ./mongo/:/data/db
|
||||
restart: unless-stopped
|
||||
|
||||
#MySQL (3306) + phpMyAdmin ()
|
||||
mysql:
|
||||
image: "mysql"
|
||||
container_name: MySQL
|
||||
volumes:
|
||||
- ./mysql/:/var/lib/mysql
|
||||
ports:
|
||||
- "3306:3306"
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: rootpassword
|
||||
MYSQL_DATABASE: test_db
|
||||
ports:
|
||||
- "3306:3306"
|
||||
volumes:
|
||||
- ./mysql/:/var/lib/mysql
|
||||
restart: unless-stopped
|
||||
|
||||
phpMyAdmin:
|
||||
image: "phpmyadmin/phpmyadmin:latest"
|
||||
container_name: phpMyAdmin
|
||||
environment:
|
||||
PMA_HOST: mysql
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- proxy
|
||||
depends_on:
|
||||
- mysql
|
||||
- traefik
|
||||
environment:
|
||||
PMA_HOST: mysql
|
||||
labels:
|
||||
## Expose phpMyAdmin Through Trefik ##
|
||||
- "traefik.enable=true" # <== Enable traefik to proxy this container
|
||||
- "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.phpmyadmin.rule=Host(`mysql.luke-else.co.uk`) || Host(`www.mysql.luke-else.co.uk`)"
|
||||
- "traefik.http.routers.phpmyadmin.entrypoints=websecure"
|
||||
- "traefik.http.routers.phpmyadmin.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
@ -1,11 +1,20 @@
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
|
||||
#gitea (222)
|
||||
#gitea (222)
|
||||
gitea:
|
||||
image: gitea/gitea:latest
|
||||
container_name: gitea
|
||||
volumes:
|
||||
- ./gitea:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
networks:
|
||||
- proxy
|
||||
depends_on:
|
||||
- traefik
|
||||
ports:
|
||||
- "222:22"
|
||||
environment:
|
||||
- APP_NAME="gitea"
|
||||
- USER_UID=1000
|
||||
@ -19,10 +28,15 @@ services:
|
||||
- SSH_PORT=222
|
||||
- SSH_LISTEN_PORT=22
|
||||
- DB_TYPE=sqlite3
|
||||
ports:
|
||||
- "222:22"
|
||||
volumes:
|
||||
- ./gitea:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
labels:
|
||||
## Expose Gitea Through Trefik ##
|
||||
- "traefik.enable=true" # <== Enable traefik to proxy this container
|
||||
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.gitea.rule=Host(`git.luke-else.co.uk`) || Host(`www.git.luke-else.co.uk`)"
|
||||
- "traefik.http.routers.gitea.entrypoints=websecure"
|
||||
- "traefik.http.routers.gitea.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
@ -1,29 +0,0 @@
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb
|
||||
container_name: nextclouddb
|
||||
restart: always
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
volumes:
|
||||
- ./db:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=
|
||||
- MYSQL_PASSWORD=
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
|
||||
nextcloud:
|
||||
image: nextcloud
|
||||
container_name: nextcloud
|
||||
restart: always
|
||||
links:
|
||||
- db
|
||||
volumes:
|
||||
- ./nextcloud:/var/www/html
|
||||
environment:
|
||||
- MYSQL_PASSWORD=
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
- MYSQL_HOST=db
|
@ -1,46 +0,0 @@
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
|
||||
#nginx (80, 443, 8080)
|
||||
nginx:
|
||||
image: 'jc21/nginx-proxy-manager:latest'
|
||||
container_name: nginx
|
||||
ports:
|
||||
# These ports are in format <host-port>:<container-port>
|
||||
- '80:80' # Public HTTP Port
|
||||
- '443:443' # Public HTTPS Port
|
||||
- '8080:81' # Admin Web Port
|
||||
# Add any other Stream port you want to expose
|
||||
# - '21:21' # FTP
|
||||
# Uncomment the next line if you uncomment anything in the section
|
||||
# environment:
|
||||
# Uncomment this if you want to change the location of
|
||||
# the SQLite DB file within the container
|
||||
# DB_SQLITE_FILE: "/data/database.sqlite"
|
||||
|
||||
# Uncomment this if IPv6 is not enabled on your host
|
||||
# DISABLE_IPV6: 'true'
|
||||
volumes:
|
||||
- ./nginx/data:/data
|
||||
- ./nginx/letsencrypt:/etc/letsencrypt
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
- websites
|
||||
- gitea
|
||||
- databases
|
||||
- bitwarden
|
||||
- nextcloud
|
||||
|
||||
networks:
|
||||
websites:
|
||||
name: websites_default
|
||||
gitea:
|
||||
name: gitea_default
|
||||
databases:
|
||||
name: database_default
|
||||
bitwarden:
|
||||
name: bitwarden_default
|
||||
nextcloud:
|
||||
name: nextcloud_default
|
35
Traefik/docker-compose.yml
Normal file
35
Traefik/docker-compose.yml
Normal file
@ -0,0 +1,35 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
traefik:
|
||||
image: "traefik:latest"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
- "--api.dashboard=true"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--entrypoints.web.address=:80"
|
||||
- "--entrypoints.websecure.address=:443"
|
||||
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
|
||||
- "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
|
||||
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "./letsencrypt:/letsencrypt"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.luke-else.co.uk`) || Host('www.traefik.luke-else.co.uk')"
|
||||
- "traefik.http.routers.traefik.entrypoints=websecure"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
|
||||
- "traefik.http.routers.traefik.middlewares=traefik-auth"
|
||||
- "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
name: proxy
|
@ -4,10 +4,21 @@ services:
|
||||
|
||||
#Websites luke-else.co.uk (8000) snexo.co.uk (8001)
|
||||
luke-else.co.uk:
|
||||
image: "php:apache"
|
||||
image: "nginx:latest"
|
||||
container_name: luke-else.co.uk
|
||||
volumes:
|
||||
- ./luke-else.co.uk/:/var/www/html
|
||||
- ./luke-else.co.uk/:/usr/share/nginx/html
|
||||
networks:
|
||||
- proxy
|
||||
depends_on:
|
||||
- traefik
|
||||
labels:
|
||||
## Expose luke-else Through Trefik ##
|
||||
- "traefik.enable=true" # <== Enable traefik to proxy this container
|
||||
- "traefik.http.services.personal.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.personal.rule=Host(`luke-else.co.uk`) || Host(`www.luke-else.co.uk`)"
|
||||
- "traefik.http.routers.personal.entrypoints=websecure"
|
||||
- "traefik.http.routers.personal.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
|
||||
snexo.co.uk:
|
||||
@ -15,4 +26,19 @@ services:
|
||||
container_name: snexo.co.uk
|
||||
volumes:
|
||||
- ./snexo.co.uk/:/var/www/html
|
||||
networks:
|
||||
- proxy
|
||||
depends_on:
|
||||
- traefik
|
||||
labels:
|
||||
## Expose Snexo Through Trefik ##
|
||||
- "traefik.enable=true" # <== Enable traefik to proxy this container
|
||||
- "traefik.http.services.snexo.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.snexo.rule=Host(`snexo.co.uk`) || Host(`www.snexo.co.uk`)"
|
||||
- "traefik.http.routers.snexo.entrypoints=websecure"
|
||||
- "traefik.http.routers.snexo.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
21
spindown.sh
Normal file
21
spindown.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#Script file for spinning down all docker-containers
|
||||
|
||||
cd ./Websites/
|
||||
docker-compose down
|
||||
cd ..
|
||||
|
||||
cd ./Development/Gitea/
|
||||
docker-compose down
|
||||
cd ../..
|
||||
|
||||
cd ./Database/
|
||||
docker-compose down
|
||||
cd ..
|
||||
|
||||
cd ./Bitwarden/
|
||||
docker-compose down
|
||||
cd ..
|
||||
|
||||
cd ./Traefik/
|
||||
docker-compose down
|
||||
cd ..
|
21
spinup.sh
Normal file
21
spinup.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#Script file for spinning up all docker-containers
|
||||
|
||||
cd ./Traefik/
|
||||
docker-compose up -d
|
||||
cd ..
|
||||
|
||||
cd ./Websites/
|
||||
docker-compose up -d
|
||||
cd ..
|
||||
|
||||
cd ./Development/Gitea/
|
||||
docker-compose up -d
|
||||
cd ../..
|
||||
|
||||
cd ./Database/
|
||||
docker-compose up -d
|
||||
cd ..
|
||||
|
||||
cd ./Bitwarden/
|
||||
docker-compose up -d
|
||||
cd ..
|
35
todo.md
Normal file
35
todo.md
Normal file
@ -0,0 +1,35 @@
|
||||
# ToDo Items
|
||||
|
||||
## General
|
||||
- Setup non root user
|
||||
- UFW should be setup to keep VPS secure and only allow for:
|
||||
- https
|
||||
- http
|
||||
- ssh
|
||||
- ftp
|
||||
- 27017
|
||||
- 3306
|
||||
- Install SSH keys
|
||||
- Setup unattended upgrades
|
||||
- Install docker, docker-compose and apache utils.
|
||||
|
||||
|
||||
## Traefik
|
||||
- Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ```
|
||||
- Ensure email address is correct
|
||||
|
||||
## Gitea
|
||||
- Ensure that ports are assigned correctly for the system
|
||||
|
||||
## Websites
|
||||
- Ensure website files are copied over
|
||||
- Ensure that ports are assigned correctly for the system
|
||||
|
||||
## Bitwarden
|
||||
- Ensure that all data is fully encrypted during transfer.
|
||||
- Ensure that ports are assigned correctly for the system
|
||||
|
||||
## Database
|
||||
- Ensure that mysql root password, user and default database are updated.
|
||||
- Ensure that mongo root password, and user are updated.
|
||||
- Ensure database ports are correctly assigned and do not have to pass through traefik.
|
Loading…
Reference in New Issue
Block a user