My infrastructure with docker and Caddy for bensuperpc.org (WIP)
Go to file
Bensuperpc b8f69ed6e2 Add more cap_drop
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-09-22 19:57:33 +02:00
.gitea/workflows Move CI 2024-05-12 17:56:50 +02:00
.github Add it-tools 2024-08-23 17:19:24 +02:00
infrastructure Add more cap_drop 2024-09-22 19:57:33 +02:00
ressources Update ressources path 2024-09-16 19:22:00 +02:00
.gitignore Update example config 2023-11-25 17:39:20 +01:00
.gitmodules Remove old website 2023-03-19 19:15:53 +01:00
LICENSE Initial commit 2022-11-24 13:29:36 +01:00
Makefile Update Makefile and readme 2024-09-16 00:07:41 +02:00
README.md Update config and add public caddy file browser 2024-09-20 21:06:41 +02:00

Infrastructure

Open source, decentralized and self-hosted infrastructure for many services.

About

It uses caddy and docker-compose to run my services (And many other things). It's a work in progress, and I'm still learning a lot about it. If you have any questions or suggestions, feel free to open an issue or a pull request.

Features

  • caddy 2 HTTP/S reverse proxy
  • Docker / docker-compose
  • Wordpress (Via FASTCGI/caddy)
  • Jellyfin (Media server)
  • Gitea (Git server)
  • Uptime Kuma (Monitoring)
  • qbittorrent and transmission (Torrent client/server)
  • SyncThing (File synchronization)
  • PsiTransfer, ProjectSend, Picoshare (File sharing)
  • it-tools (Tools for IT)
  • Privatebin (Pastebin)
  • Yacht (Web interface for managing docker containers)
  • Integrate games (Satisfactory, 7 days to die, Minecraft...)

Architecture

Architecture

Screenshots

The homepage is a dashboard with many widgets and services.

Homepage

Installation and configuration

Requirements

To avoid get rate limit from letsencrypt (10 certificates per 3 hours), you need to disable some certificates in the caddyfiles and enable them 3h later...

Clone

Clone this repository to your local machine using:

git clone --recurse-submodules --remote-submodules https://github.com/bensuperpc/infrastructure.git

Go to the folder

cd infrastructure

Configure the domain

For all bensuperpc.org, you need to replace it with your domain, example: mydomain.com, so the same for bensuperpc.com ect...

find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/mydomain.com/g'

Check if all bensuperpc.* are replaced by your domain in Caddyfile

And then, caddy will generate the certificate for you and renew it automatically :D

Domain name Type Description
bensuperpc.org Main Redirect to www.bensuperpc.org
www.bensuperpc.org Main Homepage
wordpress.bensuperpc.org Sub Wordpress website
adminer.bensuperpc.org Sub Adminer for MariaDB for wordpress only
uptimekuma.bensuperpc.org Sub Uptime Kuma for monitoring
qbittorrent.bensuperpc.org Sub Torrent client/server
transmission.bensuperpc.org Sub Torrent client/server
git.bensuperpc.org Sub Gitea for git
link.bensuperpc.org Sub For link shortener
jellyfin.bensuperpc.org Sub Jellyfin for media server
syncthing.bensuperpc.org Sub SyncThing for file synchronization
psitransfer.bensuperpc.org Sub PsiTransfer for file sharing
it-tools.bensuperpc.org Sub Tools for IT
privatebin.bensuperpc.org Sub Pastebin
yacht.bensuperpc.org Sub Web interface for managing docker containers
projectsend.bensuperpc.org Sub ProjectSend for file sharing
picoshare.bensuperpc.org Sub Picoshare for file sharing
dufs.bensuperpc.org Sub Dufs for file sharing
public.bensuperpc.org Sub Caddy for file sharing
bensuperpc.com Main Redirect to www.bensuperpc.org
bensuperpc.fr Main Redirect to www.bensuperpc.org
bensuperpc.net Main Redirect to www.bensuperpc.org
bensuperpc.ovh Main Redirect to www.bensuperpc.org

Configure the infrastructure

You need to configure the infrastructure with your own configuration.

You can generate a password with 32 characters:

openssl rand -base64 32

Or online: passwordsgenerator.net

For caddy_backup.env file, you need to change the password(s) for the restic backup.

RESTIC_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ

For the wordpress.env file, you need to change the password and user for the database.

WORDPRESS_DB_USER=bensuperpc
WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw

For wordpress_db.env file, you need to change the password(s) and user for the database.

MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw

For wordpress_backup.env file, you need to change the password(s) for the restic backup.

RESTIC_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ

For adminer.env file, you need to change the password(s) and user for the database.

MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw

For gitea.env file, you need to change the password(s) and user for the database.

GITEA__database__USER=bensuperpc
GITEA__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
GITEA__security__SECRET_KEY=ykcZt23an1E4lFHWvrCKdAyt16WAiK9c

For gitea_db.env file, you need to change the password(s) and user for the database.

MARIADB_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j

For psitransfer.env file, you need to change the secret key.

PSITRANSFER_ADMIN_PASS=n9jLVNT9QUotTJTT91JqH4GyBTg9pvEn

For yacht.env file, you need to change the secret key.

SECRET_KEY=UZvg9nbcGIJlPEB3uI39TAEWyFOz9nm8

For projectsend_db.env file, you need to change the password(s) and user for the database.

MARIADB_ROOT_PASSWORD=8O34297GrBfT3Ld34Lfg9mpotmZwbJtt
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=wdSUa1JEZhXie5AJ5NcX1w73xmpO12EY

For picoshare.env file, you need to change the secret key.

PS_SHARED_SECRET=CBuS4DJLqIe93xF1KGYRrnhxUFBqLD2n

For dufs.env file, you need to change the secret key and if you want the user name.

DUFS_AUTH="admin:heqihlOfBmJDESGFlpbPi7P7Mi6F7RkV@/:rw|@/:ro"

For stirlingpdf.env file, it's completly optional, you can change the password(s) and user.

# Enable security, optional
DOCKER_ENABLE_SECURITY=true
SECURITY_ENABLE_LOGIN=true
# Can be disabled after initial login, optional,
# default it admin:stirling
SECURITY_INITIALLOGIN_USERNAME=admin
SECURITY_INITIALLOGIN_PASSWORD=Jw9U039f5xc2mFcacvGvPD9RjwIh4DzO

You can need to add/change the public ssh key id_ed25519.pub (its my public key), also change the config/password in openssh.env:

SUDO_ACCESS=true
#PUBLIC_KEY_URL=https://github.com/bensuperpc.keys
PUBLIC_KEY_DIR=/authorized_ssh_keys
USER_PASSWORD=rdUwf36C11PLmpU9Lvq7tP5pfFBKAuCh

#PUBLIC_KEY=yourpublickey
#PUBLIC_KEY_FILE=/path/to/file
#PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys
#USER_PASSWORD_FILE=/path/to/file

Start the infrastructure

Start the website with:

make start-at

Stop the website with (or CTRL+C with the previous command):

make stop

Remove countainers with:

make down

You can disable some services by removing the service name in PROFILES variable in the Makefile file.

To enable the gitea CI: https://medium.com/@lokanx/how-to-build-docker-containers-using-gitea-runners-600729555e07

Homepage

You can change the homepage config in these files:

Docker volumes

This infrastructure uses docker volumes to store data, all configuration/data for each service are not shared between services for security and maintenance reasons, but public_data and private_data are shared between all services to store your data.

Volume name Description
public_data Public data reachable on internet via dufs.bensuperpc.org, can be disabled.
private_data Private data

SSH access

The default port for ssh/rsync is is 2222.

You can access to the server with:

ssh -p 2222 admin@bensuperpc.org

Sources

License

License