Update config

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-11-10 04:07:26 +01:00 · 2023-11-25 17:34:59 +01:00 · 2023-11-25 17:34:59 +01:00 · 418724258e
commit 418724258e
parent 1babc4f57b
3 changed files with 57 additions and 28 deletions
--- a/README.md
+++ b/README.md
@ -15,15 +15,9 @@ If you have any **questions** or **suggestions**, feel free to open an issue or

 - [x] caddy 2 reverse proxy
 - [x] Docker / docker-compose
- [x] ~~Letsencrypt / Certbot~~ (Caddy)
+- [x] Caddy
 - [x] Wordpress (Via FASTCGI/caddy)
- [x] PHPMyAdmin (MariaDB)
- [ ] Qbittorrent
- [ ] Jellyfin
- [ ] Gitea
- [ ] Mastodon
- [ ] Minecraft server (Hyperworld v2)
- [ ] SSL for all subdomains / Services (Not just the main domain)
+- [x] Adminer (MariaDB)

 ## Screenshots

@ -53,20 +47,31 @@ cd infrastructure

 ### Get the SSL certificate

-For all **bensuperpc.org**, you need to replace it with your domain, example: **bensuperpc.com**
+For all **bensuperpc.org**, you need to replace it with your domain, example: **mydomain.com**

 ```sh
-find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/bensuperpc.com/g'
+find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/mydomain.com/g'
 ```

+Check if all bensuperpc.* are replaced by your domain in [Caddyfile](caddy/wordpress/Caddyfile)
+
 And then, caddy will generate the certificate for you and renew it automatically :D (It's easier than certbot and nginx)

 ### Configure the infrastructure

 You must create a folder named `env` with the following content:

-file named `.env` with the following content:
+File named `wordpress.env` with the following content:

+```sh
+WORDPRESS_DB_USER=bensuperpc
+WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+WORDPRESS_DB_NAME=wordpress
+WORDPRESS_DB_HOST=database:3306
+```
+
+Another file `mariadb.env` 
+    
 ```sh
 MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
 MARIADB_USER=bensuperpc
@ -74,6 +79,15 @@ MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
 MARIADB_DATABASE=wordpress
 ```

+Another file `adminer.env`
+
+```sh
+MYSQL_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+MYSQL_USER=bensuperpc
+MYSQL_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+ADMINER_DEFAULT_SERVER=database
+```
+
 ### Wordpress website

 For the Wordpress website, you can configure in GUI when you go to the website.
--- a/caddy/wordpress/Caddyfile
+++ b/caddy/wordpress/Caddyfile
@ -1,6 +1,4 @@
 www.bensuperpc.org {
-	# push
-
 	root * /var/www/html
 	php_fastcgi wordpress:9000

@ -30,5 +28,13 @@ bensuperpc.org {
 }

 adminer.bensuperpc.org {
-	reverse_proxy adminer:7777
+	reverse_proxy adminer:8080
+}
+
+bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,14 +1,14 @@
-version: '3.7'
-# https://minhcung.me/how-to-start-wordpress-with-caddy-using-docker-compose-3d31bb9ef88b
+version: '3.9'
 services:
+  # Database
  database:
    image: mariadb:latest
    container_name: database
    profiles:
      - database
+    restart: on-failure
    volumes:
      - database:/var/lib/mysql:rw
-    restart: always
    env_file:
      - env/mariadb.env
    environment:
@ -16,15 +16,18 @@ services:
    command: '--default-authentication-plugin=mysql_native_password'
    networks:
      - blog-network
+    security_opt:
+      - no-new-privileges:true
+
  # Wordpress
  wordpress:
-    depends_on:
-      - database
    image: wordpress:fpm
    container_name: wordpress
    profiles:
      - wordpress
-    restart: always
+    restart: on-failure
+    depends_on:
+      - database
    env_file:
      - env/wordpress.env
    volumes:
@ -32,18 +35,19 @@ services:
      - wordpress:/var/www/html:rw
    networks:
      - blog-network
+    security_opt:
+      - no-new-privileges:true
+
  # Webserver
  caddy:
    image: caddy:alpine
    container_name: webserver
    profiles:
      - webserver
-    restart: always
+    restart: on-failure
    ports:
-      - 80:80/tcp
-      - 80:80/udp
-      - 443:443/tcp
-      - 443:443/udp
+      - 80:80
+      - 443:443
    volumes:
      - wordpress:/var/www/html:rw
      - caddy_data:/data:rw
@ -51,26 +55,31 @@ services:
      - ./caddy:/etc/caddy:ro
    networks:
      - blog-network
+    security_opt:
+      - no-new-privileges:true
+
+  # Adminer
  adminer:
    image: adminer:latest
    container_name: adminer
    profiles:
      - adminer
-    restart: always
+    restart: on-failure
    env_file: 
      - env/adminer.env
    depends_on:
      - database
    networks:
      - blog-network
-#    security_opt:
-#      - no-new-privileges:true
+    security_opt:
+      - no-new-privileges:true
 #      - seccomp:unconfined
 #      - apparmor:unconfined
 #    cap_drop:
 #      - ALL
 #    cap_add:
 #      - CHOWN
+
 networks:
  blog-network:
    driver: bridge