Compare commits

...

9 Commits

Author SHA1 Message Date
6dd7a30b03 Add DNS
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-08 19:17:49 +02:00
33b68a1811 Update links
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-07 20:31:39 +02:00
805584b2e1 Update Readme and Caddy config
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-07 19:41:28 +02:00
60837143f6 Remove portainer
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-06 20:35:05 +02:00
4527aed52b Update name
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-06 17:21:39 +02:00
9110cfec89 Update wordpress db
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-06 09:47:23 +02:00
817d09683b Add syncthing
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-06 09:03:17 +02:00
aee30a0aaf Add openssh service
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-06 00:37:17 +02:00
7231d29b91 Split adminer and wordpress
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2024-05-06 00:36:56 +02:00
14 changed files with 202 additions and 52 deletions

View File

@@ -13,7 +13,7 @@
DOCKER := docker
PROFILES := webserver wordpress adminer uptime-kuma portainer qbittorrent gitea jellyfin watchtower backup
PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup openssh dns-server syncthing
PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
COMPOSE_FILES := $(shell find docker-compose*.yml | sed -e 's/^/--file /')

View File

@@ -51,7 +51,7 @@ cd infrastructure
### Configure the domain
For all **bensuperpc.org**, you need to replace it with your domain, example: **mydomain.com**
For all **bensuperpc.org**, you need to replace it with your domain, example: **mydomain.com**, so the same for **bensuperpc.com** ect...
```sh
find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/mydomain.com/g'
@@ -59,21 +59,23 @@ find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/b
Check if all bensuperpc.* are replaced by your domain in [Caddyfile](caddy/wordpress/Caddyfile)
And then, caddy will generate the certificate for you and renew it automatically :D (It's easier than certbot and nginx)
And then, caddy will generate the certificate for you and renew it automatically :D
| Domain name | Type | Description |
| --- | --- | --- |
| bensuperpc.org | Main | Main domain |
| adminer.bensuperpc.org | Sub | Adminer for MariaDB for wordpress only |
| uptimekuma.bensuperpc.org | Sub | Uptime Kuma for monitoring |
| torrent.bensuperpc.org | Sub | Torrent server |
| git.bensuperpc.org | Sub | Gitea for git |
| link.bensuperpc.org | Sub | For link shortener |
| jellyfin.bensuperpc.org | Sub | Jellyfin for media server |
| [bensuperpc.org](https://bensuperpc.org) | Main | Main domain |
| [adminer.bensuperpc.org](https://adminer.bensuperpc.org) | Sub | Adminer for MariaDB for wordpress only |
| [uptimekuma.bensuperpc.org](https://uptimekuma.bensuperpc.org) | Sub | Uptime Kuma for monitoring |
| [torrent.bensuperpc.org](https://torrent.bensuperpc.org) | Sub | Torrent server |
| [git.bensuperpc.org](https://git.bensuperpc.org) | Sub | Gitea for git |
| [link.bensuperpc.org](https://link.bensuperpc.org) | Sub | For link shortener |
| [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) | Sub | Jellyfin for media server |
| [syncthing.bensuperpc.org](https://syncthing.bensuperpc.org) | Sub | SyncThing for file synchronization |
| [ssh.bensuperpc.org](https://ssh.bensuperpc.org) | Sub | Openssh for ssh |
| bensuperpc.com | Main | Redirect to bensuperpc.org |
| bensuperpc.fr | Sub | Redirect to bensuperpc.org |
| bensuperpc.net | Sub | Redirect to bensuperpc.org |
| bensuperpc.ovh | Sub | Redirect to bensuperpc.org |
| bensuperpc.fr | Main | Redirect to bensuperpc.org |
| bensuperpc.net | Main | Redirect to bensuperpc.org |
| bensuperpc.ovh | Main | Redirect to bensuperpc.org |
### Configure the infrastructure
@@ -163,12 +165,10 @@ You can find all services on the [docker-compose.yml](docker-compose.yml) file o
| Torrent | Torrent server | [torrent.bensuperpc.org](https://torrent.bensuperpc.org) |
| Gitea | Gitea for git | [git.bensuperpc.org](https://git.bensuperpc.org) |
| Jellyfin | Jellyfin for media server | [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) |
| SyncThing | SyncThing for file synchronization | [syncthing.bensuperpc.org](https://syncthing.bensuperpc.org) |
| Openssh | Openssh for ssh | [ssh.bensuperpc.org](https://ssh.bensuperpc.org) |
## URL
You can access to the website with:
- [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) (Wordpress for now)
You can disable some services by removing the service name in PROFILES variable in the [Makefile](Makefile) file.
## Build with

View File

@@ -5,7 +5,7 @@ www.bensuperpc.org {
file_server
encode zstd gzip
#metrics /metrics
# metrics /metrics
@disallowed {
path /xmlrpc.php
@@ -29,6 +29,9 @@ www.bensuperpc.org {
# clickjacking protection
X-Frame-Options DENY
# Disable powerful features we don't need
Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
}
}
@@ -56,7 +59,29 @@ jellyfin.bensuperpc.org {
reverse_proxy jellyfin:8096
}
ssh.bensuperpc.org {
reverse_proxy openssh:2222
}
syncthing.bensuperpc.org {
reverse_proxy syncthing:8384 {
header_up Host {upstream_hostport}
}
}
dns.bensuperpc.org {
reverse_proxy dns-server:5380
}
link.bensuperpc.org {
# TODO: Use service with database
# Friendly links
redir /gnous https://gnous.eu permanent
redir /proxy https://imagisphe.re permanent
redir /patch https://spaceint.fr permanent
redir /greep https://greep.fr permanent
# Youtube links
redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent

View File

@@ -0,0 +1,19 @@
version: '3.9'
services:
# Adminer
adminer:
image: adminer:latest
container_name: adminer
profiles:
- adminer
restart: on-failure
env_file:
- env/adminer.env
depends_on:
- wordpress_db
- caddy
networks:
- infra-network
security_opt:
- no-new-privileges:true

View File

@@ -12,9 +12,19 @@ services:
- env/backup.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- backup:/archive
- caddy_data:/backup/caddy_data:ro
- caddy_config:/backup/caddy_config:ro
- backup:/archive
# - gitea_data:/backup/gitea_data:ro
# - gitea_config:/backup/gitea_config:ro
# - wordpress_db:/backup/wordpress_db:ro
# - wordpress:/backup/wordpress:ro
# - jellyfin_config:/backup/jellyfin_config:ro
# - jellyfin_data:/backup/jellyfin_data:ro
# - jellyfin_cache:/backup/jellyfin_cache:ro
# - qbittorrent_config:/backup/qbittorrent_config:ro
# - qbittorrent_data:/backup/qbittorrent_data:ro
# - uptimekuma_data:/backup/uptimekuma_data:ro
networks:
- infra-network
security_opt:

View File

@@ -1,12 +1,12 @@
version: '3.9'
services:
# Webserver
# Caddy
caddy:
image: caddy:latest
container_name: webserver
container_name: caddy
profiles:
- webserver
- caddy
restart: on-failure
ports:
- 80:80
@@ -18,17 +18,26 @@ services:
- ./caddy:/etc/caddy:ro
networks:
- infra-network
env_file:
- env/caddy.env
cap_add:
- NET_ADMIN
security_opt:
- no-new-privileges:true
# cap_drop:
# - ALL
# cap_add:
# - CHOWN
# - FOWNER
# - DAC_OVERRIDE
# - SETGID
# - SETUID
# - NET_BIND_SERVICE
# cap_drop:
# - ALL
# cap_add:
# - CHOWN
# - FOWNER
# - DAC_OVERRIDE
# - SETGID
# - SETUID
# - NET_BIND_SERVICE
healthcheck:
test: pidof caddy || exit 1
interval: 120s
timeout: 10s
retries: 3
volumes:
caddy_data:

23
docker-compose.dns.yml Normal file
View File

@@ -0,0 +1,23 @@
version: '3.9'
services:
dns-server:
container_name: dns-server
hostname: dns-server
profiles:
- dns-server
image: technitium/dns-server:latest
restart: on-failure
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
- dns-config:/etc/dns
env_file:
- env/technitium.env
volumes:
dns-config:
name: dns-config

View File

@@ -0,0 +1,25 @@
version: '3.9'
services:
# Openssh
openssh:
image: linuxserver/openssh-server:latest
container_name: openssh
profiles:
- openssh
restart: on-failure
env_file:
- env/openssh.env
volumes:
- openssh_config:/config
- openssh_data:/data
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
openssh_config:
name: openssh_config
openssh_data:
name: openssh_data

View File

@@ -0,0 +1,25 @@
version: '3.9'
services:
# syncthing
syncthing:
image: linuxserver/syncthing:latest
container_name: syncthing
profiles:
- syncthing
restart: on-failure
env_file:
- env/syncthing.env
volumes:
- syncthing_config:/config
- syncthing_data:/data1
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
syncthing_config:
name: syncthing_config
syncthing_data:
name: syncthing_data

View File

@@ -32,7 +32,7 @@ services:
- caddy
restart: on-failure
volumes:
- database:/var/lib/mysql:rw
- wordpress_db:/var/lib/mysql:rw
env_file:
- env/wordpress_db.env
command: '--default-authentication-plugin=mysql_native_password'
@@ -41,25 +41,8 @@ services:
security_opt:
- no-new-privileges:true
# Adminer
adminer:
image: adminer:latest
container_name: adminer
profiles:
- adminer
restart: on-failure
env_file:
- env/adminer.env
depends_on:
- wordpress_db
- caddy
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
database:
name: database
wordpress_db:
name: wordpress_db
wordpress:
name: wordpress

0
env/caddy.env vendored Normal file
View File

11
env/openssh.env vendored Normal file
View File

@@ -0,0 +1,11 @@
PUID=1000
PGID=1000
PUBLIC_KEY=
# PUBLIC_KEY_FILE=
# PUBLIC_KEY_DIR=
# PUBLIC_KEY_URL=
SUDO_ACCESS=false
PASSWORD_ACCESS=false
# USER_PASSWORD=
# USER_PASSWORD_FILE=
# USER_NAME=

2
env/syncthing.env vendored Normal file
View File

@@ -0,0 +1,2 @@
PUID=1000
PGID=1000

18
env/technitium.env vendored Normal file
View File

@@ -0,0 +1,18 @@
DNS_SERVER_DOMAIN=dns-server
DNS_SERVER_ADMIN_PASSWORD=fddsdfF548TjSNbi490fzZspmLSDf
# DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt
# DNS_SERVER_PREFER_IPV6=false
# DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380
# DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443
# DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true
# DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false
# DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=true
# DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks
# DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24
# DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24
# DNS_SERVER_ENABLE_BLOCKING=false
# DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false
# DNS_SERVER_BLOCK_LIST_URLS=
# DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8
# DNS_SERVER_FORWARDER_PROTOCOL=Tcp
# DNS_SERVER_LOG_USING_LOCAL_TIME=true