Compare commits

..

3 Commits

Author SHA1 Message Date
36e57c4a47 Fix Rsync/SSH transfert speed 2025-08-16 00:53:47 +02:00
31596675b9 Fix Caddy config, update Makefile 2025-08-15 22:52:05 +02:00
2b902e54be Update caddy config
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2025-08-06 14:01:14 +02:00
35 changed files with 188 additions and 245 deletions

1
.gitignore vendored
View File

@@ -1 +1,2 @@
/*.tar.gz

View File

@@ -13,23 +13,22 @@
ADMIN_SERVICES := openssh uptime-kuma yacht ADMIN_SERVICES := openssh uptime-kuma yacht
BLOG_SERVICES := wordpress BLOG_SERVICES := wordpress
7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup #7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup
MINECRAFT_SERVICES := minecraft_server minecraft_backup #MINECRAFT_SERVICES := minecraft_server minecraft_backup
SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup #SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup
GIT_SERVICES := forgejo forgejo-runner GIT_SERVICES := forgejo
# forgejo-runner
# gitea gitea-runner # gitea gitea-runner
IA_SERVICES := open-webui IA_SERVICES := open-webui
SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing
TORRENTS_SERVICES := qbittorrent transmission TORRENTS_SERVICES := qbittorrent transmission
UTILS_SERVICES := it-tools stirlingpdf omni-tools UTILS_SERVICES := it-tools stirlingpdf omni-tools
MAIN_SERVICES := main_infrastructure caddy homepage MAIN_SERVICES := main_infrastructure caddy homepage
PROJECT_DIRECTORY := infrastructure PROJECT_DIRECTORY := infrastructure
DOCKER_PROFILES := $(MAIN_SERVICES) \ DOCKER_PROFILES := $(MAIN_SERVICES) $(ADMIN_SERVICES) $(BLOG_SERVICES) \
$(ADMIN_SERVICES) $(BLOG_SERVICES) $(7DAYS_TO_DIE_SERVICES) $(MINECRAFT_SERVICES) \ $(7DAYS_TO_DIE_SERVICES) $(MINECRAFT_SERVICES) $(SATISFACTORY_SERVICES) \
$(SATISFACTORY_SERVICES) \
$(GIT_SERVICES) $(IA_SERVICES) $(SHARING_SERVICES) \ $(GIT_SERVICES) $(IA_SERVICES) $(SHARING_SERVICES) \
$(TORRENTS_SERVICES) $(UTILS_SERVICES) $(TORRENTS_SERVICES) $(UTILS_SERVICES)

View File

@@ -121,10 +121,6 @@ And then, caddy will generate the certificate for you and renew it automatically
| [public.bensuperpc.org](https://public.bensuperpc.org) | Sub | Caddy for file sharing | | [public.bensuperpc.org](https://public.bensuperpc.org) | Sub | Caddy for file sharing |
| [memos.bensuperpc.org](https://memos.bensuperpc.org) | Sub | Caddy for file sharing | | [memos.bensuperpc.org](https://memos.bensuperpc.org) | Sub | Caddy for file sharing |
| [stirlingpdf.bensuperpc.org](https://stirlingpdf.bensuperpc.org) | Sub | Stirling PDF tools | | [stirlingpdf.bensuperpc.org](https://stirlingpdf.bensuperpc.org) | Sub | Stirling PDF tools |
| bensuperpc.com | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
| bensuperpc.fr | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
| bensuperpc.net | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
| bensuperpc.ovh | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
### Configure the infrastructure ### Configure the infrastructure

View File

@@ -3,13 +3,13 @@
key_type p384 key_type p384
log { log {
output file /data/logs/access.log output file /data/logs/access.log {
roll_size 1GiB
roll_keep 20
roll_keep_for 720h
}
format json format json
} }
} }
import bensuperpc.org/* import website/*
import bensuperpc.com/*
import bensuperpc.net/*
import bensuperpc.ovh/*
import bensuperpc.fr/*

View File

@@ -1,7 +0,0 @@
bensuperpc.com {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.com {
redir https://www.bensuperpc.org{uri} permanent
}

View File

@@ -1,7 +0,0 @@
bensuperpc.fr {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.fr {
redir https://www.bensuperpc.org{uri} permanent
}

View File

@@ -1,19 +0,0 @@
bensuperpc.net {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.net {
redir https://www.bensuperpc.org{uri} permanent
}
git.bensuperpc.net {
redir https://git.bensuperpc.org{uri} permanent
}
jellyfin.bensuperpc.net {
redir https://jellyfin.bensuperpc.org{uri} permanent
}
uptimekuma.bensuperpc.net {
redir https://uptimekuma.bensuperpc.org{uri} permanent
}

View File

@@ -1,184 +0,0 @@
www.{$MAIN_DOMAIN} {
reverse_proxy homepage:3000
}
{$MAIN_DOMAIN} {
redir https://www.{host}{uri} permanent
}
homepage.{$MAIN_DOMAIN} {
redir https://www.{$MAIN_DOMAIN}{uri} permanent
}
public.{$MAIN_DOMAIN} {
root * /public_data
file_server browse
}
wordpress.{$MAIN_DOMAIN} {
root * /var/www/html
php_fastcgi wordpress:9000
file_server
encode zstd gzip
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
rewrite @disallowed '/index.php'
respond /uploads/*.php 404
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
# X-Frame-Options DENY
# Disable powerful features we don't need
Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
}
}
it-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to it-tools0:80 it-tools1:80
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}
omni-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to omni-tools0:80 omni-tools1:80
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}
uptimekuma.{$MAIN_DOMAIN} {
reverse_proxy uptime-kuma:3001
}
torrent.{$MAIN_DOMAIN} {
reverse_proxy qbittorrent:8080
}
qbittorrent.{$MAIN_DOMAIN} {
redir https://torrent.{$MAIN_DOMAIN} permanent
}
transmission.{$MAIN_DOMAIN} {
reverse_proxy transmission:9091
}
gitea.{$MAIN_DOMAIN} {
reverse_proxy gitea:3000
}
git.{$MAIN_DOMAIN} {
reverse_proxy forgejo:3000
}
forgejo.{$MAIN_DOMAIN} {
redir https://git.{$MAIN_DOMAIN}{uri} permanent
}
jellyfin.{$MAIN_DOMAIN} {
reverse_proxy jellyfin:8096
}
transfer.{$MAIN_DOMAIN} {
reverse_proxy psitransfer:3000
}
psitransfer.{$MAIN_DOMAIN} {
redir https://transfer.{$MAIN_DOMAIN}{uri} permanent
}
picoshare.{$MAIN_DOMAIN} {
reverse_proxy picoshare:4001
}
syncthing.{$MAIN_DOMAIN} {
reverse_proxy syncthing:8384 {
header_up Host {upstream_hostport}
}
}
privatebin.{$MAIN_DOMAIN} {
reverse_proxy privatebin:8080
}
pastebin.{$MAIN_DOMAIN} {
redir https://privatebin.{$MAIN_DOMAIN} permanent
}
yacht.{$MAIN_DOMAIN} {
reverse_proxy yacht:8000
}
projectsend.{$MAIN_DOMAIN} {
reverse_proxy projectsend:80
}
dufs.{$MAIN_DOMAIN} {
reverse_proxy dufs:5000
}
stirlingpdf.{$MAIN_DOMAIN} {
reverse_proxy stirlingpdf:8080
}
memos.{$MAIN_DOMAIN} {
reverse_proxy memos:5230
}
open-webui.{$MAIN_DOMAIN} {
reverse_proxy open-webui:8080
}
link.{$MAIN_DOMAIN} {
# TODO: Use service with database
# Friendly links
redir /gnous https://gnous.eu permanent
redir /proxy https://imagisphe.re permanent
redir /patch https://spaceint.fr permanent
redir /greep https://greep.fr permanent
# Youtube links
redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent
redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent
redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent
redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent
redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent
redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent
redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent
redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent
redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent
redir /lechanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent
redir /nohero https://youtu.be/4DuUejBkMqE?si=bkB8G6PHwCp56jxb permanent
redir /indochine https://youtu.be/M7X6oYg6iro?si=ZRarm3qamTJ8vIJ0 permanent
redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent
redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent
redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent
redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent
redir /train https://youtu.be/l8mScKWj3kQ?si=BV07uJ9eP3kzV9Kl permanent
redir /jdg https://www.youtube.com/@joueurdugrenier permanent
}

View File

@@ -1,7 +0,0 @@
bensuperpc.ovh {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.ovh {
redir https://www.bensuperpc.org{uri} permanent
}

View File

@@ -0,0 +1,3 @@
dufs.{$MAIN_DOMAIN} {
reverse_proxy dufs:5000
}

View File

@@ -0,0 +1,7 @@
git.{$MAIN_DOMAIN} {
reverse_proxy forgejo:3000
}
forgejo.{$MAIN_DOMAIN} {
redir https://git.{$MAIN_DOMAIN}{uri} permanent
}

View File

@@ -0,0 +1,3 @@
gitea.{$MAIN_DOMAIN} {
reverse_proxy gitea:3000
}

View File

@@ -0,0 +1,14 @@
(header_common) {
Permissions-Policy: geolocation=(), camera=(), microphone=(), clipboard-read=(), usb=()
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
# Only useful for old browsers
X-XSS-Protection: "1; mode=block"
# Can cause issues with external resources
#Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
#Cross-Origin-Resource-Policy: same-origin
}

View File

@@ -0,0 +1,3 @@
homepage.{$MAIN_DOMAIN} {
reverse_proxy homepage:3000
}

View File

@@ -0,0 +1,9 @@
it-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to it-tools0:80 it-tools1:80
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}

View File

@@ -0,0 +1,3 @@
jellyfin.{$MAIN_DOMAIN} {
reverse_proxy jellyfin:8096
}

View File

@@ -0,0 +1,27 @@
www.{$MAIN_DOMAIN} {
header {
Cache-Control "public, max-age=10"
import header_common
}
handle_errors {
@notFound expression `{http.error.status_code} == 404`
redir @notFound https://www.{$MAIN_DOMAIN} permanent
}
reverse_proxy homepage:3000
}
{$MAIN_DOMAIN} {
redir https://www.{host}{uri} permanent
}
public.{$MAIN_DOMAIN} {
root * /public_data
file_server browse
header / {
Cache-Control "no-store"
import header_common
}
}

View File

@@ -0,0 +1,3 @@
memos.{$MAIN_DOMAIN} {
reverse_proxy memos:5230
}

View File

@@ -0,0 +1,9 @@
omni-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to omni-tools0:80 omni-tools1:80
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}

View File

@@ -0,0 +1,3 @@
open-webui.{$MAIN_DOMAIN} {
reverse_proxy open-webui:8080
}

View File

@@ -0,0 +1,3 @@
picoshare.{$MAIN_DOMAIN} {
reverse_proxy picoshare:4001
}

View File

@@ -0,0 +1,7 @@
privatebin.{$MAIN_DOMAIN} {
reverse_proxy privatebin:8080
}
pastebin.{$MAIN_DOMAIN} {
redir https://privatebin.{$MAIN_DOMAIN} permanent
}

View File

@@ -0,0 +1,3 @@
projectsend.{$MAIN_DOMAIN} {
reverse_proxy projectsend:80
}

View File

@@ -0,0 +1,7 @@
transfer.{$MAIN_DOMAIN} {
reverse_proxy psitransfer:3000
}
psitransfer.{$MAIN_DOMAIN} {
redir https://transfer.{$MAIN_DOMAIN}{uri} permanent
}

View File

@@ -0,0 +1,7 @@
torrent.{$MAIN_DOMAIN} {
reverse_proxy qbittorrent:8080
}
qbittorrent.{$MAIN_DOMAIN} {
redir https://torrent.{$MAIN_DOMAIN} permanent
}

View File

@@ -0,0 +1,3 @@
stirlingpdf.{$MAIN_DOMAIN} {
reverse_proxy stirlingpdf:8080
}

View File

@@ -0,0 +1,5 @@
syncthing.{$MAIN_DOMAIN} {
reverse_proxy syncthing:8384 {
header_up Host {upstream_hostport}
}
}

View File

@@ -0,0 +1,3 @@
transmission.{$MAIN_DOMAIN} {
reverse_proxy transmission:9091
}

View File

@@ -0,0 +1,3 @@
uptimekuma.{$MAIN_DOMAIN} {
reverse_proxy uptime-kuma:3001
}

View File

@@ -0,0 +1,34 @@
wordpress.{$MAIN_DOMAIN} {
root * /var/www/html
php_fastcgi wordpress:9000
file_server
encode zstd gzip
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
rewrite @disallowed '/index.php'
respond /uploads/*.php 404
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
# X-Frame-Options DENY
# Disable powerful features we don't need
Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
}
}

View File

@@ -0,0 +1,3 @@
yacht.{$MAIN_DOMAIN} {
reverse_proxy yacht:8000
}

View File

@@ -63,7 +63,7 @@ services:
networks: networks:
- infra-network - infra-network
profiles: profiles:
- forgejo - forgejo-runner
links: links:
- docker-in-docker - docker-in-docker
depends_on: depends_on:

View File

@@ -51,6 +51,11 @@ volumes=(
gitea_data gitea_data
jellyfin_config jellyfin_config
picoshare_data picoshare_data
forgejo_data
forgejo_config
forgejo_db
forgejo_certs
forgejo_runner
) )
export_volume() { export_volume() {

View File

@@ -10,4 +10,8 @@ fi
SOURCE="${1}" SOURCE="${1}"
DEST="${2}" DEST="${2}"
rsync -e 'ssh -p 2222' --progress --human-readable --archive --verbose --compress --acls --xattrs --bwlimit=30000 --stats --delete-during "${SOURCE}" "${DEST}" # --bwlimit=30000 --whole-file
rsync -e "ssh -p 2222 -o Compression=no" \
--progress --human-readable --archive --stats --verbose --acls --xattrs --stats --delete-during \
"${SOURCE}" "${DEST}"