Add DNS

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: bensuperpc 

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/custom.md

@@ -0,0 +1,10 @@
+---
+name: Custom issue template
+about: Describe this issue template's purpose here.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily" 

.github/workflows/main.yml

@@ -0,0 +1,32 @@
+name: infrastructure
+
+on:
+  push:
+    branches:
+      - "main"
+      - "master"
+      - "dev"
+    paths-ignore:
+      - "**/README.md"
+  pull_request:
+    branches:
+      - "*"
+  schedule:
+    - cron: "0 9 * * 2" # every tuesday at 9:00 https://crontab.guru/#0_7_*_*_1
+  workflow_dispatch:
+
+jobs:
+  image:
+    name: infrastructure
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: "Checkout Code"
+        uses: actions/checkout@v4
+        with:
+          submodules: "recursive"
+          fetch-depth: 0
+      - name: "Update server"
+        run: make update
+      - name: "Build server"
+        run: make build

.github/workflows/submodule-update.yml

@@ -0,0 +1,31 @@
+name: submodule-update
+
+on:
+  schedule:
+    - cron: '0 */8 * * *'
+  workflow_dispatch:
+
+jobs:
+  image:
+    name: submodule-update
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Code"
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.CI_TOKEN }}
+          repository: ${{ github.repository }}
+          submodules: 'recursive'
+          fetch-depth: 1
+      # Update references
+      - name: Git Sumbodule Update
+        run: |
+          git pull --recurse-submodules
+          git submodule update --remote --recursive
+      # Commit and push
+      - name: Commit update
+        run: |
+          git config --global user.name 'Bensuperpc'
+          git config --global user.email 'bensuperpc@gmail.com'
+          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}
+          git commit -am "Auto updated submodule references" && git push || echo "No changes to commit"

.gitignore

@@ -1,2 +1 @@
-*.env
-**/*.env
+

Makefile

@@ -1,15 +1,8 @@
 #//////////////////////////////////////////////////////////////
-#//   ____                                                   //
-#//  | __ )  ___ _ __  ___ _   _ _ __   ___ _ __ _ __   ___  //
-#//  |  _ \ / _ \ '_ \/ __| | | | '_ \ / _ \ '__| '_ \ / __| //
-#//  | |_) |  __/ | | \__ \ |_| | |_) |  __/ |  | |_) | (__  //
-#//  |____/ \___|_| |_|___/\__,_| .__/ \___|_|  | .__/ \___| //
-#//                             |_|             |_|          //
-#//////////////////////////////////////////////////////////////
 #//                                                          //
-#//  Script, 2022                                            //
+#//  Infrastructure, 2024                                    //
 #//  Created: 14, April, 2022                                //
-#//  Modified: 17, March, 2023                               //
+#//  Modified: 05, May, 2024                                 //
 #//  file: -                                                 //
 #//  -                                                       //
 #//  Source:                                                 //
@@ -20,13 +13,10 @@
 
 DOCKER := docker
 
-PROFILES := wp_db wordpress webserver certbot phpmyadmin qbittorrent jellyfin
+PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup openssh dns-server syncthing
 PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
 
-
-COMPOSE_FILES :=  $(shell find docker-compose* | sed -e 's/^/--file /')
-
-AUTHOR := bensuperpc
+COMPOSE_FILES :=  $(shell find docker-compose*.yml | sed -e 's/^/--file /')
 
 .PHONY: build all
 all: start
@@ -45,7 +35,7 @@ start-at:
 
 .PHONY: docker-check
 docker-check:
-	docker compose $(COMPOSE_FILES) $(PROFILES_CMD) config
+	docker compose $(COMPOSE_FILES) $(PROFILE_CMD) config
 
 .PHONY: stop
 stop: down
@@ -66,10 +56,14 @@ state:
 	docker compose $(COMPOSE_FILES) ps
 	docker compose $(COMPOSE_FILES) top
 
+.PHONY: update-docker
+update-docker:
+	docker compose $(COMPOSE_FILES) $(PROFILE_CMD) pull
+
 .PHONY: update
-update:
-	git pull --recurse-submodules --all --progress
-	docker compose $(COMPOSE_FILES) $(PROFILES_CMD) pull
+update: update-docker
+#	git submodule update --init --recursive --remote
+#	git pull --recurse-submodules --all --progress
 
 .PHONY: clean
 clean:

README.md

@@ -5,24 +5,21 @@ _My personal infrastructure for my servers and services._
 ## About
 
 This is my infrastructure. It's a collection of scripts and configuration files that I use to manage my servers and services.
-It uses Nginx and docker-compose to run my services (And many other things).
+It uses caddy and docker-compose to run my services (And many other things).
 It's a **work in progress**, and I'm still learning a lot about it.
 If you have any **questions** or **suggestions**, feel free to open an issue or a pull request.
 
 ## Features
 
-- [x] Nginx reverse proxy
+- [x] caddy 2 reverse proxy
 - [x] Docker / docker-compose
-- [x] Letsencrypt / Certbot
-- [x] Wordpress (Via FASTCGI/NGINX)
-- [x] PHPMyAdmin (MariaDB)
-- [x] PGAdmin (PostgreSQL)
-- [x] Qbittorrent
-- [x] Jellyfin
-- [ ] Gitea
-- [ ] Mastodon
-- [ ] Minecraft server (Hyperworld v2)
-- [ ] SSL for all subdomains / Services (Not just the main domain)
+- [x] Caddy
+- [x] Wordpress (Via FASTCGI/caddy)
+- [x] Adminer (MariaDB)
+- [x] Jellyfin (Media server)
+- [x] Gitea (Git server)
+- [x] Uptime Kuma (Monitoring)
+- [x] Torrent server
 
 ## Screenshots
 
@@ -34,7 +31,9 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
 - [Docker Compose](https://docs.docker.com/compose/install/)
 - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
 - [Web domain](https://www.ovh.com/world/domains/) (I use OVH)
-- [Open port 80 and 443 on your router](http://192.168.0.1/) (I use a Orange box with default IP)
+- [Open port 80 and 443 on your router](http://192.168.0.1/) (I use a SFR box with default IP)
+
+***To avoid get rate limit from letsencrypt (10 certificates per 3 hours), you need to disable some certificates in the caddyfiles and enable them 3h later...***
 
 ### Clone
 
@@ -50,106 +49,90 @@ Go to the folder
 cd infrastructure
 ```
 
-### Get the SSL certificate
+### Configure the domain
 
-For all **bensuperpc.org**, you need to replace it with your domain, example: **bensuperpc.com**
+For all **bensuperpc.org**, you need to replace it with your domain, example: **mydomain.com**, so the same for **bensuperpc.com** ect...
 
 ```sh
-find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/bensuperpc.com/g'
+find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/mydomain.com/g'
 ```
 
-Keep original config file
+Check if all bensuperpc.* are replaced by your domain in [Caddyfile](caddy/wordpress/Caddyfile)
+
+And then, caddy will generate the certificate for you and renew it automatically :D
+
+| Domain name | Type | Description |
+| --- | --- | --- |
+| [bensuperpc.org](https://bensuperpc.org) | Main | Main domain |
+| [adminer.bensuperpc.org](https://adminer.bensuperpc.org) | Sub | Adminer for MariaDB for wordpress only |
+| [uptimekuma.bensuperpc.org](https://uptimekuma.bensuperpc.org) | Sub | Uptime Kuma for monitoring |
+| [torrent.bensuperpc.org](https://torrent.bensuperpc.org) | Sub | Torrent server |
+| [git.bensuperpc.org](https://git.bensuperpc.org) | Sub | Gitea for git |
+| [link.bensuperpc.org](https://link.bensuperpc.org) | Sub | For link shortener |
+| [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) | Sub | Jellyfin for media server |
+| [syncthing.bensuperpc.org](https://syncthing.bensuperpc.org) | Sub | SyncThing for file synchronization |
+| [ssh.bensuperpc.org](https://ssh.bensuperpc.org) | Sub | Openssh for ssh |
+| bensuperpc.com | Main | Redirect to bensuperpc.org |
+| bensuperpc.fr | Main | Redirect to bensuperpc.org |
+| bensuperpc.net | Main | Redirect to bensuperpc.org |
+| bensuperpc.ovh | Main | Redirect to bensuperpc.org |
+
+### Configure the infrastructure
+
+You need to configure the infrastructure with your own configuration.
+
+You can generate a password with 32 characters:
 
 ```sh
-cp -r nginx/conf.d nginx/conf.d-original
+openssl rand -base64 32
 ```
 
-Remove the old config file
+For the [wordpress.env](env/wordpress.env) file, you need to change the password and user for the database.
 
 ```sh
-rm -fr nginx/nginx-conf
+WORDPRESS_DB_USER=bensuperpc
+WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+WORDPRESS_DB_NAME=wordpress
+WORDPRESS_DB_HOST=wordpress_db:3306
 ```
 
-Copy _nginx-conf-cert_ to _nginx-conf_, for temporary use to get the SSL certificate
+For [wordpress_db.env](env/wordpress_db.env) file, you need to change the password(s) and user for the database.
+    
+```sh
+MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+MARIADB_USER=bensuperpc
+MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+MARIADB_DATABASE=wordpress
+```
+
+For [adminer.env](env/adminer.env) file, you need to change the password(s) and user for the database.
 
 ```sh
-cp -r nginx/conf.d-cert nginx/conf.d
+MYSQL_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+MYSQL_USER=bensuperpc
+MYSQL_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+ADMINER_DEFAULT_SERVER=wordpress_db
 ```
 
-Replace certbot commands in _docker-compose.yml_, and replace _bensuperpc.org_ by your domain
-
-```yaml
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-```
-
-With to get the SSL certificate
-
-```yaml
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
-```
-
-Run the docker-compose and exit with CTRL+C and when you have the SSL certificate
+For [gitea.env](env/gitea.env) file, you need to change the password(s) and user for the database.
 
 ```sh
-make start-at
+GITEA__database__DB_TYPE=mysql
+GITEA__database__HOST=database_gitea:3306
+GITEA__database__NAME=gitea
+GITEA__database__USER=bensuperpc
+GITEA__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
 ```
 
-Replace certbot commands in _docker-compose.yml_ to update and renew the SSL certificate
+For [gitea_db.env](env/gitea_db.env) file, you need to change the password(s) and user for the database.
 
 ```sh
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
+MYSQL_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
+MYSQL_USER=bensuperpc
+MYSQL_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
+MYSQL_DATABASE=gitea
 ```
 
-Run the docker-compose to update and renew the SSL certificate and exit with CTRL+C when you have the SSL certificate
-
-```sh
-make start-at
-```
-
-Now you can replace the certbot commands in _docker-compose.yml_ with the original one
-
-```yaml
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-```
-
-Remove the cert config file
-
-```sh
-rm -fr nginx/conf.d
-```
-
-Copy _nginx-conf-original_ to _nginx-conf_, for definitive use
-
-```sh
-cp -r nginx/conf.d-original nginx/conf.d
-```
-
-Now you start services
-
-```sh
-make start-at
-```
-
-### Flask website
-
-You can follow the [README.md](bensuperpc_website/README.md) to install the Flask website.
-
-### Wordpress website
-
-For the Wordpress website, you can configure in GUI when you go to the website.
-
 ### Start the infrastructure
 
 Start the website with:
@@ -164,14 +147,28 @@ Stop the website with (or CTRL+C with the previous command):
 make stop
 ```
 
-## URL
+Remove countainers with:
 
-You can access to the website with:
+```sh
+make down
+```
 
-- [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) (Wordpress for now)
-- [phpmyadmin.bensuperpc.org](http://phpmyadmin.bensuperpc.org) and [www.phpmyadmin.bensuperpc.org](http://www.phpmyadmin.bensuperpc.org) (PHPMyAdmin for MariaDB)
-- [pgadmin.bensuperpc.org](http://pgadmin.bensuperpc.org) and [www.pgadmin.bensuperpc.org](http://www.pgadmin.bensuperpc.org) (PGAdmin for PostgreSQL)
-- [qbittorrent.bensuperpc.org](http://qbittorrent.bensuperpc.org) and [www.qbittorrent.bensuperpc.org](http://www.qbittorrent.bensuperpc.org) (Qbittorrent)
+### All services
+
+You can find all services on the [docker-compose.yml](docker-compose.yml) file or on this table:
+
+| Service | Description | URL |
+| --- | --- | --- |
+| Wordpress | Wordpress website | [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) |
+| Adminer | Adminer for MariaDB | [adminer.bensuperpc.org](https://adminer.bensuperpc.org) |
+| Uptime Kuma | Uptime Kuma for monitoring | [uptimekuma.bensuperpc.org](https://uptimekuma.bensuperpc.org) |
+| Torrent | Torrent server | [torrent.bensuperpc.org](https://torrent.bensuperpc.org) |
+| Gitea | Gitea for git | [git.bensuperpc.org](https://git.bensuperpc.org) |
+| Jellyfin | Jellyfin for media server | [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) |
+| SyncThing | SyncThing for file synchronization | [syncthing.bensuperpc.org](https://syncthing.bensuperpc.org) |
+| Openssh | Openssh for ssh | [ssh.bensuperpc.org](https://ssh.bensuperpc.org) |
+
+You can disable some services by removing the service name in PROFILES variable in the [Makefile](Makefile) file.
 
 ## Build with
 
@@ -182,15 +179,10 @@ You can access to the website with:
 - [Docker](https://www.docker.com/)
 - [Docker Compose](https://docs.docker.com/compose/)
 - [Docker Hub](https://hub.docker.com/)
-- [Digital Ocean](https://www.digitalocean.com/)
-- [Digital Ocean - How To Install WordPress with Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
-- [PGAmin](https://www.pgadmin.org/)
-- [Qbittorrent](https://www.qbittorrent.org/)
-- [Jellyfin](https://jellyfin.org/)
+- [How To Start WordPress with Caddy using Docker Compose](https://minhcung.me/how-to-start-wordpress-with-caddy-using-docker-compose-3d31bb9ef88b)
+- [Digital Ocean - How To Install WordPress with Docker Compose (nginx)](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
 - [Letsencrypt](https://letsencrypt.org/)
-- [Certbot](https://certbot.eff.org/)
-- [Nginx](https://www.nginx.com/)
-- [UWSGI](https://uwsgi-docs.readthedocs.io/en/latest/)
+- [Caddy](https://caddyserver.com/)
 
 ## License
 

caddy/Caddyfile

@@ -0,0 +1,15 @@
+{
+	email bensuperpc@gmail.com
+	key_type p384
+
+	log {
+		output file /data/logs/access.log
+		format console
+	}
+}
+
+import bensuperpc.org/Caddyfile
+import bensuperpc.com/Caddyfile
+import bensuperpc.net/Caddyfile
+import bensuperpc.ovh/Caddyfile
+import bensuperpc.fr/Caddyfile

caddy/bensuperpc.com/Caddyfile

@@ -0,0 +1,7 @@
+bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
+}

caddy/bensuperpc.fr/Caddyfile

@@ -0,0 +1,7 @@
+bensuperpc.fr {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.fr {
+	redir https://www.bensuperpc.org{uri} permanent
+}

caddy/bensuperpc.net/Caddyfile

@@ -0,0 +1,7 @@
+bensuperpc.net {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.net {
+	redir https://www.bensuperpc.org{uri} permanent
+}

caddy/bensuperpc.org/Caddyfile

@@ -0,0 +1,101 @@
+www.bensuperpc.org {
+	root * /var/www/html
+	php_fastcgi wordpress:9000
+
+	file_server
+	encode zstd gzip
+
+	# metrics /metrics
+
+	@disallowed {
+		path /xmlrpc.php
+		path *.sql
+		path /wp-content/uploads/*.php
+	}
+
+	rewrite @disallowed '/index.php'
+
+	respond /uploads/*.php 404
+
+	header {
+		# disable FLoC tracking
+		Permissions-Policy interest-cohort=()
+
+		# enable HSTS
+		Strict-Transport-Security max-age=31536000;
+
+		# disable clients from sniffing the media type
+		X-Content-Type-Options nosniff
+
+		# clickjacking protection
+		X-Frame-Options DENY
+
+		# Disable powerful features we don't need
+        Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
+	}
+}
+
+bensuperpc.org {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+adminer.bensuperpc.org {
+	reverse_proxy adminer:8080
+}
+
+uptimekuma.bensuperpc.org {
+	reverse_proxy uptime-kuma:3001
+}
+
+torrent.bensuperpc.org {
+	reverse_proxy qbittorrent:8080
+}
+
+git.bensuperpc.org {
+	reverse_proxy gitea:3000
+}
+
+jellyfin.bensuperpc.org {
+	reverse_proxy jellyfin:8096
+}
+
+ssh.bensuperpc.org {
+	reverse_proxy openssh:2222
+}
+
+syncthing.bensuperpc.org {
+	reverse_proxy syncthing:8384 {
+		header_up Host {upstream_hostport}
+	}
+}
+
+dns.bensuperpc.org {
+	reverse_proxy dns-server:5380
+}
+
+link.bensuperpc.org {
+	# TODO: Use service with database
+	# Friendly links
+	redir /gnous https://gnous.eu permanent
+	redir /proxy https://imagisphe.re permanent
+	redir /patch https://spaceint.fr permanent
+	redir /greep https://greep.fr permanent
+
+	# Youtube links
+	redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
+	redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
+	redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent
+	redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent
+	redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent
+	redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent
+	redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent
+	redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent
+	redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent
+	redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent
+	redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent
+	redir /chanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent
+	redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent
+	redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent
+	redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent
+	redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent
+}

caddy/bensuperpc.ovh/Caddyfile

@@ -0,0 +1,7 @@
+bensuperpc.ovh {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.ovh {
+	redir https://www.bensuperpc.org{uri} permanent
+}

config/wordpress/php.ini

@@ -0,0 +1,3 @@
+memory_limit = 1024M
+upload_max_filesize = 64M
+post_max_size = 64M

docker-compose.adminer.yml

@@ -0,0 +1,19 @@
+version: '3.9'
+
+services:
+  # Adminer
+  adminer:
+    image: adminer:latest
+    container_name: adminer
+    profiles:
+      - adminer
+    restart: on-failure
+    env_file: 
+      - env/adminer.env
+    depends_on:
+      - wordpress_db
+      - caddy
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true

docker-compose.backup.yml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  # Backup
+  backup:
+    image: offen/docker-volume-backup:latest
+    container_name: backup
+    profiles:
+      - backup
+    restart: on-failure
+    env_file:
+      - env/backup.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - backup:/archive
+      - caddy_data:/backup/caddy_data:ro
+      - caddy_config:/backup/caddy_config:ro
+#      - gitea_data:/backup/gitea_data:ro
+#      - gitea_config:/backup/gitea_config:ro
+#      - wordpress_db:/backup/wordpress_db:ro
+#      - wordpress:/backup/wordpress:ro
+#      - jellyfin_config:/backup/jellyfin_config:ro
+#      - jellyfin_data:/backup/jellyfin_data:ro
+#      - jellyfin_cache:/backup/jellyfin_cache:ro
+#      - qbittorrent_config:/backup/qbittorrent_config:ro
+#      - qbittorrent_data:/backup/qbittorrent_data:ro
+#      - uptimekuma_data:/backup/uptimekuma_data:ro
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  backup:
+    name: backup

docker-compose.caddy.yml

@@ -0,0 +1,46 @@
+version: '3.9'
+
+services:
+  # Caddy
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    profiles:
+      - caddy
+    restart: on-failure
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - wordpress:/var/www/html:rw
+      - caddy_data:/data:rw
+      - caddy_config:/config:rw
+      - ./caddy:/etc/caddy:ro
+    networks:
+      - infra-network
+    env_file:
+      - env/caddy.env
+    cap_add:
+      - NET_ADMIN
+    security_opt:
+      - no-new-privileges:true
+    #    cap_drop:
+    #      - ALL
+    #    cap_add:
+    #      - CHOWN
+    #      - FOWNER
+    #      - DAC_OVERRIDE
+    #      - SETGID
+    #      - SETUID
+    #      - NET_BIND_SERVICE
+    healthcheck:
+      test: pidof caddy || exit 1
+      interval: 120s
+      timeout: 10s
+      retries: 3
+
+volumes:
+  caddy_data:
+    name: caddy_data
+  caddy_config:
+    name: caddy_config

docker-compose.certbot.yml

@@ -1,32 +0,0 @@
-version: "3.9"
-
-services:
-  certbot:
-    depends_on:
-      - webserver
-    image: certbot/certbot:v2.5.0
-    container_name: certbot
-    profiles:
-      - certbot
-    volumes:
-      - certbot-cert:/etc/letsencrypt
-      - wordpress:/var/www/wordpress
-      - jellyfin:/var/www/jellyfin
-    #command: >
-    #  certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
-    #  --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-    #  --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
-
-    #command: >
-    #  certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
-    #  --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-    #  --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-
-    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
-      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-
-volumes:
-  certbot-cert:
-    name: certbot-cert

docker-compose.divers.yml

@@ -1,48 +0,0 @@
-version: "3.9"
-
-services:
-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    container_name: qbittorrent
-    profiles:
-      - qbittorrent
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/London
-      - WEBUI_PORT=8080
-    volumes:
-      - qbittorrent-conf:/config
-      - qbittorrent-downloads:/downloads
-    #ports:
-    #  - 8080:8080
-    #  - 6881:6881
-    #  - 6881:6881/udp
-    restart: unless-stopped
-    networks:
-      - app-network
-  jellyfin:
-    image: lscr.io/linuxserver/jellyfin:latest
-    container_name: jellyfin
-    profiles:
-      - jellyfin
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/London
-      - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
-    volumes:
-      - jellyfin-config:/config
-      - jellyfin-tvseries:/data/tvshows
-      - jellyfin-movies:/data/movies
-      - jellyfin:/var/www/html
-    #ports:
-    #  - 8096:8096
-    #  - 8920:8920 #optional
-    #  - 7359:7359/udp #optional
-    #  - 1900:1900/udp #optional
-    restart: unless-stopped
-    networks:
-      - app-network
-    security_opt:
-      - no-new-privileges:true

docker-compose.dns.yml

@@ -0,0 +1,23 @@
+version: '3.9'
+
+services:
+  dns-server:
+    container_name: dns-server
+    hostname: dns-server
+    profiles:
+      - dns-server
+    image: technitium/dns-server:latest
+    restart: on-failure
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - dns-config:/etc/dns
+    env_file:
+      - env/technitium.env
+
+volumes:
+  dns-config:
+    name: dns-config
+

docker-compose.gitea.yml

@@ -0,0 +1,51 @@
+version: '3.9'
+
+services:
+  # Gitea
+  gitea:
+    image: gitea/gitea:latest-rootless
+    container_name: gitea
+    profiles:
+      - gitea
+    restart: on-failure
+    depends_on:
+      - caddy
+    env_file:
+      - env/gitea.env
+    volumes:
+      - gitea_data:/var/lib/gitea
+      - gitea_config:/etc/gitea
+#      - /etc/timezone:/etc/timezone:ro
+#      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+  
+  # Database gitea
+  database_gitea:
+    image: mariadb:latest
+    container_name: database_gitea
+    profiles:
+      - database
+      - gitea
+    depends_on:
+      - gitea
+    restart: on-failure
+    volumes:
+      - gitea_db:/var/lib/mysql:rw
+    env_file:
+      - env/gitea_db.env
+    command: '--default-authentication-plugin=mysql_native_password'
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  gitea_data:
+    name: gitea_data
+  gitea_config:
+    name: gitea_config
+  gitea_db:
+    name: gitea_db

docker-compose.jellyfin.yml

@@ -0,0 +1,28 @@
+version: '3.9'
+
+services:
+  # Jellyfin
+  jellyfin:
+    image: jellyfin/jellyfin:latest
+    container_name: jellyfin
+    profiles:
+      - jellyfin
+    restart: on-failure
+    depends_on:
+      - caddy
+    volumes:
+      - jellyfin_config:/config
+      - jellyfin_data:/movies:ro
+      - jellyfin_cache:/cache
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  jellyfin_config:
+    name: jellyfin_config
+  jellyfin_data:
+    name: jellyfin_data
+  jellyfin_cache:
+    name: jellyfin_cache

docker-compose.network.yml

@@ -1,6 +0,0 @@
-version: "3.9"
-
-networks:
-  app-network:
-    driver: bridge
-    name: app-network

docker-compose.networks.yml

@@ -0,0 +1,6 @@
+version: '3.9'
+
+networks:
+  infra-network:
+    driver: bridge
+    name: infra-network

docker-compose.nginx.yml

@@ -1,24 +0,0 @@
-version: "3.9"
-
-services:
-  webserver:
-    depends_on:
-      - wordpress
-    image: nginx:1.24.0
-    container_name: webserver
-    profiles:
-      - webserver
-    restart: unless-stopped
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - wordpress:/var/www/wordpress
-      - jellyfin:/var/www/jellyfin
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - certbot-cert:/etc/letsencrypt:ro
-    networks:
-      - app-network
-    security_opt:
-      - no-new-privileges:true

docker-compose.openssh.yml

@@ -0,0 +1,25 @@
+version: '3.9'
+
+services:
+  # Openssh
+  openssh:
+    image: linuxserver/openssh-server:latest
+    container_name: openssh
+    profiles:
+      - openssh
+    restart: on-failure
+    env_file:
+      - env/openssh.env
+    volumes:
+      - openssh_config:/config
+      - openssh_data:/data
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  openssh_config:
+    name: openssh_config
+  openssh_data:
+    name: openssh_data

docker-compose.qbittorrent.yml

@@ -0,0 +1,27 @@
+version: '3.9'
+
+services:
+  # qBittorrent
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    profiles:
+      - qbittorrent
+    restart: on-failure
+    depends_on:
+      - caddy
+    env_file:
+      - env/qbittorrent.env
+    volumes:
+      - qbittorrent_config:/config
+      - qbittorrent_data:/downloads
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  qbittorrent_config:
+    name: qbittorrent_config
+  qbittorrent_data:
+    name: qbittorrent_data

docker-compose.syncthing.yml

@@ -0,0 +1,25 @@
+version: '3.9'
+
+services:
+  # syncthing
+  syncthing:
+    image: linuxserver/syncthing:latest
+    container_name: syncthing
+    profiles:
+      - syncthing
+    restart: on-failure
+    env_file:
+      - env/syncthing.env
+    volumes:
+      - syncthing_config:/config
+      - syncthing_data:/data1
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  syncthing_config:
+    name: syncthing_config
+  syncthing_data:
+    name: syncthing_data

docker-compose.uptime-kuma.yml

@@ -0,0 +1,16 @@
+version: '3.9'
+
+services:
+  # Uptime Kuma
+  uptime-kuma:
+    image: louislam/uptime-kuma:latest
+    container_name: uptime-kuma
+    profiles:
+      - uptime-kuma
+    volumes:
+      - uptimekuma_data:/app/data
+    restart: on-failure
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true

docker-compose.volume.yml

@@ -1,15 +0,0 @@
-version: "3.9"
-
-volumes:
-  qbittorrent-downloads:
-    name: qbittorrent-downloads
-  qbittorrent-conf:
-    name: qbittorrent-conf
-  jellyfin-config:
-    name: jellyfin-config
-  jellyfin-tvseries:
-    name: jellyfin-tvseries
-  jellyfin-movies:
-    name: jellyfin-movies
-  jellyfin:
-    name: jellyfin

docker-compose.volumes.yml

@@ -0,0 +1,5 @@
+version: '3.9'
+
+volumes:
+  uptimekuma_data:
+    name: uptimekuma_data

docker-compose.watchtower.yml

@@ -0,0 +1,16 @@
+version: '3.9'
+
+services:
+  # Watchtower
+  watchtower:
+    image: containrrr/watchtower
+    container_name: watchtower
+    profiles:
+      - watchtower
+    restart: on-failure
+    networks:
+      - infra-network
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:rw
+    security_opt:
+      - no-new-privileges:true

docker-compose.wordpress.yml

@@ -1,63 +1,48 @@
-version: "3.9"
+version: '3.9'
 
 services:
-  wp_db:
-    image: mariadb:10.10.3
-    container_name: wp_db
-    profiles:
-      - wp_db
-    restart: unless-stopped
-    env_file: 
-      - env/wp_database.env
-    volumes: 
-      - dbdata:/var/lib/mysql
-    networks:
-      - app-network
-    security_opt:
-      - no-new-privileges:true
-
+  # Wordpress
   wordpress:
-    depends_on: 
-      - wp_db
-    image: wordpress:6.2.0-fpm
+    image: wordpress:fpm
     container_name: wordpress
     profiles:
       - wordpress
-    restart: unless-stopped
-    env_file: 
+    restart: on-failure
+    depends_on:
+      - wordpress_db
+      - caddy
+    env_file:
       - env/wordpress.env
     volumes:
-      - wordpress:/var/www/html
+      - ./config/wordpress/php.ini:/usr/local/etc/php/conf.d/custom.ini:ro
+      - wordpress:/var/www/html:rw
     networks:
-      - app-network
+      - infra-network
     security_opt:
       - no-new-privileges:true
-#    cap_drop:
-#        - ALL
-#    cap_add:
-#      - SETUID
-#      - SETGID
-#      - DAC_OVERRIDE
-#      - NET_BIND_SERVICE
-#      - NET_RAW
-#      - CAP_CHOWN
-  phpmyadmin:
-    image: phpmyadmin:5.2.0
-    container_name: phpmyadmin
+
+  # Database wordpress
+  wordpress_db:
+    image: mariadb:latest
+    container_name: wordpress_db
     profiles:
-      - phpmyadmin
-    restart: unless-stopped
-    env_file: 
-      - env/phpmyadmin.env
+      - database
+      - wordpress
     depends_on:
-      - wp_db
+      - caddy
+    restart: on-failure
+    volumes:
+      - wordpress_db:/var/lib/mysql:rw
+    env_file:
+      - env/wordpress_db.env
+    command: '--default-authentication-plugin=mysql_native_password'
     networks:
-      - app-network
+      - infra-network
     security_opt:
       - no-new-privileges:true
 
 volumes:
+  wordpress_db:
+    name: wordpress_db
   wordpress:
-    name: wordpress
-  dbdata:
-    name: dbdata
+    name: wordpress

env/adminer.env

@@ -0,0 +1,4 @@
+MYSQL_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+MYSQL_USER=bensuperpc
+MYSQL_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+ADMINER_DEFAULT_SERVER=wordpress_db

env/backup.env

@@ -0,0 +1,4 @@
+BACKUP_COMPRESSION="zst"
+BACKUP_CRON_EXPRESSION="0 2 * * *"
+# BACKUP_RETENTION_DAYS: '7'
+# BACKUP_FILENAME="backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}"

env/flask_database.env

@@ -1,4 +0,0 @@
-POSTGRES_HOST_AUTH_METHOD=trust
-POSTGRES_USER=bensuperpc
-POSTGRES_PASSWORD=nPRh270dKH3hz%6HS2$X%8F3fqoQ*Fex
-POSTGRES_DB=website

env/flask_website.env

@@ -1,7 +0,0 @@
-FLASK_DEBUG=1
-
-# Acces to the database
-POSTGRES_URL=flask_db:5432
-POSTGRES_USER=bensuperpc
-POSTGRES_PW=nPRh270dKH3hz%6HS2$X%8F3fqoQ*Fex
-POSTGRES_DB=website

env/gitea.env

@@ -0,0 +1,7 @@
+USER_UID=1000
+USER_GID=1000
+GITEA__database__DB_TYPE=mysql
+GITEA__database__HOST=database_gitea:3306
+GITEA__database__NAME=gitea
+GITEA__database__USER=bensuperpc
+GITEA__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j

env/gitea_db.env

@@ -0,0 +1,4 @@
+MYSQL_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
+MYSQL_USER=bensuperpc
+MYSQL_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
+MYSQL_DATABASE=gitea

env/openssh.env

@@ -0,0 +1,11 @@
+PUID=1000
+PGID=1000
+PUBLIC_KEY=
+# PUBLIC_KEY_FILE=
+# PUBLIC_KEY_DIR=
+# PUBLIC_KEY_URL=
+SUDO_ACCESS=false
+PASSWORD_ACCESS=false
+# USER_PASSWORD=
+# USER_PASSWORD_FILE=
+# USER_NAME=

env/pgadmin.env

@@ -1,3 +0,0 @@
-PGADMIN_DEFAULT_EMAIL=bensuperpc@bensuperpc.org
-PGADMIN_DEFAULT_PASSWORD=LmRVf9DY291ez7B^^%2RntHcsCrJ5fQ!
-#PGADMIN_ENABLE_TLS

env/phpmyadmin.env

@@ -1,4 +0,0 @@
-MYSQL_ROOT_PASSWORD=g1qQWxTXyFXIKpAfbE0h5bxn&prr4zfd
-MYSQL_USER=bensuperpc
-MYSQL_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt
-PMA_HOST=db

env/qbittorrent.env

@@ -0,0 +1,5 @@
+PUID=1000
+PGID=1000
+TZ=Etc/UTC
+WEBUI_PORT=8080
+TORRENTING_PORT=6881

env/syncthing.env

@@ -0,0 +1,2 @@
+PUID=1000
+PGID=1000

env/technitium.env

@@ -0,0 +1,18 @@
+DNS_SERVER_DOMAIN=dns-server
+DNS_SERVER_ADMIN_PASSWORD=fddsdfF548TjSNbi490fzZspmLSDf
+# DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt
+# DNS_SERVER_PREFER_IPV6=false
+# DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380
+# DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443
+# DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true
+# DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false
+# DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=true
+# DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks
+# DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24
+# DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24
+# DNS_SERVER_ENABLE_BLOCKING=false
+# DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false
+# DNS_SERVER_BLOCK_LIST_URLS=
+# DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8
+# DNS_SERVER_FORWARDER_PROTOCOL=Tcp
+# DNS_SERVER_LOG_USING_LOCAL_TIME=true

env/wordpress.env

@@ -1,4 +1,4 @@
 WORDPRESS_DB_USER=bensuperpc
-WORDPRESS_DB_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt
+WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
 WORDPRESS_DB_NAME=wordpress
-WORDPRESS_DB_HOST=wp_db:3306
+WORDPRESS_DB_HOST=wordpress_db:3306

env/wordpress_db.env

@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+MARIADB_USER=bensuperpc
+MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+MARIADB_DATABASE=wordpress

env/wp_database.env

@@ -1,4 +0,0 @@
-MARIADB_ROOT_PASSWORD=g1qQWxTXyFXIKpAfbE0h5bxn&prr4zfd
-MARIADB_USER=bensuperpc
-MARIADB_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt
-MARIADB_DATABASE=wordpress

nginx/conf.d-cert/jellyfin.conf

@@ -1,29 +0,0 @@
-server {
-        listen 80;
-        listen [::]:80;
-
-        server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
-
-        root /var/www/jellyfin;
-
-        location ~ /.well-known/acme-challenge {
-                allow all;
-                root /var/www/jellyfin;
-        }
-
-        location / {
-                # Proxy main Jellyfin traffic
-                proxy_pass http://jellyfin:8096;
-                proxy_set_header Host $host;
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_set_header X-Forwarded-Protocol $scheme;
-                proxy_set_header X-Forwarded-Host $http_host;
-
-                # Disable buffering when the nginx proxy gets very resource heavy upon streaming
-                proxy_buffering off;
-        }
-
-        resolver 8.8.8.8;
-}

nginx/conf.d-cert/wordpress.conf

@@ -1,50 +0,0 @@
-server {
-        listen 80;
-        listen [::]:80;
-
-        server_name bensuperpc.org www.bensuperpc.org;
-
-        index index.php index.html index.htm;
-
-        root /var/www/wordpress;
-
-        location ~ /.well-known/acme-challenge {
-                allow all;
-                root /var/www/wordpress;
-        }
-
-        location / {
-                try_files $uri $uri/ /index.php$is_args$args;
-        }
-
-        location ~ \.php$ {
-                try_files $uri =404;
-                fastcgi_split_path_info ^(.+\.php)(/.+)$;
-                fastcgi_pass wordpress:9000;
-                fastcgi_index index.php;
-                include fastcgi_params;
-
-                # Necessary to avoid 404 error when changing the wordpress path
-                #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-                fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
-
-                fastcgi_param PATH_INFO $fastcgi_path_info;
-        }
-
-        location ~ /\.ht {
-                deny all;
-        }
-        
-        location = /favicon.ico { 
-                log_not_found off; access_log off; 
-        }
-        location = /robots.txt { 
-                log_not_found off; access_log off; allow all; 
-        }
-        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
-                expires max;
-                log_not_found off;
-        }
-
-        resolver 8.8.8.8;
-}

nginx/conf.d/jellyfin.conf

@@ -1,130 +0,0 @@
-proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=2g inactive=30d use_temp_path=off;
-
-upstream jellyfin_server {
-        # ip_hash;
-        server jellyfin:8096;
-        # server jellyfin:8096 weight=1 max_fails=3 fail_timeout=30s;
-}
-
-# Redirect all http requests to the main server wordpress_server
-server {
-        listen 80;
-        listen [::]:80;
-
-        root /var/www/jellyfin;
-
-        server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
-
-        location ~ /.well-known/acme-challenge {
-                allow all;
-                root /var/www/jellyfin;
-        }
-
-        location / {
-                return 301 https://$host$request_uri;
-        }
-}
-
-server {
-        listen 443 ssl http2;
-        listen [::]:443 ssl http2;
-        server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
-
-        ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
-        client_max_body_size 20M;
-
-        # All things related to SSL
-        ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
-
-        include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
-
-        # Logging
-        access_log /var/log/nginx/wordpress.access.log;
-        error_log  /var/log/nginx/wordpress.error.log;
-
-        # Security
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
-
-        # Security / XSS Mitigation Headers
-        # NOTE: X-Frame-Options may cause issues with the webOS app
-        add_header X-Frame-Options "SAMEORIGIN";
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Content-Type-Options "nosniff";
-
-        # Content Security Policy
-        # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
-        # Enforces https content and restricts JS/CSS to origin
-        # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
-        # NOTE: The default CSP headers may cause issues with the webOS app
-        add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
-
-        location = / {
-                return 302 https://$host/web/;
-        }
-
-        location / {
-                # Proxy main Jellyfin traffic
-                proxy_pass http://jellyfin_server;
-                proxy_set_header Host $host;
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_set_header X-Forwarded-Protocol $scheme;
-                proxy_set_header X-Forwarded-Host $http_host;
-
-                # Disable buffering when the nginx proxy gets very resource heavy upon streaming
-                proxy_buffering off;
-        }
-
-        # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
-        location = /web/ {
-                # Proxy main Jellyfin traffic
-                proxy_pass http://jellyfin_server/web/index.html;
-                proxy_set_header Host $host;
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_set_header X-Forwarded-Protocol $scheme;
-                proxy_set_header X-Forwarded-Host $http_host;
-        }
-
-        location /socket {
-                # Proxy Jellyfin Websockets traffic
-                proxy_pass http://jellyfin_server;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-                proxy_set_header Host $host;
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_set_header X-Forwarded-Protocol $scheme;
-                proxy_set_header X-Forwarded-Host $http_host;
-        }
-
-        # Cache images (inside server block)
-        location ~ /Items/(.*)/Images {
-                proxy_pass http://127.0.0.1:8096;
-                proxy_set_header Host $host;
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_set_header X-Forwarded-Protocol $scheme;
-                proxy_set_header X-Forwarded-Host $http_host;
-
-                proxy_cache jellyfin;
-                proxy_cache_revalidate on;
-                proxy_cache_lock on;
-                add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working
-        }
-
-        resolver 8.8.8.8;
-}
-
-# All configuration options are documented at https://jellyfin.org/docs/general/networking/nginx/

nginx/conf.d/phpmyadmin.conf

@@ -1,24 +0,0 @@
-upstream phpmyadmin_server {
-        # ip_hash;
-        server phpmyadmin:80;
-        # server phpmyadmin:80 weight=1 max_fails=3 fail_timeout=30s;
-}
-
-# PHPmyadmin
-server {
-        listen 80;
-        listen [::]:80;
-        #listen 443;
-        #listen [::]:443;
-
-        server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
-
-        location / {
-                proxy_pass http://phpmyadmin_server;
-                proxy_redirect off;
-                proxy_set_header X-Forwarded-Host $http_host;
-                proxy_set_header X-Forwarded-For  $remote_addr;
-        }
-
-        resolver 8.8.8.8;
-}

nginx/conf.d/qbittorrent.conf

@@ -1,24 +0,0 @@
-upstream qbittorrent_server {
-        # ip_hash;
-        server qbittorrent:8080;
-        # server qbittorrent:8080 weight=1 max_fails=3 fail_timeout=30s;
-}
-
-# PHPmyadmin
-server {
-        listen 80;
-        listen [::]:80;
-        #listen 443;
-        #listen [::]:443;
-
-        server_name qbittorrent.bensuperpc.org www.qbittorrent.bensuperpc.org;
-
-        location / {
-                proxy_pass http://qbittorrent_server;
-                proxy_redirect off;
-                proxy_set_header X-Forwarded-Host $http_host;
-                proxy_set_header X-Forwarded-For  $remote_addr;
-        }
-
-        resolver 8.8.8.8;
-}

nginx/conf.d/stream/minecraft.conf

@@ -1,6 +0,0 @@
-#server {
-    # Port number the reverse proxy is listening on
-#    listen  25565;
-    # The original Minecraft server address
-#    proxy_pass  server.example.com:25565;
-#}

nginx/conf.d/sub/cache-fastcgi.conf

@@ -1,28 +0,0 @@
-# The path to store the cache files, limit the folder to 100MB
-fastcgi_cache_path /var/run/nginx-cache-fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=120m max_size=1g use_temp_path=off;
-
-# A unique request is defined by this cache key
-fastcgi_cache_key "$scheme$request_method$host$request_uri";
-
-# Show the cached version if upstream gives a timeout or a HTTP 500 error
-fastcgi_cache_use_stale error timeout invalid_header http_500;
-
-# Revalidate items in the cache if they are update 
-fastcgi_cache_revalidate on;
-
-# Minimum time to store an item in the cache
-fastcgi_cache_min_uses 3;
-
-# Cache everything for 1 day
-fastcgi_cache_valid 1d;
-
-# Don't use the following headers to define the cache variables
-fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
-
-fastcgi_buffer_size 128k;
-fastcgi_buffers 256 16k;
-fastcgi_busy_buffers_size 256k;
-fastcgi_temp_file_write_size 256k;
-
-# Some parts of this file are from
-# https://gist.github.com/TrafeX/6d582b6d040702088722

nginx/conf.d/sub/cache-proxy.conf

@@ -1,25 +0,0 @@
-# The path to store the cache files, limit the folder to 100MB
-proxy_cache_path /var/run/nginx-cache-proxy levels=1:2 keys_zone=PROXY:100m inactive=120m max_size=1g use_temp_path=off;
-
-# A unique request is defined by this cache key
-proxy_cache_key "$scheme$request_method$host$request_uri";
-
-# Show the cached version if upstream gives a timeout or a HTTP 500 error
-proxy_cache_use_stale error timeout invalid_header http_500;
-
-# Revalidate items in the cache if they are update 
-proxy_cache_revalidate on;
-
-# Minimum time to store an item in the cache
-proxy_cache_min_uses 3;
-
-# Cache everything for 1 day
-proxy_cache_valid 1d;
-
-# Don't use the following headers to define the cache variables
-proxy_ignore_headers Cache-Control Expires Set-Cookie;
-
-# Increase proxy buffers for large requests
-proxy_buffer_size 128k;
-proxy_buffers 4 256k;
-proxy_busy_buffers_size 256k;

nginx/conf.d/sub/cache-uwsgi.conf

@@ -1,20 +0,0 @@
-# The path to store the cache files, limit the folder to 100MB
-uwsgi_cache_path /var/run/nginx-cache-uwsgi levels=1:2 keys_zone=UWSGI:100m inactive=120m max_size=1g use_temp_path=off;
-
-# A unique request is defined by this cache key
-uwsgi_cache_key "$scheme$request_method$host$request_uri";
-
-# Show the cached version if upstream gives a timeout or a HTTP 500 error
-uwsgi_cache_use_stale error timeout invalid_header http_500;
-
-# Revalidate items in the cache if they are update 
-uwsgi_cache_revalidate on;
-
-# Minimum time to store an item in the cache
-uwsgi_cache_min_uses 3;
-
-# Cache everything for 1 day
-uwsgi_cache_valid 1d;
-
-# Don't use the following headers to define the cache variables
-uwsgi_ignore_headers Cache-Control Expires Set-Cookie;

nginx/conf.d/sub/gzip.conf

@@ -1,13 +0,0 @@
-# Compression config
-gzip on;
-gunzip on;
-
-gzip_static on;
-gzip_min_length 1000;
-gzip_buffers 4 32k;
-# gzip_http_version 1.1;
-gzip_proxied any;
-gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
-gzip_vary on;
-gzip_comp_level 6;
-gzip_disable "MSIE [1-6]\.(?!.*SV1)";

nginx/conf.d/sub/options-ssl-nginx.conf

@@ -1,15 +0,0 @@
-# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration
-# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6
-
-ssl_session_cache shared:le_nginx_SSL:10m;
-ssl_session_timeout 1440m;
-ssl_session_tickets off;
-
-ssl_protocols TLSv1.3;
-ssl_prefer_server_ciphers off;
-
-add_header Strict-Transport-Security "max-age=63072000" always;
-
-# OCSP stapling
-ssl_stapling on;
-ssl_stapling_verify on;

nginx/conf.d/wordpress.conf

@@ -1,243 +0,0 @@
-include /etc/nginx/conf.d/sub/cache-fastcgi.conf;
-
-# All upstream serveur
-upstream wordpress_server {
-        # ip_hash;
-        server wordpress:9000;
-        # server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s;
-}
-
-# Redirect all http requests to the main server wordpress_server
-server {
-        listen 80;
-        listen [::]:80;
-
-        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
-
-        root /var/www/wordpress;
-        index index.php index.html index.htm;
-
-        reset_timedout_connection on;
-
-        # Upload limit
-        client_max_body_size 50m;
-        client_body_buffer_size 128k;
-
-        # Initialize the variable that specified to skip the cache
-        set $skip_cache 0;
-
-        # POST requests and url's with a query string should always skip cache
-        if ($request_method = POST) {
-                set $skip_cache 1;
-        }
-        if ($query_string != "") {
-                set $skip_cache 1;
-        }
-
-        # Don't cache url's containing the following segments
-        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
-                set $skip_cache 1;
-        }
-
-        # Don't use the cache for logged in users or recent commenters
-        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
-                set $skip_cache 1;
-        }
-
-        server_tokens off;
-
-        location ~ /.well-knownwell-known/acme-challenge {
-                allow all;
-                root /var/www/wordpress;
-        }
-
-        location / {
-                try_files $uri $uri/ /index.php$is_args$args;
-        }
-
-        location ~ \.php$ {
-                try_files $uri =404;
-                fastcgi_split_path_info ^(.+\.php)(/.+)$;
-                fastcgi_pass wordpress_server;
-                fastcgi_index index.php;
-                include fastcgi_params;
-
-                # Necessary to avoid 404 error when changing the wordpress path
-                #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-                fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
-
-                fastcgi_param PATH_INFO $fastcgi_path_info;
-                
-                fastcgi_intercept_errors on;
-
-                # Don't cache when $skip_cache is true
-                fastcgi_cache_bypass $skip_cache;
-                fastcgi_no_cache $skip_cache;
-
-                # Use the WORDPRESS zone
-                fastcgi_cache WORDPRESS;
-
-                fastcgi_connect_timeout 600;
-                fastcgi_send_timeout 600;
-                fastcgi_read_timeout 600;
-        }
-
-        # Don't write to accesslog for these files
-        location = /favicon.ico {
-                log_not_found off;
-                access_log off;
-        }
-        location = /robots.txt {
-                allow all;
-                log_not_found off;
-                access_log off;
-        }
-
-        # Media files with one of these extensions should be cached by the browser
-        location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
-                expires max;
-                log_not_found off;
-        }
-
-        # Deny access to .* files
-        location ~ /\. {
-                deny all;
-                access_log off;
-                log_not_found off;
-        }
-        
-        # Add cache status header for easy debugging
-        add_header X-cache $upstream_cache_status;
-
-        # From cat /etc/resolv.conf
-        resolver 8.8.8.8;
-
-        # Some parts of this file are from
-        # https://gist.github.com/TrafeX/6d582b6d040702088722
-
-        #location / {
-        #        return 301 https://$host$request_uri;
-        #}
-}
-
-# Main server wordpress_server
-server {
-        listen 443 ssl http2;
-        #listen 443 http3 reuseport;
-
-        listen [::]:443 ssl http2;
-
-
-        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
-
-        root /var/www/wordpress;
-        index index.php index.html index.htm;
-
-        reset_timedout_connection on;
-
-        # Upload limit
-        client_max_body_size 50m;
-        client_body_buffer_size 128k;
-
-        # Initialize the variable that specified to skip the cache
-        set $skip_cache 0;
-
-        # POST requests and url's with a query string should always skip cache
-        if ($request_method = POST) {
-                set $skip_cache 1;
-        }
-        if ($query_string != "") {
-                set $skip_cache 1;
-        }
-
-        # Don't cache url's containing the following segments
-        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
-                set $skip_cache 1;
-        }
-
-        # Don't use the cache for logged in users or recent commenters
-        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
-                set $skip_cache 1;
-        }
-
-        server_tokens off;
-        
-        # All things related to SSL
-        ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
-
-        include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
-
-        # Logging
-        access_log /var/log/nginx/wordpress.access.log;
-        error_log  /var/log/nginx/wordpress.error.log;
-
-        # Security
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
-
-        location / {
-                try_files $uri $uri/ /index.php$is_args$args;
-                #  try_files $uri $uri/ /index.php?$args;
-        }
-
-        location ~ \.php$ {
-                try_files $uri =404;
-                fastcgi_split_path_info ^(.+\.php)(/.+)$;
-                fastcgi_pass wordpress_server;
-                fastcgi_index index.php;
-                include fastcgi_params;
-
-                # Necessary to avoid 404 error when changing the wordpress path
-                #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-                fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
-
-                fastcgi_param PATH_INFO $fastcgi_path_info;
-                
-                fastcgi_intercept_errors on;
-
-                # Don't cache when $skip_cache is true
-                fastcgi_cache_bypass $skip_cache;
-                fastcgi_no_cache $skip_cache;
-
-                # Use the WORDPRESS zone
-                fastcgi_cache WORDPRESS;
-        }
-
-        # Don't write to accesslog for these files
-        location = /favicon.ico {
-                log_not_found off;
-                access_log off;
-        }
-        location = /robots.txt {
-                allow all;
-                log_not_found off;
-                access_log off;
-        }
-
-        # Media files with one of these extensions should be cached by the browser
-        location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
-                expires max;
-                log_not_found off;
-        }
-
-        # Deny access to .* files
-        location ~ /\. {
-                deny all;
-                access_log off;
-                log_not_found off;
-        }
-        
-        # Add cache status header for easy debugging
-        add_header X-cache $upstream_cache_status;
-
-        # From cat /etc/resolv.conf
-        resolver 8.8.8.8;
-
-        # Some parts of this file are from
-        # https://gist.github.com/TrafeX/6d582b6d040702088722
-}

nginx/nginx.conf

@@ -1,40 +0,0 @@
-
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log notice;
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    # Keepalive for 70 seconds
-    keepalive_timeout 70;
-
-    # Number of requests per connection
-    keepalive_requests 100;
-
-    include /etc/nginx/conf.d/sub/gzip.conf;
-
-    include /etc/nginx/conf.d/*.conf;
-}
-
-stream {
-    include /etc/nginx/conf.d/stream/*.conf;
-}