Bensuperpc/infrastructure
1
0
Fork 0
mirror of https://github.com/bensuperpc/infrastructure.git synced 2025-06-21 18:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Bensuperpc:mainold
Branches Tags
Bensuperpc:main Bensuperpc:dns Bensuperpc:mainold
..
compare: Bensuperpc:dns
Branches Tags
Bensuperpc:main Bensuperpc:dns Bensuperpc:mainold

46 Commits
mainold ... dns

Author SHA1 Message Date
Bensuperpc
6dd7a30b03 Add DNS 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-08 19:17:49 +02:00
Bensuperpc
33b68a1811 Update links 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-07 20:31:39 +02:00
Bensuperpc
805584b2e1 Update Readme and Caddy config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-07 19:41:28 +02:00
Bensuperpc
60837143f6 Remove portainer 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-06 20:35:05 +02:00
Bensuperpc
4527aed52b Update name 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-06 17:21:39 +02:00
Bensuperpc
9110cfec89 Update wordpress db 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-06 09:47:23 +02:00
Bensuperpc
817d09683b Add syncthing 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-06 09:03:17 +02:00
Bensuperpc
aee30a0aaf Add openssh service 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-06 00:37:17 +02:00
Bensuperpc
7231d29b91 Split adminer and wordpress 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-06 00:36:56 +02:00
Bensuperpc
2eaaf1f936 Split volumes and add backup (WIP) 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 22:38:14 +02:00
Bensuperpc
5e3b93ac20 Update db name and add watch tower 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 18:28:37 +02:00
Bensuperpc
fe7cac2fb5 Update makefile 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 18:14:41 +02:00
Bensuperpc
4add489e77 Update readme 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 11:10:26 +02:00
Bensuperpc
8dc8a2bea4 Update readme 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 11:09:38 +02:00
Bensuperpc
b099097526 Split docker-compose 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 11:05:51 +02:00
Bensuperpc
077aaf806c Update links 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 10:56:38 +02:00
Bensuperpc
9835f44382 Updater config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-05 01:02:15 +02:00
Bensuperpc
3bd36ddf87 Change profiles 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-04 23:52:44 +02:00
Bensuperpc
f4b6c9e886 Add jellyfin 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-04 23:36:13 +02:00
Bensuperpc
6fc996fdec Fix adminer 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-04 23:14:42 +02:00
Bensuperpc
6fd0a9563e Move uptimekuma 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-04 23:10:30 +02:00
Bensuperpc
870649e860 Update infra 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-04 17:07:38 +02:00
Bensuperpc
01cd09f1e5 Ad torrent 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-01 13:17:53 +02:00
Bensuperpc
6915ecb88d Update links 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-01 11:13:35 +02:00
Bensuperpc
92722a9f59 Add links 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-04-28 20:27:48 +02:00
Bensuperpc
88499758d6 Update config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-04-28 14:22:16 +02:00
Bensuperpc
8730a32195 Update header 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-04-21 10:59:34 +02:00
Bensuperpc
8f8b37edf8 Merge commit '1771a8e3ad8ba038287bc985dbffe84d6a0a0207' 2023-12-13 23:30:03 +01:00
Bensuperpc
134060c73d Update config location 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-12-13 23:29:39 +01:00
Bensuperpc
1771a8e3ad Merge pull request #1 from bensuperpc/dependabot/github_actions/actions/checkout-4 
Bump actions/checkout from 3 to 4
 2023-12-10 20:09:05 +01:00
dependabot[bot]
9ef3b36aa6 Bump actions/checkout from 3 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-10 09:35:08 +00:00
Bensuperpc
e8f1a9fd35 Update config and add CI 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-12-10 10:34:39 +01:00
Bensuperpc
8b7c2d9f89 Fix config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-12-10 09:12:10 +01:00
Bensuperpc
32c44523b4 Merge remote-tracking branch 'origin/main' 2023-12-10 09:05:50 +01:00
Bensuperpc
3716b0a4ce Update config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-12-10 09:04:50 +01:00
Bensuperpc
7ae9bf54a3 Update Caddyfile 2023-12-09 21:39:25 +01:00
Bensuperpc
93d6a913ed Update Caddyfile 2023-12-09 21:39:08 +01:00
Bensuperpc
851c67cf90 Update Caddyfile 2023-12-09 21:35:39 +01:00
Bensuperpc
0c8bd4664c Update infrastructure 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-12-09 14:50:52 +01:00
Bensuperpc
fe8d7c0882 Update with bensuperpc.net 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-11-30 20:36:21 +01:00
Bensuperpc
7efd27e4d9 Update with bensuperpc.fr 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-11-30 20:20:13 +01:00
Bensuperpc
834b50a6ba Update image 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-11-26 22:46:58 +01:00
Bensuperpc
ae6eff1f7c Update Readme 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-11-25 17:46:53 +01:00
Bensuperpc
b35ebcf7be Update example config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-11-25 17:39:20 +01:00
Bensuperpc
418724258e Update config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-11-25 17:34:59 +01:00
Bensuperpc
1babc4f57b Update with Caddy 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2023-11-25 10:03:44 +01:00
65 changed files with 804 additions and 962 deletions
Expand all files Collapse all files

1
.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1 @@
github: bensuperpc

38
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@ -0,0 +1,38 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Desktop (please complete the following information):**
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
**Smartphone (please complete the following information):**
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
**Additional context**
Add any other context about the problem here.

10
.github/ISSUE_TEMPLATE/custom.md vendored Normal file
View File

@ -0,0 +1,10 @@
---
name: Custom issue template
about: Describe this issue template's purpose here.
title: ''
labels: ''
assignees: ''
---

20
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

6
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,6 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"

32
.github/workflows/main.yml vendored Normal file
View File

@ -0,0 +1,32 @@
name: infrastructure
on:
push:
branches:
- "main"
- "master"
- "dev"
paths-ignore:
- "**/README.md"
pull_request:
branches:
- "*"
schedule:
- cron: "0 9 * * 2" # every tuesday at 9:00 https://crontab.guru/#0_7_*_*_1
workflow_dispatch:
jobs:
image:
name: infrastructure
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: "Checkout Code"
uses: actions/checkout@v4
with:
submodules: "recursive"
fetch-depth: 0
- name: "Update server"
run: make update
- name: "Build server"
run: make build

31
.github/workflows/submodule-update.yml vendored Normal file
View File

@ -0,0 +1,31 @@
name: submodule-update
on:
schedule:
- cron: '0 */8 * * *'
workflow_dispatch:
jobs:
image:
name: submodule-update
runs-on: ubuntu-latest
steps:
- name: "Checkout Code"
uses: actions/checkout@v4
with:
token: ${{ secrets.CI_TOKEN }}
repository: ${{ github.repository }}
submodules: 'recursive'
fetch-depth: 1
# Update references
- name: Git Sumbodule Update
run: |
git pull --recurse-submodules
git submodule update --remote --recursive
# Commit and push
- name: Commit update
run: |
git config --global user.name 'Bensuperpc'
git config --global user.email 'bensuperpc@gmail.com'
git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}
git commit -am "Auto updated submodule references" && git push || echo "No changes to commit"

3
.gitignore vendored
View File

@ -1,2 +1 @@
*.env
**/*.env

30
Makefile
View File

@ -1,15 +1,8 @@
#//////////////////////////////////////////////////////////////
#// ____ //
#// | __ ) ___ _ __ ___ _ _ _ __ ___ _ __ _ __ ___ //
#// | _ \ / _ \ '_ \/ __| | | | '_ \ / _ \ '__| '_ \ / __| //
#// | |_) | __/ | | \__ \ |_| | |_) | __/ | | |_) | (__ //
#// |____/ \___|_| |_|___/\__,_| .__/ \___|_| | .__/ \___| //
#// |_| |_| //
#//////////////////////////////////////////////////////////////
#// //
#// Script, 2022 //
#// Infrastructure, 2024 //
#// Created: 14, April, 2022 //
#// Modified: 17, March, 2023 //
#// Modified: 05, May, 2024 //
#// file: - //
#// - //
#// Source: //
@ -20,13 +13,10 @@
DOCKER := docker
PROFILES := wp_db wordpress webserver certbot phpmyadmin qbittorrent jellyfin
PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup openssh dns-server syncthing
PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
COMPOSE_FILES := $(shell find docker-compose* | sed -e 's/^/--file /')
AUTHOR := bensuperpc
COMPOSE_FILES := $(shell find docker-compose*.yml | sed -e 's/^/--file /')
.PHONY: build all
all: start
@ -45,7 +35,7 @@ start-at:
.PHONY: docker-check
docker-check:
docker compose $(COMPOSE_FILES) $(PROFILES_CMD) config
docker compose $(COMPOSE_FILES) $(PROFILE_CMD) config
.PHONY: stop
stop: down
@ -66,10 +56,14 @@ state:
docker compose $(COMPOSE_FILES) ps
docker compose $(COMPOSE_FILES) top
.PHONY: update-docker
update-docker:
docker compose $(COMPOSE_FILES) $(PROFILE_CMD) pull
.PHONY: update
update:
git pull --recurse-submodules --all --progress
docker compose $(COMPOSE_FILES) $(PROFILES_CMD) pull
update: update-docker
# git submodule update --init --recursive --remote
# git pull --recurse-submodules --all --progress
.PHONY: clean
clean:

188
README.md
View File

@ -5,24 +5,21 @@ _My personal infrastructure for my servers and services._
## About
This is my infrastructure. It's a collection of scripts and configuration files that I use to manage my servers and services.
It uses Nginx and docker-compose to run my services (And many other things).
It uses caddy and docker-compose to run my services (And many other things).
It's a **work in progress**, and I'm still learning a lot about it.
If you have any **questions** or **suggestions**, feel free to open an issue or a pull request.
## Features
- [x] Nginx reverse proxy
- [x] caddy 2 reverse proxy
- [x] Docker / docker-compose
- [x] Letsencrypt / Certbot
- [x] Wordpress (Via FASTCGI/NGINX)
- [x] PHPMyAdmin (MariaDB)
- [x] PGAdmin (PostgreSQL)
- [x] Qbittorrent
- [x] Jellyfin
- [ ] Gitea
- [ ] Mastodon
- [ ] Minecraft server (Hyperworld v2)
- [ ] SSL for all subdomains / Services (Not just the main domain)
- [x] Caddy
- [x] Wordpress (Via FASTCGI/caddy)
- [x] Adminer (MariaDB)
- [x] Jellyfin (Media server)
- [x] Gitea (Git server)
- [x] Uptime Kuma (Monitoring)
- [x] Torrent server
## Screenshots
@ -34,7 +31,9 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
- [Docker Compose](https://docs.docker.com/compose/install/)
- [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
- [Web domain](https://www.ovh.com/world/domains/) (I use OVH)
- [Open port 80 and 443 on your router](http://192.168.0.1/) (I use a Orange box with default IP)
- [Open port 80 and 443 on your router](http://192.168.0.1/) (I use a SFR box with default IP)
***To avoid get rate limit from letsencrypt (10 certificates per 3 hours), you need to disable some certificates in the caddyfiles and enable them 3h later...***
### Clone
@ -50,106 +49,90 @@ Go to the folder
cd infrastructure
```
### Get the SSL certificate
### Configure the domain
For all **bensuperpc.org**, you need to replace it with your domain, example: **bensuperpc.com**
For all **bensuperpc.org**, you need to replace it with your domain, example: **mydomain.com**, so the same for **bensuperpc.com** ect...
```sh
find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/bensuperpc.com/g'
find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/mydomain.com/g'
```
Keep original config file
Check if all bensuperpc.* are replaced by your domain in [Caddyfile](caddy/wordpress/Caddyfile)
And then, caddy will generate the certificate for you and renew it automatically :D
| Domain name | Type | Description |
| --- | --- | --- |
| [bensuperpc.org](https://bensuperpc.org) | Main | Main domain |
| [adminer.bensuperpc.org](https://adminer.bensuperpc.org) | Sub | Adminer for MariaDB for wordpress only |
| [uptimekuma.bensuperpc.org](https://uptimekuma.bensuperpc.org) | Sub | Uptime Kuma for monitoring |
| [torrent.bensuperpc.org](https://torrent.bensuperpc.org) | Sub | Torrent server |
| [git.bensuperpc.org](https://git.bensuperpc.org) | Sub | Gitea for git |
| [link.bensuperpc.org](https://link.bensuperpc.org) | Sub | For link shortener |
| [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) | Sub | Jellyfin for media server |
| [syncthing.bensuperpc.org](https://syncthing.bensuperpc.org) | Sub | SyncThing for file synchronization |
| [ssh.bensuperpc.org](https://ssh.bensuperpc.org) | Sub | Openssh for ssh |
| bensuperpc.com | Main | Redirect to bensuperpc.org |
| bensuperpc.fr | Main | Redirect to bensuperpc.org |
| bensuperpc.net | Main | Redirect to bensuperpc.org |
| bensuperpc.ovh | Main | Redirect to bensuperpc.org |
### Configure the infrastructure
You need to configure the infrastructure with your own configuration.
You can generate a password with 32 characters:
```sh
cp -r nginx/conf.d nginx/conf.d-original
openssl rand -base64 32
```
Remove the old config file
For the [wordpress.env](env/wordpress.env) file, you need to change the password and user for the database.
```sh
rm -fr nginx/nginx-conf
WORDPRESS_DB_USER=bensuperpc
WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
WORDPRESS_DB_NAME=wordpress
WORDPRESS_DB_HOST=wordpress_db:3306
```
Copy _nginx-conf-cert_ to _nginx-conf_, for temporary use to get the SSL certificate
For [wordpress_db.env](env/wordpress_db.env) file, you need to change the password(s) and user for the database.
```sh
cp -r nginx/conf.d-cert nginx/conf.d
MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
MARIADB_DATABASE=wordpress
```
Replace certbot commands in _docker-compose.yml_, and replace _bensuperpc.org_ by your domain
```yaml
command: >
certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot
--webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
--webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
```
With to get the SSL certificate
```yaml
command: >
certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
--webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
--webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
```
Run the docker-compose and exit with CTRL+C and when you have the SSL certificate
For [adminer.env](env/adminer.env) file, you need to change the password(s) and user for the database.
```sh
make start-at
MYSQL_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MYSQL_USER=bensuperpc
MYSQL_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
ADMINER_DEFAULT_SERVER=wordpress_db
```
Replace certbot commands in _docker-compose.yml_ to update and renew the SSL certificate
For [gitea.env](env/gitea.env) file, you need to change the password(s) and user for the database.
```sh
command: >
certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
--webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
--webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
GITEA__database__DB_TYPE=mysql
GITEA__database__HOST=database_gitea:3306
GITEA__database__NAME=gitea
GITEA__database__USER=bensuperpc
GITEA__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
```
Run the docker-compose to update and renew the SSL certificate and exit with CTRL+C when you have the SSL certificate
For [gitea_db.env](env/gitea_db.env) file, you need to change the password(s) and user for the database.
```sh
make start-at
MYSQL_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
MYSQL_USER=bensuperpc
MYSQL_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
MYSQL_DATABASE=gitea
```
Now you can replace the certbot commands in _docker-compose.yml_ with the original one
```yaml
command: >
certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot
--webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
--webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
```
Remove the cert config file
```sh
rm -fr nginx/conf.d
```
Copy _nginx-conf-original_ to _nginx-conf_, for definitive use
```sh
cp -r nginx/conf.d-original nginx/conf.d
```
Now you start services
```sh
make start-at
```
### Flask website
You can follow the [README.md](bensuperpc_website/README.md) to install the Flask website.
### Wordpress website
For the Wordpress website, you can configure in GUI when you go to the website.
### Start the infrastructure
Start the website with:
@ -164,14 +147,28 @@ Stop the website with (or CTRL+C with the previous command):
make stop
```
## URL
Remove countainers with:
You can access to the website with:
```sh
make down
```
- [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) (Wordpress for now)
- [phpmyadmin.bensuperpc.org](http://phpmyadmin.bensuperpc.org) and [www.phpmyadmin.bensuperpc.org](http://www.phpmyadmin.bensuperpc.org) (PHPMyAdmin for MariaDB)
- [pgadmin.bensuperpc.org](http://pgadmin.bensuperpc.org) and [www.pgadmin.bensuperpc.org](http://www.pgadmin.bensuperpc.org) (PGAdmin for PostgreSQL)
- [qbittorrent.bensuperpc.org](http://qbittorrent.bensuperpc.org) and [www.qbittorrent.bensuperpc.org](http://www.qbittorrent.bensuperpc.org) (Qbittorrent)
### All services
You can find all services on the [docker-compose.yml](docker-compose.yml) file or on this table:
| Service | Description | URL |
| --- | --- | --- |
| Wordpress | Wordpress website | [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) |
| Adminer | Adminer for MariaDB | [adminer.bensuperpc.org](https://adminer.bensuperpc.org) |
| Uptime Kuma | Uptime Kuma for monitoring | [uptimekuma.bensuperpc.org](https://uptimekuma.bensuperpc.org) |
| Torrent | Torrent server | [torrent.bensuperpc.org](https://torrent.bensuperpc.org) |
| Gitea | Gitea for git | [git.bensuperpc.org](https://git.bensuperpc.org) |
| Jellyfin | Jellyfin for media server | [jellyfin.bensuperpc.org](https://jellyfin.bensuperpc.org) |
| SyncThing | SyncThing for file synchronization | [syncthing.bensuperpc.org](https://syncthing.bensuperpc.org) |
| Openssh | Openssh for ssh | [ssh.bensuperpc.org](https://ssh.bensuperpc.org) |
You can disable some services by removing the service name in PROFILES variable in the [Makefile](Makefile) file.
## Build with
@ -182,15 +179,10 @@ You can access to the website with:
- [Docker](https://www.docker.com/)
- [Docker Compose](https://docs.docker.com/compose/)
- [Docker Hub](https://hub.docker.com/)
- [Digital Ocean](https://www.digitalocean.com/)
- [Digital Ocean - How To Install WordPress with Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
- [PGAmin](https://www.pgadmin.org/)
- [Qbittorrent](https://www.qbittorrent.org/)
- [Jellyfin](https://jellyfin.org/)
- [How To Start WordPress with Caddy using Docker Compose](https://minhcung.me/how-to-start-wordpress-with-caddy-using-docker-compose-3d31bb9ef88b)
- [Digital Ocean - How To Install WordPress with Docker Compose (nginx)](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-docker-compose)
- [Letsencrypt](https://letsencrypt.org/)
- [Certbot](https://certbot.eff.org/)
- [Nginx](https://www.nginx.com/)
- [UWSGI](https://uwsgi-docs.readthedocs.io/en/latest/)
- [Caddy](https://caddyserver.com/)
## License

15
caddy/Caddyfile Normal file
View File

@ -0,0 +1,15 @@
{
email bensuperpc@gmail.com
key_type p384
log {
output file /data/logs/access.log
format console
}
}
import bensuperpc.org/Caddyfile
import bensuperpc.com/Caddyfile
import bensuperpc.net/Caddyfile
import bensuperpc.ovh/Caddyfile
import bensuperpc.fr/Caddyfile

7
caddy/bensuperpc.com/Caddyfile Normal file
View File

@ -0,0 +1,7 @@
bensuperpc.com {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.com {
redir https://www.bensuperpc.org{uri} permanent
}

7
caddy/bensuperpc.fr/Caddyfile Normal file
View File

@ -0,0 +1,7 @@
bensuperpc.fr {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.fr {
redir https://www.bensuperpc.org{uri} permanent
}

7
caddy/bensuperpc.net/Caddyfile Normal file
View File

@ -0,0 +1,7 @@
bensuperpc.net {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.net {
redir https://www.bensuperpc.org{uri} permanent
}

101
caddy/bensuperpc.org/Caddyfile Normal file
View File

@ -0,0 +1,101 @@
www.bensuperpc.org {
root * /var/www/html
php_fastcgi wordpress:9000
file_server
encode zstd gzip
# metrics /metrics
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
rewrite @disallowed '/index.php'
respond /uploads/*.php 404
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
X-Frame-Options DENY
# Disable powerful features we don't need
Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
}
}
bensuperpc.org {
redir https://www.bensuperpc.org{uri} permanent
}
adminer.bensuperpc.org {
reverse_proxy adminer:8080
}
uptimekuma.bensuperpc.org {
reverse_proxy uptime-kuma:3001
}
torrent.bensuperpc.org {
reverse_proxy qbittorrent:8080
}
git.bensuperpc.org {
reverse_proxy gitea:3000
}
jellyfin.bensuperpc.org {
reverse_proxy jellyfin:8096
}
ssh.bensuperpc.org {
reverse_proxy openssh:2222
}
syncthing.bensuperpc.org {
reverse_proxy syncthing:8384 {
header_up Host {upstream_hostport}
}
}
dns.bensuperpc.org {
reverse_proxy dns-server:5380
}
link.bensuperpc.org {
# TODO: Use service with database
# Friendly links
redir /gnous https://gnous.eu permanent
redir /proxy https://imagisphe.re permanent
redir /patch https://spaceint.fr permanent
redir /greep https://greep.fr permanent
# Youtube links
redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent
redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent
redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent
redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent
redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent
redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent
redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent
redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent
redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent
redir /chanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent
redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent
redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent
redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent
redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent
}

7
caddy/bensuperpc.ovh/Caddyfile Normal file
View File

@ -0,0 +1,7 @@
bensuperpc.ovh {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.ovh {
redir https://www.bensuperpc.org{uri} permanent
}

3
config/wordpress/php.ini Normal file
View File

@ -0,0 +1,3 @@
memory_limit = 1024M
upload_max_filesize = 64M
post_max_size = 64M

19
docker-compose.adminer.yml Normal file
View File

@ -0,0 +1,19 @@
version: '3.9'
services:
# Adminer
adminer:
image: adminer:latest
container_name: adminer
profiles:
- adminer
restart: on-failure
env_file:
- env/adminer.env
depends_on:
- wordpress_db
- caddy
networks:
- infra-network
security_opt:
- no-new-privileges:true

35
docker-compose.backup.yml Normal file
View File

@ -0,0 +1,35 @@
version: '3.9'
services:
# Backup
backup:
image: offen/docker-volume-backup:latest
container_name: backup
profiles:
- backup
restart: on-failure
env_file:
- env/backup.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- backup:/archive
- caddy_data:/backup/caddy_data:ro
- caddy_config:/backup/caddy_config:ro
# - gitea_data:/backup/gitea_data:ro
# - gitea_config:/backup/gitea_config:ro
# - wordpress_db:/backup/wordpress_db:ro
# - wordpress:/backup/wordpress:ro
# - jellyfin_config:/backup/jellyfin_config:ro
# - jellyfin_data:/backup/jellyfin_data:ro
# - jellyfin_cache:/backup/jellyfin_cache:ro
# - qbittorrent_config:/backup/qbittorrent_config:ro
# - qbittorrent_data:/backup/qbittorrent_data:ro
# - uptimekuma_data:/backup/uptimekuma_data:ro
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
backup:
name: backup

46
docker-compose.caddy.yml Normal file
View File

@ -0,0 +1,46 @@
version: '3.9'
services:
# Caddy
caddy:
image: caddy:latest
container_name: caddy
profiles:
- caddy
restart: on-failure
ports:
- 80:80
- 443:443
volumes:
- wordpress:/var/www/html:rw
- caddy_data:/data:rw
- caddy_config:/config:rw
- ./caddy:/etc/caddy:ro
networks:
- infra-network
env_file:
- env/caddy.env
cap_add:
- NET_ADMIN
security_opt:
- no-new-privileges:true
# cap_drop:
# - ALL
# cap_add:
# - CHOWN
# - FOWNER
# - DAC_OVERRIDE
# - SETGID
# - SETUID
# - NET_BIND_SERVICE
healthcheck:
test: pidof caddy || exit 1
interval: 120s
timeout: 10s
retries: 3
volumes:
caddy_data:
name: caddy_data
caddy_config:
name: caddy_config

32
docker-compose.certbot.yml
View File

@ -1,32 +0,0 @@
version: "3.9"
services:
certbot:
depends_on:
- webserver
image: certbot/certbot:v2.5.0
container_name: certbot
profiles:
- certbot
volumes:
- certbot-cert:/etc/letsencrypt
- wordpress:/var/www/wordpress
- jellyfin:/var/www/jellyfin
#command: >
# certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
# --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
# --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
#command: >
# certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
# --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
# --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
command: >
certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot
--webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
--webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
volumes:
certbot-cert:
name: certbot-cert

48
docker-compose.divers.yml
View File

@ -1,48 +0,0 @@
version: "3.9"
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
profiles:
- qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- WEBUI_PORT=8080
volumes:
- qbittorrent-conf:/config
- qbittorrent-downloads:/downloads
#ports:
# - 8080:8080
# - 6881:6881
# - 6881:6881/udp
restart: unless-stopped
networks:
- app-network
jellyfin:
image: lscr.io/linuxserver/jellyfin:latest
container_name: jellyfin
profiles:
- jellyfin
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
volumes:
- jellyfin-config:/config
- jellyfin-tvseries:/data/tvshows
- jellyfin-movies:/data/movies
- jellyfin:/var/www/html
#ports:
# - 8096:8096
# - 8920:8920 #optional
# - 7359:7359/udp #optional
# - 1900:1900/udp #optional
restart: unless-stopped
networks:
- app-network
security_opt:
- no-new-privileges:true

23
docker-compose.dns.yml Normal file
View File

@ -0,0 +1,23 @@
version: '3.9'
services:
dns-server:
container_name: dns-server
hostname: dns-server
profiles:
- dns-server
image: technitium/dns-server:latest
restart: on-failure
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
- dns-config:/etc/dns
env_file:
- env/technitium.env
volumes:
dns-config:
name: dns-config

51
docker-compose.gitea.yml Normal file
View File

@ -0,0 +1,51 @@
version: '3.9'
services:
# Gitea
gitea:
image: gitea/gitea:latest-rootless
container_name: gitea
profiles:
- gitea
restart: on-failure
depends_on:
- caddy
env_file:
- env/gitea.env
volumes:
- gitea_data:/var/lib/gitea
- gitea_config:/etc/gitea
# - /etc/timezone:/etc/timezone:ro
# - /etc/localtime:/etc/localtime:ro
networks:
- infra-network
security_opt:
- no-new-privileges:true
# Database gitea
database_gitea:
image: mariadb:latest
container_name: database_gitea
profiles:
- database
- gitea
depends_on:
- gitea
restart: on-failure
volumes:
- gitea_db:/var/lib/mysql:rw
env_file:
- env/gitea_db.env
command: '--default-authentication-plugin=mysql_native_password'
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
gitea_data:
name: gitea_data
gitea_config:
name: gitea_config
gitea_db:
name: gitea_db

28
docker-compose.jellyfin.yml Normal file
View File

@ -0,0 +1,28 @@
version: '3.9'
services:
# Jellyfin
jellyfin:
image: jellyfin/jellyfin:latest
container_name: jellyfin
profiles:
- jellyfin
restart: on-failure
depends_on:
- caddy
volumes:
- jellyfin_config:/config
- jellyfin_data:/movies:ro
- jellyfin_cache:/cache
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
jellyfin_config:
name: jellyfin_config
jellyfin_data:
name: jellyfin_data
jellyfin_cache:
name: jellyfin_cache

6
docker-compose.network.yml
View File

@ -1,6 +0,0 @@
version: "3.9"
networks:
app-network:
driver: bridge
name: app-network

6
docker-compose.networks.yml Normal file
View File

@ -0,0 +1,6 @@
version: '3.9'
networks:
infra-network:
driver: bridge
name: infra-network

24
docker-compose.nginx.yml
View File

@ -1,24 +0,0 @@
version: "3.9"
services:
webserver:
depends_on:
- wordpress
image: nginx:1.24.0
container_name: webserver
profiles:
- webserver
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- wordpress:/var/www/wordpress
- jellyfin:/var/www/jellyfin
- ./nginx/conf.d:/etc/nginx/conf.d:ro
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- certbot-cert:/etc/letsencrypt:ro
networks:
- app-network
security_opt:
- no-new-privileges:true

25
docker-compose.openssh.yml Normal file
View File

@ -0,0 +1,25 @@
version: '3.9'
services:
# Openssh
openssh:
image: linuxserver/openssh-server:latest
container_name: openssh
profiles:
- openssh
restart: on-failure
env_file:
- env/openssh.env
volumes:
- openssh_config:/config
- openssh_data:/data
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
openssh_config:
name: openssh_config
openssh_data:
name: openssh_data

27
docker-compose.qbittorrent.yml Normal file
View File

@ -0,0 +1,27 @@
version: '3.9'
services:
# qBittorrent
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
profiles:
- qbittorrent
restart: on-failure
depends_on:
- caddy
env_file:
- env/qbittorrent.env
volumes:
- qbittorrent_config:/config
- qbittorrent_data:/downloads
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
qbittorrent_config:
name: qbittorrent_config
qbittorrent_data:
name: qbittorrent_data

25
docker-compose.syncthing.yml Normal file
View File

@ -0,0 +1,25 @@
version: '3.9'
services:
# syncthing
syncthing:
image: linuxserver/syncthing:latest
container_name: syncthing
profiles:
- syncthing
restart: on-failure
env_file:
- env/syncthing.env
volumes:
- syncthing_config:/config
- syncthing_data:/data1
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
syncthing_config:
name: syncthing_config
syncthing_data:
name: syncthing_data

16
docker-compose.uptime-kuma.yml Normal file
View File

@ -0,0 +1,16 @@
version: '3.9'
services:
# Uptime Kuma
uptime-kuma:
image: louislam/uptime-kuma:latest
container_name: uptime-kuma
profiles:
- uptime-kuma
volumes:
- uptimekuma_data:/app/data
restart: on-failure
networks:
- infra-network
security_opt:
- no-new-privileges:true

15
docker-compose.volume.yml
View File

@ -1,15 +0,0 @@
version: "3.9"
volumes:
qbittorrent-downloads:
name: qbittorrent-downloads
qbittorrent-conf:
name: qbittorrent-conf
jellyfin-config:
name: jellyfin-config
jellyfin-tvseries:
name: jellyfin-tvseries
jellyfin-movies:
name: jellyfin-movies
jellyfin:
name: jellyfin

5
docker-compose.volumes.yml Normal file
View File

@ -0,0 +1,5 @@
version: '3.9'
volumes:
uptimekuma_data:
name: uptimekuma_data

16
docker-compose.watchtower.yml Normal file
View File

@ -0,0 +1,16 @@
version: '3.9'
services:
# Watchtower
watchtower:
image: containrrr/watchtower
container_name: watchtower
profiles:
- watchtower
restart: on-failure
networks:
- infra-network
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
security_opt:
- no-new-privileges:true

69
docker-compose.wordpress.yml
View File

@ -1,63 +1,48 @@
version: "3.9"
version: '3.9'
services:
wp_db:
image: mariadb:10.10.3
container_name: wp_db
profiles:
- wp_db
restart: unless-stopped
env_file:
- env/wp_database.env
volumes:
- dbdata:/var/lib/mysql
networks:
- app-network
security_opt:
- no-new-privileges:true
# Wordpress
wordpress:
depends_on:
- wp_db
image: wordpress:6.2.0-fpm
image: wordpress:fpm
container_name: wordpress
profiles:
- wordpress
restart: unless-stopped
restart: on-failure
depends_on:
- wordpress_db
- caddy
env_file:
- env/wordpress.env
volumes:
- wordpress:/var/www/html
- ./config/wordpress/php.ini:/usr/local/etc/php/conf.d/custom.ini:ro
- wordpress:/var/www/html:rw
networks:
- app-network
- infra-network
security_opt:
- no-new-privileges:true
# cap_drop:
# - ALL
# cap_add:
# - SETUID
# - SETGID
# - DAC_OVERRIDE
# - NET_BIND_SERVICE
# - NET_RAW
# - CAP_CHOWN
phpmyadmin:
image: phpmyadmin:5.2.0
container_name: phpmyadmin
# Database wordpress
wordpress_db:
image: mariadb:latest
container_name: wordpress_db
profiles:
- phpmyadmin
restart: unless-stopped
env_file:
- env/phpmyadmin.env
- database
- wordpress
depends_on:
- wp_db
- caddy
restart: on-failure
volumes:
- wordpress_db:/var/lib/mysql:rw
env_file:
- env/wordpress_db.env
command: '--default-authentication-plugin=mysql_native_password'
networks:
- app-network
- infra-network
security_opt:
- no-new-privileges:true
volumes:
wordpress_db:
name: wordpress_db
wordpress:
name: wordpress
dbdata:
name: dbdata

4
env/adminer.env vendored Normal file
View File

@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MYSQL_USER=bensuperpc
MYSQL_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
ADMINER_DEFAULT_SERVER=wordpress_db

4
env/backup.env vendored Normal file
View File

@ -0,0 +1,4 @@
BACKUP_COMPRESSION="zst"
BACKUP_CRON_EXPRESSION="0 2 * * *"
# BACKUP_RETENTION_DAYS: '7'
# BACKUP_FILENAME="backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}"

0
env/caddy.env vendored Normal file
View File

4
env/flask_database.env vendored
View File

@ -1,4 +0,0 @@
POSTGRES_HOST_AUTH_METHOD=trust
POSTGRES_USER=bensuperpc
POSTGRES_PASSWORD=nPRh270dKH3hz%6HS2$X%8F3fqoQ*Fex
POSTGRES_DB=website

7
env/flask_website.env vendored
View File

@ -1,7 +0,0 @@
FLASK_DEBUG=1
# Acces to the database
POSTGRES_URL=flask_db:5432
POSTGRES_USER=bensuperpc
POSTGRES_PW=nPRh270dKH3hz%6HS2$X%8F3fqoQ*Fex
POSTGRES_DB=website

7
env/gitea.env vendored Normal file
View File

@ -0,0 +1,7 @@
USER_UID=1000
USER_GID=1000
GITEA__database__DB_TYPE=mysql
GITEA__database__HOST=database_gitea:3306
GITEA__database__NAME=gitea
GITEA__database__USER=bensuperpc
GITEA__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j

4
env/gitea_db.env vendored Normal file
View File

@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
MYSQL_USER=bensuperpc
MYSQL_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
MYSQL_DATABASE=gitea

11
env/openssh.env vendored Normal file
View File

@ -0,0 +1,11 @@
PUID=1000
PGID=1000
PUBLIC_KEY=
# PUBLIC_KEY_FILE=
# PUBLIC_KEY_DIR=
# PUBLIC_KEY_URL=
SUDO_ACCESS=false
PASSWORD_ACCESS=false
# USER_PASSWORD=
# USER_PASSWORD_FILE=
# USER_NAME=

3
env/pgadmin.env vendored
View File

@ -1,3 +0,0 @@
PGADMIN_DEFAULT_EMAIL=bensuperpc@bensuperpc.org
PGADMIN_DEFAULT_PASSWORD=LmRVf9DY291ez7B^^%2RntHcsCrJ5fQ!
#PGADMIN_ENABLE_TLS

4
env/phpmyadmin.env vendored
View File

@ -1,4 +0,0 @@
MYSQL_ROOT_PASSWORD=g1qQWxTXyFXIKpAfbE0h5bxn&prr4zfd
MYSQL_USER=bensuperpc
MYSQL_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt
PMA_HOST=db

5
env/qbittorrent.env vendored Normal file
View File

@ -0,0 +1,5 @@
PUID=1000
PGID=1000
TZ=Etc/UTC
WEBUI_PORT=8080
TORRENTING_PORT=6881

2
env/syncthing.env vendored Normal file
View File

@ -0,0 +1,2 @@
PUID=1000
PGID=1000

18
env/technitium.env vendored Normal file
View File

@ -0,0 +1,18 @@
DNS_SERVER_DOMAIN=dns-server
DNS_SERVER_ADMIN_PASSWORD=fddsdfF548TjSNbi490fzZspmLSDf
# DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt
# DNS_SERVER_PREFER_IPV6=false
# DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380
# DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443
# DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true
# DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false
# DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=true
# DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks
# DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24
# DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24
# DNS_SERVER_ENABLE_BLOCKING=false
# DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false
# DNS_SERVER_BLOCK_LIST_URLS=
# DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8
# DNS_SERVER_FORWARDER_PROTOCOL=Tcp
# DNS_SERVER_LOG_USING_LOCAL_TIME=true

4
env/wordpress.env vendored
View File

@ -1,4 +1,4 @@
WORDPRESS_DB_USER=bensuperpc
WORDPRESS_DB_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt
WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
WORDPRESS_DB_NAME=wordpress
WORDPRESS_DB_HOST=wp_db:3306
WORDPRESS_DB_HOST=wordpress_db:3306

4
env/wordpress_db.env vendored Normal file
View File

@ -0,0 +1,4 @@
MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
MARIADB_DATABASE=wordpress

4
env/wp_database.env vendored
View File

@ -1,4 +0,0 @@
MARIADB_ROOT_PASSWORD=g1qQWxTXyFXIKpAfbE0h5bxn&prr4zfd
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=4Xnc7FB7902%*w9PW4y9&anQ5&hQdTzt
MARIADB_DATABASE=wordpress

29
nginx/conf.d-cert/jellyfin.conf
View File

@ -1,29 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
root /var/www/jellyfin;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/jellyfin;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://jellyfin:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
resolver 8.8.8.8;
}

50
nginx/conf.d-cert/wordpress.conf
View File

@ -1,50 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name bensuperpc.org www.bensuperpc.org;
index index.php index.html index.htm;
root /var/www/wordpress;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/wordpress;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
# Necessary to avoid 404 error when changing the wordpress path
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
resolver 8.8.8.8;
}

130
nginx/conf.d/jellyfin.conf
View File

@ -1,130 +0,0 @@
proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=2g inactive=30d use_temp_path=off;
upstream jellyfin_server {
# ip_hash;
server jellyfin:8096;
# server jellyfin:8096 weight=1 max_fails=3 fail_timeout=30s;
}
# Redirect all http requests to the main server wordpress_server
server {
listen 80;
listen [::]:80;
root /var/www/jellyfin;
server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/jellyfin;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jellyfin.bensuperpc.org www.jellyfin.bensuperpc.org;
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
client_max_body_size 20M;
# All things related to SSL
ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
# Logging
access_log /var/log/nginx/wordpress.access.log;
error_log /var/log/nginx/wordpress.error.log;
# Security
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
location = / {
return 302 https://$host/web/;
}
location / {
# Proxy main Jellyfin traffic
proxy_pass http://jellyfin_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://jellyfin_server/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass http://jellyfin_server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
# Cache images (inside server block)
location ~ /Items/(.*)/Images {
proxy_pass http://127.0.0.1:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_cache jellyfin;
proxy_cache_revalidate on;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status; # This is only to check if cache is working
}
resolver 8.8.8.8;
}
# All configuration options are documented at https://jellyfin.org/docs/general/networking/nginx/

24
nginx/conf.d/phpmyadmin.conf
View File

@ -1,24 +0,0 @@
upstream phpmyadmin_server {
# ip_hash;
server phpmyadmin:80;
# server phpmyadmin:80 weight=1 max_fails=3 fail_timeout=30s;
}
# PHPmyadmin
server {
listen 80;
listen [::]:80;
#listen 443;
#listen [::]:443;
server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
location / {
proxy_pass http://phpmyadmin_server;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
resolver 8.8.8.8;
}

24
nginx/conf.d/qbittorrent.conf
View File

@ -1,24 +0,0 @@
upstream qbittorrent_server {
# ip_hash;
server qbittorrent:8080;
# server qbittorrent:8080 weight=1 max_fails=3 fail_timeout=30s;
}
# PHPmyadmin
server {
listen 80;
listen [::]:80;
#listen 443;
#listen [::]:443;
server_name qbittorrent.bensuperpc.org www.qbittorrent.bensuperpc.org;
location / {
proxy_pass http://qbittorrent_server;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
resolver 8.8.8.8;
}

6
nginx/conf.d/stream/minecraft.conf
View File

@ -1,6 +0,0 @@
#server {
# Port number the reverse proxy is listening on
# listen 25565;
# The original Minecraft server address
# proxy_pass server.example.com:25565;
#}

28
nginx/conf.d/sub/cache-fastcgi.conf
View File

@ -1,28 +0,0 @@
# The path to store the cache files, limit the folder to 100MB
fastcgi_cache_path /var/run/nginx-cache-fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=120m max_size=1g use_temp_path=off;
# A unique request is defined by this cache key
fastcgi_cache_key "$scheme$request_method$host$request_uri";
# Show the cached version if upstream gives a timeout or a HTTP 500 error
fastcgi_cache_use_stale error timeout invalid_header http_500;
# Revalidate items in the cache if they are update
fastcgi_cache_revalidate on;
# Minimum time to store an item in the cache
fastcgi_cache_min_uses 3;
# Cache everything for 1 day
fastcgi_cache_valid 1d;
# Don't use the following headers to define the cache variables
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
# Some parts of this file are from
# https://gist.github.com/TrafeX/6d582b6d040702088722

25
nginx/conf.d/sub/cache-proxy.conf
View File

@ -1,25 +0,0 @@
# The path to store the cache files, limit the folder to 100MB
proxy_cache_path /var/run/nginx-cache-proxy levels=1:2 keys_zone=PROXY:100m inactive=120m max_size=1g use_temp_path=off;
# A unique request is defined by this cache key
proxy_cache_key "$scheme$request_method$host$request_uri";
# Show the cached version if upstream gives a timeout or a HTTP 500 error
proxy_cache_use_stale error timeout invalid_header http_500;
# Revalidate items in the cache if they are update
proxy_cache_revalidate on;
# Minimum time to store an item in the cache
proxy_cache_min_uses 3;
# Cache everything for 1 day
proxy_cache_valid 1d;
# Don't use the following headers to define the cache variables
proxy_ignore_headers Cache-Control Expires Set-Cookie;
# Increase proxy buffers for large requests
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;

20
nginx/conf.d/sub/cache-uwsgi.conf
View File

@ -1,20 +0,0 @@
# The path to store the cache files, limit the folder to 100MB
uwsgi_cache_path /var/run/nginx-cache-uwsgi levels=1:2 keys_zone=UWSGI:100m inactive=120m max_size=1g use_temp_path=off;
# A unique request is defined by this cache key
uwsgi_cache_key "$scheme$request_method$host$request_uri";
# Show the cached version if upstream gives a timeout or a HTTP 500 error
uwsgi_cache_use_stale error timeout invalid_header http_500;
# Revalidate items in the cache if they are update
uwsgi_cache_revalidate on;
# Minimum time to store an item in the cache
uwsgi_cache_min_uses 3;
# Cache everything for 1 day
uwsgi_cache_valid 1d;
# Don't use the following headers to define the cache variables
uwsgi_ignore_headers Cache-Control Expires Set-Cookie;

13
nginx/conf.d/sub/gzip.conf
View File

@ -1,13 +0,0 @@
# Compression config
gzip on;
gunzip on;
gzip_static on;
gzip_min_length 1000;
gzip_buffers 4 32k;
# gzip_http_version 1.1;
gzip_proxied any;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_vary on;
gzip_comp_level 6;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";

15
nginx/conf.d/sub/options-ssl-nginx.conf
View File

@ -1,15 +0,0 @@
# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

243
nginx/conf.d/wordpress.conf
View File

@ -1,243 +0,0 @@
include /etc/nginx/conf.d/sub/cache-fastcgi.conf;
# All upstream serveur
upstream wordpress_server {
# ip_hash;
server wordpress:9000;
# server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s;
}
# Redirect all http requests to the main server wordpress_server
server {
listen 80;
listen [::]:80;
server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
root /var/www/wordpress;
index index.php index.html index.htm;
reset_timedout_connection on;
# Upload limit
client_max_body_size 50m;
client_body_buffer_size 128k;
# Initialize the variable that specified to skip the cache
set $skip_cache 0;
# POST requests and url's with a query string should always skip cache
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache url's containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
server_tokens off;
location ~ /.well-knownwell-known/acme-challenge {
allow all;
root /var/www/wordpress;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress_server;
fastcgi_index index.php;
include fastcgi_params;
# Necessary to avoid 404 error when changing the wordpress path
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_intercept_errors on;
# Don't cache when $skip_cache is true
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Use the WORDPRESS zone
fastcgi_cache WORDPRESS;
fastcgi_connect_timeout 600;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
}
# Don't write to accesslog for these files
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Media files with one of these extensions should be cached by the browser
location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires max;
log_not_found off;
}
# Deny access to .* files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Add cache status header for easy debugging
add_header X-cache $upstream_cache_status;
# From cat /etc/resolv.conf
resolver 8.8.8.8;
# Some parts of this file are from
# https://gist.github.com/TrafeX/6d582b6d040702088722
#location / {
# return 301 https://$host$request_uri;
#}
}
# Main server wordpress_server
server {
listen 443 ssl http2;
#listen 443 http3 reuseport;
listen [::]:443 ssl http2;
server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
root /var/www/wordpress;
index index.php index.html index.htm;
reset_timedout_connection on;
# Upload limit
client_max_body_size 50m;
client_body_buffer_size 128k;
# Initialize the variable that specified to skip the cache
set $skip_cache 0;
# POST requests and url's with a query string should always skip cache
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache url's containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
server_tokens off;
# All things related to SSL
ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
# Logging
access_log /var/log/nginx/wordpress.access.log;
error_log /var/log/nginx/wordpress.error.log;
# Security
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
try_files $uri $uri/ /index.php$is_args$args;
# try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress_server;
fastcgi_index index.php;
include fastcgi_params;
# Necessary to avoid 404 error when changing the wordpress path
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_intercept_errors on;
# Don't cache when $skip_cache is true
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Use the WORDPRESS zone
fastcgi_cache WORDPRESS;
}
# Don't write to accesslog for these files
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Media files with one of these extensions should be cached by the browser
location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires max;
log_not_found off;
}
# Deny access to .* files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Add cache status header for easy debugging
add_header X-cache $upstream_cache_status;
# From cat /etc/resolv.conf
resolver 8.8.8.8;
# Some parts of this file are from
# https://gist.github.com/TrafeX/6d582b6d040702088722
}

40
nginx/nginx.conf
View File

@ -1,40 +0,0 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Keepalive for 70 seconds
keepalive_timeout 70;
# Number of requests per connection
keepalive_requests 100;
include /etc/nginx/conf.d/sub/gzip.conf;
include /etc/nginx/conf.d/*.conf;
}
stream {
include /etc/nginx/conf.d/stream/*.conf;
}