Loading README.md 0 → 100644 +154 −0 Original line number Diff line number Diff line # Server configuration ## Goal ```bash $ export SITE=tom.moulard.org $ docker-compose up -d ``` Now you have my own server configuration ## TODO ### New ideas - [X] traefik - [X] gitlab - [X] nextcloud - [ ] CI/CD worker(s) - [X] nginx - [X] weechat - [X] transmission - [X] vpn - [X] jupyter - [ ] readthedoc / [DokuWiki](https://hub.docker.com/r/mprasil/dokuwiki) - [X] pastebin - [ ] image hosting - [ ] [hackmd](https://github.com/hackmdio/docker-hackmd) [main repo](https://github.com/hackmdio/codimd) - [ ] jekyll - [ ] [monitoring](https://www.brianchristner.io/how-to-monitor-traefik-reverse-proxy-with-prometheus/) - [ ] proxy - [ ] [RSS agregator server](https://www.freshrss.org/) - [ ] calendar - [ ] url shortener - [ ] File host [jirafeau](https://jirafeau.net/) - [ ] DNS updater - [ ] factorio server - [ ] news group server - [ ] vlc server - [ ] blog [more](https://github.com/Kickball/awesome-selfhosted) ### List - [ ] which database ? maria / mysql / mongo / postgres - [ ] gitlab postgresSQL / MySQL - MariaDB - [ ] nextcloud postgresSQL / MySQL - MariaDB / Oracle - [X] nginx.conf - [ ] create a git repository auto in gitlab for // FIXME - [ ] Create a Dockerfile for a mail server - [X] reverse proxy with ssl - [ ] multi files configuration - [ ] Testing - [X] traefik - [X] gitlab - [ ] nextcloud - [X] nginx - [ ] weechat - [X] transmission - [X] vpn - [X] jupyter - [X] pastebin ### Configuration files - [ ] have default configuration files - [X] traefik - [ ] gitlab - [ ] gitlab runner - [ ] transmission - [ ] pastebin - [ ] nextcloud - [X] nginx ## Configuration Don't forget to change db passwords. (migth not be needed since they are beyond the reverse proxy). Fill vpn secrets(if none provided, they are generated directly). Configuration files are: `docker-compose.yml`, `nginx.conf` ### Scalling up ```bash docker-compose scale nginx=2 ``` ### Adress table | Status | Address | port(s)| |:--:|--|--| | [X] | traefik.${SITE} | 80, 443 (redirect 80 to 443) | | [X] | gitlab.${SITE} | 22, 80, 443 | | [ ] | cloud.${SITE} | 80, 443 | | [X] | ${SITE} | 80, 443 | | [ ] | mail.${SITE} | 25(recv mail), 465(ssl), 587(TLS), 143(IMAP), 993(IMAP), 110(POP3), 995(POP3) | | [X] | torrent.${SITE} | 80, 443 (redirect 80 to 443) | | [X] | vpn.${SITE} | 500, 4500 | | [X] | jupiter.${SITE} | 80, 443 (redirect 80 to 443) | | [X] | paste.${SITE} | 80, 443 (redirect 80 to 443) | | [ ] | irc.${SITE} | ?? | ### Miscellaneous | Status | Address | port(s)| |:--:|--|--| | [X] | ${SITE2} | 80, 443 (redirect 80 to 443) | ## Installation ### Traefik ``` defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] # API definition [api] entryPoint = "traefik" dashboard = true [api.statistics] recentErrors = 42 [[acme.domains]] main = "${SITE}" sans = ["paste.${SITE}", "traefik.${SITE}", "gitlab.${SITE}"] [acme] email = "${EMAIL}" storage = "acme.json" entryPoint = "https" onHostRule = true [acme.httpChallenge] entryPoint = "http" [docker] watch = true exposedByDefault = false ``` ### Nginx Configuration file to put in `$HOME/srv/nginx/nginx.conf` ``` server { root /etc/nginx/conf.d/www; index index.html; location /{ try_files $uri $uri/ =404; autoindex on; } } ``` And put your files in the folder `$HOME/srv/nginx/www`. No newline at end of file docker-compose.yml 0 → 100644 +217 −0 Original line number Diff line number Diff line version: "2" networks: srv: gitlab: services: traefik: image: traefik:1.5.4 container_name: traefik restart: always ports: - '80:80' - '443:443' - '8080:8080' networks: - srv labels: - 'traefik.enable=true' - 'traefik.port=8080' - 'traefik.frontend.rule=Host:traefik.${SITE}' volumes: - '/var/run/docker.sock:/var/run/docker.sock' - '$HOME/srv/traefik/traefik.toml:/traefik.toml' - '$HOME/srv/traefik/acme.json:/acme.json' gitlab: image: 'gitlab/gitlab-ce:latest' container_name: gitlab restart: always hostname: 'gitlab.${SITE}' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'http://gitlab.${SITE}:80' gitlab_rails['gitlab_shell_ssh_port'] = 22 ports: - '22:22' volumes: - '$HOME/srv/gitlab/config:/etc/gitlab' - '$HOME/srv/gitlab/logs:/var/log/gitlab' - '$HOME/srv/gitlab/data:/var/opt/gitlab' networks: - srv # - gitlab labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:gitlab.${SITE}' - 'traefik.port=80' runner: image: gitlab/gitlab-runner:latest restart: always container_name: gitlab_runner volumes: - '$HOME/srv/gitlab/runner:/etc/gitlab-runner' - '/var/run/docker.sock:/var/run/docker.sock' networks: - gitlab links: - gitlab labels: - 'traefik.enable=false' environment: - 'GITLAB_URL=https://gitlab${SITE}/' - 'GITLAB_TOKEN=' nginx: image: nginx:stable-alpine container_name: nginx volumes: - '$HOME/srv/nginx:/etc/nginx/conf.d' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:${SITE}' - 'traefik.port=80' cyprine: image: nginx:stable-alpine container_name: cyprine volumes: - '$HOME/srv/cyprine:/etc/nginx/conf.d' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:${SITE2}' - 'traefik.port=80' transmission: image: linuxserver/transmission:2.94-r1-ls12 container_name: transmission restart: always environment: - 'PGID=1000' - 'PUID=1000' - 'TZ=Europe/Paris' ports: - '51413:51413' - '51413:51413/udp' volumes: - '$HOME/srv/transmission/config:/config' - '$HOME/srv/transmission/downloads:/downloads' - '$HOME/srv/transmission/watch:/watch' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:torrent.${SITE}' - 'traefik.port=9091' vpn: image: hwdsl2/ipsec-vpn-server:latest restart: always container_name: vpn privileged: true environment: - 'VPN_IPSEC_PSK=' - 'VPN_USER=' - 'VPN_PASSWORD=' - 'VPN_ADDL_USERS=' # space separated values - 'VPN_ADDL_PASSWORDS=' # space separated values ports: - '500:500' - '4500:4500/udp' volumes: - '/lib/modules:/lib/modules:ro' jupyter: image: jupyter/base-notebook:2662627f26e0 container_name: jupyter restart: always environment: - 'JUPYTER_ENABLE_LAB=yes' volumes: - '$HOME/srv/jupyter/jupyter_notebook_config.py:/root/.jupyter/jupyter_notebook_config.py' - '$HOME/srv/jupyter/notbooks:/notebooks' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:jupyter.${SITE}' - 'traefik.port=8888' pastebin: image: mkodockx/docker-pastebin:latest container_name: pastebin restart: always networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:paste.${SITE}' - 'traefik.port=80' # doc: # image: jekyll/jekyll:latest # command: jekyll serve --force_polling --livereload # container_name: doc # # restart: always # environment: # - 'JEKYLL_ENV=docker' # volumes: # - '$HOME/srv/documentation/site:/srv/jekyll' # - '$HOME/srv/documentation/bundle:/usr/local/bundle' # networks: # - srv # labels: # - 'traefik.enable=true' # - 'traefik.frontend.rule=Host:wiki.${SITE}' # - 'traefik.port=4000' # db: # image: mariadb:10.1 # container_name: mariadb # command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW # restart: always # volumes: # - '$HOME/srv/nextcloud/db:/var/lib/mysql' # environment: # - 'MYSQL_DATABASE=nextcloud' # - 'MYSQL_USER=nextcloud' # - 'MYSQL_PASSWORD=' # - 'MYSQL_ROOT_PASSWORD=' # labels: # - 'traefik.enable=false' # nextcloud: # image: nextcloud:16.0-fpm-alpine # container_name: nextcloud # restart: always # links: # - db # volumes: # - '$HOME/srv/nextcloud/data:/var/www/html' # - '$HOME/srv/nextcloud/db:/var/lib/mysql ' # - '$HOME/srv/nextcloud/apps:/var/www/html/custom_apps' # - '$HOME/srv/nextcloud/config:/var/www/html/config' # - '$HOME/srv/nextcloud/data:/var/www/html/data' # - '$HOME/srv/nextcloud/theme:/var/www/html/themes/<YOUR_CUSTOM_THEME>' # networks: # - srv # labels: # - 'traefik.enable=true' # - 'traefik.frontend.rule=Host:cloud.${SITE}' # - 'traefik.port=80' # weechat: # image: craighurley/docker-weechat:latest # container_name: weechat # restart: always # volumes: # - '$HOME/srv/weechat:/home/user/.weechat' # labels: # - 'traefik.enable=true' # - 'traefik.frontend.rule=Host:irc.${SITE}' # - 'traefik.port=80' Loading
README.md 0 → 100644 +154 −0 Original line number Diff line number Diff line # Server configuration ## Goal ```bash $ export SITE=tom.moulard.org $ docker-compose up -d ``` Now you have my own server configuration ## TODO ### New ideas - [X] traefik - [X] gitlab - [X] nextcloud - [ ] CI/CD worker(s) - [X] nginx - [X] weechat - [X] transmission - [X] vpn - [X] jupyter - [ ] readthedoc / [DokuWiki](https://hub.docker.com/r/mprasil/dokuwiki) - [X] pastebin - [ ] image hosting - [ ] [hackmd](https://github.com/hackmdio/docker-hackmd) [main repo](https://github.com/hackmdio/codimd) - [ ] jekyll - [ ] [monitoring](https://www.brianchristner.io/how-to-monitor-traefik-reverse-proxy-with-prometheus/) - [ ] proxy - [ ] [RSS agregator server](https://www.freshrss.org/) - [ ] calendar - [ ] url shortener - [ ] File host [jirafeau](https://jirafeau.net/) - [ ] DNS updater - [ ] factorio server - [ ] news group server - [ ] vlc server - [ ] blog [more](https://github.com/Kickball/awesome-selfhosted) ### List - [ ] which database ? maria / mysql / mongo / postgres - [ ] gitlab postgresSQL / MySQL - MariaDB - [ ] nextcloud postgresSQL / MySQL - MariaDB / Oracle - [X] nginx.conf - [ ] create a git repository auto in gitlab for // FIXME - [ ] Create a Dockerfile for a mail server - [X] reverse proxy with ssl - [ ] multi files configuration - [ ] Testing - [X] traefik - [X] gitlab - [ ] nextcloud - [X] nginx - [ ] weechat - [X] transmission - [X] vpn - [X] jupyter - [X] pastebin ### Configuration files - [ ] have default configuration files - [X] traefik - [ ] gitlab - [ ] gitlab runner - [ ] transmission - [ ] pastebin - [ ] nextcloud - [X] nginx ## Configuration Don't forget to change db passwords. (migth not be needed since they are beyond the reverse proxy). Fill vpn secrets(if none provided, they are generated directly). Configuration files are: `docker-compose.yml`, `nginx.conf` ### Scalling up ```bash docker-compose scale nginx=2 ``` ### Adress table | Status | Address | port(s)| |:--:|--|--| | [X] | traefik.${SITE} | 80, 443 (redirect 80 to 443) | | [X] | gitlab.${SITE} | 22, 80, 443 | | [ ] | cloud.${SITE} | 80, 443 | | [X] | ${SITE} | 80, 443 | | [ ] | mail.${SITE} | 25(recv mail), 465(ssl), 587(TLS), 143(IMAP), 993(IMAP), 110(POP3), 995(POP3) | | [X] | torrent.${SITE} | 80, 443 (redirect 80 to 443) | | [X] | vpn.${SITE} | 500, 4500 | | [X] | jupiter.${SITE} | 80, 443 (redirect 80 to 443) | | [X] | paste.${SITE} | 80, 443 (redirect 80 to 443) | | [ ] | irc.${SITE} | ?? | ### Miscellaneous | Status | Address | port(s)| |:--:|--|--| | [X] | ${SITE2} | 80, 443 (redirect 80 to 443) | ## Installation ### Traefik ``` defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] # API definition [api] entryPoint = "traefik" dashboard = true [api.statistics] recentErrors = 42 [[acme.domains]] main = "${SITE}" sans = ["paste.${SITE}", "traefik.${SITE}", "gitlab.${SITE}"] [acme] email = "${EMAIL}" storage = "acme.json" entryPoint = "https" onHostRule = true [acme.httpChallenge] entryPoint = "http" [docker] watch = true exposedByDefault = false ``` ### Nginx Configuration file to put in `$HOME/srv/nginx/nginx.conf` ``` server { root /etc/nginx/conf.d/www; index index.html; location /{ try_files $uri $uri/ =404; autoindex on; } } ``` And put your files in the folder `$HOME/srv/nginx/www`. No newline at end of file
docker-compose.yml 0 → 100644 +217 −0 Original line number Diff line number Diff line version: "2" networks: srv: gitlab: services: traefik: image: traefik:1.5.4 container_name: traefik restart: always ports: - '80:80' - '443:443' - '8080:8080' networks: - srv labels: - 'traefik.enable=true' - 'traefik.port=8080' - 'traefik.frontend.rule=Host:traefik.${SITE}' volumes: - '/var/run/docker.sock:/var/run/docker.sock' - '$HOME/srv/traefik/traefik.toml:/traefik.toml' - '$HOME/srv/traefik/acme.json:/acme.json' gitlab: image: 'gitlab/gitlab-ce:latest' container_name: gitlab restart: always hostname: 'gitlab.${SITE}' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'http://gitlab.${SITE}:80' gitlab_rails['gitlab_shell_ssh_port'] = 22 ports: - '22:22' volumes: - '$HOME/srv/gitlab/config:/etc/gitlab' - '$HOME/srv/gitlab/logs:/var/log/gitlab' - '$HOME/srv/gitlab/data:/var/opt/gitlab' networks: - srv # - gitlab labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:gitlab.${SITE}' - 'traefik.port=80' runner: image: gitlab/gitlab-runner:latest restart: always container_name: gitlab_runner volumes: - '$HOME/srv/gitlab/runner:/etc/gitlab-runner' - '/var/run/docker.sock:/var/run/docker.sock' networks: - gitlab links: - gitlab labels: - 'traefik.enable=false' environment: - 'GITLAB_URL=https://gitlab${SITE}/' - 'GITLAB_TOKEN=' nginx: image: nginx:stable-alpine container_name: nginx volumes: - '$HOME/srv/nginx:/etc/nginx/conf.d' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:${SITE}' - 'traefik.port=80' cyprine: image: nginx:stable-alpine container_name: cyprine volumes: - '$HOME/srv/cyprine:/etc/nginx/conf.d' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:${SITE2}' - 'traefik.port=80' transmission: image: linuxserver/transmission:2.94-r1-ls12 container_name: transmission restart: always environment: - 'PGID=1000' - 'PUID=1000' - 'TZ=Europe/Paris' ports: - '51413:51413' - '51413:51413/udp' volumes: - '$HOME/srv/transmission/config:/config' - '$HOME/srv/transmission/downloads:/downloads' - '$HOME/srv/transmission/watch:/watch' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:torrent.${SITE}' - 'traefik.port=9091' vpn: image: hwdsl2/ipsec-vpn-server:latest restart: always container_name: vpn privileged: true environment: - 'VPN_IPSEC_PSK=' - 'VPN_USER=' - 'VPN_PASSWORD=' - 'VPN_ADDL_USERS=' # space separated values - 'VPN_ADDL_PASSWORDS=' # space separated values ports: - '500:500' - '4500:4500/udp' volumes: - '/lib/modules:/lib/modules:ro' jupyter: image: jupyter/base-notebook:2662627f26e0 container_name: jupyter restart: always environment: - 'JUPYTER_ENABLE_LAB=yes' volumes: - '$HOME/srv/jupyter/jupyter_notebook_config.py:/root/.jupyter/jupyter_notebook_config.py' - '$HOME/srv/jupyter/notbooks:/notebooks' networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:jupyter.${SITE}' - 'traefik.port=8888' pastebin: image: mkodockx/docker-pastebin:latest container_name: pastebin restart: always networks: - srv labels: - 'traefik.enable=true' - 'traefik.frontend.rule=Host:paste.${SITE}' - 'traefik.port=80' # doc: # image: jekyll/jekyll:latest # command: jekyll serve --force_polling --livereload # container_name: doc # # restart: always # environment: # - 'JEKYLL_ENV=docker' # volumes: # - '$HOME/srv/documentation/site:/srv/jekyll' # - '$HOME/srv/documentation/bundle:/usr/local/bundle' # networks: # - srv # labels: # - 'traefik.enable=true' # - 'traefik.frontend.rule=Host:wiki.${SITE}' # - 'traefik.port=4000' # db: # image: mariadb:10.1 # container_name: mariadb # command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW # restart: always # volumes: # - '$HOME/srv/nextcloud/db:/var/lib/mysql' # environment: # - 'MYSQL_DATABASE=nextcloud' # - 'MYSQL_USER=nextcloud' # - 'MYSQL_PASSWORD=' # - 'MYSQL_ROOT_PASSWORD=' # labels: # - 'traefik.enable=false' # nextcloud: # image: nextcloud:16.0-fpm-alpine # container_name: nextcloud # restart: always # links: # - db # volumes: # - '$HOME/srv/nextcloud/data:/var/www/html' # - '$HOME/srv/nextcloud/db:/var/lib/mysql ' # - '$HOME/srv/nextcloud/apps:/var/www/html/custom_apps' # - '$HOME/srv/nextcloud/config:/var/www/html/config' # - '$HOME/srv/nextcloud/data:/var/www/html/data' # - '$HOME/srv/nextcloud/theme:/var/www/html/themes/<YOUR_CUSTOM_THEME>' # networks: # - srv # labels: # - 'traefik.enable=true' # - 'traefik.frontend.rule=Host:cloud.${SITE}' # - 'traefik.port=80' # weechat: # image: craighurley/docker-weechat:latest # container_name: weechat # restart: always # volumes: # - '$HOME/srv/weechat:/home/user/.weechat' # labels: # - 'traefik.enable=true' # - 'traefik.frontend.rule=Host:irc.${SITE}' # - 'traefik.port=80'
