commit efe6c52950da6360c6b97f382a0698a1107d703f Author: thopic Date: Sun May 9 22:07:17 2021 +0200 reset diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3e9f282 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +mattermost/mattermost-docker/ +.env +*.secrets diff --git a/README.md b/README.md new file mode 100644 index 0000000..c6a4a9e --- /dev/null +++ b/README.md @@ -0,0 +1,12 @@ +# Docker + +Dockerfiles and Docker-compose for [GNOUS](https://www.gnous.fr) services + +## How to launch the services + +1. Copy `.env.example` as `.env` in the service directory and set the variables as you need +2. Copy the `*.secrets.example` as `*.secrets` in the `secrets/` directory of the service directory and set the variable as you need +3. Uncomment the `env_file` configuration option when needed +4. Launch the services + +Depending on the service, you might need to have a few more things to do. diff --git a/apaches/.env.example b/apaches/.env.example new file mode 100644 index 0000000..c6d3d8a --- /dev/null +++ b/apaches/.env.example @@ -0,0 +1,4 @@ +DATA_PATH= +CN= +SAN1= +TRAVAUXCN= diff --git a/apaches/Dockerfile b/apaches/Dockerfile new file mode 100644 index 0000000..27f499d --- /dev/null +++ b/apaches/Dockerfile @@ -0,0 +1,11 @@ +from php:7.4.18-apache + +RUN a2enmod remoteip +RUN echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/conf-available/remoteip.conf +RUN a2enconf remoteip +RUN sed -i -r 's/^ServerTokens .*/ServerTokens Prod/g' /etc/apache2/conf-available/security.conf +RUN sed -i -r 's/^ServerSignature .*/ServerSignature Off/g' /etc/apache2/conf-available/security.conf +RUN sed -i -E 's/^LogFormat "%h(.*)/LogFormat "%a\1/g' /etc/apache2/apache2.conf +RUN echo "expose_php = Off" > /usr/local/etc/php/conf.d/php_version.ini + +CMD ["apache2-foreground"] diff --git a/apaches/docker-compose.yml b/apaches/docker-compose.yml new file mode 100644 index 0000000..309b462 --- /dev/null +++ b/apaches/docker-compose.yml @@ -0,0 +1,39 @@ +version: "3.8" + +services: + apache: + build: . + image: my_apache:7.4.18 + container_name: apache + networks: + - proxy + expose: + - "80" + restart: unless-stopped + env_file: ./secrets/apache.secrets + volumes: + - /usr/lib/locale/:/usr/lib/locale/ + - /etc/localtime:/etc/localtime:ro + - ${DATA_PATH}/public-html:/var/www/html/ + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.apache-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.apache-http.middlewares=apache-redirect-websecure" + - "traefik.http.routers.apache-http.rule=Host(`${CN}`, `${SAN1}`)" + - "traefik.http.routers.apache-http.entrypoints=web" + - "traefik.http.routers.apache-https.rule=Host(`${CN}`, `${SAN1}`)" + - "traefik.http.routers.apache-https.entrypoints=websecure" + - "traefik.http.routers.apache-https.middlewares=apache-redirectregex" + - "traefik.http.routers.apache-https.tls=true" + - "traefik.http.routers.apache-https.tls.certresolver=myhttpchallenge" + - "traefik.http.middlewares.apache-redirectregex.redirectregex.regex=^https://${SAN1}/(.*)" + - "traefik.http.middlewares.apache-redirectregex.redirectregex.replacement=https://${CN}/$${1}" +# - "traefik.http.middlewares.apache-travaux.redirectregex.regex=^https://${TRAVAUXCN}/" +# - "traefik.http.middlewares.apache-travaux.redirectregex.replacement=https://${CN}/travaux.php" +# - "traefik.http.routers.apache-https.middlewares=apache-redirectregex,apache-travaux" + - "co.elastic.logs/module=apache" + - "co.elastic.logs/fileset=access" + +networks: + proxy: + external: true diff --git a/apaches/secrets/apache.secrets.example b/apaches/secrets/apache.secrets.example new file mode 100644 index 0000000..7911882 --- /dev/null +++ b/apaches/secrets/apache.secrets.example @@ -0,0 +1 @@ +MM_TOKEN= diff --git a/apaches/testing/.env.example b/apaches/testing/.env.example new file mode 100644 index 0000000..6b4a523 --- /dev/null +++ b/apaches/testing/.env.example @@ -0,0 +1,3 @@ +DATA_PATH= +CN= +SAN1= diff --git a/apaches/testing/docker-compose.yml b/apaches/testing/docker-compose.yml new file mode 100644 index 0000000..4cd496e --- /dev/null +++ b/apaches/testing/docker-compose.yml @@ -0,0 +1,34 @@ +version: "3.8" + +services: + apache-test: + build: .. + image: my_apache:7.4.18 + container_name: apache-test + networks: + - proxy + expose: + - "80" + restart: unless-stopped + env_file: ./secrets/apache-test.secrets + volumes: + - /usr/lib/locale/:/usr/lib/locale/ + - /etc/localtime:/etc/localtime:ro + - ${DATA_PATH}/public-html:/var/www/html/ + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.apache-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.apache-test-http.middlewares=apache-redirect-websecure" + - "traefik.http.routers.apache-test-http.rule=Host(`${CN}`, `${SAN1}`)" + - "traefik.http.routers.apache-test-http.entrypoints=web" + - "traefik.http.routers.apache-test-https.rule=Host(`${CN}`, `${SAN1}`)" + - "traefik.http.routers.apache-test-https.entrypoints=websecure" + - "traefik.http.routers.apache-test-https.middlewares=apache-test-redirectregex" + - "traefik.http.routers.apache-test-https.tls=true" + - "traefik.http.routers.apache-test-https.tls.certresolver=myhttpchallenge" + - "traefik.http.middlewares.apache-test-redirectregex.redirectregex.regex=^https://${SAN1}/(.*)" + - "traefik.http.middlewares.apache-test-redirectregex.redirectregex.replacement=https://${CN}/$${1}" + +networks: + proxy: + external: true diff --git a/apaches/testing/secrets/apache-test.secrets.example b/apaches/testing/secrets/apache-test.secrets.example new file mode 100644 index 0000000..7911882 --- /dev/null +++ b/apaches/testing/secrets/apache-test.secrets.example @@ -0,0 +1 @@ +MM_TOKEN= diff --git a/elastic/.env.example b/elastic/.env.example new file mode 100644 index 0000000..98fdfde --- /dev/null +++ b/elastic/.env.example @@ -0,0 +1,2 @@ +DATA_PATH= +CN= diff --git a/elastic/docker-compose.yml b/elastic/docker-compose.yml new file mode 100644 index 0000000..bdb14cb --- /dev/null +++ b/elastic/docker-compose.yml @@ -0,0 +1,53 @@ +version: "3.8" + +services: + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:7.12.0 + hostname: ${CN} + restart: unless-stopped + environment: + - node.name=es01 + - discovery.type=single-node +# - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + volumes: + - ${DATA_PATH}/es/es01/data:/usr/share/elasticsearch/data + - ${DATA_PATH}/es/es01/snapshots:/usr/share/elasticsearch/snapshots + - ${DATA_PATH}/es/es01/config:/usr/share/elasticsearch/config + ports: + - 9200:9200 + labels: + - "co.elastic.logs/module=elasticsearch" + + kibana: + image: docker.elastic.co/kibana/kibana:7.12.0 + restart: unless-stopped + networks: + - proxy + - default + links: + - "elasticsearch:${CN}" + expose: + - 5601 + volumes: + - ${DATA_PATH}/kb/config:/usr/share/kibana/config + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.middlewares.kb-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.kb-http.middlewares=kb-redirect-websecure" + - "traefik.http.routers.kb-http.rule=Host(`${CN}`)" + - "traefik.http.routers.kb-http.entrypoints=web" + - "traefik.http.routers.kb-https.rule=Host(`${CN}`)" + - "traefik.http.routers.kb-https.entrypoints=websecure" + - "traefik.http.routers.kb-https.tls=true" + - "traefik.http.routers.kb-https.tls.certresolver=myhttpchallenge" + - "co.elastic.logs/module=kibana" + +networks: + proxy: + external: true diff --git a/gitea/.env.example b/gitea/.env.example new file mode 100644 index 0000000..a9ea586 --- /dev/null +++ b/gitea/.env.example @@ -0,0 +1,3 @@ +DATA_PATH= +CN= +SSH_PORT= diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml new file mode 100644 index 0000000..4a29fc9 --- /dev/null +++ b/gitea/docker-compose.yml @@ -0,0 +1,49 @@ +version: "3.8" + +services: + app: + image: gitea/gitea:1.14.1-rootless + depends_on: + - db + expose: + - "3000" + ports: + - "${SSH_PORT}:22" + restart: unless-stopped + networks: + - proxy + - default + volumes: + - /etc/timezone/:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - ${DATA_PATH}/app/data:/var/lib/gitea + - ${DATA_PATH}/app/config:/etc/gitea +# env_file: secrets/app.secrets + environment: + - USER_UID=1000 + - USER_GID=1000 + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000" + - "traefik.http.routers.git-https.service=gitea-web-svc" + - "traefik.http.middlewares.git-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.git-http.middlewares=git-redirect-websecure" + - "traefik.http.routers.git-http.rule=Host(`${CN}`)" + - "traefik.http.routers.git-http.entrypoints=web" + - "traefik.http.routers.git-https.rule=Host(`${CN}`)" + - "traefik.http.routers.git-https.entrypoints=websecure" + - "traefik.http.routers.git-https.tls=true" + - "traefik.http.routers.git-https.tls.certresolver=myhttpchallenge" + + db: + image: postgres:13 +# env_file: ./secrets/db.secrets + restart: unless-stopped + volumes: + - ${DATA_PATH}/db/data:/var/lib/postgresql/data + - ${DATA_PATH}/db/.pgpass:/root/.pgpass + +networks: + proxy: + external: true diff --git a/gitea/secrets/app.secrets.example b/gitea/secrets/app.secrets.example new file mode 100644 index 0000000..73abac9 --- /dev/null +++ b/gitea/secrets/app.secrets.example @@ -0,0 +1,6 @@ +GITEA__database__DB_TYPE= +GITEA__database__DB_HOST= +GITEA__database__DB_NAME= +GITEA__database__DB_USER= +GITEA__database__DB_PASSWD= + diff --git a/gitea/secrets/db.secrets.example b/gitea/secrets/db.secrets.example new file mode 100644 index 0000000..aee9b58 --- /dev/null +++ b/gitea/secrets/db.secrets.example @@ -0,0 +1,3 @@ +POSTGRES_USER= +POSTGRES_DB= +POSTGRES_PASSWORD= diff --git a/gitlab/.env.example b/gitlab/.env.example new file mode 100644 index 0000000..a9ea586 --- /dev/null +++ b/gitlab/.env.example @@ -0,0 +1,3 @@ +DATA_PATH= +CN= +SSH_PORT= diff --git a/gitlab/docker-compose.yml b/gitlab/docker-compose.yml new file mode 100644 index 0000000..fb2da55 --- /dev/null +++ b/gitlab/docker-compose.yml @@ -0,0 +1,37 @@ +version: "3.8" + +services: + app: + image: gitlab/gitlab-ce:13.10.2-ce.0 + restart: "no" + hostname: "${CN}" + environment: + GITLAB_OMNIBUS_CONFIG: | + external_url "https://${CN}" + # Add any other gitlab.rb configuration here, each on its own line + nginx['listen_https'] = false + nginx['listen_port'] = 80 + networks: + - proxy + ports: + - "${SSH_PORT}:22" + volumes: + - ${DATA_PATH}/config:/etc/gitlab + - ${DATA_PATH}/logs:/var/log/gitlab + - ${DATA_PATH}/data:/var/opt/gitlab + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitlab-https.service=app" + - "traefik.http.services.app.loadbalancer.server.port=80" + - "traefik.http.middlewares.gitlab-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.gitlab-http.middlewares=gitlab-redirect-websecure" + - "traefik.http.routers.gitlab-http.rule=Host(`${CN}`)" + - "traefik.http.routers.gitlab-http.entrypoints=web" + - "traefik.http.routers.gitlab-https.rule=Host(`${CN}`)" + - "traefik.http.routers.gitlab-https.entrypoints=websecure" + - "traefik.http.routers.gitlab-https.tls=true" + - "traefik.http.routers.gitlab-https.tls.certresolver=myhttpchallenge" + +networks: + proxy: + external: true diff --git a/mattermost/.env.example b/mattermost/.env.example new file mode 100644 index 0000000..98fdfde --- /dev/null +++ b/mattermost/.env.example @@ -0,0 +1,2 @@ +DATA_PATH= +CN= diff --git a/mattermost/docker-compose.yml b/mattermost/docker-compose.yml new file mode 100644 index 0000000..88b51a8 --- /dev/null +++ b/mattermost/docker-compose.yml @@ -0,0 +1,51 @@ +version: "3.8" + +services: + db: + build: ./mattermost-docker/db + image: mm_db:5.33.2 + read_only: true + restart: unless-stopped + volumes: + - ${DATA_PATH}/db/var/lib/postgresql/data:/var/lib/postgresql/data + - ${DATA_PATH}/db/.pgpass:/root/.pgpass + - /etc/localtime:/etc/localtime:ro +# env_file: secrets/db.secrets + + app: + build: + context: ./mattermost-docker/app + args: + - edition=team + image: mm_app:5.33.2 + depends_on: + - db + restart: unless-stopped + networks: + - default + - proxy + volumes: + - ${DATA_PATH}/app/mattermost/config:/mattermost/config:rw + - ${DATA_PATH}/app/mattermost/data:/mattermost/data:rw + - ${DATA_PATH}/app/mattermost/logs:/mattermost/logs:rw + - ${DATA_PATH}/app/mattermost/plugins:/mattermost/plugins:rw + - ${DATA_PATH}/app/mattermost/client-plugins:/mattermost/client/plugins:rw + - /etc/localtime:/etc/localtime:ro +# env_file: secrets/app.secrets + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.services.mm-web-svc.loadbalancer.server.port=8000" + - "traefik.http.routers.mm-https.service=mm-web-svc" + - "traefik.http.middlewares.mm-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.mm-http.middlewares=mm-redirect-websecure" + - "traefik.http.routers.mm-http.rule=Host(`${CN}`)" + - "traefik.http.routers.mm-http.entrypoints=web" + - "traefik.http.routers.mm-https.rule=Host(`${CN}`)" + - "traefik.http.routers.mm-https.entrypoints=websecure" + - "traefik.http.routers.mm-https.tls=true" + - "traefik.http.routers.mm-https.tls.certresolver=myhttpchallenge" + +networks: + proxy: + external: true diff --git a/mattermost/secrets/app.secrets.example b/mattermost/secrets/app.secrets.example new file mode 100644 index 0000000..2081f38 --- /dev/null +++ b/mattermost/secrets/app.secrets.example @@ -0,0 +1,3 @@ +MM_USERNAME= +MM_PASSWORD= +MM_DBNAME= diff --git a/mattermost/secrets/db.secrets.example b/mattermost/secrets/db.secrets.example new file mode 100644 index 0000000..8b2a930 --- /dev/null +++ b/mattermost/secrets/db.secrets.example @@ -0,0 +1,3 @@ +POSTGRES_USER= +POSTGRES_PASSWORD= +POSTGRES_DB= diff --git a/nextcloud/.env.example b/nextcloud/.env.example new file mode 100644 index 0000000..09f0c41 --- /dev/null +++ b/nextcloud/.env.example @@ -0,0 +1,4 @@ +DATA_PATH= +NCCN= +OOCN= +SAN1= diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml new file mode 100644 index 0000000..d0c9564 --- /dev/null +++ b/nextcloud/docker-compose.yml @@ -0,0 +1,79 @@ +version: "3.8" + +services: + documentserver: + image: onlyoffice/documentserver:6.1.0.83 + networks: + - proxy + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.ds-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.ds-http.middlewares=ds-redirect-websecure" + - "traefik.http.routers.ds-http.rule=Host(`${OOCN}`)" + - "traefik.http.routers.ds-http.entrypoints=web" + - "traefik.http.routers.ds-https.rule=Host(`${OOCN}`)" + - "traefik.http.routers.ds-https.entrypoints=websecure" + - "traefik.http.routers.ds-https.tls=true" + - "traefik.http.routers.ds-https.tls.certresolver=myhttpchallenge" + - "traefik.http.middlewares.ds-header.headers.customRequestHeaders.X-Forwarded-Proto=https" + - "traefik.http.routers.ds-https.middlewares=ds-header" + + redis: + image: redis:6.2.1 + command: ["sh", "-c", "redis-server --requirepass $${REDIS_HOST_PASSWORD}"] + restart: unless-stopped + env_file: secrets/redis.secrets + volumes: + - ${DATA_PATH}/redis:/var/lib/redis + + db: + image: mariadb:10.5.4 + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + restart: unless-stopped + volumes: + - ${DATA_PATH}/my.cnf:/etc/mysql/my.cnf:ro + - ${DATA_PATH}/db:/var/lib/mysql +# env_file: secrets/db.secrets + + app: + image: nextcloud:19.0.10 + depends_on: + - db + - redis + networks: + - proxy + - default + expose: + - "80" + links: + - db + volumes: + - ${DATA_PATH}/app/html:/var/www/html + restart: unless-stopped +# env_file: secrets/app.secrets + environment: + - APACHE_DISABLE_REWRITE_IP=1 + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.middlewares.nc-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.nc-http.middlewares=nc-redirect-websecure" + - "traefik.http.routers.nc-http.rule=Host(`${NCCN}`,`${SAN1}`)" + - "traefik.http.routers.nc-http.entrypoints=web" + - "traefik.http.routers.nc-https.rule=Host(`${NCCN}`,`${SAN1}`)" + - "traefik.http.routers.nc-https.entrypoints=websecure" + - "traefik.http.routers.nc-https.tls=true" + - "traefik.http.routers.nc-https.tls.certresolver=myhttpchallenge" + - "traefik.http.middlewares.nc-redirectregex.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" + - "traefik.http.middlewares.nc-redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav/" + - "traefik.http.middlewares.nc-redirectregex.redirectregex.permanent=true" + - "traefik.http.routers.nc-https.middlewares=nc-redirectregex" + - "traefik.http.routers.nc-https.middlewares=nc-Header" + - "traefik.http.middlewares.nc-Header.headers.stsSeconds=15552000" + - "co.elastic.logs/module=apache" + - "co.elastic.logs/fileset=access" + +networks: + proxy: + external: true diff --git a/nextcloud/secrets/app.secrets.example b/nextcloud/secrets/app.secrets.example new file mode 100644 index 0000000..ba71c26 --- /dev/null +++ b/nextcloud/secrets/app.secrets.example @@ -0,0 +1,4 @@ +MYSQL_HOST=db +MYSQL_PASSWORD= +MYSQL_DATABASE= +MYSQL_USER= diff --git a/nextcloud/secrets/db.secrets.example b/nextcloud/secrets/db.secrets.example new file mode 100644 index 0000000..f51d9fb --- /dev/null +++ b/nextcloud/secrets/db.secrets.example @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD= +MYSQL_PASSWORD= +MYSQL_DATABASE= +MYSQL_USER= diff --git a/nextcloud/secrets/redis.secrets.example b/nextcloud/secrets/redis.secrets.example new file mode 100644 index 0000000..952b0c5 --- /dev/null +++ b/nextcloud/secrets/redis.secrets.example @@ -0,0 +1 @@ +REDIS_HOST_PASSWORD= diff --git a/roundcube/.env.example b/roundcube/.env.example new file mode 100644 index 0000000..52ae539 --- /dev/null +++ b/roundcube/.env.example @@ -0,0 +1,3 @@ +DATA_PATH= +CN= +MAIL_SERVER= diff --git a/roundcube/Dockerfile b/roundcube/Dockerfile new file mode 100644 index 0000000..79022fe --- /dev/null +++ b/roundcube/Dockerfile @@ -0,0 +1,30 @@ +FROM roundcube/roundcubemail:1.4.11-apache + +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + git \ + ; \ + \ + curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer; \ + mv /usr/src/roundcubemail/composer.json-dist /usr/src/roundcubemail/composer.json; \ + \ + composer \ + --working-dir=/usr/src/roundcubemail/ \ + --prefer-dist --prefer-stable \ + --no-update --no-interaction \ + --optimize-autoloader --apcu-autoloader \ + require \ + roundcube/carddav \ + ; \ + composer \ + --working-dir=/usr/src/roundcubemail/ \ + --prefer-dist --no-dev \ + --no-interaction \ + --optimize-autoloader --apcu-autoloader \ + update; + +RUN mkdir -p /etc/enigma/gnupg \ + && chown www-data:www-data /etc/enigma/gnupg \ + && cp /usr/src/roundcubemail/plugins/enigma/config.inc.php.dist /usr/src/roundcubemail/plugins/enigma/config.inc.php \ + && echo "\$config['enigma_pgp_homedir'] = '/etc/enigma/gnupg';" >> /usr/src/roundcubemail/plugins/enigma/config.inc.php diff --git a/roundcube/docker-compose.yml b/roundcube/docker-compose.yml new file mode 100644 index 0000000..9ee9ea4 --- /dev/null +++ b/roundcube/docker-compose.yml @@ -0,0 +1,43 @@ +version: "3.8" + +services: + app: + build: . + image: my_roundcube:1.4.11 + restart: unless-stopped + depends_on: + - db + volumes: + - ${DATA_PATH}/app:/var/www/html + - ${DATA_PATH}/enigma:/etc/enigma/gnupg +# env_file: secrets/app.secrets + environment: + - ROUNDCUBEMAIL_SKIN=elastic + - ROUNDCUBEMAIL_DEFAULT_HOST=tls://${MAIL_SERVER} + - ROUNDCUBEMAIL_SMTP_SERVER=tls://${MAIL_SERVER} + - ROUNDCUBEMAIL_PLUGINS=archive, zipdownload, enigma, carddav + networks: + - default + - proxy + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.middlewares.rc-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.rc-http.middlewares=rc-redirect-websecure" + - "traefik.http.routers.rc-http.rule=Host(`${CN}`)" + - "traefik.http.routers.rc-http.entrypoints=web" + - "traefik.http.routers.rc-https.rule=Host(`${CN}`)" + - "traefik.http.routers.rc-https.entrypoints=websecure" + - "traefik.http.routers.rc-https.tls=true" + - "traefik.http.routers.rc-https.tls.certresolver=myhttpchallenge" + + db: + image: mariadb:10.5 + restart: unless-stopped + volumes: + - ${DATA_PATH}/db:/var/lib/mysql +# env_file: secrets/db.secrets + +networks: + proxy: + external: true diff --git a/roundcube/secrets/app.secrets.example b/roundcube/secrets/app.secrets.example new file mode 100644 index 0000000..d8efa01 --- /dev/null +++ b/roundcube/secrets/app.secrets.example @@ -0,0 +1,5 @@ +ROUNDCUBEMAIL_DB_TYPE= +ROUNDCUBEMAIL_DB_NAME= +ROUNDCUBEMAIL_DB_HOST= +ROUNDCUBEMAIL_DB_USER= +ROUNDCUBEMAIL_DB_PASSWORD= diff --git a/roundcube/secrets/db.secrets.example b/roundcube/secrets/db.secrets.example new file mode 100644 index 0000000..f51d9fb --- /dev/null +++ b/roundcube/secrets/db.secrets.example @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD= +MYSQL_PASSWORD= +MYSQL_DATABASE= +MYSQL_USER= diff --git a/traefik/.env.example b/traefik/.env.example new file mode 100644 index 0000000..d3c6e4a --- /dev/null +++ b/traefik/.env.example @@ -0,0 +1,2 @@ +DATA_PATH= +EMAIL= diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml new file mode 100644 index 0000000..433576f --- /dev/null +++ b/traefik/docker-compose.yml @@ -0,0 +1,33 @@ +version: "3.8" + +services: + traefik: + image: traefik:v2.3.4 + command: + - "--log.level=ERROR" +# - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true" + - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myhttpchallenge.acme.email=${EMAIL}" + - "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json" + - "--accesslog=true" + restart: always + ports: + - 80:80 + - 443:443 +# - 8080:8080 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ${DATA_PATH}:/letsencrypt + container_name: traefik + labels: + - "co.elastic.logs/module=traefik" + - "co.elastic.logs/fileset=access" + +networks: + default: + name: proxy diff --git a/wordpress-valpo/.env.example b/wordpress-valpo/.env.example new file mode 100644 index 0000000..98fdfde --- /dev/null +++ b/wordpress-valpo/.env.example @@ -0,0 +1,2 @@ +DATA_PATH= +CN= diff --git a/wordpress-valpo/docker-compose.yml b/wordpress-valpo/docker-compose.yml new file mode 100644 index 0000000..85bb500 --- /dev/null +++ b/wordpress-valpo/docker-compose.yml @@ -0,0 +1,40 @@ +version: "3.8" + +services: + db: + image: mysql:5.7 +# env_file: secrets/db.secrets + volumes: + - ${DATA_PATH}/db_data:/var/lib/mysql + restart: "no" + + app: + depends_on: + - db + image: wordpress:5.6.2 + env_file: secrets/app.secrets + volumes: + - ${DATA_PATH}/_data:/var/www/html + networks: + - proxy + - default + expose: + - "80" + restart: "no" + environment: + WORDPRESS_DB_HOST: db:3306 + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.middlewares.wp-redirect-websecure.redirectscheme.scheme=https" + - "traefik.http.routers.wp-http.middlewares=wp-redirect-websecure" + - "traefik.http.routers.wp-http.rule=Host(`${CN}`)" + - "traefik.http.routers.wp-http.entrypoints=web" + - "traefik.http.routers.wp-https.rule=Host(`${CN}`)" + - "traefik.http.routers.wp-https.entrypoints=websecure" + - "traefik.http.routers.wp-https.tls=true" + - "traefik.http.routers.wp-https.tls.certresolver=myhttpchallenge" + +networks: + proxy: + external: true diff --git a/wordpress-valpo/secrets/app.secrets.example b/wordpress-valpo/secrets/app.secrets.example new file mode 100644 index 0000000..313f861 --- /dev/null +++ b/wordpress-valpo/secrets/app.secrets.example @@ -0,0 +1,3 @@ +WORDPRESS_DB_USER= +WORDPRESS_DB_PASSWORD= +WORDPRESS_DB_NAME= diff --git a/wordpress-valpo/secrets/db.secrets.example b/wordpress-valpo/secrets/db.secrets.example new file mode 100644 index 0000000..d6ccc08 --- /dev/null +++ b/wordpress-valpo/secrets/db.secrets.example @@ -0,0 +1,4 @@ +MYSQL_ROOT_PASSWORD= +MYSQL_DATABASE= +MYSQL_PASSWORD= +MYSQL_USER=