Compare commits

...

4 commits

11 changed files with 97 additions and 45 deletions

View file

@ -3,7 +3,7 @@ services:
syncserver: syncserver:
image: mozilla/syncserver:latest image: mozilla/syncserver:latest
volumes: volumes:
- ${VOLUMES_PATH}/firefoxsync_syncserver:/data - ${VOLUMES_PATH}/firefoxsync/syncserver:/data
user: ${UID}:${GID} user: ${UID}:${GID}
networks: networks:
- web - web
@ -23,7 +23,7 @@ services:
- SYNCSERVER_SQLURI=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB} - SYNCSERVER_SQLURI=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}
- SYNCSERVER_BATCH_UPLOAD_ENABLED=true - SYNCSERVER_BATCH_UPLOAD_ENABLED=true
- SYNCSERVER_FORCE_WSGI_ENVIRON=true - SYNCSERVER_FORCE_WSGI_ENVIRON=true
- SYNCSERVER_DEBUG_ENABLED=true - SYNCSERVER_DEBUG_ENABLED=false
- SYNCSERVER_ALLOW_NEW_USER=true - SYNCSERVER_ALLOW_NEW_USER=true
- PORT=5000 - PORT=5000
@ -38,8 +38,12 @@ services:
networks: networks:
- firefoxsync - firefoxsync
volumes: volumes:
- ${VOLUMES_PATH}/firefoxsync_db:/var/lib/postgresql/data - ${VOLUMES_PATH}/firefoxsync/db:/var/lib/postgresql/data
user: ${UID}:${GID} user: ${UID}:${GID}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
labels: labels:
- "docker.group=firefoxsync" - "docker.group=firefoxsync"

View file

@ -11,18 +11,6 @@ services:
networks: networks:
- web - web
- git - git
labels:
- "traefik.enable=true"
- "traefik.http.routers.forgejo.rule=Host(`gitea.${DOMAIN}`, `git.${DOMAIN}`)"
- "traefik.http.routers.forgejo.entrypoints=websecure"
- "traefik.http.routers.forgejo.tls.certresolver=netcup"
- "traefik.http.routers.forgejo.tls.options=intermediate@file"
- "traefik.http.routers.forgejo.middlewares=gitearedir"
- "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://gitea.${DOMAIN}/(.*)"
- "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://git.${DOMAIN}/$${1}"
- "traefik.http.middlewares.gitearedir.redirectregex.permanent=true"
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
- "docker.group=git"
depends_on: depends_on:
- db - db
restart: unless-stopped restart: unless-stopped
@ -35,6 +23,22 @@ services:
- DB_NAME=${POSTGRES_DB} - DB_NAME=${POSTGRES_DB}
- DB_USER=${POSTGRES_USER} - DB_USER=${POSTGRES_USER}
- DB_PASSWD=${POSTGRES_PASSWORD} - DB_PASSWD=${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD", "curl" ,"--fail", "localhost:3000/api/healthz"]
interval: 5s
timeout: 3s
labels:
- "traefik.enable=true"
- "traefik.http.routers.forgejo.rule=Host(`gitea.${DOMAIN}`, `git.${DOMAIN}`)"
- "traefik.http.routers.forgejo.entrypoints=websecure"
- "traefik.http.routers.forgejo.tls.certresolver=netcup"
- "traefik.http.routers.forgejo.tls.options=intermediate@file"
- "traefik.http.routers.forgejo.middlewares=gitearedir"
- "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://gitea.${DOMAIN}/(.*)"
- "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://git.${DOMAIN}/$${1}"
- "traefik.http.middlewares.gitearedir.redirectregex.permanent=true"
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
- "docker.group=git"
db: db:
@ -48,6 +52,10 @@ services:
- git - git
volumes: volumes:
- ${VOLUMES_PATH}/git/forgejo_db:/var/lib/postgresql/data - ${VOLUMES_PATH}/git/forgejo_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
labels: labels:
- "docker.group=git" - "docker.group=git"

View file

@ -39,7 +39,7 @@ services:
grafanadb: grafanadb:
image: postgres:${POSTGRES_VERSION} image: postgres:${POSTGRES_VERSION}
volumes: volumes:
- ${VOLUMES_PATH}/grafanadb:/var/lib/postgresql/data - ${VOLUMES_PATH}/monitoring/grafanadb:/var/lib/postgresql/data
networks: networks:
- grafana - grafana
restart: unless-stopped restart: unless-stopped
@ -47,6 +47,10 @@ services:
- POSTGRES_DB=grafana - POSTGRES_DB=grafana
- POSTGRES_USER=${POSTGRES_USER} - POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
labels: labels:
- "docker.group=monitoring" - "docker.group=monitoring"
@ -61,7 +65,7 @@ services:
environment: environment:
- INFLUXDB_MONITOR_STORE_ENABLED=false - INFLUXDB_MONITOR_STORE_ENABLED=false
volumes: volumes:
- ${VOLUMES_PATH}/influxdb/:/var/lib/influxdb - ${VOLUMES_PATH}/monitoring/influxdb/:/var/lib/influxdb
- ${PWD}/influxdb.conf:/etc/influxdb/influxdb.conf:ro - ${PWD}/influxdb.conf:/etc/influxdb/influxdb.conf:ro
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
@ -84,7 +88,7 @@ services:
- web # also used to get traefik metrics - web # also used to get traefik metrics
volumes: volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml - ./prometheus.yml:/etc/prometheus/prometheus.yml
- ${VOLUMES_PATH}/prometheus:/prometheus - ${VOLUMES_PATH}/monitoring/prometheus:/prometheus
labels: labels:
- "docker.group=monitoring" - "docker.group=monitoring"

View file

@ -9,3 +9,5 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
ocrmypdf tesseract-ocr-deu \ ocrmypdf tesseract-ocr-deu \
procps \ procps \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN mkdir -p /var/spool/cron/crontabs; echo '* * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data

View file

@ -1,3 +0,0 @@
*/5 * * * * php -f /var/www/html/cron.php

View file

@ -5,12 +5,16 @@ services:
depends_on: depends_on:
- app - app
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud_html:/var/www/html:ro - ${VOLUMES_PATH}/nextcloud/html:/var/www/html:ro
- $PWD/nginx.conf:/etc/nginx/nginx.conf:ro - $PWD/nginx.conf:/etc/nginx/nginx.conf:ro
restart: unless-stopped restart: unless-stopped
networks: networks:
- web - web
- nextcloud - nextcloud
healthcheck:
test: curl -sSf 'http://localhost/status.php' | grep '"installed":true' | grep '"maintenance":false' | grep '"needsDbUpgrade":false' || exit 1
interval: 5s
timeout: 3s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)" - "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)"
@ -34,8 +38,8 @@ services:
args: args:
- NC_MAIN_VERSION=${NC_MAIN_VERSION} - NC_MAIN_VERSION=${NC_MAIN_VERSION}
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud_html:/var/www/html - ${VOLUMES_PATH}/nextcloud/html:/var/www/html
- ${VOLUMES_PATH}/nextcloud_data:/var/www/html/data - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data
- type: tmpfs - type: tmpfs
target: /tmp target: /tmp
restart: unless-stopped restart: unless-stopped
@ -66,14 +70,8 @@ services:
networks: networks:
- nextcloud - nextcloud
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud_html:/var/www/html - ${VOLUMES_PATH}/nextcloud/html:/var/www/html
- ${VOLUMES_PATH}/nextcloud_data:/var/www/html/data - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data
# If I mount my crontab into the container crond is not working any more :(
# docker log should print 11110001 lines
# https://github.com/nextcloud/docker/issues/1775
# https://github.com/nextcloud/docker/issues/1695
# build own cron image?
# - $PWD/crontab:/var/spool/cron/crontabs/www-data
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db
@ -91,8 +89,8 @@ services:
- web - web
- nextcloud - nextcloud
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud_html:/var/www/html:ro - ${VOLUMES_PATH}/nextcloud/html:/var/www/html:ro
- ${VOLUMES_PATH}/nextcloud_data:/var/www/html/data:ro - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data:ro
environment: environment:
- PORT=7867 - PORT=7867
- NEXTCLOUD_URL=http://web - NEXTCLOUD_URL=http://web
@ -113,7 +111,7 @@ services:
image: mariadb:10 image: mariadb:10
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud_db:/var/lib/mysql - ${VOLUMES_PATH}/nextcloud/db:/var/lib/mysql
restart: unless-stopped restart: unless-stopped
environment: environment:
- PUID=1000 - PUID=1000
@ -123,6 +121,7 @@ services:
- MYSQL_PASSWORD=${MYSQL_PASSWORD} - MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE} - MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER} - MYSQL_USER=${MYSQL_USER}
- MARIADB_AUTO_UPGRADE=1
logging: logging:
driver: "json-file" driver: "json-file"
options: options:
@ -131,6 +130,10 @@ services:
networks: networks:
- nextcloud - nextcloud
- mariadb - mariadb
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
interval: 20s
timeout: 3s
labels: labels:
- "docker.group=netxtcloud" - "docker.group=netxtcloud"
@ -165,7 +168,11 @@ services:
- nextcloud - nextcloud
- monitoring - monitoring
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud_redis:/data - ${VOLUMES_PATH}/nextcloud/redis:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
labels: labels:
- "docker.group=netxtcloud" - "docker.group=netxtcloud"
@ -205,7 +212,7 @@ services:
networks: networks:
- nextcloud - nextcloud
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud_fonts:/usr/share/fonts/drawio - ${VOLUMES_PATH}/nextcloud/fonts:/usr/share/fonts/drawio
restart: unless-stopped restart: unless-stopped
labels: labels:
- "docker.group=netxtcloud" - "docker.group=netxtcloud"

View file

@ -22,6 +22,9 @@ http {
sendfile on; sendfile on;
#tcp_nopush on; #tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65; keepalive_timeout 65;
#gzip on; #gzip on;
@ -48,7 +51,7 @@ http {
add_header X-Download-Options "noopen" always; add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak

View file

@ -18,6 +18,7 @@ services:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
- "--log.level=INFO" - "--log.level=INFO"
#- "--accesslog=true" #- "--accesslog=true"
- "--ping=true"
- "--entrypoints.web.address=:80" - "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https" - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
@ -40,8 +41,12 @@ services:
- web - web
- dockersocket - dockersocket
volumes: volumes:
- ${VOLUMES_PATH}/letsencrypt:/letsencrypt - ${VOLUMES_PATH}/proxy/letsencrypt:/letsencrypt
- $PWD/tls.toml:/etc/traefik/tls.toml - $PWD/tls.toml:/etc/traefik/tls.toml
healthcheck:
test: traefik healthcheck --ping
interval: 3s
timeout: 1s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
@ -63,14 +68,18 @@ services:
environment: environment:
# grant privileges as environment variables: https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections # grant privileges as environment variables: https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections
- CONTAINERS=1 - CONTAINERS=1
- INFO=1 - INFO=1
networks: networks:
- dockersocket - dockersocket
healthcheck:
test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost:2375/version"]
interval: 10s
timeout: 3s
privileged: true privileged: true
whoami: whoami:
image: containous/whoami image: traefik/whoami
networks: networks:
- web - web
labels: labels:

View file

@ -7,7 +7,7 @@ function up {
up proxy --scale whoami=3; up proxy --scale whoami=3;
up monitoring; up monitoring;
up nextcloud; up nextcloud;
up gitea; up git;
up wallabag; up wallabag;
up www; up www;
up firefoxsync; up firefoxsync;

View file

@ -20,7 +20,11 @@ services:
- web - web
- wallabag - wallabag
volumes: volumes:
- /var/dockervolumes/wallabag_images:/var/www/wallabag/web/assets/images - /var/dockervolumes/wallabag/images:/var/www/wallabag/web/assets/images
healthcheck:
test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost"]
interval: 10s
timeout: 3s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.wallabag.rule=Host(`wallabag.${DOMAIN}`)" - "traefik.http.routers.wallabag.rule=Host(`wallabag.${DOMAIN}`)"
@ -40,15 +44,25 @@ services:
networks: networks:
- wallabag - wallabag
volumes: volumes:
- /var/dockervolumes/wallabag_db:/var/lib/mysql - /var/dockervolumes/wallabag/db:/var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
interval: 10s
timeout: 3s
labels: labels:
- "docker.group=wallabag" - "docker.group=wallabag"
redis: redis:
image: redis:alpine image: redis
restart: unless-stopped restart: unless-stopped
networks: networks:
- wallabag - wallabag
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
labels:
- "docker.group=wallabag"
networks: networks:

View file

@ -7,6 +7,10 @@ services:
networks: networks:
- web - web
restart: unless-stopped restart: unless-stopped
healthcheck:
test: ["CMD", "curl" ,"--fail", "localhost"]
interval: 5s
timeout: 3s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.webroot.entrypoints=websecure" # All HTTP requests are globally redirected to HTTPS - "traefik.http.routers.webroot.entrypoints=websecure" # All HTTP requests are globally redirected to HTTPS