commit 96e4e659ce5a73774454f4adfa66de4901affc03 Author: Davide Oddone Date: Mon Feb 20 21:36:12 2023 +0100 Initial commit for the project diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3d271ef --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/**/.env +/**/*.txt diff --git a/README.md b/README.md new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ + diff --git a/rp/.env.template b/rp/.env.template new file mode 100644 index 0000000..c1f5bdb --- /dev/null +++ b/rp/.env.template @@ -0,0 +1,3 @@ +# Simple reverse proxy project name to simplify network referencing. +COMPOSE_PROJECT_NAME=rp +DEFAULT_EMAIL="" diff --git a/rp/README.md b/rp/README.md new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/rp/README.md @@ -0,0 +1 @@ + diff --git a/rp/conf.d/stub.conf.template b/rp/conf.d/stub.conf.template new file mode 100644 index 0000000..9cd4188 --- /dev/null +++ b/rp/conf.d/stub.conf.template @@ -0,0 +1,12 @@ +# File to place in the conf/ directory of Nginx, to give other containers the +# capability of accessing Nginx status + +server { + listen ${proxy-container-name}:80; + server_name ${proxy-container-name}; + location /nginx_status { + stub_status on; + allow all; + access_log on; + } +} diff --git a/rp/docker-compose.yml b/rp/docker-compose.yml new file mode 100644 index 0000000..8675218 --- /dev/null +++ b/rp/docker-compose.yml @@ -0,0 +1,86 @@ +x-logging: + &default-logging + driver: local + options: + max-size: "1m" + max-file: "50" + +x-opt-values: + &volume-opt + driver_opts: &options + type: "nfs" + o: "addr=${IP},rw" + +services: + nginx-proxy: + image: jwilder/nginx-proxy + container_name: proxy + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" + ports: + - "80:80" + - "443:443" + restart: always + volumes: + - conf:/etc/nginx/conf.d + - vhost:/etc/nginx/vhost.d + - passwords:/etc/nginx/htpasswd + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - reverse-proxy + logging: *default-logging + + letsencrypt: + image: nginxproxy/acme-companion + container_name: letsencrypt + restart: always + volumes: + - conf:/etc/nginx/conf.d + - vhost:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:rw + - acme:/etc/acme.sh + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + NGINX_PROXY_CONTAINER: proxy + DEFAULT_EMAIL: ${DEFAULT_EMAIL} + networks: + - reverse-proxy + logging: *default-logging + +networks: + reverse-proxy: + +volumes: + acme: + <<: *volume-opt + driver_opts: + <<: *options + device: ":/mnt/path/nginx-proxy/acme" + certs: + <<: *volume-opt + driver_opts: + <<: *options + device: ":/mnt/path/nginx-proxy/certs" + conf: + <<: *volume-opt + driver_opts: + <<: *options + device: ":/mnt/path/nginx-proxy/conf" + html: + <<: *volume-opt + driver_opts: + <<: *options + device: ":/mnt/path/nginx-proxy/html" + passwords: + <<: *volume-opt + driver_opts: + <<: *options + device: ":/mnt/path/nginx-proxy/passwords" + vhost: + <<: *volume-opt + driver_opts: + <<: *options + device: ":/mnt/path/nginx-proxy/vhost" diff --git a/rp/htpasswd/netdata.domain.tld b/rp/htpasswd/netdata.domain.tld new file mode 100644 index 0000000..8812ac7 --- /dev/null +++ b/rp/htpasswd/netdata.domain.tld @@ -0,0 +1,6 @@ +# https://learn.netdata.cloud/docs/agent/running-behind-nginx#enable-authentication +# Putting username and hashed password inside the htpasswd folder of +# jwilder/nginx-proxy activates the Basic auth for the domain you +# use as the filename of this file. + +${username}:${hashed-password} diff --git a/rp/vhost.d/fireflyiii.domain.tld_location b/rp/vhost.d/fireflyiii.domain.tld_location new file mode 100644 index 0000000..750030d --- /dev/null +++ b/rp/vhost.d/fireflyiii.domain.tld_location @@ -0,0 +1,10 @@ +# https://docs.firefly-iii.org/firefly-iii/installation/docker/ +# In the section "Docker and reverse proxies", this is suggested for Nginx. +# Put it in the vhost.d/ folder, with your domain and _location at the end +# as a filename. + +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Server $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header Host $host; diff --git a/rp/vhost.d/netdata.domain.tld_location b/rp/vhost.d/netdata.domain.tld_location new file mode 100644 index 0000000..4fabf22 --- /dev/null +++ b/rp/vhost.d/netdata.domain.tld_location @@ -0,0 +1,16 @@ +# https://learn.netdata.cloud/docs/agent/running-behind-nginx#ways-to-access-netdata-via-nginx +# Content suggested by Netdata documentation, excluding declarations that will +# be automatically populated by jwilder/nginx-proxy. +# To be placed in the vhost.d folder of Nginx, remember to put your domain as +# the filename with _location at the end. + +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Server $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_pass_request_headers on; +proxy_set_header Connection "keep-alive"; +proxy_store off; + +gzip on; +gzip_proxied any; +gzip_types *; diff --git a/rp/vhost.d/vaultwarden.domain.tld b/rp/vhost.d/vaultwarden.domain.tld new file mode 100644 index 0000000..a258f4f --- /dev/null +++ b/rp/vhost.d/vaultwarden.domain.tld @@ -0,0 +1,16 @@ +# Template file for the routes of Vaultwarden. To be placed in the vhost.d/ +# folder of Nginx, substitute the name of the file with your domain. + +location /admin { + return 404; +} + +location /notifications/hub { + proxy_pass http://${vaultwarden-container-name}:3012; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; +} + +location /notifications/hub/negotiate { + proxy_pass http://${vaultwarden-container-name}:8080; +}