Initial commit for the project

.gitignore

@@ -0,0 +1,2 @@
+/**/.env
+/**/*.txt

README.md

@@ -0,0 +1 @@
+

rp/.env.template

@@ -0,0 +1,3 @@
+# Simple reverse proxy project name to simplify network referencing.
+COMPOSE_PROJECT_NAME=rp
+DEFAULT_EMAIL=""

rp/README.md

@@ -0,0 +1 @@
+

rp/conf.d/stub.conf.template

@@ -0,0 +1,12 @@
+# File to place in the conf/ directory of Nginx, to give other containers the
+# capability of accessing Nginx status
+
+server {
+        listen ${proxy-container-name}:80;
+        server_name ${proxy-container-name};
+        location /nginx_status {
+                stub_status on;
+                allow all;
+                access_log on;
+        }
+}

rp/docker-compose.yml

@@ -0,0 +1,86 @@
+x-logging:
+  &default-logging
+  driver: local
+  options:
+    max-size: "1m"
+    max-file: "50"
+
+x-opt-values:
+  &volume-opt
+  driver_opts: &options
+    type: "nfs"
+    o: "addr=${IP},rw"
+
+services:
+  nginx-proxy:
+    image: jwilder/nginx-proxy
+    container_name: proxy
+    labels:
+      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+    ports:
+      - "80:80"
+      - "443:443"
+    restart: always
+    volumes:
+      - conf:/etc/nginx/conf.d
+      - vhost:/etc/nginx/vhost.d
+      - passwords:/etc/nginx/htpasswd
+      - html:/usr/share/nginx/html
+      - certs:/etc/nginx/certs:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    networks:
+      - reverse-proxy
+    logging: *default-logging
+        
+  letsencrypt:
+    image: nginxproxy/acme-companion
+    container_name: letsencrypt
+    restart: always
+    volumes:
+      - conf:/etc/nginx/conf.d
+      - vhost:/etc/nginx/vhost.d
+      - html:/usr/share/nginx/html
+      - certs:/etc/nginx/certs:rw
+      - acme:/etc/acme.sh
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      NGINX_PROXY_CONTAINER: proxy
+      DEFAULT_EMAIL: ${DEFAULT_EMAIL}
+    networks:
+      - reverse-proxy
+    logging: *default-logging
+
+networks:
+  reverse-proxy:
+
+volumes:
+  acme:
+    <<: *volume-opt
+    driver_opts:
+      <<: *options
+      device: ":/mnt/path/nginx-proxy/acme"
+  certs:
+    <<: *volume-opt
+    driver_opts:
+      <<: *options
+      device: ":/mnt/path/nginx-proxy/certs"
+  conf:
+    <<: *volume-opt
+    driver_opts:
+      <<: *options
+      device: ":/mnt/path/nginx-proxy/conf"
+  html:
+    <<: *volume-opt
+    driver_opts:
+      <<: *options
+      device: ":/mnt/path/nginx-proxy/html"
+  passwords:
+    <<: *volume-opt
+    driver_opts:
+      <<: *options
+      device: ":/mnt/path/nginx-proxy/passwords"
+  vhost:
+    <<: *volume-opt
+    driver_opts:
+      <<: *options
+      device: ":/mnt/path/nginx-proxy/vhost"

rp/htpasswd/netdata.domain.tld

@@ -0,0 +1,6 @@
+# https://learn.netdata.cloud/docs/agent/running-behind-nginx#enable-authentication
+# Putting username and hashed password inside the htpasswd folder of 
+# jwilder/nginx-proxy activates the Basic auth for the domain you 
+# use as the filename of this file.
+
+${username}:${hashed-password}

rp/vhost.d/fireflyiii.domain.tld_location

@@ -0,0 +1,10 @@
+# https://docs.firefly-iii.org/firefly-iii/installation/docker/
+# In the section "Docker and reverse proxies", this is suggested for Nginx.
+# Put it in the vhost.d/ folder, with your domain and _location at the end
+# as a filename.
+
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Server $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header Host $host;

rp/vhost.d/netdata.domain.tld_location

@@ -0,0 +1,16 @@
+# https://learn.netdata.cloud/docs/agent/running-behind-nginx#ways-to-access-netdata-via-nginx
+# Content suggested by Netdata documentation, excluding declarations that will
+# be automatically populated by jwilder/nginx-proxy.
+# To be placed in the vhost.d folder of Nginx, remember to put your domain as
+# the filename with _location at the end.
+
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Server $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_pass_request_headers on;
+proxy_set_header Connection "keep-alive";
+proxy_store off;
+
+gzip on;
+gzip_proxied any;
+gzip_types *;

rp/vhost.d/vaultwarden.domain.tld

@@ -0,0 +1,16 @@
+# Template file for the routes of Vaultwarden. To be placed in the vhost.d/
+# folder of Nginx, substitute the name of the file with your domain.
+
+location /admin {
+	return 404;
+}
+
+location /notifications/hub {
+  proxy_pass http://${vaultwarden-container-name}:3012;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
+}
+
+location /notifications/hub/negotiate {
+  proxy_pass http://${vaultwarden-container-name}:8080;
+}