env-docker/Config/ReverseProxy/docker-compose.yml

# 2022-10-05 Hyperling
# Reverse Proxy with LetsEncrypt Certbot.
# This is a revised version of these works:
#   https://phoenixnap.com/kb/docker-nginx-reverse-proxy
#   https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
#   https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71

version: '3'

services:

  app:
    container_name: rp-app
    build: ./
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ../../Volumes/ReverseProxy/letsencrypt:/etc/nginx/letsencrypt
      - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

  certbot:
    container_name: rp-certbot
    image: certbot/certbot
    restart: always
    volumes:
      - ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt
      - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/letsencrypt/nginx
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; cp -rL /etc/letsencrypt/live/* /etc/letsencrypt/nginx/; sleep 12h & wait $${!}; done;'"
Enable files for testing on reverseproxy branch. 2022-10-29 11:29:59 -05:00			`# 2022-10-05 Hyperling`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`# Reverse Proxy with LetsEncrypt Certbot.`
			`# This is a revised version of these works:`
Enable files for testing on reverseproxy branch. 2022-10-29 11:29:59 -05:00			`# https://phoenixnap.com/kb/docker-nginx-reverse-proxy`
			`# https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`# https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71`
Enable files for testing on reverseproxy branch. 2022-10-29 11:29:59 -05:00
Finish a working example. 2023-07-05 20:02:50 -07:00			`version: '3'`
Enable files for testing on reverseproxy branch. 2022-10-29 11:29:59 -05:00
			`services:`
Start Invidious, Add OnlyOffice, Fixes (#11) * Add directory and a link to the install instructions. * Fix env file if user is in the current directory. * Initial work on the Invidious configuration and README. * Add postgres variables and TBD. * Disabled the Invidious project, it is a lower priority than OnlyOffice and Mail. * Allow disabled files to stay in the project, truly only block files with backup in the name. * Create a file for OnlyOffice. * Change the restart method to ALWAYS. * Changed from disabled to TBD. * Add a note to its README as well. 2023-07-25 22:20:56 +00:00
Enable files for testing on reverseproxy branch. 2022-10-29 11:29:59 -05:00			`app:`
Add DNS Server, Many Other Fixes/Enhancements (#12) * Add 443 just in case since docker ps is showing it as active. * Add two new projects. * Add pre-testing content for DNS. * Initial untested stab at the GitLab config. * This project uses build, image name is not needed. * Cleanup, untested guess at how to handle the variables in the pipe section. * Filled out all files for DNS. Ready for testing. * This seems to work, Ubuntu is hoarding port 53 though even though local services are shut off. * `dnsmasq` container is testing successfully now. * Don't allow a run unless the config files exist. * Correct the crontab entry so that $RANDOM works correctly. * Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now. * Do not allow disabled folders into Git. * Do not allow disabled folders into Git, 2. * Do not allow disabled folders into Git, 3. * Do not allow disabled folders into Git, 4. * Do not allow disabled folders into Git, 5. * Do not allow disabled folders into Git, 6. * Don't add logs from anywhere. * Add ping and dig to Nextcloud container for troubleshooting. * Fix tabs. * Make unfinished suffix consistent. * Clean whitespace. * Multiple names for a single IP address. * Add 2nd example domain from hosts file. * Add caching program Redis for Nextcloud. * Add REDIS_HOST variable for automatic setup through config/redis.config.php. * Upgrade to compose version 3. * Move OnlyOffice to Nextcloud area. * Change container name. * Add container_name to all compose services. * Shorten names for Nextcloud services. * Comment possible OO fixes while trying to get container to use DNS. * Remove OnlyOffice setting tests. * Do not commit .env files, only their examples. * Move OnlyOffice to be its own configuration again. Add sourcing of DNS settings so that local traffic routes correctly. * Fix source file, BASH_SROUCE did not work without the shebang. Also fix bug for when it sees `..` and assumes current directory. * dns.env file did not work out, env_file: element not being read before dns: element. Using folder-specific .env files instead, seems to be loaded before dns: element. Also move other values to the env files for better password privacy. * Keep commands for cleaning up environment in one file. * Update examples. * Fix cd moving the user to the file's directory. * Add note for user to set up the env file. * Replace README files by unhiding the example files. * Still need to specify the variables in the environment: element. * Add header variable. * Place host above database. * Fix "JWS" typo. * Do not use the HEADER parameter. * Add vim to fix packages. * Forget about the manual DNS servers for a minute, ensure host is set up properly first. Ubuntu is happy but Debian is not. * Try using the host network explicitly. * Temporarily give up on having Nextcloud server see local OnlyOffice server. Works when they are different machines but need them together. 2023-08-21 22:07:46 +00:00			`container_name: rp-app`
Small Reverse Proxy Enhancements (#8) * Only load certs for domains which are doing a proxy. 301 redirects do not need certs. * Fix tabs to spaces. * Add slash to match Hyperling.com script. * Fix comment capitalization. 2023-07-23 02:32:53 +00:00			`build: ./`
Enable files for testing on reverseproxy branch. 2022-10-29 11:29:59 -05:00			`restart: always`
			`ports:`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`- "80:80"`
			`- "443:443"`
			`volumes:`
Create script to get real certificates. Programs are functional but have not tried pointing the production router to the test box yet to see if the challenge will pass. 2023-07-06 07:33:17 -07:00			`- ../../Volumes/ReverseProxy/letsencrypt:/etc/nginx/letsencrypt`
Create temporary cert process so that nginx can start. Still need to figure out if/how certbot will attempt to renew domains in conf.d. Lowered the cert days in case it checks that. 2023-07-05 21:17:14 -07:00			`- ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"`
Start Invidious, Add OnlyOffice, Fixes (#11) * Add directory and a link to the install instructions. * Fix env file if user is in the current directory. * Initial work on the Invidious configuration and README. * Add postgres variables and TBD. * Disabled the Invidious project, it is a lower priority than OnlyOffice and Mail. * Allow disabled files to stay in the project, truly only block files with backup in the name. * Create a file for OnlyOffice. * Change the restart method to ALWAYS. * Changed from disabled to TBD. * Add a note to its README as well. 2023-07-25 22:20:56 +00:00
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`certbot:`
Add DNS Server, Many Other Fixes/Enhancements (#12) * Add 443 just in case since docker ps is showing it as active. * Add two new projects. * Add pre-testing content for DNS. * Initial untested stab at the GitLab config. * This project uses build, image name is not needed. * Cleanup, untested guess at how to handle the variables in the pipe section. * Filled out all files for DNS. Ready for testing. * This seems to work, Ubuntu is hoarding port 53 though even though local services are shut off. * `dnsmasq` container is testing successfully now. * Don't allow a run unless the config files exist. * Correct the crontab entry so that $RANDOM works correctly. * Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now. * Do not allow disabled folders into Git. * Do not allow disabled folders into Git, 2. * Do not allow disabled folders into Git, 3. * Do not allow disabled folders into Git, 4. * Do not allow disabled folders into Git, 5. * Do not allow disabled folders into Git, 6. * Don't add logs from anywhere. * Add ping and dig to Nextcloud container for troubleshooting. * Fix tabs. * Make unfinished suffix consistent. * Clean whitespace. * Multiple names for a single IP address. * Add 2nd example domain from hosts file. * Add caching program Redis for Nextcloud. * Add REDIS_HOST variable for automatic setup through config/redis.config.php. * Upgrade to compose version 3. * Move OnlyOffice to Nextcloud area. * Change container name. * Add container_name to all compose services. * Shorten names for Nextcloud services. * Comment possible OO fixes while trying to get container to use DNS. * Remove OnlyOffice setting tests. * Do not commit .env files, only their examples. * Move OnlyOffice to be its own configuration again. Add sourcing of DNS settings so that local traffic routes correctly. * Fix source file, BASH_SROUCE did not work without the shebang. Also fix bug for when it sees `..` and assumes current directory. * dns.env file did not work out, env_file: element not being read before dns: element. Using folder-specific .env files instead, seems to be loaded before dns: element. Also move other values to the env files for better password privacy. * Keep commands for cleaning up environment in one file. * Update examples. * Fix cd moving the user to the file's directory. * Add note for user to set up the env file. * Replace README files by unhiding the example files. * Still need to specify the variables in the environment: element. * Add header variable. * Place host above database. * Fix "JWS" typo. * Do not use the HEADER parameter. * Add vim to fix packages. * Forget about the manual DNS servers for a minute, ensure host is set up properly first. Ubuntu is happy but Debian is not. * Try using the host network explicitly. * Temporarily give up on having Nextcloud server see local OnlyOffice server. Works when they are different machines but need them together. 2023-08-21 22:07:46 +00:00			`container_name: rp-certbot`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`image: certbot/certbot`
Start Invidious, Add OnlyOffice, Fixes (#11) * Add directory and a link to the install instructions. * Fix env file if user is in the current directory. * Initial work on the Invidious configuration and README. * Add postgres variables and TBD. * Disabled the Invidious project, it is a lower priority than OnlyOffice and Mail. * Allow disabled files to stay in the project, truly only block files with backup in the name. * Create a file for OnlyOffice. * Change the restart method to ALWAYS. * Changed from disabled to TBD. * Add a note to its README as well. 2023-07-25 22:20:56 +00:00			`restart: always`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`volumes:`
Create script to get real certificates. Programs are functional but have not tried pointing the production router to the test box yet to see if the challenge will pass. 2023-07-06 07:33:17 -07:00			`- ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt`
Add DNS Server, Many Other Fixes/Enhancements (#12) * Add 443 just in case since docker ps is showing it as active. * Add two new projects. * Add pre-testing content for DNS. * Initial untested stab at the GitLab config. * This project uses build, image name is not needed. * Cleanup, untested guess at how to handle the variables in the pipe section. * Filled out all files for DNS. Ready for testing. * This seems to work, Ubuntu is hoarding port 53 though even though local services are shut off. * `dnsmasq` container is testing successfully now. * Don't allow a run unless the config files exist. * Correct the crontab entry so that $RANDOM works correctly. * Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now. * Do not allow disabled folders into Git. * Do not allow disabled folders into Git, 2. * Do not allow disabled folders into Git, 3. * Do not allow disabled folders into Git, 4. * Do not allow disabled folders into Git, 5. * Do not allow disabled folders into Git, 6. * Don't add logs from anywhere. * Add ping and dig to Nextcloud container for troubleshooting. * Fix tabs. * Make unfinished suffix consistent. * Clean whitespace. * Multiple names for a single IP address. * Add 2nd example domain from hosts file. * Add caching program Redis for Nextcloud. * Add REDIS_HOST variable for automatic setup through config/redis.config.php. * Upgrade to compose version 3. * Move OnlyOffice to Nextcloud area. * Change container name. * Add container_name to all compose services. * Shorten names for Nextcloud services. * Comment possible OO fixes while trying to get container to use DNS. * Remove OnlyOffice setting tests. * Do not commit .env files, only their examples. * Move OnlyOffice to be its own configuration again. Add sourcing of DNS settings so that local traffic routes correctly. * Fix source file, BASH_SROUCE did not work without the shebang. Also fix bug for when it sees `..` and assumes current directory. * dns.env file did not work out, env_file: element not being read before dns: element. Using folder-specific .env files instead, seems to be loaded before dns: element. Also move other values to the env files for better password privacy. * Keep commands for cleaning up environment in one file. * Update examples. * Fix cd moving the user to the file's directory. * Add note for user to set up the env file. * Replace README files by unhiding the example files. * Still need to specify the variables in the environment: element. * Add header variable. * Place host above database. * Fix "JWS" typo. * Do not use the HEADER parameter. * Add vim to fix packages. * Forget about the manual DNS servers for a minute, ensure host is set up properly first. Ubuntu is happy but Debian is not. * Try using the host network explicitly. * Temporarily give up on having Nextcloud server see local OnlyOffice server. Works when they are different machines but need them together. 2023-08-21 22:07:46 +00:00			`- ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/letsencrypt/nginx`
			`entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; cp -rL /etc/letsencrypt/live/* /etc/letsencrypt/nginx/; sleep 12h & wait $${!}; done;'"`