Add DNS Server, Many Other Fixes/Enhancements (#12)

* Add 443 just in case since docker ps is showing it as active.

* Add two new projects.

* Add pre-testing content for DNS.

* Initial untested stab at the GitLab config.

* This project uses build, image name is not needed.

* Cleanup, untested guess at how to handle the variables in the pipe section.

* Filled out all files for DNS. Ready for testing.

* This seems to work, Ubuntu is hoarding port 53 though even though local services are shut off.

* `dnsmasq` container is testing successfully now.

* Don't allow a run unless the config files exist.

* Correct the crontab entry so that $RANDOM works correctly.

* Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now.

* Do not allow disabled folders into Git.

* Do not allow disabled folders into Git, 2.

* Do not allow disabled folders into Git, 3.

* Do not allow disabled folders into Git, 4.

* Do not allow disabled folders into Git, 5.

* Do not allow disabled folders into Git, 6.

* Don't add logs from anywhere.

* Add ping and dig to Nextcloud container for troubleshooting.

* Fix tabs.

* Make unfinished suffix consistent.

* Clean whitespace.

* Multiple names for a single IP address.

* Add 2nd example domain from hosts file.

* Add caching program Redis for Nextcloud.

* Add REDIS_HOST variable for automatic setup through config/redis.config.php.

* Upgrade to compose version 3.

* Move OnlyOffice to Nextcloud area.

* Change container name.

* Add container_name to all compose services.

* Shorten names for Nextcloud services.

* Comment possible OO fixes while trying to get container to use DNS.

* Remove OnlyOffice setting tests.

* Do not commit .env files, only their examples.

* Move OnlyOffice to be its own configuration again. Add sourcing of DNS settings so that local traffic routes correctly.

* Fix source file, BASH_SROUCE did not work without the shebang. Also fix bug for when it sees `..` and assumes current directory.

* dns.env file did not work out, env_file: element not being read before dns: element. Using folder-specific .env files instead, seems to be loaded before dns: element. Also move other values to the env files for better password privacy.

* Keep commands for cleaning up environment in one file.

* Update examples.

* Fix cd moving the user to the file's directory.

* Add note for user to set up the env file.

* Replace README files by unhiding the example files.

* Still need to specify the variables in the environment: element.

* Add header variable.

* Place host above database.

* Fix "JWS" typo.

* Do not use the HEADER parameter.

* Add vim to fix packages.

* Forget about the manual DNS servers for a minute, ensure host is set up properly first. Ubuntu is happy but Debian is not.

* Try using the host network explicitly.

* Temporarily give up on having Nextcloud server see local OnlyOffice server. Works when they are different machines but need them together.

Config/DNS/Dockerfile

@@ -0,0 +1,26 @@
+# 2023-07-29
+#
+# Create a Debian container which runs dnsmasq.
+# https://wiki.debian.org/dnsmasq
+# https://computingforgeeks.com/run-and-use-dnsmasq-in-docker-container/?expand_article=1
+#
+
+FROM debian
+
+# Install Dependencies
+RUN apt-get update && apt-get install -y dnsmasq vim inetutils-ping
+
+# Copy Configuration Files
+RUN mkdir -pv /etc/dnsmasq
+COPY ./config/hosts        /etc/dnsmasq/hosts
+COPY ./config/resolv.conf  /etc/dnsmasq/resolv.conf
+COPY ./config/dnsmasq.conf /etc/dnsmasq/dnsmasq.conf
+
+# Stop Default Service
+RUN service dnsmasq stop
+
+# Load Specific Config Files
+CMD dnsmasq -k --log-facility=- --log-queries=extra \
+      --conf-file=/etc/dnsmasq/dnsmasq.conf \
+      --no-hosts --addn-hosts=/etc/dnsmasq/hosts \
+      --resolv-file=/etc/dnsmasq/resolv.conf

Config/DNS/README.md

@@ -0,0 +1,5 @@
+# Local DNS
+Host a local DNS server in case your router/gateway is not cutting it. Allows
+the ability to use simple names across the network witrhout editing `/etc/hosts`
+on each machine. The IP of this server should be added to the router/gateway's
+settings so that all machines on the network know to use it and can benefit.

Config/DNS/config/dnsmasq.conf.example

@@ -0,0 +1,31 @@
+# 2023-07-29
+#
+# Description:
+#   Settings specific to DNS Masquerade. The parameters in this file are the
+#   same which can be passed to the dnsmasq program directly using '--', but the
+#   '--' is not necessary in this file. Otherwise this file has no manpage.
+#
+# Futher Reading:
+#   Commands:
+#     https://manpages.debian.org/bookworm/dnsmasq-base/dnsmasq.8.en.html
+#   Tutorials:
+#     Basic:
+#       https://www.howtoforge.com/how-to-setup-local-dns-server-using-dnsmasq-on-ubuntu-20-04/
+#     Split DNS:
+#       https://www.gluster.org/use-dnsmasq-for-separating-dns-queries/
+
+# Who this server is.
+port=53
+domain=example.com
+
+# FQDN must be provided in order for this server to check upstream for it.
+domain-needed
+
+# Do not forward requests for private IPs to upstream domains.
+bogus-priv
+
+# Automatically add FQDN to any simple names in /etc/hosts.
+#expand-hosts
+
+# Default cache size is 150. 0 disables caching. Large values lower performance.
+cache-size=1000

Config/DNS/config/hosts.example

@@ -0,0 +1,25 @@
+# 2023-07-29
+#
+# Description:
+#   Example file of how to use the hosts file. It contains local servers running
+#   inside the domain that need accessed directly rather than traversing outside
+#   the WAN. This saves time and prevents some routers from dropping data.
+#
+# Format:
+#   XXX.XXX.XXX.XXX subdomain.domain.extension subdomain
+#
+# Futher Reading:
+#   https://manpages.debian.org/bookworm/manpages/hosts.5.en.html
+#
+
+127.0.0.1 localhost
+127.0.1.1 dns.example.com dns
+
+192.168.1.22 ssh.example.com  ssh
+
+192.168.1.25 mail.example.com mail
+192.168.1.25 imap.example.com
+192.168.1.25 smtp.example.com
+
+192.168.1.80 www.example.com example.com
+192.168.1.80 www.example.net example.net

Config/DNS/config/resolv.conf.example

@@ -0,0 +1,21 @@
+# 2023-07-29
+#
+# Description:
+#   Generic DNS settings unrelated to dnsmasq are provided here.
+#
+# Futher Reading:
+#   https://manpages.debian.org/bookworm/manpages/resolv.conf.5.en.html
+#
+
+# The local domains being hosted.
+search example.com example.net anotherdomain.com
+
+# Explicitly set local caching with hosts file on.
+nameserver 127.0.0.1
+
+# Add any extra settings.
+#options rotate
+
+# Use Cloudflare for upstream DNS.
+nameserver 1.1.1.1
+nameserver 1.0.0.1

Config/DNS/docker-compose.yml

@@ -0,0 +1,17 @@
+# 2023-07-29
+#
+# Local DNS server which properly handles DNS splitting.
+# Necessary when using junk ISP gateways and running a domain.
+# https://thekelleys.org.uk/dnsmasq/doc.html
+#
+
+version: '3'
+
+services:
+  app:
+    container_name: dns-app
+    build: ./
+    restart: always
+    ports:
+      - "53:53/udp"
+      - "53:53/tcp"

Config/DNS/run.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+#
+# 2023-07-29
+# Config/DNS/run.sh
+# Fix common issues when trying to run this container.
+
+function stop-service {
+	service=""
+	if [[ -n $1 ]]; then
+		service=$1
+	else
+		echo "ERROR: A parameter was not provided for stop-service, aborting." >&2
+		exit 1
+	fi
+	if [[ -n $2 ]]; then
+		echo "ERROR: A second parameter to stop-service is not expected, aborting." >&2
+		exit 1
+	fi
+	systemctl disable --now $service &&
+		echo "$service stopped successfully!" ||
+		echo "* If $service was not found then there is no problem."
+}
+
+## Validations ##
+
+# Ensure the necessary config files have been created.
+if [[ ! -s ./config/hosts
+	|| ! -s ./config/resolv.conf
+	|| ! -s ./config/dnsmasq.conf
+]]; then
+	echo "ERROR: Please ensure all 3 files have been created in the config folder." >&2
+	exit 1
+fi
+
+echo -e "\n*** Turn off any local DNS programs ***"
+# These programs use port 53 but this container needs to be able to listen on it.
+stop-service systemd-resolved
+stop-service dnsmasq
+
+echo -e "\n*** Create a working DNS file ***"
+# Allows the domains needed during the docker pull/build to be accessed.
+if [[ ! -e /etc/resolv.conf.save ]]; then
+	# Save the existing file if a backup does not already exist.
+	mv /etc/resolv.conf /etc/resolv.conf.save
+fi
+echo "nameserver 1.1.1.1" > /etc/resolv.conf
+
+echo -e "\n*** Start the docker container ***"
+docker compose down
+docker compose build
+docker compose up -d
+
+echo -e "\n*** Now use the local process for DNS ***\n/etc/resolv.conf:"
+echo "nameserver 127.0.0.1" > /etc/resolv.conf
+echo "nameserver 127.0.1.1" >> /etc/resolv.conf
+cat /etc/resolv.conf
+
+# Finish
+echo " "
+exit 0

Config/DNS/undo.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# 2023-07-29
+# Config/DNS/undo.sh
+# Easy way to stop using this container.
+
+function start-service {
+	service=""
+	if [[ -n $1 ]]; then
+		service=$1
+	else
+		echo "ERROR: A parameter was not provided for start-service, aborting."
+		exit 1
+	fi
+	if [[ -n $2 ]]; then
+		echo "ERROR: A second parameter to start-service is not expected, aborting."
+		exit 1
+	fi
+	systemctl enable --now $service &&
+		echo "$service started successfully!" ||
+		echo "* If $service was not found then there is no problem."
+}
+
+echo -e "\n*** Stop the docker container ***"
+docker compose down
+
+echo -en "\n*** Restore the DNS file "
+if [[ -e /etc/resolv.conf.save ]]; then
+	echo "from backup ***"
+	cp /etc/resolv.conf.save /etc/resolv.conf
+else
+	echo "with Cloudflare ***"
+	echo "nameserver 1.1.1.1" > /etc/resolv.conf
+	echo "nameserver 1.0.0.1" >> /etc/resolv.conf
+	echo "options rotate" >> /etc/resolv.conf
+fi
+echo "/etc/resolv.conf:"
+cat /etc/resolv.conf
+
+echo -e "\n*** Turn on any local DNS programs ***"
+start-service systemd-resolved
+start-service dnsmasq
+
+# Finish
+echo " "
+exit 0