me/env-docker
me/env-docker
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add DNS Server, Many Other Fixes/Enhancements (#12)

Browse Source 
* Add 443 just in case since docker ps is showing it as active.

* Add two new projects.

* Add pre-testing content for DNS.

* Initial untested stab at the GitLab config.

* This project uses build, image name is not needed.

* Cleanup, untested guess at how to handle the variables in the pipe section.

* Filled out all files for DNS. Ready for testing.

* This seems to work, Ubuntu is hoarding port 53 though even though local services are shut off.

* `dnsmasq` container is testing successfully now.

* Don't allow a run unless the config files exist.

* Correct the crontab entry so that $RANDOM works correctly.

* Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now.

* Do not allow disabled folders into Git.

* Do not allow disabled folders into Git, 2.

* Do not allow disabled folders into Git, 3.

* Do not allow disabled folders into Git, 4.

* Do not allow disabled folders into Git, 5.

* Do not allow disabled folders into Git, 6.

* Don't add logs from anywhere.

* Add ping and dig to Nextcloud container for troubleshooting.

* Fix tabs.

* Make unfinished suffix consistent.

* Clean whitespace.

* Multiple names for a single IP address.

* Add 2nd example domain from hosts file.

* Add caching program Redis for Nextcloud.

* Add REDIS_HOST variable for automatic setup through config/redis.config.php.

* Upgrade to compose version 3.

* Move OnlyOffice to Nextcloud area.

* Change container name.

* Add container_name to all compose services.

* Shorten names for Nextcloud services.

* Comment possible OO fixes while trying to get container to use DNS.

* Remove OnlyOffice setting tests.

* Do not commit .env files, only their examples.

* Move OnlyOffice to be its own configuration again. Add sourcing of DNS settings so that local traffic routes correctly.

* Fix source file, BASH_SROUCE did not work without the shebang. Also fix bug for when it sees `..` and assumes current directory.

* dns.env file did not work out, env_file: element not being read before dns: element. Using folder-specific .env files instead, seems to be loaded before dns: element. Also move other values to the env files for better password privacy.

* Keep commands for cleaning up environment in one file.

* Update examples.

* Fix cd moving the user to the file's directory.

* Add note for user to set up the env file.

* Replace README files by unhiding the example files.

* Still need to specify the variables in the environment: element.

* Add header variable.

* Place host above database.

* Fix "JWS" typo.

* Do not use the HEADER parameter.

* Add vim to fix packages.

* Forget about the manual DNS servers for a minute, ensure host is set up properly first. Ubuntu is happy but Debian is not.

* Try using the host network explicitly.

* Temporarily give up on having Nextcloud server see local OnlyOffice server. Works when they are different machines but need them together.
This commit is contained in:
Hyperling 2023-08-21 22:07:46 +00:00 committed by GitHub
parent 43dee35d85
commit f205dbfcd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 427 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@ -7,7 +7,7 @@ Volumes/*
*.yml.*BACKUP* *.yml.*BACKUP*
# Ignore logs # Ignore logs
logs/* logs
# Ignore private reverse proxy configurations. # Ignore private reverse proxy configurations.
Config/ReverseProxy/config/conf.d/* Config/ReverseProxy/config/conf.d/*
@ -24,3 +24,12 @@ private.key
# Ignore secrets for Invidious. # Ignore secrets for Invidious.
Config/Invidious/*.env Config/Invidious/*.env
# Ignore DNS config files, contain private settings.
Config/DNS/config/*
# Ignore anything in disabled folders.
disabled
# Ignore any .env files which are not explicitly committed to the project.
*.env

26
Config/DNS/Dockerfile Normal file
View File

@ -0,0 +1,26 @@
# 2023-07-29
#
# Create a Debian container which runs dnsmasq.
# https://wiki.debian.org/dnsmasq
# https://computingforgeeks.com/run-and-use-dnsmasq-in-docker-container/?expand_article=1
#
FROM debian
# Install Dependencies
RUN apt-get update && apt-get install -y dnsmasq vim inetutils-ping
# Copy Configuration Files
RUN mkdir -pv /etc/dnsmasq
COPY ./config/hosts /etc/dnsmasq/hosts
COPY ./config/resolv.conf /etc/dnsmasq/resolv.conf
COPY ./config/dnsmasq.conf /etc/dnsmasq/dnsmasq.conf
# Stop Default Service
RUN service dnsmasq stop
# Load Specific Config Files
CMD dnsmasq -k --log-facility=- --log-queries=extra \
--conf-file=/etc/dnsmasq/dnsmasq.conf \
--no-hosts --addn-hosts=/etc/dnsmasq/hosts \
--resolv-file=/etc/dnsmasq/resolv.conf

5
Config/DNS/README.md Normal file
View File

@ -0,0 +1,5 @@
# Local DNS
Host a local DNS server in case your router/gateway is not cutting it. Allows
the ability to use simple names across the network witrhout editing `/etc/hosts`
on each machine. The IP of this server should be added to the router/gateway's
settings so that all machines on the network know to use it and can benefit.

31
Config/DNS/config/dnsmasq.conf.example Normal file
View File

@ -0,0 +1,31 @@
# 2023-07-29
#
# Description:
# Settings specific to DNS Masquerade. The parameters in this file are the
# same which can be passed to the dnsmasq program directly using '--', but the
# '--' is not necessary in this file. Otherwise this file has no manpage.
#
# Futher Reading:
# Commands:
# https://manpages.debian.org/bookworm/dnsmasq-base/dnsmasq.8.en.html
# Tutorials:
# Basic:
# https://www.howtoforge.com/how-to-setup-local-dns-server-using-dnsmasq-on-ubuntu-20-04/
# Split DNS:
# https://www.gluster.org/use-dnsmasq-for-separating-dns-queries/
# Who this server is.
port=53
domain=example.com
# FQDN must be provided in order for this server to check upstream for it.
domain-needed
# Do not forward requests for private IPs to upstream domains.
bogus-priv
# Automatically add FQDN to any simple names in /etc/hosts.
#expand-hosts
# Default cache size is 150. 0 disables caching. Large values lower performance.
cache-size=1000

25
Config/DNS/config/hosts.example Normal file
View File

@ -0,0 +1,25 @@
# 2023-07-29
#
# Description:
# Example file of how to use the hosts file. It contains local servers running
# inside the domain that need accessed directly rather than traversing outside
# the WAN. This saves time and prevents some routers from dropping data.
#
# Format:
# XXX.XXX.XXX.XXX subdomain.domain.extension subdomain
#
# Futher Reading:
# https://manpages.debian.org/bookworm/manpages/hosts.5.en.html
#
127.0.0.1 localhost
127.0.1.1 dns.example.com dns
192.168.1.22 ssh.example.com ssh
192.168.1.25 mail.example.com mail
192.168.1.25 imap.example.com
192.168.1.25 smtp.example.com
192.168.1.80 www.example.com example.com
192.168.1.80 www.example.net example.net

21
Config/DNS/config/resolv.conf.example Normal file
View File

@ -0,0 +1,21 @@
# 2023-07-29
#
# Description:
# Generic DNS settings unrelated to dnsmasq are provided here.
#
# Futher Reading:
# https://manpages.debian.org/bookworm/manpages/resolv.conf.5.en.html
#
# The local domains being hosted.
search example.com example.net anotherdomain.com
# Explicitly set local caching with hosts file on.
nameserver 127.0.0.1
# Add any extra settings.
#options rotate
# Use Cloudflare for upstream DNS.
nameserver 1.1.1.1
nameserver 1.0.0.1

17
Config/DNS/docker-compose.yml Normal file
View File

@ -0,0 +1,17 @@
# 2023-07-29
#
# Local DNS server which properly handles DNS splitting.
# Necessary when using junk ISP gateways and running a domain.
# https://thekelleys.org.uk/dnsmasq/doc.html
#
version: '3'
services:
app:
container_name: dns-app
build: ./
restart: always
ports:
- "53:53/udp"
- "53:53/tcp"

60
Config/DNS/run.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/bash
#
# 2023-07-29
# Config/DNS/run.sh
# Fix common issues when trying to run this container.
function stop-service {
service=""
if [[ -n $1 ]]; then
service=$1
else
echo "ERROR: A parameter was not provided for stop-service, aborting." >&2
exit 1
fi
if [[ -n $2 ]]; then
echo "ERROR: A second parameter to stop-service is not expected, aborting." >&2
exit 1
fi
systemctl disable --now $service &&
echo "$service stopped successfully!" ||
echo "* If $service was not found then there is no problem."
}
## Validations ##
# Ensure the necessary config files have been created.
if [[ ! -s ./config/hosts
|| ! -s ./config/resolv.conf
|| ! -s ./config/dnsmasq.conf
]]; then
echo "ERROR: Please ensure all 3 files have been created in the config folder." >&2
exit 1
fi
echo -e "\n*** Turn off any local DNS programs ***"
# These programs use port 53 but this container needs to be able to listen on it.
stop-service systemd-resolved
stop-service dnsmasq
echo -e "\n*** Create a working DNS file ***"
# Allows the domains needed during the docker pull/build to be accessed.
if [[ ! -e /etc/resolv.conf.save ]]; then
# Save the existing file if a backup does not already exist.
mv /etc/resolv.conf /etc/resolv.conf.save
fi
echo "nameserver 1.1.1.1" > /etc/resolv.conf
echo -e "\n*** Start the docker container ***"
docker compose down
docker compose build
docker compose up -d
echo -e "\n*** Now use the local process for DNS ***\n/etc/resolv.conf:"
echo "nameserver 127.0.0.1" > /etc/resolv.conf
echo "nameserver 127.0.1.1" >> /etc/resolv.conf
cat /etc/resolv.conf
# Finish
echo " "
exit 0

46
Config/DNS/undo.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
#
# 2023-07-29
# Config/DNS/undo.sh
# Easy way to stop using this container.
function start-service {
service=""
if [[ -n $1 ]]; then
service=$1
else
echo "ERROR: A parameter was not provided for start-service, aborting."
exit 1
fi
if [[ -n $2 ]]; then
echo "ERROR: A second parameter to start-service is not expected, aborting."
exit 1
fi
systemctl enable --now $service &&
echo "$service started successfully!" ||
echo "* If $service was not found then there is no problem."
}
echo -e "\n*** Stop the docker container ***"
docker compose down
echo -en "\n*** Restore the DNS file "
if [[ -e /etc/resolv.conf.save ]]; then
echo "from backup ***"
cp /etc/resolv.conf.save /etc/resolv.conf
else
echo "with Cloudflare ***"
echo "nameserver 1.1.1.1" > /etc/resolv.conf
echo "nameserver 1.0.0.1" >> /etc/resolv.conf
echo "options rotate" >> /etc/resolv.conf
fi
echo "/etc/resolv.conf:"
cat /etc/resolv.conf
echo -e "\n*** Turn on any local DNS programs ***"
start-service systemd-resolved
start-service dnsmasq
# Finish
echo " "
exit 0

2
Config/DynamicDNS/README.md
View File

@ -21,7 +21,7 @@ The sleep waits anywhere from 0 to 55 minutes due to the
[Random/10](https://tldp.org/LDP/abs/html/randomvar.html). [Random/10](https://tldp.org/LDP/abs/html/randomvar.html).
``` ```
@hourly sleep $(( $RANDOM / 10 )); $PROJECT_DIR/Config/DynamicDNS/update_dns.sh @hourly bash -c 'sleep $(( $RANDOM / 10 )); $PROJECT_DIR/Config/DynamicDNS/update_dns.sh'
``` ```
### TESTING ### TESTING

22
Config/Gitlab/docker-compose.yml.TBD Normal file
View File

@ -0,0 +1,22 @@
# 2023-07-29
# Employ a personal Gitlab rather than strictly depending on GitHub's existence.
# https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose
# TBD Add the hostname and environment-GITLAB_OMNIBUS_CONFIG setup using env.
version: '3'
services:
app:
container_name: gitlab-app
image: 'gitlab/gitlab-ce:latest'
restart: always
ports:
- 8180:80
- 8143:443
- 8122:22
volumes:
- ../../Volumes/GitLab/config:/etc/gitlab'
- ../../Volumes/GitLab/logs:/var/log/gitlab'
- ../../Volumes/GitLab/data:/var/opt/gitlab'
shm_size: '256m'

4
Config/Hyperling.com/docker-compose.yml
View File

@ -5,8 +5,8 @@ version: '2'
services: services:
app: app:
image: node container_name: website-app
restart: always
build: ./ build: ./
restart: always
ports: ports:
- 8317:8080 - 8317:8080

24
Config/Invidious/docker-compose.yml.TBD
View File

@ -1,14 +1,13 @@
# 2023-07-25
# Invidious configuration. # Invidious configuration.
# This is a revised version of the original work here: # This is a revised version of the original work here:
# https://hub.docker.com/_/nextcloud # https://hub.docker.com/_/nextcloud
# Changelog:
# 2023-07-16 Change from mariadb:10.5 to 10.6.
version: "3" version: "3"
services:
invidious: services:
app:
container_name: invidious-app
image: quay.io/invidious/invidious:latest image: quay.io/invidious/invidious:latest
restart: always restart: always
ports: ports:
@ -22,8 +21,8 @@ services:
INVIDIOUS_CONFIG: | INVIDIOUS_CONFIG: |
db: db:
dbname: invidious dbname: invidious
user: user: ${INV_DB_USER}
password: password: ${INV_DB_PASS}
host: invidious-db host: invidious-db
port: 5432 port: 5432
check_tables: true check_tables: true
@ -31,7 +30,7 @@ services:
domain: domain:
# https_only: false # https_only: false
# statistics_enabled: false # statistics_enabled: false
hmac_key: hmac_key: "${INV_HMAC_KEY}"
healthcheck: healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s interval: 30s
@ -44,7 +43,8 @@ services:
depends_on: depends_on:
- invidious-db - invidious-db
invidious-db: db:
container_name: invidious-db
image: docker.io/library/postgres:14 image: docker.io/library/postgres:14
restart: always restart: always
volumes: volumes:
@ -52,10 +52,10 @@ services:
- ../../Volumes/Invidious/postgres/config/sql:/config/sql - ../../Volumes/Invidious/postgres/config/sql:/config/sql
- ../../Volumes/Invidious/postgres/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh - ../../Volumes/Invidious/postgres/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
env_file: env_file:
- ./pg.env - ./inv.env
environment: environment:
POSTGRES_DB: invidious POSTGRES_DB: invidious
POSTGRES_USER: POSTGRES_USER: "${INV_DB_USER}"
POSTGRES_PASSWORD: POSTGRES_PASSWORD: "${INV_DB_PASS}"
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]

34
Config/Nextcloud/docker-compose.yml
View File

@ -4,34 +4,48 @@
# Changelog: # Changelog:
# 2023-07-16 Change from mariadb:10.5 to 10.6. # 2023-07-16 Change from mariadb:10.5 to 10.6.
# 2023-08-20 Add Redis. (https://markontech.com/docker/setup-nextcloud-with-redis-using-docker/)
version: '2' version: '3'
services: services:
db: db:
container_name: nc-db
image: mariadb:10.6 image: mariadb:10.6
restart: always restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes: volumes:
- ../../Volumes/Nextcloud/mariadb:/var/lib/mysql - ../../Volumes/Nextcloud/mariadb:/var/lib/mysql
environment: environment:
- MYSQL_ROOT_PASSWORD=ChangeMe - MYSQL_DATABASE=$MYSQL_DATABASE
- MYSQL_DATABASE=nextcloud - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
- MYSQL_USER=nc - MYSQL_USER=$MYSQL_USER
- MYSQL_PASSWORD=changeme - MYSQL_PASSWORD=$MYSQL_PASSWORD
redis:
container_name: nc-redis
image: redis
restart: always
command: redis-server --requirepass $REDIS_HOST_PASSWORD
app: app:
container_name: nc-app
image: nextcloud image: nextcloud
restart: always restart: always
ports: ports:
- 8080:80 - 8080:80
links: links:
- db - db
- redis
volumes: volumes:
- ../../Volumes/Nextcloud/nextcloud:/var/www/html - ../../Volumes/Nextcloud/nextcloud:/var/www/html
environment: environment:
- MYSQL_DATABASE=nextcloud - MYSQL_HOST=$MYSQL_HOST
- MYSQL_USER=nc - MYSQL_DATABASE=$MYSQL_DATABASE
- MYSQL_PASSWORD=changeme - MYSQL_USER=$MYSQL_USER
- MYSQL_HOST=db - MYSQL_PASSWORD=$MYSQL_PASSWORD
- PHP_UPLOAD_LIMIT=5G - PHP_UPLOAD_LIMIT=$PHP_UPLOAD_LIMIT
- REDIS_HOST=$REDIS_HOST
- REDIS_HOST_PASSWORD=$REDIS_HOST_PASSWORD
#dns:
# - $DNS

29
Config/Nextcloud/env.example Normal file
View File

@ -0,0 +1,29 @@
# Example environment file for Nextcloud stack, should be copied as `.env`.
## Nextcloud ##
PHP_UPLOAD_LIMIT=5G
## MySQL ##
MYSQL_HOST=db
MYSQL_DATABASE=nextcloud
MYSQL_ROOT_PASSWORD=ChangeMe
MYSQL_USER=nc
MYSQL_PASSWORD=changeme
## REDIS ##
REDIS_HOST=redis
REDIS_HOST_PASSWORD=someredispassword
## Other ##
# This has not helped, not sure why containers are not uing hosts's DNS, or why
# the requests are failing. Needs further research/testing but works on Ubuntu
# laptop, just not Debian VM. VM can use the DNS server properly though.
### # If you have both Nextcloud and OnlyOffice on the same internal network you
### # will likely want to set this to an internal DNS server. Some routers will
### # drop traffic if an internal IP tries to communicate with the WAN IP, causing
### # the curl to OnlyOffice's /healthcheck to fail. Do the same in both configs.
### DNS=10.110.1.53

31
Config/Nextcloud/fixes.sh
View File

@ -2,30 +2,29 @@
# 2022-09-25 Hyperling # 2022-09-25 Hyperling
# Put fixes in a file so they do not need remembered. # Put fixes in a file so they do not need remembered.
docker exec -it nextcloud-app-1 apt update -y docker exec -it nc-app apt update -y
docker exec -it nextcloud-app-1 apt install -y sudo libmagickcore-6.q16-6-extra htop docker exec -it nc-app apt install -y sudo libmagickcore-6.q16-6-extra htop iputils-ping dnsutils vim
# 2022-10-30 More additions after moving to Nextcloud version 25. # 2022-10-30 More additions after moving to Nextcloud version 25.
docker exec -itu www-data nextcloud-app-1 ./occ db:add-missing-columns docker exec -itu www-data nc-app ./occ db:add-missing-columns
docker exec -itu www-data nextcloud-app-1 ./occ db:add-missing-indices docker exec -itu www-data nc-app ./occ db:add-missing-indices
docker exec -itu www-data nextcloud-app-1 ./occ db:add-missing-primary-keys docker exec -itu www-data nc-app ./occ db:add-missing-primary-keys
docker exec -itu www-data nextcloud-app-1 ./occ db:convert-filecache-bigint docker exec -itu www-data nc-app ./occ db:convert-filecache-bigint
docker exec -it nextcloud-app-1 chown -Rc www-data:www-data . docker exec -it nc-app chown -Rc www-data:www-data .
# 2023-02-12 Just for good measure. # 2023-02-12 Just for good measure.
docker exec -itu www-data nextcloud-app-1 ./occ app:update --all docker exec -itu www-data nc-app ./occ app:update --all
# 2023-07-02 # 2023-07-02
# This maybe used to exist, but make sure that Files app is correct. # This maybe used to exist, but make sure that Files app is correct.
docker exec -itu www-data nextcloud-app-1 ./occ files:scan --all docker exec -itu www-data nc-app ./occ files:scan --all
# This one takes a while. # This one takes a while.
docker exec -itu www-data nextcloud-app-1 ./occ files:scan-app-data docker exec -itu www-data nc-app ./occ files:scan-app-data
# Extras? Have used the commands in the past and may help in the future. # Extras? Have used the commands in the past and may help in the future.
docker exec -itu www-data nextcloud-app-1 ./occ maintenance:theme:update docker exec -itu www-data nc-app ./occ maintenance:theme:update
docker exec -itu www-data nextcloud-app-1 ./occ maintenance:repair docker exec -itu www-data nc-app ./occ maintenance:repair
# May alsp be useful but do not have much experience with them. # May alsp be useful but do not have much experience with them.
docker exec -itu www-data nextcloud-app-1 ./occ versions:cleanup docker exec -itu www-data nc-app ./occ versions:cleanup
docker exec -itu www-data nextcloud-app-1 ./occ files:cleanup docker exec -itu www-data nc-app ./occ files:cleanup
exit 0 exit 0

8
Config/OnlyOffice/docker-compose.yml
View File

@ -1,11 +1,17 @@
# 2023-07-25 # 2023-07-25
# OnlyOffice server for Nextcloud. # OnlyOffice server, primarily used for Nextcloud.
version: '3' version: '3'
services: services:
app: app:
container_name: oo-app
image: onlyoffice/documentserver image: onlyoffice/documentserver
restart: always restart: always
ports: ports:
- 8000:80 - 8000:80
- 4443:443
environment:
- JWT_SECRET=$JWT_SECRET
#dns:
# - $DNS

17
Config/OnlyOffice/env.example Normal file
View File

@ -0,0 +1,17 @@
# Example environment file for OnlyOffice, should be copied as `.env`.
## Relating to the Nextcloud Admin Settings UI ##
# Secret
JWT_SECRET=abc123
## Other ##
# This has not helped, not sure why containers are not uing hosts's DNS, or why
# the requests are failing. Needs further research/testing but works on Ubuntu
# laptop, just not Debian VM. VM can use the DNS server properly though.
### # If you have both Nextcloud and OnlyOffice on the same internal network you
### # will likely want to set this to an internal DNS server. Some routers will
### # drop traffic if an internal IP tries to communicate with the WAN IP, causing
### # the curl to OnlyOffice's /healthcheck to fail. Do the same in both configs.
### DNS=10.110.1.53

34
Config/ReverseProxy/create_letsencrypt_certs.sh
View File

@ -28,8 +28,8 @@ if [[ $certbot_running != 1 ]]; then
fi fi
## Input ## ## Input ##
# Gather information from the user. # Gather information from the user.
echo -n "Please provide the email address you would like the certs bound to: " echo -n "Please provide the email address you would like the certs bound to: "
read email read email
if [[ -z $email ]]; then if [[ -z $email ]]; then
@ -45,19 +45,34 @@ if [[ $confirm != "Y"* ]]; then
exit 0 exit 0
fi fi
echo -n "Is this a test run? [Y/n]: "
typeset -l test dry_run
read test
if [[ $test == "y"* || -z $test ]]; then
dry_run="--dry-run"
echo " Great! Running with $dry_run to avoid using up requests."
else
echo " Requesting live certificates for new domains."
fi
## Main ## ## Main ##
# Loop over the proxy configuration files and ensure they have certs. # Loop over the proxy configuration files and ensure they have certs.
grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
filename=`basename $file` filename=`basename $file`
echo -e "\n"
if [[ $filename == *"example.com"* ]]; then if [[ $filename == *"example.com"* ]]; then
echo "Skipping $filename since it is only an example." echo "Skipping $filename since it is only an example."
continue continue
fi fi
echo "*** Checking $filename ***" echo "*** Checking $filename ***"
if [[ -d $CERT_DIR/$filename ]]; then if [[ -f $CERT_DIR/$filename/SELF ]]; then
echo "Removing self-signed certs."
rm -rfv $CERT_DIR/$filename
fi
if [[ ! -d $CERT_DIR/$filename ]]; then
echo "Getting the domains which need the cert." echo "Getting the domains which need the cert."
domains=`grep -v '$server_name' $file | grep server_name` domains=`grep -v '$server_name' $file | grep server_name`
@ -69,13 +84,18 @@ grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
domains=${domains// /,} domains=${domains// /,}
echo "Domains='$domains'" echo "Domains='$domains'"
echo "Attempting to create real certs at $CERT_DIR/$filename." echo "Attempting to create certs at $CERT_DIR/$filename."
docker exec reverseproxy-certbot-1 certbot certonly -n --webroot \ docker exec reverseproxy-certbot-1 \
certbot certonly -n --webroot $dry_run \
-w /etc/letsencrypt --agree-tos -m $email -d $filename -w /etc/letsencrypt --agree-tos -m $email -d $filename
ls -lh $CERT_DIR/$filename/* if [[ -z $dry_run ]]; then
docker exec reverseproxy-certbot-1 \
sh -c "cp -rL /etc/letsencrypt/live/$filename /etc/letsencrypt/nginx/"
ls -lh $CERT_DIR/$filename/*
fi
else else
echo "Website's certificate folder does not exist, skipping." echo "Website's certificate folder already exists, skipping."
continue continue
fi fi
done done

6
Config/ReverseProxy/create_placeholder_certs.sh
View File

@ -18,12 +18,14 @@ echo "CERT_DIR=$CERT_DIR"
mkdir -pv $CERT_DIR mkdir -pv $CERT_DIR
# Loop over the proxy configuration files and ensure they have certs. # Loop over the proxy configuration files and ensure they have certs.
grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do #grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
ls $DIR/config/conf.d/*.* | while read file; do
filename=`basename $file` filename=`basename $file`
echo "*** Checking $filename ***" echo -e "\n\n*** Checking $filename ***"
if [[ ! -d $CERT_DIR/$filename ]]; then if [[ ! -d $CERT_DIR/$filename ]]; then
echo "Creating self-signed certs at $CERT_DIR/$filename." echo "Creating self-signed certs at $CERT_DIR/$filename."
mkdir -pv $CERT_DIR/$filename mkdir -pv $CERT_DIR/$filename
touch $CERT_DIR/$filename/SELF
openssl req -new -x509 -days 3 -nodes \ openssl req -new -x509 -days 3 -nodes \
-out $CERT_DIR/$filename/fullchain.pem \ -out $CERT_DIR/$filename/fullchain.pem \
-keyout $CERT_DIR/$filename/privkey.pem \ -keyout $CERT_DIR/$filename/privkey.pem \

6
Config/ReverseProxy/docker-compose.yml
View File

@ -10,6 +10,7 @@ version: '3'
services: services:
app: app:
container_name: rp-app
build: ./ build: ./
restart: always restart: always
ports: ports:
@ -21,9 +22,10 @@ services:
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot: certbot:
container_name: rp-certbot
image: certbot/certbot image: certbot/certbot
restart: always restart: always
volumes: volumes:
- ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt - ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt
- ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/letsencrypt/nginx
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; cp -rL /etc/letsencrypt/live/* /etc/letsencrypt/nginx/; sleep 12h & wait $${!}; done;'"

16
bin/clean.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
# 2023-08-21 Hyperling
# Clean all unused images and containers.
# https://docs.docker.com/config/pruning/
# Very helpful during development, nice in a long-running production as well.
# usage: clean.sh
docker image prune -a
docker container prune
docker volume prune
docker network prune
exit 0

8
source.env
View File

@ -1,10 +1,14 @@
#!/bin/bash
# Provide any necessary project variables. # Provide any necessary project variables.
# Needs run in the current shell environment, such as: # Needs run in the current shell environment, such as:
# source /PATH_TO_GIT_PROJECT/source.env # source /PATH_TO_PROJECT/source.env
DIR="$(dirname -- "${BASH_SOURCE[0]}")" DIR="$(dirname -- "${BASH_SOURCE[0]}")"
if [[ $DIR == \.* ]]; then if [[ "$DIR" == '.'* ]]; then
RETURN="`pwd`"
cd $DIR
DIR="`pwd`" DIR="`pwd`"
cd "$RETURN"
fi fi
DOCKER_HOME="$DIR" DOCKER_HOME="$DIR"