diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml new file mode 100644 index 0000000..8ba8351 --- /dev/null +++ b/gitea/docker-compose.yml @@ -0,0 +1,23 @@ +version: "3" + +networks: + gitea: + external: false + +services: + server: + image: gitea/gitea:latest + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + networks: + - gitea + volumes: + - ./gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" diff --git a/nginx/conf.d/drive.roysathome.net.conf b/nginx/conf.d/drive.roysathome.net.conf new file mode 100644 index 0000000..d66bc0c --- /dev/null +++ b/nginx/conf.d/drive.roysathome.net.conf @@ -0,0 +1,29 @@ +server { + server_name drive.roysathome.net; + + location / { + proxy_pass http://localhost:8080; + proxy_set_header Host drive.roysathome.net; + proxy_set_header X-Forwarded-Proto https; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/drive.roysathome.net/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/drive.roysathome.net/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = drive.roysathome.net) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name drive.roysathome.net; + + listen 80; + return 404; # managed by Certbot + + +} diff --git a/nginx/conf.d/git.roysathome.net.conf b/nginx/conf.d/git.roysathome.net.conf new file mode 100644 index 0000000..d1fdb5b --- /dev/null +++ b/nginx/conf.d/git.roysathome.net.conf @@ -0,0 +1,31 @@ +server { + server_name git.roysathome.net; + location / { + set $backend http://127.0.0.1:3000; + proxy_pass $backend; + proxy_set_header Host git.roysathome.net; #$host; + proxy_set_header X-Forwarded-Proto https; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header X-Forwarded-Host $server_name; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/git.roysathome.net/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.roysathome.net/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = git.roysathome.net) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name git.roysathome.net; + listen 80; + return 404; # managed by Certbot + + +} diff --git a/nginx/conf.d/roysathome.net.conf b/nginx/conf.d/roysathome.net.conf new file mode 100644 index 0000000..c6a09eb --- /dev/null +++ b/nginx/conf.d/roysathome.net.conf @@ -0,0 +1,35 @@ +server { + server_name roysathome.net www.roysathome.net; + location / { + root /http; + index index.html; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/roysathome.net/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/roysathome.net/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} +server { + if ($host = www.roysathome.net) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = roysathome.net) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name roysathome.net www.roysathome.net; + listen 80; + return 404; # managed by Certbot + + + + +} \ No newline at end of file diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..3655a08 --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,83 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + #include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/owncloud/docker-compose.yml b/owncloud/docker-compose.yml new file mode 100644 index 0000000..a88f729 --- /dev/null +++ b/owncloud/docker-compose.yml @@ -0,0 +1,71 @@ +version: "3" + +volumes: + files: + driver: local + mysql: + driver: local + redis: + driver: local + +services: + owncloud: + image: owncloud/server:${OWNCLOUD_VERSION} + container_name: owncloud_server + restart: always + ports: + - ${HTTP_PORT}:8080 + depends_on: + - mariadb + - redis + environment: + - OWNCLOUD_DOMAIN=${OWNCLOUD_DOMAIN} + - OWNCLOUD_TRUSTED_DOMAINS=${OWNCLOUD_TRUSTED_DOMAINS} + - OWNCLOUD_DB_TYPE=mysql + - OWNCLOUD_DB_NAME=owncloud + - OWNCLOUD_DB_USERNAME=owncloud + - OWNCLOUD_DB_PASSWORD=owncloud + - OWNCLOUD_DB_HOST=mariadb + - OWNCLOUD_ADMIN_USERNAME=${ADMIN_USERNAME} + - OWNCLOUD_ADMIN_PASSWORD=${ADMIN_PASSWORD} + - OWNCLOUD_MYSQL_UTF8MB4=true + - OWNCLOUD_REDIS_ENABLED=true + - OWNCLOUD_REDIS_HOST=redis + healthcheck: + test: ["CMD", "/usr/bin/healthcheck"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - files:/mnt/data + + mariadb: + image: mariadb:10.11 + container_name: owncloud_mariadb + restart: always + environment: + - MYSQL_ROOT_PASSWORD=owncloud + - MYSQL_USER=owncloud + - MYSQL_PASSWORD=owncloud + - MYSQL_DATABASE=owncloud + - MARiADB_AUTO_UPGRADE=1 + command: ["--max-allowed-packet=128M", "--innodb-log-file-size=64M"] + healthcheck: + test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - mysql:/var/lib/mysql + redis: + image: redis:6 + container_name: owncloud_redis + restart: always + command: ["--databases", "1"] + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - redis:/data