First push from proxy (docker host) to gitea
This commit is contained in:
commit
a69fa8cc56
25 changed files with 781 additions and 0 deletions
29
.env
Normal file
29
.env
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
# Email Parameters
|
||||
# - the hostname/IP address of your mailserver
|
||||
MAIL_PORT_587_TCP_ADDR = smtp.gmail.com
|
||||
#the port for the mailserver (probably 587, could be another)
|
||||
MAIL_PORT_587_TCP_PORT = 587
|
||||
# the default from address, and from name for emails
|
||||
MAIL_ENV_FROM_ADDR=snipeit@kh3group.com
|
||||
MAIL_ENV_FROM_NAME = Snipe Alerting
|
||||
# - pick 'tls' for SMTP-over-SSL, 'tcp' for unencrypted
|
||||
MAIL_ENV_ENCRYPTION = tls
|
||||
# SMTP username and password
|
||||
MAIL_ENV_USERNAME= support@kh3group.com
|
||||
MAIL_ENV_PASSWORD=anruflwtglalnjto
|
||||
|
||||
|
||||
# Snipe-IT Settings
|
||||
APP_ENV=production
|
||||
APP_DEBUG=false
|
||||
APP_KEY=base64:D5oGA+zhFSVA3VwuoZoQ21RAcwBtJv/RGiqOcZ7BUvI=
|
||||
APP_URL=https://ims.office.kh3group.com:8000
|
||||
APP_TIMEZONE=Africa/Accra
|
||||
APP_LOCALE=en
|
||||
DB_CONNECTION=mysql
|
||||
DB_HOST=db
|
||||
DB_DATABASE=snipeit
|
||||
DB_USERNAME=snipeit
|
||||
DB_PASSWORD=pass@w0rd1
|
||||
DB_PORT=3306
|
||||
APP_TRUSTED_PROXIES=192.168.2.20
|
||||
35
.gitignore
vendored
Normal file
35
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
docker-compose.yml.save
|
||||
docker-compose.yml.save.1
|
||||
.bash_history
|
||||
.bashrc
|
||||
.docker/
|
||||
/root/.env
|
||||
.env-mysql
|
||||
.local/
|
||||
.profile
|
||||
.python_history
|
||||
.selected_editor
|
||||
.ssh/
|
||||
.wget-hsts
|
||||
cert-export/
|
||||
backup-yml-snippets/
|
||||
snipeit/
|
||||
pwm/
|
||||
docker-setup.sh/
|
||||
snipeit/
|
||||
uptime-kuma/
|
||||
vikunja/
|
||||
drone/data/
|
||||
elasticsearch/data/
|
||||
gitea/data/
|
||||
elasticsearch/data/
|
||||
graylog/data/
|
||||
mariadb/data/
|
||||
mongodb/data/
|
||||
nginx/data/
|
||||
portainer/data/
|
||||
portainer/portainer-backup/
|
||||
traefik/data/acme.json
|
||||
traefik/data/acme.json.bak
|
||||
traefik/data/certs/
|
||||
vaultwarden/data/
|
||||
28
adminer/docker-compose.yml
Normal file
28
adminer/docker-compose.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
dbgui:
|
||||
image: adminer:4
|
||||
container_name: adminer
|
||||
hostname: dbgui
|
||||
restart: always
|
||||
networks:
|
||||
- proxy
|
||||
- backend
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.adminer.entrypoints=http"
|
||||
- "traefik.http.routers.adminer.rule=Host(`db.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.adminer-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.adminer.middlewares=adminer-https-redirect"
|
||||
- "traefik.http.routers.adminer-secure.rule=Host(`db.office.kh3group.com`)"
|
||||
- "traefik.http.routers.adminer-secure.tls=true"
|
||||
- "traefik.http.routers.adminer-secure.service=adminer"
|
||||
- "traefik.http.services.adminer.loadbalancer.server.port=8080"
|
||||
- "traefik.docker.network=proxy"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
backend:
|
||||
external: true
|
||||
2
crowdsec/Dockerfile
Normal file
2
crowdsec/Dockerfile
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
FROM metabase/metabase
|
||||
RUN mkdir /data/ && wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -d /data/
|
||||
4
crowdsec/data/config/acquis.yaml
Normal file
4
crowdsec/data/config/acquis.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
filenames:
|
||||
- /var/log/traefik/*
|
||||
labels:
|
||||
type: traefik
|
||||
38
crowdsec/docker-compose.yml
Normal file
38
crowdsec/docker-compose.yml
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
version: '3.8'
|
||||
services:
|
||||
guard:
|
||||
image: crowdsecurity/crowdsec:v1.4.3
|
||||
container_name: crowdsec
|
||||
hostname: guard
|
||||
environment:
|
||||
COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
|
||||
volumes:
|
||||
- /root/crowdsec/data/config/acquis.yaml:/etc/crowdsec/acquis.yaml
|
||||
- crowdsec-db:/var/lib/crowdsec/data/
|
||||
- crowdsec-config:/etc/crowdsec/
|
||||
- traefik_traefik-logs:/var/log/traefik/:ro
|
||||
networks:
|
||||
- proxy
|
||||
restart: unless-stopped
|
||||
|
||||
bouncer-traefik:
|
||||
image: fbonalair/traefik-crowdsec-bouncer:latest
|
||||
container_name: bouncer-traefik
|
||||
hostname: bouncer-traefik
|
||||
environment:
|
||||
CROWDSEC_BOUNCER_API_KEY: 22bae1bfe5ec4d708efc9471a665a3c1
|
||||
CROWDSEC_AGENT_HOST: guard:8080
|
||||
networks:
|
||||
- proxy
|
||||
depends_on:
|
||||
- guard
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
volumes:
|
||||
crowdsec-db:
|
||||
crowdsec-config:
|
||||
traefik_traefik-logs:
|
||||
external: true
|
||||
11
docker-setup.sh
Executable file
11
docker-setup.sh
Executable file
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
apt-get update
|
||||
apt-get install -y ca-certificates curl gnupg lsb-release
|
||||
mkdir -p /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
apt-get update
|
||||
apt-get install -y docker-ce docker-ce-cli containerd.io
|
||||
curl -SL https://github.com/docker/compose/releases/download/v2.12.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
|
||||
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
|
||||
chmod +x /usr/bin/docker-compose
|
||||
3
drone/.env
Normal file
3
drone/.env
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
DRONE_GITEA_CLIENT_ID=0e1dc5a7-e7c6-49a9-bfb6-0788b841cd80
|
||||
DRONE_GITEA_CLIENT_SECRET=gto_zpobgtdlqcfeha7not3qezm2yccfpahvrxpmu2smsj5gzxyepcna
|
||||
DRONE_RPC_SECRET=5d92181e9ce8ec5574a28b09d8f185d7
|
||||
56
drone/docker-compose.yml
Normal file
56
drone/docker-compose.yml
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
ci:
|
||||
image: drone/drone:latest
|
||||
container_name: drone
|
||||
hostname: ci
|
||||
volumes:
|
||||
- /root/drone/data:/data
|
||||
environment:
|
||||
- DRONE_GITEA_SERVER=https://git.office.kh3group.com
|
||||
- DRONE_GIT_ALWAYS_AUTH=true
|
||||
- DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
|
||||
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
|
||||
- DRONE_SERVER_HOST=drone.office.kh3group.com
|
||||
- DRONE_SERVER_PROTO=https
|
||||
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
|
||||
- DRONE_USER_CREATE=username:support,admin:true
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "traefik.http.routers.drone.entrypoints=http"
|
||||
- "traefik.http.routers.drone.rule=Host(`drone.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.drone-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.drone.middlewares=drone-https-redirect"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.drone-secure.entrypoints=https"
|
||||
- "traefik.http.routers.drone-secure.rule=Host(`drone.office.kh3group.com`) || Host(`drone.kh3group.com`)"
|
||||
- "traefik.http.routers.drone-secure.tls=true"
|
||||
- "traefik.http.routers.drone-secure.service=drone"
|
||||
- "traefik.http.services.drone.loadbalancer.server.port=80"
|
||||
- "traefik.docker.network=proxy"
|
||||
networks:
|
||||
- proxy
|
||||
- backend
|
||||
|
||||
ci-agent:
|
||||
image: drone/drone-runner-docker:1
|
||||
container_name: drone-runner
|
||||
hostname: ci-agent
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
- DRONE_RPC_PROTO=https
|
||||
- DRONE_RPC_HOST=drone.office.kh3group.com
|
||||
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
|
||||
- DRONE_RUNNER_CAPACITY=2
|
||||
- DRONE_RUNNER_NAME=droner1
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
backend:
|
||||
external: true
|
||||
29
elasticsearch/docker-compose.yml
Normal file
29
elasticsearch/docker-compose.yml
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
services:
|
||||
search:
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
|
||||
container_name: elasticsearch
|
||||
hostname: search
|
||||
restart: always
|
||||
environment:
|
||||
- http.host=0.0.0.0
|
||||
- transport.host=localhost
|
||||
- network.host=0.0.0.0
|
||||
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 512m
|
||||
networks:
|
||||
- backend
|
||||
volumes:
|
||||
- /root/elasticsearch/data/es_data:/var/lib/elasticsearch/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
|
||||
networks:
|
||||
backend:
|
||||
external: true
|
||||
4
gitea/Dockerfile
Normal file
4
gitea/Dockerfile
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
FROM alpine/git:latest
|
||||
WORKDIR /git
|
||||
VOLUME /git/notebook.git
|
||||
CMD ["init", "--bare", "notebook.git"]
|
||||
35
gitea/docker-compose.yml
Normal file
35
gitea/docker-compose.yml
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
gitbox:
|
||||
image: gitea/gitea:latest
|
||||
container_name: gitea
|
||||
hostname: gitbox
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /root/gitea/data:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
networks:
|
||||
- backend
|
||||
- proxy
|
||||
ports:
|
||||
- "2222:22"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.gitbox.entrypoints=http"
|
||||
- "traefik.http.routers.gitbox.rule=Host(`git.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.gitbox-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.gitbox.middlewares=gitbox-https-redirect"
|
||||
- "traefik.http.routers.gitbox-secure.entrypoints=https"
|
||||
- "traefik.http.routers.gitbox-secure.rule=Host(`git.office.kh3group.com`)||Host(`git.kh3group.com`)"
|
||||
- "traefik.http.routers.gitbox-secure.tls=true"
|
||||
- "traefik.http.routers.gitbox-secure.service=gitbox"
|
||||
- "traefik.http.services.gitbox.loadbalancer.server.port=3000"
|
||||
- "traefik.docker.network=proxy"
|
||||
|
||||
networks:
|
||||
backend:
|
||||
external: true
|
||||
proxy:
|
||||
external: true
|
||||
4
graylog/.env
Normal file
4
graylog/.env
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
GRAYLOG_PASSWORD_SECRET="9MpRZ75yyhNZkCycJj6tL4CcCej9yK8oP7o6KynnGxQhyEbAvYUM9Jv7BkSKYF7M"
|
||||
GRAYLOG_ROOT_PASSWORD_SHA2="90ecc336d6200b1389eb49c4b557ee42892345c2f727453ae82c96e6de94098e"
|
||||
|
||||
|
||||
72
graylog/docker-compose.yml
Normal file
72
graylog/docker-compose.yml
Normal file
|
|
@ -0,0 +1,72 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
logs:
|
||||
image: graylog/graylog:5.0
|
||||
container_name: graylog
|
||||
hostname: logs
|
||||
entrypoint: "/usr/bin/tini -- wait-for-it search:9200 -- /docker-entrypoint.sh"
|
||||
volumes:
|
||||
- /root/graylog/data/graylog_data:/usr/share/graylog/data/data
|
||||
- /root/graylog/data/graylog_journal:/usr/share/graylog/data/journal
|
||||
networks:
|
||||
- proxy
|
||||
- backend
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.logs.entrypoints=http"
|
||||
- "traefik.http.routers.logs.rule=Host(`logs.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.logs-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.logs.middlewares=logs-https-redirect"
|
||||
- "traefik.http.routers.logs-secure.entrypoints=https"
|
||||
- "traefik.http.routers.logs-secure.rule=Host(`logs.office.kh3group.com`)||Host(`logs.kh3group.com`)"
|
||||
- "traefik.http.routers.logs-secure.tls=true"
|
||||
- "traefik.http.routers.logs-secure.service=logs"
|
||||
- "traefik.http.services.logs.loadbalancer.server.port=9000"
|
||||
- "traefik.docker.network=proxy"
|
||||
environment:
|
||||
- GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD_SECRET}
|
||||
- GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_ROOT_PASSWORD_SHA2}
|
||||
- GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
|
||||
- GRAYLOG_HTTP_EXTERNAL_URI=http://logs.office.kh3group.com/
|
||||
- GRAYLOG_ELASTICSEARCH_HOSTS=http://search:9200
|
||||
- GRAYLOG_MONGODB_URI=mongodb://nosqldb:27017/graylog
|
||||
- GRAYLOG_ROOT_TIMEZONE=Africa/Accra
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://127.0.0.1:9000" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
ports:
|
||||
- "5044:5044/tcp" # Beats
|
||||
- "5140:5140/udp" # Syslog
|
||||
- "5140:5140/tcp" # Syslog
|
||||
- "5141:5141/udp" # Syslog 2
|
||||
- "5141:5141/tcp" # Syslog 2
|
||||
- "5142:5142/udp" # Syslog 3
|
||||
- "5142:5142/tcp" # Syslog 3
|
||||
- "5143:5143/udp" # Syslog 4
|
||||
- "5143:5143/tcp" # Syslog 4
|
||||
- "5144:5144/udp" # Syslog 5
|
||||
- "5144:5144/tcp" # Syslog 5
|
||||
- "5145:5145/udp" # Syslog 6
|
||||
- "5145:5145/tcp" # Syslog 6
|
||||
- "5146:5146/udp" # Syslog 7
|
||||
- "5146:5146/tcp" # Syslog 7
|
||||
- "5555:5555/tcp" # RAW TCP
|
||||
- "5555:5555/udp" # RAW TCP
|
||||
- "9000:9000/tcp" # Server API
|
||||
- "12201:12201/tcp" # GELF TCP
|
||||
- "12201:12201/udp" # GELF UDP
|
||||
#- "10000:10000/tcp" # Custom TCP port
|
||||
#- "10000:10000/udp" # Custom UDP port
|
||||
- "13301:13301/tcp" # Forwarder data
|
||||
- "13302:13302/tcp" # Forwarder config
|
||||
|
||||
networks:
|
||||
backend:
|
||||
external: true
|
||||
proxy:
|
||||
external: true
|
||||
5
mariadb/.env
Normal file
5
mariadb/.env
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# Mysql Parameters
|
||||
MYSQL_ROOT_PASSWORD = pass@w0rd1
|
||||
MYSQL_DATABASE = snipeit
|
||||
MYSQL_USER = snipeit
|
||||
MYSQL_PASSWORD = pass@w0rd1
|
||||
17
mariadb/docker-compose.yml
Normal file
17
mariadb/docker-compose.yml
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mariadb:10.5
|
||||
container_name: mariadb
|
||||
hostname: ims
|
||||
restart: always
|
||||
volumes:
|
||||
- /root/mariadb/data:/var/lib/mysql
|
||||
env_file: .env
|
||||
networks:
|
||||
- backend
|
||||
|
||||
networks:
|
||||
backend:
|
||||
external: true
|
||||
22
mongodb/docker-compose.yml
Normal file
22
mongodb/docker-compose.yml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
nosqldb:
|
||||
image: mongo:5
|
||||
container_name: mongodb
|
||||
hostname: nosqldb
|
||||
restart: always
|
||||
networks:
|
||||
- backend
|
||||
volumes:
|
||||
- /root/mongodb/data/mongo_data:/data/db
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "echo 'db.stats().ok' | mongo localhost:27017/test --quiet"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
|
||||
networks:
|
||||
backend:
|
||||
external: true
|
||||
28
nginx/docker-compose.yml
Normal file
28
nginx/docker-compose.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
docs:
|
||||
image: nginx:stable-alpine-slim
|
||||
container_name: nginx
|
||||
hostname: docs
|
||||
restart: always
|
||||
volumes:
|
||||
- /root/nginx/data/mkdocs/site:/usr/share/nginx/html:ro
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.docs.entrypoints=http"
|
||||
- "traefik.http.routers.docs.rule=Host(`docs.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.docs-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.docs.middlewares=docs-https-redirect"
|
||||
- "traefik.http.routers.docs-secure.entrypoints=https"
|
||||
- "traefik.http.routers.docs-secure.rule=Host(`docs.office.kh3group.com`)||Host(`docs.kh3group.com`)"
|
||||
- "traefik.http.routers.docs-secure.tls=true"
|
||||
- "traefik.http.routers.docs-secure.service=docs"
|
||||
- "traefik.http.services.docs.loadbalancer.server.port=80"
|
||||
- "traefik.docker.network=proxy"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
31
portainer/docker-compose.yml
Normal file
31
portainer/docker-compose.yml
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
mgmt:
|
||||
image: portainer/portainer-ce:2.15.0-alpine
|
||||
container_name: portainer
|
||||
hostname: mgmt
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
networks:
|
||||
- proxy
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /root/portainer/data:/data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.portainer.entrypoints=http"
|
||||
- "traefik.http.routers.portainer.rule=Host(`mgmt.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
|
||||
- "traefik.http.routers.portainer-secure.rule=Host(`mgmt.office.kh3group.com`)||Host(`mgmt.kh3group.com`)"
|
||||
- "traefik.http.routers.portainer-secure.tls=true"
|
||||
- "traefik.http.routers.portainer-secure.service=portainer"
|
||||
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "com.github.SnowMB.traefik-certificate-extractor.restart_domain=office.kh3group.com"
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
3
traefik/.env
Normal file
3
traefik/.env
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
EMAIL=signup@kh3group.com
|
||||
API_KEY=a392c6b70da6daeadb76879dad6d3ba1b4951
|
||||
|
||||
186
traefik/data/config.yml
Normal file
186
traefik/data/config.yml
Normal file
|
|
@ -0,0 +1,186 @@
|
|||
http:
|
||||
#region routers
|
||||
routers:
|
||||
pve01:
|
||||
entryPoints:
|
||||
- "http"
|
||||
- "https"
|
||||
rule: "Host(`pve01.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pve01
|
||||
pve02:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`pve02.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pve02
|
||||
pve03:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`pve03.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pve03
|
||||
pihole:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`dns.office.kh3group.com`) || Host(`dns.kh3group.com`) "
|
||||
middlewares:
|
||||
- default-headers
|
||||
- addprefix-pihole
|
||||
tls: {}
|
||||
service: pihole
|
||||
pfsense:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`firewall.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pfsense
|
||||
mysite:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`my.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: mysite
|
||||
portal:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`portal.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: portal
|
||||
printer:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`printer.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
# - prefix-printer
|
||||
tls: {}
|
||||
service: printer
|
||||
#endregion
|
||||
#region services
|
||||
services:
|
||||
pve01:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.2.3:8006"
|
||||
passHostHeader: true
|
||||
pve02:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.2.10:8006"
|
||||
passHostHeader: true
|
||||
pve03:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.100.60:8006"
|
||||
passHostHeader: true
|
||||
pihole:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://192.168.2.2:80"
|
||||
passHostHeader: true
|
||||
pfsense:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.100.1:443"
|
||||
passHostHeader: true
|
||||
mysite:
|
||||
loadBalancer:
|
||||
serversTransport: sptransport
|
||||
servers:
|
||||
- url: "http://192.168.2.34:80"
|
||||
passHostHeader: true
|
||||
portal:
|
||||
loadBalancer:
|
||||
serversTransport: sptransport
|
||||
servers:
|
||||
- url: "http://192.168.2.33:80"
|
||||
passHostHeader: true
|
||||
printer:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.100.100"
|
||||
passHostHeader: true
|
||||
#endregion
|
||||
serversTransports:
|
||||
sptransport:
|
||||
disableHTTP2: true
|
||||
|
||||
middlewares:
|
||||
addprefix-pihole:
|
||||
addPrefix:
|
||||
prefix: "/admin"
|
||||
https-redirect:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
prefix-printer:
|
||||
addPrefix:
|
||||
prefix: "/main"
|
||||
|
||||
default-headers:
|
||||
headers:
|
||||
frameDeny: true
|
||||
sslRedirect: true
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
stsSeconds: 15552000
|
||||
customFrameOptionsValue: SAMEORIGIN
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
|
||||
idrac:
|
||||
headers:
|
||||
frameDeny: true
|
||||
sslRedirect: true
|
||||
browserXssFilter: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsSeconds: 15552000
|
||||
customFrameOptionsValue: SAMEORIGIN
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
|
||||
default-whitelist:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- "10.0.0.0/8"
|
||||
- "192.168.100.0/24"
|
||||
- "172.16.16.0/32"
|
||||
|
||||
secured:
|
||||
chain:
|
||||
middlewares:
|
||||
- default-whitelist
|
||||
- default-headers
|
||||
|
||||
crowdsec-bouncer:
|
||||
forwardauth:
|
||||
address: http://bouncer-traefik:8080/api/v1/forwardAuth
|
||||
trustForwardHeader: true
|
||||
|
||||
#tcp:
|
||||
# routers:
|
||||
# mysites:
|
||||
# rule: "HostSNI(`my.office.kh3group.com`)"
|
||||
# tls: {}
|
||||
# service: mysites
|
||||
# services:
|
||||
# mysites:
|
||||
# loadBalancer:
|
||||
# servers:
|
||||
# - address: "192.168.2.34:80"
|
||||
42
traefik/data/traefik.yml
Normal file
42
traefik/data/traefik.yml
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
api:
|
||||
dashboard: true
|
||||
debug: true
|
||||
entryPoints:
|
||||
http:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: https
|
||||
scheme: https
|
||||
permanent: true
|
||||
middlewares:
|
||||
- crowdsec-bouncer@file
|
||||
https:
|
||||
address: ":443"
|
||||
http:
|
||||
middlewares:
|
||||
- crowdsec-bouncer@file
|
||||
serversTransport:
|
||||
insecureSkipVerify: true
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
file:
|
||||
filename: /config.yml
|
||||
certificatesResolvers:
|
||||
cloudflare:
|
||||
acme:
|
||||
email: signup@kh3group.com
|
||||
storage: acme.json
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "1.0.0.1:53"
|
||||
log:
|
||||
level: "INFO"
|
||||
filepath: "/var/log/traefik/traefik.log"
|
||||
accessLog:
|
||||
filepath: "/var/log/traefik/access.log"
|
||||
46
traefik/docker-compose.yml
Normal file
46
traefik/docker-compose.yml
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
rproxy:
|
||||
image: traefik:v2.9
|
||||
container_name: traefik
|
||||
hostname: rproxy
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
networks:
|
||||
- proxy
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
environment:
|
||||
- CF_API_EMAIL=$EMAIL
|
||||
- CF_API_KEY=$API_KEY
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /root/traefik/data/traefik.yml:/traefik.yml:ro
|
||||
- /root/traefik/data/acme.json:/acme.json
|
||||
- /root/traefik/data/config.yml:/config.yml:ro
|
||||
- traefik-logs:/var/log/traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik.entrypoints=http"
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.traefik-auth.basicauth.users=support:$$apr1$$/SnQnIjg$$kOB5lj/Au8brVdk.tsrFb/"
|
||||
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
|
||||
- "traefik.http.routers.traefik-secure.entrypoints=https"
|
||||
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.office.kh3group.com`)||Host(`traefik.kh3group.com`)"
|
||||
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
|
||||
- "traefik.http.routers.traefik-secure.tls=true"
|
||||
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
|
||||
- "traefik.http.routers.traefik-secure.tls.domains[0].main=office.kh3group.com"
|
||||
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.office.kh3group.com"
|
||||
- "traefik.http.routers.traefik-secure.service=api@internal"
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
volumes:
|
||||
traefik-logs:
|
||||
1
vaultwarden/.env
Normal file
1
vaultwarden/.env
Normal file
|
|
@ -0,0 +1 @@
|
|||
ADMIN_TOKEN=AA3dZSkzngyxOpp1HPhJzbNFIEVgnZYROdbToHVXouUAlULSrkw7XEyUYHNVRYyY
|
||||
50
vaultwarden/docker-compose.yml
Normal file
50
vaultwarden/docker-compose.yml
Normal file
|
|
@ -0,0 +1,50 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
pass:
|
||||
image: vaultwarden/server
|
||||
container_name: vaultwarden
|
||||
hostname: pass
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /root/vaultwarden/data:/data
|
||||
environment:
|
||||
- WEBSOCKET_ENABLED=true
|
||||
- WEB_VAULT_ENABLED=true
|
||||
- DOMAIN=http://pass.office.kh3group.com
|
||||
- SIGNUPS_ALLOWED=false
|
||||
- SIGNUPS_DOMAINS_WHITELIST=kh3group.com,office.kh3group.com
|
||||
# Comment admin token to disable admin interface
|
||||
- ADMIN_TOKEN=${ADMIN_TOKEN}
|
||||
- SMTP_HOST=smtp.gmail.com
|
||||
- SMTP_FROM=alerts@kh3group.com
|
||||
- SMTP_PORT=587
|
||||
- SMTP_SSL=true
|
||||
- SMTP_USERNAME=alerts@kh3group.com
|
||||
- SMTP_PASSWORD=anruflwtglalnjto
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.vaultwarden.entrypoints=http"
|
||||
- "traefik.http.routers.vaultwarden.rule=Host(`pass.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.vaultwarden.middlewares=vaultwarden-https-redirect"
|
||||
- "traefik.http.routers.vaultwarden-secure.entrypoints=https"
|
||||
- "traefik.http.routers.vaultwarden-secure.rule=Host(`pass.office.kh3group.com`)||Host(`pass.kh3group.com`)"
|
||||
- "traefik.http.routers.vaultwarden-secure.tls=true"
|
||||
- "traefik.http.routers.vaultwarden-secure.service=vaultwarden"
|
||||
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
|
||||
- "traefik.docker.network=proxy"
|
||||
# Watchtower Update
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
# Ip filtering
|
||||
#- "traefik.http.routers.bitwarden.middlewares=whitelist@file"
|
||||
logging:
|
||||
driver: "syslog"
|
||||
options:
|
||||
tag: "Bitwarden"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
Loading…
Add table
Add a link
Reference in a new issue