Steven Foerster
4 years ago
16 changed files with 146 additions and 384 deletions
@ -0,0 +1,8 @@
@@ -0,0 +1,8 @@
|
||||
FROM nginx:1.21.1-alpine |
||||
|
||||
ADD run.sh /run.sh |
||||
ADD default.conf /etc/nginx/conf.d/default.conf |
||||
|
||||
RUN chmod +x /run.sh |
||||
|
||||
CMD ["/run.sh"] |
||||
@ -0,0 +1,29 @@
@@ -0,0 +1,29 @@
|
||||
map $http_x_forwarded_proto $redirect_scheme { |
||||
default $scheme; |
||||
https https; |
||||
} |
||||
|
||||
server { |
||||
listen 80; |
||||
listen [::]:80; |
||||
server_name ${SERVER_NAME}; |
||||
|
||||
# cherry picked from https://github.com/schmunk42/docker-nginx-redirect/pull/8 |
||||
if ($request_method = POST) { |
||||
return ${SERVER_REDIRECT_POST_CODE} ${SERVER_REDIRECT_SCHEME}://${SERVER_REDIRECT}${SERVER_REDIRECT_PATH}; |
||||
} |
||||
|
||||
if ($request_method ~ PUT|PATCH|DELETE) { |
||||
return ${SERVER_REDIRECT_PUT_PATCH_DELETE_CODE} ${SERVER_REDIRECT_SCHEME}://${SERVER_REDIRECT}${SERVER_REDIRECT_PATH}; |
||||
} |
||||
|
||||
return ${SERVER_REDIRECT_CODE} ${SERVER_REDIRECT_SCHEME}://${SERVER_REDIRECT}${SERVER_REDIRECT_PATH}; |
||||
|
||||
# redirect server error pages to the static page /50x.html |
||||
# |
||||
error_page 500 502 503 504 /50x.html; |
||||
location = /50x.html { |
||||
root /usr/share/nginx/html; |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,54 @@
@@ -0,0 +1,54 @@
|
||||
#!/usr/bin/env sh |
||||
|
||||
if [ ! -n "$SERVER_REDIRECT" ] ; then |
||||
echo "Environment variable SERVER_REDIRECT is not set, exiting." |
||||
exit 1 |
||||
fi |
||||
|
||||
# set server name from optional ENV var |
||||
if [ ! -n "$SERVER_NAME" ] ; then |
||||
SERVER_NAME='localhost' |
||||
fi |
||||
|
||||
# set redirect code from optional ENV var |
||||
# allowed Status Codes are: 301, 302, 303, 307, 308 |
||||
expr match "$SERVER_REDIRECT_CODE" '30[12378]$' > /dev/null || SERVER_REDIRECT_CODE='301' |
||||
|
||||
# set redirect code from optional ENV var for POST requests |
||||
expr match "$SERVER_REDIRECT_POST_CODE" '30[12378]$' > /dev/null || SERVER_REDIRECT_POST_CODE=$SERVER_REDIRECT_CODE |
||||
|
||||
# set redirect code from optional ENV var for PUT, PATCH and DELETE requests |
||||
expr match "$SERVER_REDIRECT_PUT_PATCH_DELETE_CODE" '30[12378]$' > /dev/null || SERVER_REDIRECT_PUT_PATCH_DELETE_CODE=$SERVER_REDIRECT_CODE |
||||
|
||||
# set redirect path from optional ENV var |
||||
if [ ! -n "$SERVER_REDIRECT_PATH" ] ; then |
||||
SERVER_REDIRECT_PATH='$request_uri' |
||||
fi |
||||
|
||||
# set redirect scheme from optional ENV var |
||||
if [ ! -n "$SERVER_REDIRECT_SCHEME" ] ; then |
||||
SERVER_REDIRECT_SCHEME='$redirect_scheme' |
||||
fi |
||||
|
||||
# set access log location from optional ENV var |
||||
if [ ! -n "$SERVER_ACCESS_LOG" ] ; then |
||||
SERVER_ACCESS_LOG='/dev/stdout' |
||||
fi |
||||
|
||||
# set error log location from optional ENV var |
||||
if [ ! -n "$SERVER_ERROR_LOG" ] ; then |
||||
SERVER_ERROR_LOG='/dev/stderr' |
||||
fi |
||||
|
||||
sed -i "s|\${SERVER_REDIRECT}|${SERVER_REDIRECT}|" /etc/nginx/conf.d/default.conf |
||||
sed -i "s|\${SERVER_NAME}|${SERVER_NAME}|" /etc/nginx/conf.d/default.conf |
||||
sed -i "s|\${SERVER_REDIRECT_CODE}|${SERVER_REDIRECT_CODE}|" /etc/nginx/conf.d/default.conf |
||||
sed -i "s|\${SERVER_REDIRECT_POST_CODE}|${SERVER_REDIRECT_POST_CODE}|" /etc/nginx/conf.d/default.conf |
||||
sed -i "s|\${SERVER_REDIRECT_PUT_PATCH_DELETE_CODE}|${SERVER_REDIRECT_PUT_PATCH_DELETE_CODE}|" /etc/nginx/conf.d/default.conf |
||||
sed -i "s|\${SERVER_REDIRECT_PATH}|${SERVER_REDIRECT_PATH}|" /etc/nginx/conf.d/default.conf |
||||
sed -i "s|\${SERVER_REDIRECT_SCHEME}|${SERVER_REDIRECT_SCHEME}|" /etc/nginx/conf.d/default.conf |
||||
|
||||
ln -sfT "$SERVER_ACCESS_LOG" /var/log/nginx/access.log |
||||
ln -sfT "$SERVER_ERROR_LOG" /var/log/nginx/error.log |
||||
|
||||
exec nginx -g 'daemon off;' |
||||
@ -1,28 +0,0 @@
@@ -1,28 +0,0 @@
|
||||
version: '3' |
||||
|
||||
services: |
||||
bitwarden: |
||||
image: bitwardenrs/server:latest |
||||
container_name: mistborn_production_bitwarden |
||||
env_file: |
||||
- ../.envs/.production/.bitwarden |
||||
volumes: |
||||
- ../../mistborn_volumes/extra/bitwarden:/data |
||||
labels: |
||||
- "traefik.enable=true" |
||||
- "traefik.http.routers.bitwarden-http.rule=Host(`bitwarden.mistborn`)" |
||||
- "traefik.http.routers.bitwarden-http.entrypoints=web" |
||||
- "traefik.http.routers.bitwarden-http.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.bitwarden-https.rule=Host(`bitwarden.mistborn`)" |
||||
- "traefik.http.routers.bitwarden-https.entrypoints=websecure" |
||||
- "traefik.http.routers.bitwarden-https.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.bitwarden-https.tls.certresolver=basic" |
||||
- "traefik.http.services.bitwarden-service.loadbalancer.server.port=80" |
||||
ports: |
||||
- "${MISTBORN_BIND_IP}:3012:3012/tcp" |
||||
restart: unless-stopped |
||||
|
||||
networks: |
||||
default: |
||||
external: |
||||
name: mistborn_default |
||||
@ -1,255 +0,0 @@
@@ -1,255 +0,0 @@
|
||||
version: '3' |
||||
|
||||
services: |
||||
# Frontend |
||||
jitsi-web: |
||||
image: jitsi/web:latest |
||||
restart: unless-stopped |
||||
#ports: |
||||
#- '${HTTP_PORT}:80' |
||||
#- '${HTTPS_PORT}:443' |
||||
labels: |
||||
- "traefik.enable=true" |
||||
- "traefik.http.routers.jitsi-http.rule=Host(`jitsi.mistborn`)" |
||||
- "traefik.http.routers.jitsi-http.entrypoints=web" |
||||
- "traefik.http.routers.jitsi-http.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.jitsi-https.rule=Host(`jitsi.mistborn`)" |
||||
- "traefik.http.routers.jitsi-https.entrypoints=websecure" |
||||
- "traefik.http.routers.jitsi-https.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.jitsi-https.tls.certresolver=basic" |
||||
- "traefik.http.services.jitsi-service.loadbalancer.server.port=${HTTP_PORT}" |
||||
volumes: |
||||
- ${CONFIG}/web:/config:Z |
||||
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z |
||||
env_file: |
||||
- ../.envs/.production/.jitsi |
||||
environment: |
||||
- ENABLE_LETSENCRYPT |
||||
- ENABLE_HTTP_REDIRECT |
||||
- ENABLE_XMPP_WEBSOCKET |
||||
- DISABLE_HTTPS |
||||
- LETSENCRYPT_DOMAIN |
||||
- LETSENCRYPT_EMAIL |
||||
- LETSENCRYPT_USE_STAGING |
||||
- PUBLIC_URL |
||||
- TZ |
||||
- AMPLITUDE_ID |
||||
- ANALYTICS_SCRIPT_URLS |
||||
- ANALYTICS_WHITELISTED_EVENTS |
||||
- BRIDGE_CHANNEL |
||||
- BRANDING_DATA_URL |
||||
- CALLSTATS_CUSTOM_SCRIPT_URL |
||||
- CALLSTATS_ID |
||||
- CALLSTATS_SECRET |
||||
- CHROME_EXTENSION_BANNER_JSON |
||||
- CONFCODE_URL |
||||
- CONFIG_EXTERNAL_CONNECT |
||||
- DEPLOYMENTINFO_ENVIRONMENT |
||||
- DEPLOYMENTINFO_ENVIRONMENT_TYPE |
||||
- DEPLOYMENTINFO_USERREGION |
||||
- DIALIN_NUMBERS_URL |
||||
- DIALOUT_AUTH_URL |
||||
- DIALOUT_CODES_URL |
||||
- DROPBOX_APPKEY |
||||
- DROPBOX_REDIRECT_URI |
||||
- ENABLE_AUDIO_PROCESSING |
||||
- ENABLE_AUTH |
||||
- ENABLE_CALENDAR |
||||
- ENABLE_FILE_RECORDING_SERVICE |
||||
- ENABLE_FILE_RECORDING_SERVICE_SHARING |
||||
- ENABLE_GUESTS |
||||
- ENABLE_IPV6 |
||||
- ENABLE_LIPSYNC |
||||
- ENABLE_NO_AUDIO_DETECTION |
||||
- ENABLE_P2P |
||||
- ENABLE_PREJOIN_PAGE |
||||
- ENABLE_RECORDING |
||||
- ENABLE_REMB |
||||
- ENABLE_REQUIRE_DISPLAY_NAME |
||||
- ENABLE_SIMULCAST |
||||
- ENABLE_STATS_ID |
||||
- ENABLE_STEREO |
||||
- ENABLE_SUBDOMAINS |
||||
- ENABLE_TALK_WHILE_MUTED |
||||
- ENABLE_TCC |
||||
- ENABLE_TRANSCRIPTIONS |
||||
- ETHERPAD_PUBLIC_URL |
||||
- ETHERPAD_URL_BASE |
||||
- GOOGLE_ANALYTICS_ID |
||||
- GOOGLE_API_APP_CLIENT_ID |
||||
- INVITE_SERVICE_URL |
||||
- JICOFO_AUTH_USER |
||||
- MATOMO_ENDPOINT |
||||
- MATOMO_SITE_ID |
||||
- MICROSOFT_API_APP_CLIENT_ID |
||||
- NGINX_RESOLVER |
||||
- NGINX_WORKER_PROCESSES |
||||
- NGINX_WORKER_CONNECTIONS |
||||
- PEOPLE_SEARCH_URL |
||||
- RESOLUTION |
||||
- RESOLUTION_MIN |
||||
- RESOLUTION_WIDTH |
||||
- RESOLUTION_WIDTH_MIN |
||||
- START_AUDIO_ONLY |
||||
- START_AUDIO_MUTED |
||||
- START_BITRATE |
||||
- START_VIDEO_MUTED |
||||
- TESTING_CAP_SCREENSHARE_BITRATE |
||||
- TESTING_OCTO_PROBABILITY |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_BOSH_URL_BASE |
||||
- XMPP_DOMAIN |
||||
- XMPP_GUEST_DOMAIN |
||||
- XMPP_MUC_DOMAIN |
||||
- XMPP_RECORDER_DOMAIN |
||||
- TOKEN_AUTH_URL |
||||
networks: |
||||
default: |
||||
meet.jitsi: |
||||
aliases: |
||||
- ${XMPP_DOMAIN} |
||||
|
||||
# XMPP server |
||||
jitsi-prosody: |
||||
image: jitsi/prosody:latest |
||||
restart: unless-stopped |
||||
expose: |
||||
- '5222' |
||||
- '5347' |
||||
- '5280' |
||||
volumes: |
||||
- ${CONFIG}/prosody/config:/config:Z |
||||
- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z |
||||
env_file: |
||||
- ../.envs/.production/.jitsi |
||||
environment: |
||||
- AUTH_TYPE |
||||
- ENABLE_AUTH |
||||
- ENABLE_GUESTS |
||||
- ENABLE_LOBBY |
||||
- ENABLE_XMPP_WEBSOCKET |
||||
- GLOBAL_MODULES |
||||
- GLOBAL_CONFIG |
||||
- LDAP_URL |
||||
- LDAP_BASE |
||||
- LDAP_BINDDN |
||||
- LDAP_BINDPW |
||||
- LDAP_FILTER |
||||
- LDAP_AUTH_METHOD |
||||
- LDAP_VERSION |
||||
- LDAP_USE_TLS |
||||
- LDAP_TLS_CIPHERS |
||||
- LDAP_TLS_CHECK_PEER |
||||
- LDAP_TLS_CACERT_FILE |
||||
- LDAP_TLS_CACERT_DIR |
||||
- LDAP_START_TLS |
||||
- XMPP_DOMAIN |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_GUEST_DOMAIN |
||||
- XMPP_MUC_DOMAIN |
||||
- XMPP_INTERNAL_MUC_DOMAIN |
||||
- XMPP_MODULES |
||||
- XMPP_MUC_MODULES |
||||
- XMPP_INTERNAL_MUC_MODULES |
||||
- XMPP_RECORDER_DOMAIN |
||||
- XMPP_CROSS_DOMAIN |
||||
- JICOFO_COMPONENT_SECRET |
||||
- JICOFO_AUTH_USER |
||||
- JICOFO_AUTH_PASSWORD |
||||
- JVB_AUTH_USER |
||||
- JVB_AUTH_PASSWORD |
||||
- JIGASI_XMPP_USER |
||||
- JIGASI_XMPP_PASSWORD |
||||
- JIBRI_XMPP_USER |
||||
- JIBRI_XMPP_PASSWORD |
||||
- JIBRI_RECORDER_USER |
||||
- JIBRI_RECORDER_PASSWORD |
||||
- JWT_APP_ID |
||||
- JWT_APP_SECRET |
||||
- JWT_ACCEPTED_ISSUERS |
||||
- JWT_ACCEPTED_AUDIENCES |
||||
- JWT_ASAP_KEYSERVER |
||||
- JWT_ALLOW_EMPTY |
||||
- JWT_AUTH_TYPE |
||||
- JWT_TOKEN_AUTH_MODULE |
||||
- LOG_LEVEL |
||||
- PUBLIC_URL |
||||
- TZ |
||||
networks: |
||||
meet.jitsi: |
||||
aliases: |
||||
- ${XMPP_SERVER} |
||||
|
||||
# Focus component |
||||
jitsi-jicofo: |
||||
image: jitsi/jicofo:latest |
||||
restart: unless-stopped |
||||
volumes: |
||||
- ${CONFIG}/jicofo:/config:Z |
||||
env_file: |
||||
- ../.envs/.production/.jitsi |
||||
environment: |
||||
- AUTH_TYPE |
||||
- ENABLE_AUTH |
||||
- XMPP_DOMAIN |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_INTERNAL_MUC_DOMAIN |
||||
- XMPP_MUC_DOMAIN |
||||
- XMPP_SERVER |
||||
- JICOFO_COMPONENT_SECRET |
||||
- JICOFO_AUTH_USER |
||||
- JICOFO_AUTH_PASSWORD |
||||
- JICOFO_RESERVATION_REST_BASE_URL |
||||
- JVB_BREWERY_MUC |
||||
- JIGASI_BREWERY_MUC |
||||
- JIGASI_SIP_URI |
||||
- JIBRI_BREWERY_MUC |
||||
- JIBRI_PENDING_TIMEOUT |
||||
- TZ |
||||
depends_on: |
||||
- jitsi-prosody |
||||
networks: |
||||
meet.jitsi: |
||||
|
||||
# Video bridge |
||||
jitsi-jvb: |
||||
image: jitsi/jvb:latest |
||||
restart: unless-stopped |
||||
ports: |
||||
- "${MISTBORN_BIND_IP}:${JVB_PORT}:${JVB_PORT}/udp" |
||||
- "${MISTBORN_BIND_IP}:${JVB_TCP_PORT}:${JVB_TCP_PORT}" |
||||
volumes: |
||||
- ${CONFIG}/jvb:/config:Z |
||||
env_file: |
||||
- ../.envs/.production/.jitsi |
||||
environment: |
||||
- DOCKER_HOST_ADDRESS |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_INTERNAL_MUC_DOMAIN |
||||
- XMPP_SERVER |
||||
- JVB_AUTH_USER |
||||
- JVB_AUTH_PASSWORD |
||||
- JVB_BREWERY_MUC |
||||
- JVB_PORT |
||||
- JVB_TCP_HARVESTER_DISABLED |
||||
- JVB_TCP_PORT |
||||
- JVB_TCP_MAPPED_PORT |
||||
- JVB_STUN_SERVERS |
||||
- JVB_ENABLE_APIS |
||||
- JVB_WS_DOMAIN |
||||
- JVB_WS_SERVER_ID |
||||
- PUBLIC_URL |
||||
- TZ |
||||
depends_on: |
||||
- jitsi-prosody |
||||
networks: |
||||
meet.jitsi: |
||||
aliases: |
||||
- jvb.meet.jitsi |
||||
|
||||
# Custom network so all services can communicate using a FQDN |
||||
networks: |
||||
default: |
||||
external: |
||||
name: mistborn_default |
||||
meet.jitsi: |
||||
@ -1,33 +0,0 @@
@@ -1,33 +0,0 @@
|
||||
version: '3' |
||||
|
||||
services: |
||||
raspap: |
||||
image: "cyber5k/raspap:${MISTBORN_TAG}" |
||||
container_name: mistborn_production_raspap |
||||
#network_mode: host |
||||
labels: |
||||
- "traefik.enable=true" |
||||
- "traefik.http.routers.raspap-http.rule=Host(`raspap.mistborn`)" |
||||
- "traefik.http.routers.raspap-http.entrypoints=web" |
||||
- "traefik.http.routers.raspap-http.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.raspap-https.rule=Host(`raspap.mistborn`)" |
||||
- "traefik.http.routers.raspap-https.entrypoints=websecure" |
||||
- "traefik.http.routers.raspap-https.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.raspap-https.tls.certresolver=basic" |
||||
- "traefik.http.services.raspap-service.loadbalancer.server.port=80" |
||||
env_file: |
||||
- ../.envs/.production/.raspap |
||||
cap_add: |
||||
#- NET_ADMIN |
||||
- SYS_ADMIN |
||||
#- CAP_FOWNER |
||||
privileged: true |
||||
volumes: |
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro |
||||
#command: /start |
||||
restart: unless-stopped |
||||
|
||||
networks: |
||||
default: |
||||
external: |
||||
name: mistborn_default |
||||
@ -1,35 +0,0 @@
@@ -1,35 +0,0 @@
|
||||
version: '3' |
||||
|
||||
services: |
||||
syncthing: |
||||
image: linuxserver/syncthing |
||||
container_name: mistborn_production_syncthing |
||||
environment: |
||||
- PUID=1000 |
||||
- PGID=1000 |
||||
- TZ=Amereica/New_York |
||||
- UMASK_SET=022 |
||||
volumes: |
||||
- ../../mistborn_volumes/extra/syncthing/config:/config |
||||
- ../../mistborn_volumes/extra/syncthing/data1:/data1 |
||||
- ../../mistborn_volumes/extra/syncthing/data2:/data2 |
||||
ports: |
||||
#- 8384:8384 |
||||
- "${MISTBORN_BIND_IP}:22000:22000/tcp" # listening port |
||||
- "${MISTBORN_BIND_IP}:21027:21027/udp" # protocol discovery |
||||
labels: |
||||
- "traefik.enable=true" |
||||
- "traefik.http.routers.syncthing-http.rule=Host(`syncthing.mistborn`)" |
||||
- "traefik.http.routers.syncthing-http.entrypoints=web" |
||||
- "traefik.http.routers.syncthing-http.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.syncthing-https.rule=Host(`syncthing.mistborn`)" |
||||
- "traefik.http.routers.syncthing-https.entrypoints=websecure" |
||||
- "traefik.http.routers.syncthing-https.middlewares=mistborn_auth@file" |
||||
- "traefik.http.routers.syncthing-https.tls.certresolver=basic" |
||||
- "traefik.http.services.syncthing-service.loadbalancer.server.port=8384" |
||||
restart: unless-stopped |
||||
|
||||
networks: |
||||
default: |
||||
external: |
||||
name: mistborn_default |
||||
@ -1,16 +0,0 @@
@@ -1,16 +0,0 @@
|
||||
version: '3' |
||||
|
||||
services: |
||||
tor-client: |
||||
build: |
||||
context: ../compose/production/tor |
||||
dockerfile: ./Dockerfile |
||||
image: mistborn_production_tor |
||||
container_name: mistborn_production_tor |
||||
ports: |
||||
- "${MISTBORN_BIND_IP}:9150:9150/tcp" |
||||
|
||||
networks: |
||||
default: |
||||
external: |
||||
name: mistborn_default |
||||
Loading…
Reference in new issue