Dockerfiles/docker-compose-auto.yml at 8b4d8cc60d1bf8269eb4bbdae19921ddd7a48f72

Fork: 0
jryland / Dockerfiles
Find file
Newer
Older
Dockerfiles / docker-compose-auto.yml
John Ryland 1 day ago 5 KB cockpit proxy aware
Raw Blame History
#
# docker-compose localdomain services
# (C) Copyright 2023, John Ryland.
# All rights reserved.
#
# This file is intended to by run with
# docker-compose from the Jenkins Build
#

#  ====================================
#   Configuring outside access to server
#  ====================================
#   no-ip   - signed up for dynamic-DNS entry for 'invertedlogic.ddns.net'
#   iinet   - port blocking disabled  (allows 443 through)
#   Router  - virtual-server - forward port 443 to nuc (as 443)
#   Router  - blackhole ports 25, 80, 135, 139, 445 (send to null host on unused port)
#   Router  - configure dynamic-DNS to login to no-ip account to update the entry
#  ---------
#   Only outside access using https will be allowed through
#  ---------
#
#  Need to add to trusted-domains  nextcloud.invertedlogic.ddns.net:
#          sudo vi /media/Data/Containers/NextCloud/config/config.php
#
# Getting HTTPS certificates (first on router redirect 80 to 9123 and with ISP disable port blocking of 80):
#
# sudo systemctl stop nginx.service
# sudo certbot certonly -v --nginx --http-01-port 9123 -d invertedlogic.ddns.net,www.invertedlogic.ddns.net,nextcloud.invertedlogic.ddns.net,jenkins.invertedlogic.ddns.net,\
#    minecraft.invertedlogic.ddns.net,cockpit.invertedlogic.ddns.net,vscode.invertedlogic.ddns.net,code.invertedlogic.ddns.net,code-server.invertedlogic.ddns.net,openproject.invertedlogic.ddns.net,\
#    home-assistant.invertedlogic.ddns.net,portainer.invertedlogic.ddns.net,gitbucket.invertedlogic.ddns.net,pihole.invertedlogic.ddns.net,docs.invertedlogic.ddns.net,artifacts.invertedlogic.ddns.net
# sudo systemctl start nginx.service
#
# When done, can block 80 again or redirect to a blackhole. Now instead when nginx is configured to use these certificates we can just allow 443 (HTTPS) instead of 80.

#  select all that apply
#
# ================================================================
# PORTS        - Router | Ext | Host | Container | nginx | SSL | Tested
# ================================================================
# www          -   Y     443    443         -      direct   YES    YES
# nextcloud    -   Y     443   8000        80      proxy    YES    YES
# jenkins      -   Y     443   8081         -      proxy    YES    YES
# pihole       -   Y     443   8020        80
# portainer    -   Y     443   8030      9000      need to add
# open-project -   Y     443   8040        80      proxy   NO
# cockpit      -   Y     443   8050      9092      proxy   NO      self-signed - broken (or visit with 8050)
# gitbucket    -   Y     443   8090         -      proxy   YES     self-signed - broken (or visit with 8090 / 8091 - probably settting for the site-url)
# code-server  -   Y     443   8443      8443      proxy  YES      YES  - lost the volume ?
# minecraft    -   N     443  25565     25565      -

services:

  cockpit-ws:
    image: cockpit-ws:latest
    container_name: cockpit-ws
    hostname: cockpit.invertedlogic.ddns.net
    restart: always
    privileged: true
    volumes:
      # Authentication
      - /etc/passwd:/etc/passwd:ro
      - /etc/group:/etc/group:ro
      - /etc/shadow:/etc/shadow:ro
      # Docker access
      - /var/run/docker.sock:/var/run/docker.sock
      # Dummy home directories
      - /media/Data/Containers/Cockpit/etc/cockpit.conf:/etc/cockpit/cockpit.conf
      - /media/Data/Containers/Cockpit/home:/home
    ports:
      - "8050:9092"

  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud
    hostname: nextcloud.localdomain
    restart: always
    volumes:
      - /media/Data/Containers/NextCloud:/var/www/html
    ports:
      - "8000:80"

#  pihole:
#     image: pihole/pihole:latest
#     container_name: pihole
#     hostname: pihole.localdomain
#     restart: always
#     environment:
#       TZ: 'Australia/Brisbane'
#       FTLCONF_webserver_api_password: 'killeres'
#       # FTLCONF_dns_listeningMode: 'ALL'
#     volumes:
#       - /media/Data/Containers/PiHole:/etc/pihole
#     ports:
#       - "8020:80"
#       # - "9443:443"
#       # DNS:
#       #- "53:53/tcp"
#       #- "53:53/udp"
#       # Uncomment the line below if you are using Pi-hole as your NTP server
#       #- "123:123/udp"

  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer-ce
    hostname: portainer.localdomain
    restart: always
    volumes:
      # Authentication
      - /etc/passwd:/etc/passwd:ro
      - /etc/group:/etc/group:ro
      - /etc/shadow:/etc/shadow:ro
      # Docker access
      - /var/run/docker.sock:/var/run/docker.sock
      # Data
      - /media/Data/Containers/Portainer:/data
    ports:
      - "8030:9000"

  open-project:
    # image: openproject/community:latest
    image: openproject/openproject:17
    container_name: open-project
    restart: always
    volumes:
      - /media/Data/Containers/OpenProject/static:/var/openproject/assets
      - /media/Data/Containers/OpenProject/pgdata:/var/openproject/pgdata
    ports:
      - "8040:80"

  code-server:
    image: lscr.io/linuxserver/code-server:latest
    container_name: code-server
    restart: always
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - PASSWORD=password #optional
      - HASHED_PASSWORD= #optional
      - SUDO_PASSWORD=password #optional
      - SUDO_PASSWORD_HASH= #optional
      - PROXY_DOMAIN=code-server.localdomain #optional
      - DEFAULT_WORKSPACE=/config/workspace #optional
    volumes:
      - /media/Data/Containers/CodeServer/config:/config
    ports:
      - "8060:8443"

  minecraft:
    image: itzg/minecraft-server
    container_name: minecraft
    restart: always
    deploy:
      resources:
        limits:
          memory: 1.5G
    environment:
      EULA: "TRUE"
      VERSION: "latest"
      TYPE: "VANILLA"
    volumes:
      - /media/Data/Containers/Minecraft:/data
    ports:
      - "25565:25565"