#
# docker-compose localdomain services
# (C) Copyright 2023, John Ryland.
# All rights reserved.
#
# This file is intended to by run with
# docker-compose from the Jenkins Build
#
# ====================================
# Configuring outside access to server
# ====================================
# no-ip - signed up for dynamic-DNS entry for 'invertedlogic.ddns.net'
# iinet - port blocking disabled (allows 443 through)
# Router - virtual-server - forward port 443 to nuc (as 443)
# Router - blackhole ports 25, 80, 135, 139, 445 (send to null host on unused port)
# Router - configure dynamic-DNS to login to no-ip account to update the entry
# ---------
# Only outside access using https will be allowed through
# ---------
#
# Need to add to trusted-domains nextcloud.invertedlogic.ddns.net:
# sudo vi /media/Data/Containers/NextCloud/config/config.php
#
# We need to get some SSL certificates for using HTTPS. We will use certbot which requests to let's-encrypt for the certificates.
# Part of the process is it verifies you control the domain, so sets up a challenge which is requested on port 80, so we need to temporarily enable port 80.
# We can get certbot to set up a http server on a specific port to listen on, we can map a request on port 80 hitting the router to redirect to that port on the machine we are running this.
# Getting HTTPS certificates (first on router redirect 80 to 9123 and with ISP disable port blocking of 80):
#
# sudo systemctl stop nginx.service
# sudo certbot certonly -v --nginx --http-01-port 9123 -d invertedlogic.ddns.net,www.invertedlogic.ddns.net,nextcloud.invertedlogic.ddns.net,jenkins.invertedlogic.ddns.net,\
# minecraft.invertedlogic.ddns.net,cockpit.invertedlogic.ddns.net,vscode.invertedlogic.ddns.net,code.invertedlogic.ddns.net,code-server.invertedlogic.ddns.net,openproject.invertedlogic.ddns.net,\
# home-assistant.invertedlogic.ddns.net,portainer.invertedlogic.ddns.net,gitbucket.invertedlogic.ddns.net,pihole.invertedlogic.ddns.net,docs.invertedlogic.ddns.net,artifacts.invertedlogic.ddns.net
# sudo systemctl start nginx.service
#
# When done, can block 80 again or redirect to a blackhole. Now instead when nginx is configured to use these certificates we can just allow 443 (HTTPS) instead of 80.
# Update all the nginx config files accordingly to listen on 443 and with settings to point to the certificates.
#
#
# ================================================================
# PORTS - Router | Ext | Host | Container | nginx | SSL | Tested
# ================================================================
# www - Y 443 443 - direct YES YES
# nextcloud - Y 443 8000 80 proxy YES YES
# jenkins - Y 443 8081 - proxy YES YES
# pihole - Y 443 8020 80 proxy YES YES
# portainer - Y 443 8030 9000 proxy YES YES
# open-project - Y 443 8040 80 proxy YES YES
# cockpit - Y 443 8050 9092 proxy YES YES
# gitbucket - Y 443 8090 - proxy YES YES
# code-server - Y 443 8443 8443 proxy YES YES
# minecraft - N 443 25565 25565 - YES (locally)
#
# Cockpit Instructions
#
# Requires the host being connected to have cockpit installed.
#
# First time set up of cockpit to connect to another host requires manually connecting a shell to the container
# and attempting to SSH to it to add the host fingerprint to the known hosts before can log in via the browser.
#
#
# Code-Server Instructions
#
## Setup inside containers to have docker tools map docker socket to the host's socket (or run /config/setup.sh which does these commands)
#
## First part is installing the docker CLI tools if not already installed:
#echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
#sudo apt update
#sudo apt install -y ca-certificates curl
#sudo install -m 0755 -d /etc/apt/keyrings
#sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
#sudo chmod a+r /etc/apt/keyrings/docker.asc
#sudo apt update
#sudo apt install -y docker-ce-cli
#
## This is where the group id is fixed up to match the host's
#DOCKER_GID=`ls -la /var/run/docker.sock | cut -d' ' -f4`
#USER=abc
#sudo groupadd docker
#sudo groupmod -g ${DOCKER_GID} docker
#sudo adduser ${USER} docker
#echo now restart the container
#
# Password reminders:
#
# Portainer: admin : a.....W.......
# OpenProject: admin : a.....W.......
# CodeServer: password
# Cockpit: connect to 192.168.1.116 with server username and password
# NextCloud: root : W.......75;
# Jenkins jryland : a.....75;
services:
cockpit:
image: cockpit-ws:latest
container_name: cockpit
# hostname: cockpit.invertedlogic.ddns.net
hostname: cockpit.localdomain
restart: always
privileged: true
volumes:
# Authentication
# - /etc/passwd:/etc/passwd:ro
# - /etc/group:/etc/group:ro
# - /etc/shadow:/etc/shadow:ro
# Docker access
- /var/run/docker.sock:/var/run/docker.sock
# Dummy home directories
- /media/Data/Containers/Cockpit/etc/cockpit.conf:/etc/cockpit/cockpit.conf
- /media/Data/Containers/Cockpit/home:/home
ports:
- "8050:9092"
nextcloud:
image: nextcloud:latest
container_name: nextcloud
hostname: nextcloud.localdomain
restart: always
volumes:
- /media/Data/Containers/NextCloud:/var/www/html
ports:
- "8000:80"
pi-hole:
image: pihole/pihole:latest
container_name: pihole
hostname: pihole.localdomain
restart: always
environment:
TZ: 'Australia/Brisbane'
FTLCONF_webserver_api_password: 'killeres'
# FTLCONF_dns_listeningMode: 'ALL'
volumes:
- /media/Data/Containers/PiHole:/etc/pihole
ports:
- "8020:80"
# - "9443:443"
# DNS:
#- "53:53/tcp"
#- "53:53/udp"
# Uncomment the line below if you are using Pi-hole as your NTP server
#- "123:123/udp"
portainer:
image: portainer/portainer-ce:alpine
container_name: portainer
restart: always
volumes:
# Docker access
- /var/run/docker.sock:/var/run/docker.sock
# Data
- /media/Data/Containers/Portainer:/data
ports:
- "8030:9000"
open-project:
image: openproject/openproject:10
container_name: open-project
hostname: openproject.invertedlogic.ddns.net
restart: always
volumes:
- /media/Data/Containers/OpenProject/static:/var/openproject/assets
- /media/Data/Containers/OpenProject/pgdata:/var/openproject/pgdata
environment:
- OPENPROJECT_HTTPS=true
- OPENPROJECT_HOST__NAME=openproject.invertedlogic.ddns.net
ports:
- "8040:80"
code-server:
image: lscr.io/linuxserver/code-server:latest
container_name: code-server
restart: always
environment:
- PUID=1000
- PGID=1000
- TZ="Australia/Brisbane"
- PASSWORD=password #optional
- HASHED_PASSWORD= #optional
- SUDO_PASSWORD=password #optional
- SUDO_PASSWORD_HASH= #optional
- PROXY_DOMAIN=code-server.localdomain #optional
- DEFAULT_WORKSPACE=/config/workspace #optional
- DOCKER_MODS=linuxserver/modes:universal-docker
volumes:
# Docker access
- /var/run/docker.sock:/var/run/docker.sock:ro
# Files
- /media/Data/Containers/CodeServer/config:/config
ports:
- "8060:8443"
minecraft-java:
image: itzg/minecraft-server
container_name: minecraft-java
restart: always
deploy:
resources:
limits:
memory: 1.5G
environment:
EULA: "TRUE"
VERSION: "latest"
TYPE: "VANILLA"
volumes:
- /media/Data/Containers/Minecraft/java:/data
ports:
- "25565:25565"
minecraft-bedrock:
image: itzg/minecraft-bedrock-server
container_name: minecraft-bedrock
restart: always
environment:
EULA: "TRUE"
volumes:
- /media/Data/Containers/Minecraft/bedrock:/data
ports:
- "19132:19132/udp"
