# # docker-compose localdomain services # (C) Copyright 2023, John Ryland. # All rights reserved. # # This file is intended to by run with # docker-compose from the Jenkins Build # # ==================================== # Configuring outside access to server # ==================================== # no-ip - signed up for dynamic-DNS entry for 'invertedlogic.ddns.net' # iinet - port blocking disabled (allows 443 through) # Router - virtual-server - forward port 443 to nuc (as 443) # Router - blackhole ports 25, 80, 135, 139, 445 (send to null host on unused port) # Router - configure dynamic-DNS to login to no-ip account to update the entry # --------- # Only outside access using https will be allowed through # --------- # # Need to add to trusted-domains nextcloud.invertedlogic.ddns.net: # sudo vi /media/Data/Containers/NextCloud/config/config.php # # We need to get some SSL certificates for using HTTPS. We will use certbot which requests to let's-encrypt for the certificates. # Part of the process is it verifies you control the domain, so sets up a challenge which is requested on port 80, so we need to temporarily enable port 80. # We can get certbot to set up a http server on a specific port to listen on, we can map a request on port 80 hitting the router to redirect to that port on the machine we are running this. # Getting HTTPS certificates (first on router redirect 80 to 9123 and with ISP disable port blocking of 80): # # sudo systemctl stop nginx.service # sudo certbot certonly -v --nginx --http-01-port 9123 -d invertedlogic.ddns.net,www.invertedlogic.ddns.net,nextcloud.invertedlogic.ddns.net,jenkins.invertedlogic.ddns.net,\ # minecraft.invertedlogic.ddns.net,cockpit.invertedlogic.ddns.net,vscode.invertedlogic.ddns.net,code.invertedlogic.ddns.net,code-server.invertedlogic.ddns.net,openproject.invertedlogic.ddns.net,\ # home-assistant.invertedlogic.ddns.net,portainer.invertedlogic.ddns.net,gitbucket.invertedlogic.ddns.net,pihole.invertedlogic.ddns.net,docs.invertedlogic.ddns.net,artifacts.invertedlogic.ddns.net # sudo systemctl start nginx.service # # When done, can block 80 again or redirect to a blackhole. Now instead when nginx is configured to use these certificates we can just allow 443 (HTTPS) instead of 80. # Update all the nginx config files accordingly to listen on 443 and with settings to point to the certificates. # # # ================================================================ # PORTS - Router | Ext | Host | Container | nginx | SSL | Tested # ================================================================ # www - Y 443 443 - direct YES YES # nextcloud - Y 443 8000 80 proxy YES YES # jenkins - Y 443 8081 - proxy YES YES # pihole - Y 443 8020 80 proxy YES YES # portainer - Y 443 8030 9000 proxy YES YES # open-project - Y 443 8040 80 proxy YES YES # cockpit - Y 443 8050 9092 proxy YES YES # gitbucket - Y 443 8090 - proxy YES YES # code-server - Y 443 8443 8443 proxy YES YES # minecraft - N 443 25565 25565 - YES (locally) # # Cockpit Instructions # # Requires the host being connected to have cockpit installed. # # First time set up of cockpit to connect to another host requires manually connecting a shell to the container # and attempting to SSH to it to add the host fingerprint to the known hosts before can log in via the browser. # # # Code-Server Instructions # ## Setup inside containers to have docker tools map docker socket to the host's socket (or run /config/setup.sh which does these commands) # ## First part is installing the docker CLI tools if not already installed: #echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null #sudo apt update #sudo apt install -y ca-certificates curl #sudo install -m 0755 -d /etc/apt/keyrings #sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc #sudo chmod a+r /etc/apt/keyrings/docker.asc #sudo apt update #sudo apt install -y docker-ce-cli # ## This is where the group id is fixed up to match the host's #DOCKER_GID=`ls -la /var/run/docker.sock | cut -d' ' -f4` #USER=abc #sudo groupadd docker #sudo groupmod -g ${DOCKER_GID} docker #sudo adduser ${USER} docker #echo now restart the container # # Password reminders: # # Portainer: admin : a.....W....... # OpenProject: admin : a.....W....... # CodeServer: password # Cockpit: connect to 192.168.1.116 with server username and password # NextCloud: root : W.......75; # Jenkins jryland : a.....75; services: cockpit: image: cockpit-ws:latest container_name: cockpit # hostname: cockpit.invertedlogic.ddns.net hostname: cockpit.localdomain restart: always privileged: true volumes: # Authentication # - /etc/passwd:/etc/passwd:ro # - /etc/group:/etc/group:ro # - /etc/shadow:/etc/shadow:ro # Docker access - /var/run/docker.sock:/var/run/docker.sock # Dummy home directories - /media/Data/Containers/Cockpit/etc/cockpit.conf:/etc/cockpit/cockpit.conf - /media/Data/Containers/Cockpit/home:/home ports: - "8050:9092" nextcloud: image: nextcloud:latest container_name: nextcloud hostname: nextcloud.localdomain restart: always volumes: - /media/Data/Containers/NextCloud:/var/www/html ports: - "8000:80" pi-hole: image: pihole/pihole:latest container_name: pihole hostname: pihole.localdomain restart: always environment: TZ: 'Australia/Brisbane' FTLCONF_webserver_api_password: 'killeres' # FTLCONF_dns_listeningMode: 'ALL' volumes: - /media/Data/Containers/PiHole:/etc/pihole ports: - "8020:80" # - "9443:443" # DNS: #- "53:53/tcp" #- "53:53/udp" # Uncomment the line below if you are using Pi-hole as your NTP server #- "123:123/udp" portainer: image: portainer/portainer-ce:alpine container_name: portainer restart: always volumes: # Docker access - /var/run/docker.sock:/var/run/docker.sock # Data - /media/Data/Containers/Portainer:/data ports: - "8030:9000" open-project: image: openproject/openproject:10 container_name: open-project hostname: openproject.invertedlogic.ddns.net restart: always volumes: - /media/Data/Containers/OpenProject/static:/var/openproject/assets - /media/Data/Containers/OpenProject/pgdata:/var/openproject/pgdata environment: - OPENPROJECT_HTTPS=true - OPENPROJECT_HOST__NAME=openproject.invertedlogic.ddns.net ports: - "8040:80" code-server: image: lscr.io/linuxserver/code-server:latest container_name: code-server restart: always environment: - PUID=1000 - PGID=1000 - TZ="Australia/Brisbane" - PASSWORD=password #optional - HASHED_PASSWORD= #optional - SUDO_PASSWORD=password #optional - SUDO_PASSWORD_HASH= #optional - PROXY_DOMAIN=code-server.localdomain #optional - DEFAULT_WORKSPACE=/config/workspace #optional - DOCKER_MODS=linuxserver/modes:universal-docker volumes: # Docker access - /var/run/docker.sock:/var/run/docker.sock:ro # Files - /media/Data/Containers/CodeServer/config:/config ports: - "8060:8443" minecraft-java: image: itzg/minecraft-server container_name: minecraft-java restart: always deploy: resources: limits: memory: 1.5G environment: EULA: "TRUE" VERSION: "latest" TYPE: "VANILLA" volumes: - /media/Data/Containers/Minecraft/java:/data ports: - "25565:25565" minecraft-bedrock: image: itzg/minecraft-bedrock-server container_name: minecraft-bedrock restart: always environment: EULA: "TRUE" volumes: - /media/Data/Containers/Minecraft/bedrock:/data ports: - "19132:19132/udp"