commit 1ea4504872569d27ec07454ff150509cd35b3874 Author: Your Name Date: Sun Jul 24 13:24:53 2022 +0000 initial commit diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf new file mode 100644 index 0000000..eb492d3 --- /dev/null +++ b/config/nginx/nginx.conf @@ -0,0 +1,179 @@ +worker_processes 4; + +events { + worker_connections 1024; +} + +http { + + include mime.types; + default_type application/octet-stream; + client_max_body_size 10G; + + resolver 127.0.0.1 ipv6=off; + + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + + # Logs + log_format custom_log '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" "$gzip_ratio"'; + + + ### TRANSMISSION ### + + upstream transmission { + server transmission:9091; + } + + server { + listen 80; + server_name transmission.spanskiduh.xyz; + access_log /logs/transmission.log custom_log; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://transmission.spanskiduh.xyz$request_uri; + } + } + + server { + listen 443 ssl http2; + server_name transmission.spanskiduh.xyz; + + ssl_certificate /etc/letsencrypt/live/transmission.spanskiduh.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/transmission.spanskiduh.xyz/privkey.pem; + + + location / { + proxy_pass "http://transmission/"; + } + } + + ### JELLYFIN ### + + upstream jellyfin { + server jellyfin:8096; + } + + server { + listen 80; + server_name jellyfin.spanskiduh.xyz; + access_log /logs/jellyfin.log custom_log; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://jellyfin.spanskiduh.xyz$request_uri; + } + } + + server { + listen 443 ssl http2; + server_name jellyfin.spanskiduh.xyz; + + ssl_certificate /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/privkey.pem; + + + location / { + proxy_pass "http://jellyfin/"; + } + } + + ### GITEA ### + + upstream gitea { + server gitea:3000; + } + + server { + listen 80; + server_name gitea.spanskiduh.xyz; + access_log /logs/gitea.log custom_log; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://gitea.spanskiduh.xyz$request_uri; + } + } + + server { + listen 443 ssl http2; + server_name gitea.spanskiduh.xyz; + + ssl_certificate /etc/letsencrypt/live/gitea.spanskiduh.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gitea.spanskiduh.xyz/privkey.pem; + + + location / { + proxy_pass "http://gitea/"; + } + } + + ### NEXTCLOUD ### + + upstream nextcloud { + server nextcloud:80; + } + + server { + listen 80; + server_name nextcloud.spanskiduh.xyz; + access_log /logs/nextcloud.log custom_log; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://nextcloud.spanskiduh.xyz$request_uri; + } + } + + + server { + listen 443 ssl http2; + server_name nextcloud.spanskiduh.xyz; + + ssl_certificate /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/privkey.pem; + + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + + # Disable gzip to avoid the removal of the ETag header + gzip off; + + location / { + proxy_pass "http://nextcloud"; + } + } +} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..a21e6be --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,131 @@ +version: '3.6' + +networks: + transmission: + name: transmission + jellyfin: + name: jellyfin + gitea: + name: gitea + nextcloud: + name: nextcloud + +services: +# +# NGINX AND CERTBOT +# + nginx: + image: nginx:latest + container_name: nginx + restart: unless-stopped + depends_on: + - transmission + - jellyfin + - gitea + - nextcloud + - mysql_nextcloud + ports: + - 80:80 + - 443:443 + volumes: + - ${DOCKER_CONFIG_DIR}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ${DOCKER_CONFIG_DIR}/certbot/conf:/etc/letsencrypt:ro + - ${DOCKER_CONFIG_DIR}/certbot/www:/var/www/certbot:ro + - ${NGINX_LOG_DIR}/:/logs + command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" + networks: + - transmission + - jellyfin + - gitea + - nextcloud + + certbot: + image: certbot/certbot:latest + container_name: certbot + restart: unless-stopped + volumes: + - ${DOCKER_CONFIG_DIR}/certbot/conf:/etc/letsencrypt:rw + - ${DOCKER_CONFIG_DIR}/certbot/www:/var/www/certbot:rw + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + +# +# SERVICES +# + + transmission: + image: lscr.io/linuxserver/transmission:latest + container_name: transmission + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/London + - TRANSMISSION_WEB_HOME=/combustion-release/ + - USER=${TRANSMISSION_USERNAME} + - PASS=${TRANSMISSION_PASSWORD} + volumes: + - ${DOCKER_CONFIG_DIR}/transmission/config:/config + - ${DOCKER_DATA_DIR}/transmission/downloads:/downloads + - ${DOCKER_DATA_DIR}/transmission/watch:/watch + networks: + - transmission + + jellyfin: + image: lscr.io/linuxserver/jellyfin:latest + container_name: jellyfin + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/London + - JELLYFIN_PublishedServerUrl=${JELLYFIN_DOMAIN_NAME} + volumes: + - ${DOCKER_CONFIG_DIR}/jellyfin/library:/config + - /mnt/drive-one/media/series:/data/series + - /mnt/drive-one/media/movies:/data/movies + networks: + - jellyfin + + gitea: + image: gitea/gitea:latest + container_name: gitea + restart: unless-stopped + environment: + - USER_UID=1000 + - USER_GID=1000 + volumes: + - ${DOCKER_DATA_DIR}/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + networks: + - gitea + + nextcloud: + image: nextcloud:latest + container_name: nextcloud + restart: unless-stopped + depends_on: + - mysql_nextcloud + environment: + - POSTGRES_HOST=nextcloud_db + - POSTGRES_DB=nextcloud + - POSTGRES_USER=${POSTGRES_NEXTCLOUD_USERNAME} + - POSTGRES_PASSWORD=${POSTGRES_NEXTCLOUD_PASSWORD} + volumes: + - ${DOCKER_DATA_DIR}/nextcloud:/var/www/html + networks: + - nextcloud + + nextcloud_db: + image: postgres:latest + container_name: nextcloud_db + hostname: nextcloud_db + restart: unless-stopped + volumes: + - ${DOCKER_DATA_DIR}/nextcloud_db:/var/lib/postgresql/data + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=${POSTGRES_NEXTCLOUD_USERNAME} + - POSTGRES_PASSWORD=${POSTGRES_NEXTCLOUD_PASSWORD} + networks: + - nextcloud diff --git a/how_to_generate_ssl.txt b/how_to_generate_ssl.txt new file mode 100644 index 0000000..07687d7 --- /dev/null +++ b/how_to_generate_ssl.txt @@ -0,0 +1,3 @@ +Stop docker compose +sudo certbot certonly, chose option 2 +then the certs will be generated, copy them into container and you are ready to rock!