initial commit
commit
1ea4504872
|
@ -0,0 +1,179 @@
|
|||
worker_processes 4;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
client_max_body_size 10G;
|
||||
|
||||
resolver 127.0.0.1 ipv6=off;
|
||||
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Logs
|
||||
log_format custom_log '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
|
||||
|
||||
|
||||
### TRANSMISSION ###
|
||||
|
||||
upstream transmission {
|
||||
server transmission:9091;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name transmission.spanskiduh.xyz;
|
||||
access_log /logs/transmission.log custom_log;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://transmission.spanskiduh.xyz$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name transmission.spanskiduh.xyz;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/transmission.spanskiduh.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/transmission.spanskiduh.xyz/privkey.pem;
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass "http://transmission/";
|
||||
}
|
||||
}
|
||||
|
||||
### JELLYFIN ###
|
||||
|
||||
upstream jellyfin {
|
||||
server jellyfin:8096;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name jellyfin.spanskiduh.xyz;
|
||||
access_log /logs/jellyfin.log custom_log;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://jellyfin.spanskiduh.xyz$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name jellyfin.spanskiduh.xyz;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/privkey.pem;
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass "http://jellyfin/";
|
||||
}
|
||||
}
|
||||
|
||||
### GITEA ###
|
||||
|
||||
upstream gitea {
|
||||
server gitea:3000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name gitea.spanskiduh.xyz;
|
||||
access_log /logs/gitea.log custom_log;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://gitea.spanskiduh.xyz$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name gitea.spanskiduh.xyz;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/gitea.spanskiduh.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/gitea.spanskiduh.xyz/privkey.pem;
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass "http://gitea/";
|
||||
}
|
||||
}
|
||||
|
||||
### NEXTCLOUD ###
|
||||
|
||||
upstream nextcloud {
|
||||
server nextcloud:80;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name nextcloud.spanskiduh.xyz;
|
||||
access_log /logs/nextcloud.log custom_log;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://nextcloud.spanskiduh.xyz$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name nextcloud.spanskiduh.xyz;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/privkey.pem;
|
||||
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
|
||||
# Disable gzip to avoid the removal of the ETag header
|
||||
gzip off;
|
||||
|
||||
location / {
|
||||
proxy_pass "http://nextcloud";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,131 @@
|
|||
version: '3.6'
|
||||
|
||||
networks:
|
||||
transmission:
|
||||
name: transmission
|
||||
jellyfin:
|
||||
name: jellyfin
|
||||
gitea:
|
||||
name: gitea
|
||||
nextcloud:
|
||||
name: nextcloud
|
||||
|
||||
services:
|
||||
#
|
||||
# NGINX AND CERTBOT
|
||||
#
|
||||
nginx:
|
||||
image: nginx:latest
|
||||
container_name: nginx
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- transmission
|
||||
- jellyfin
|
||||
- gitea
|
||||
- nextcloud
|
||||
- mysql_nextcloud
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- ${DOCKER_CONFIG_DIR}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- ${DOCKER_CONFIG_DIR}/certbot/conf:/etc/letsencrypt:ro
|
||||
- ${DOCKER_CONFIG_DIR}/certbot/www:/var/www/certbot:ro
|
||||
- ${NGINX_LOG_DIR}/:/logs
|
||||
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
|
||||
networks:
|
||||
- transmission
|
||||
- jellyfin
|
||||
- gitea
|
||||
- nextcloud
|
||||
|
||||
certbot:
|
||||
image: certbot/certbot:latest
|
||||
container_name: certbot
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_CONFIG_DIR}/certbot/conf:/etc/letsencrypt:rw
|
||||
- ${DOCKER_CONFIG_DIR}/certbot/www:/var/www/certbot:rw
|
||||
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||
|
||||
#
|
||||
# SERVICES
|
||||
#
|
||||
|
||||
transmission:
|
||||
image: lscr.io/linuxserver/transmission:latest
|
||||
container_name: transmission
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/London
|
||||
- TRANSMISSION_WEB_HOME=/combustion-release/
|
||||
- USER=${TRANSMISSION_USERNAME}
|
||||
- PASS=${TRANSMISSION_PASSWORD}
|
||||
volumes:
|
||||
- ${DOCKER_CONFIG_DIR}/transmission/config:/config
|
||||
- ${DOCKER_DATA_DIR}/transmission/downloads:/downloads
|
||||
- ${DOCKER_DATA_DIR}/transmission/watch:/watch
|
||||
networks:
|
||||
- transmission
|
||||
|
||||
jellyfin:
|
||||
image: lscr.io/linuxserver/jellyfin:latest
|
||||
container_name: jellyfin
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/London
|
||||
- JELLYFIN_PublishedServerUrl=${JELLYFIN_DOMAIN_NAME}
|
||||
volumes:
|
||||
- ${DOCKER_CONFIG_DIR}/jellyfin/library:/config
|
||||
- /mnt/drive-one/media/series:/data/series
|
||||
- /mnt/drive-one/media/movies:/data/movies
|
||||
networks:
|
||||
- jellyfin
|
||||
|
||||
gitea:
|
||||
image: gitea/gitea:latest
|
||||
container_name: gitea
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
volumes:
|
||||
- ${DOCKER_DATA_DIR}/gitea:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
networks:
|
||||
- gitea
|
||||
|
||||
nextcloud:
|
||||
image: nextcloud:latest
|
||||
container_name: nextcloud
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- mysql_nextcloud
|
||||
environment:
|
||||
- POSTGRES_HOST=nextcloud_db
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=${POSTGRES_NEXTCLOUD_USERNAME}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_NEXTCLOUD_PASSWORD}
|
||||
volumes:
|
||||
- ${DOCKER_DATA_DIR}/nextcloud:/var/www/html
|
||||
networks:
|
||||
- nextcloud
|
||||
|
||||
nextcloud_db:
|
||||
image: postgres:latest
|
||||
container_name: nextcloud_db
|
||||
hostname: nextcloud_db
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_DATA_DIR}/nextcloud_db:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=${POSTGRES_NEXTCLOUD_USERNAME}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_NEXTCLOUD_PASSWORD}
|
||||
networks:
|
||||
- nextcloud
|
|
@ -0,0 +1,3 @@
|
|||
Stop docker compose
|
||||
sudo certbot certonly, chose option 2
|
||||
then the certs will be generated, copy them into container and you are ready to rock!
|
Loading…
Reference in New Issue