initial commit

2022-07-24 13:24:53 +00:00 · 2022-07-24 13:24:53 +00:00 · 1ea4504872
commit 1ea4504872
3 changed files with 313 additions and 0 deletions
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@ -0,0 +1,179 @@
+worker_processes 4;
+
+events {
+	worker_connections 1024;
+}
+
+http {
+
+	include       mime.types;
+	default_type  application/octet-stream;
+	client_max_body_size 10G;
+
+	resolver 127.0.0.1 ipv6=off;
+
+
+	proxy_set_header Host $host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Host $server_name;
+	proxy_set_header X-Forwarded-Proto $scheme;
+
+	# Logs
+	log_format custom_log  '$remote_addr - $remote_user [$time_local] '
+		'"$request" $status $body_bytes_sent '
+		'"$http_referer" "$http_user_agent" "$gzip_ratio"';
+
+
+	### TRANSMISSION ###
+
+	upstream transmission {
+		server transmission:9091;
+	}
+
+	server {
+		listen 80;
+		server_name transmission.spanskiduh.xyz;
+		access_log /logs/transmission.log custom_log;
+
+		location /.well-known/acme-challenge/ {
+			root /var/www/certbot;
+		}
+
+		location / {
+			return 301 https://transmission.spanskiduh.xyz$request_uri;
+		}
+	}
+
+	server {
+		listen 443 ssl http2;
+		server_name transmission.spanskiduh.xyz;
+
+		ssl_certificate /etc/letsencrypt/live/transmission.spanskiduh.xyz/fullchain.pem;
+		ssl_certificate_key /etc/letsencrypt/live/transmission.spanskiduh.xyz/privkey.pem;
+
+
+		location / {
+			proxy_pass         "http://transmission/";
+		}
+	}
+
+	### JELLYFIN ###
+
+	upstream jellyfin {
+		server jellyfin:8096;
+	}
+
+	server {
+		listen 80;
+		server_name jellyfin.spanskiduh.xyz;
+		access_log /logs/jellyfin.log custom_log;
+
+		location /.well-known/acme-challenge/ {
+			root /var/www/certbot;
+		}
+
+		location / {
+			return 301 https://jellyfin.spanskiduh.xyz$request_uri;
+		}
+	}
+
+	server {
+		listen 443 ssl http2;
+		server_name jellyfin.spanskiduh.xyz;
+
+		ssl_certificate /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/fullchain.pem;
+		ssl_certificate_key /etc/letsencrypt/live/jellyfin.spanskiduh.xyz/privkey.pem;
+
+
+		location / {
+			proxy_pass         "http://jellyfin/";
+		}
+	}
+
+	### GITEA ###
+
+	upstream gitea {
+		server gitea:3000;
+	}
+
+	server {
+		listen 80;
+		server_name gitea.spanskiduh.xyz;
+		access_log /logs/gitea.log custom_log;
+
+		location /.well-known/acme-challenge/ {
+			root /var/www/certbot;
+		}
+
+		location / {
+			return 301 https://gitea.spanskiduh.xyz$request_uri;
+		}
+	}
+
+	server {
+		listen 443 ssl http2;
+		server_name gitea.spanskiduh.xyz;
+
+		ssl_certificate /etc/letsencrypt/live/gitea.spanskiduh.xyz/fullchain.pem;
+		ssl_certificate_key /etc/letsencrypt/live/gitea.spanskiduh.xyz/privkey.pem;
+
+
+		location / {
+			proxy_pass         "http://gitea/";
+		}
+	}
+
+	### NEXTCLOUD ###
+
+	upstream nextcloud {
+		server nextcloud:80;
+	}
+
+	server {
+		listen 80;
+		server_name nextcloud.spanskiduh.xyz;
+		access_log /logs/nextcloud.log custom_log;
+
+		add_header X-Content-Type-Options nosniff;
+		add_header X-Frame-Options "SAMEORIGIN";
+		add_header X-XSS-Protection "1; mode=block";
+		add_header X-Robots-Tag none;
+		add_header X-Download-Options noopen;
+		add_header X-Permitted-Cross-Domain-Policies none;
+
+
+		location /.well-known/acme-challenge/ {
+			root /var/www/certbot;
+		}
+
+		location / {
+			return 301 https://nextcloud.spanskiduh.xyz$request_uri;
+		}
+	}
+
+
+	server {
+		listen 443 ssl http2;
+		server_name nextcloud.spanskiduh.xyz;
+
+		ssl_certificate /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/fullchain.pem;
+		ssl_certificate_key /etc/letsencrypt/live/nextcloud.spanskiduh.xyz/privkey.pem;
+
+
+		add_header X-Content-Type-Options nosniff;
+		add_header X-Frame-Options "SAMEORIGIN";
+		add_header X-XSS-Protection "1; mode=block";
+		add_header X-Robots-Tag none;
+		add_header X-Download-Options noopen;
+		add_header X-Permitted-Cross-Domain-Policies none;
+
+
+		# Disable gzip to avoid the removal of the ETag header
+		gzip off;
+
+		location / {
+			proxy_pass         "http://nextcloud";
+		}
+	} 
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,131 @@
+version: '3.6'
+
+networks:
+  transmission:
+    name: transmission
+  jellyfin:
+    name: jellyfin
+  gitea:
+    name: gitea
+  nextcloud:
+    name: nextcloud
+
+services:
+#
+# NGINX AND CERTBOT
+#
+  nginx:
+    image: nginx:latest
+    container_name: nginx
+    restart: unless-stopped
+    depends_on:
+      - transmission
+      - jellyfin
+      - gitea
+      - nextcloud
+      - mysql_nextcloud
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ${DOCKER_CONFIG_DIR}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ${DOCKER_CONFIG_DIR}/certbot/conf:/etc/letsencrypt:ro
+      - ${DOCKER_CONFIG_DIR}/certbot/www:/var/www/certbot:ro
+      - ${NGINX_LOG_DIR}/:/logs
+    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+    networks:
+      - transmission
+      - jellyfin
+      - gitea
+      - nextcloud
+
+  certbot:
+    image: certbot/certbot:latest
+    container_name: certbot
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_CONFIG_DIR}/certbot/conf:/etc/letsencrypt:rw
+      - ${DOCKER_CONFIG_DIR}/certbot/www:/var/www/certbot:rw
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+
+#
+# SERVICES 
+#
+
+  transmission:
+    image: lscr.io/linuxserver/transmission:latest
+    container_name: transmission
+    restart: unless-stopped
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+      - TRANSMISSION_WEB_HOME=/combustion-release/
+      - USER=${TRANSMISSION_USERNAME}
+      - PASS=${TRANSMISSION_PASSWORD}
+    volumes:
+      - ${DOCKER_CONFIG_DIR}/transmission/config:/config
+      - ${DOCKER_DATA_DIR}/transmission/downloads:/downloads
+      - ${DOCKER_DATA_DIR}/transmission/watch:/watch
+    networks:
+      - transmission
+
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    restart: unless-stopped
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+      - JELLYFIN_PublishedServerUrl=${JELLYFIN_DOMAIN_NAME}
+    volumes:
+      - ${DOCKER_CONFIG_DIR}/jellyfin/library:/config
+      - /mnt/drive-one/media/series:/data/series
+      - /mnt/drive-one/media/movies:/data/movies
+    networks:
+      - jellyfin
+
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    volumes:
+      - ${DOCKER_DATA_DIR}/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - gitea
+
+  nextcloud:
+    image: nextcloud:latest
+    container_name: nextcloud
+    restart: unless-stopped
+    depends_on:
+      - mysql_nextcloud
+    environment:
+      - POSTGRES_HOST=nextcloud_db
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=${POSTGRES_NEXTCLOUD_USERNAME}
+      - POSTGRES_PASSWORD=${POSTGRES_NEXTCLOUD_PASSWORD}
+    volumes:
+      - ${DOCKER_DATA_DIR}/nextcloud:/var/www/html
+    networks:
+      - nextcloud
+  
+  nextcloud_db:
+    image: postgres:latest
+    container_name: nextcloud_db
+    hostname: nextcloud_db
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_DATA_DIR}/nextcloud_db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=${POSTGRES_NEXTCLOUD_USERNAME}
+      - POSTGRES_PASSWORD=${POSTGRES_NEXTCLOUD_PASSWORD}
+    networks:
+      - nextcloud
--- a/how_to_generate_ssl.txt
+++ b/how_to_generate_ssl.txt
@ -0,0 +1,3 @@
+Stop docker compose
+sudo certbot certonly, chose option 2
+then the certs will be generated, copy them into container and you are ready to rock!