diff --git a/0_skeleton/README.md b/0_skeleton/README.md new file mode 100644 index 0000000..4d2b148 --- /dev/null +++ b/0_skeleton/README.md @@ -0,0 +1,7 @@ +# References + +- https://docs.docker.com/compose/gettingstarted/ + +# Notes + +This is an example skeleton to use. Usually combined with Traefik as reverse proxy. diff --git a/0_skeleton/docker-compose.yml b/0_skeleton/docker-compose.yml new file mode 100644 index 0000000..ad86774 --- /dev/null +++ b/0_skeleton/docker-compose.yml @@ -0,0 +1,45 @@ +version: '3.3' + +services: + example: + image: user/image:tag + container_name: example + hostname: example + #user: 1000:1000 + #depends_on: + # - xxx + restart: unless-stopped + ports: + - 8080:8080/tcp + expose: + - 8080 + volumes: + #- /etc/localtime:/etc/localtime:ro + #- /etc/timezone:/etc/timezone:ro + #- /var/run/docker.sock:/var/run/docker.sock:ro + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/example:/opt/example/data + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.CHANGEME.rule=Host(`service.example.com`) + # - traefik.http.services.CHANGEME.loadbalancer.server.port=8080 + # # Optional part when proxying to services that already provide ssl/tls + # - traefik.http.services.CHANGEME.loadbalancer.server.scheme=https + # - traefik.http.services.CHANGEME.loadbalancer.serverstransport=insecureTransport@file + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/README.md b/README.md new file mode 100644 index 0000000..3af2b13 --- /dev/null +++ b/README.md @@ -0,0 +1,409 @@ +> [!CAUTION] +> The samples are intended for local development environments such as project setups, tinkering with software stacks, etc. These samples may be deployed in production environments or exposed to the Internet but please adhere to general hardening and security guidelines. Adjust all default credentials, use a separate `.env` file or platform for secret management, implement a backup process and have a tested disaster recovery plan. Use a reverse proxy to stream-line your web service exposure and provide an encrypted HTTPS communication channel with trusted SSL certificates. + +## 🐳 Project List + +### Table of Contents (ToC) + +- [Analytics](#analytics) +- [Archiving and Digital Preservation (DP)](#archiving-and-digital-preservation-dp) +- [Asset Management](#asset-management) +- [Audio and Video Management](#audio-and-video-management) +- [Automation and Monitoring](#automation-and-monitoring) +- [Backups](#backups) +- [Blogging Platforms and Homepages](#blogging-platforms-and-homepages) +- [Communication - Social Networks, Forums and Video Conferencing](#communication---social-networks-forums-and-video-conferencing) +- [Document Management](#document-management) +- [Domain Name Service (DNS)](#domain-name-service-dns) +- [E-commerce](#e-commerce) +- [File Transfer & Synchronization](#file-transfer--synchronization) +- [Games and Control Panels](#games-and-control-servers) +- [Genealogy](#genealogy) +- [Identity Management - Single Sign-On (SSO) & LDAP](#identity-management---single-sign-on-sso--ldap) +- [LLM & AI](#large-language-models--ai) +- [Miscellaneous](#miscellaneous) +- [Money, Budgeting & Management](#money-budgeting--management) +- [Note-taking & Editors](#note-taking--editors) +- [Password Managers](#password-managers) +- [Pastebins](#pastebins) +- [Personal Dashboards](#personal-dashboards) +- [Photo and Video Galleries](#photo-and-video-galleries) +- [Proxy](#proxy) +- [Recipe Management](#recipe-management) +- [Request Bins](#request-bins) +- [Security & Privacy](#security--privacy) +- [Software Development - Project Management, DevOps](#software-development---project-management-devops) +- [URL Shorteners](#url-shorteners) +- [Virtual Private Network (VPN) & Remote Access](#virtual-private-network-vpn--remote-access) +- [Wikis & Knowledge Base](#wikis--knowledge-base) + +### Personal Dashboards + +**[`^ back to top ^`](#-project-list)** + +Dashboards for accessing information and applications. + +- [Homepage](examples/homepage) - A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations. +- [Homer](examples/homer) - A dead simple static homepage to expose your server services, with an easy yaml configuration and connectivity check. +- [Dashy](examples/dashy) - Feature-rich homepage for your homelab, with easy YAML configuration. +- [Homarr](examples/homarr) - A sleek, modern dashboard that puts all of your apps and services at your fingertips. +- [Flame](examples/flame) - Flame is self-hosted startpage for your server. Easily manage your apps and bookmarks with built-in editors. +- [Heimdall](examples/heimdall) - Heimdall is an elegant solution to organise all your web applications. + +### Password Managers + +**[`^ back to top ^`](#-project-list)** + +A [password manager](https://en.wikipedia.org/wiki/Password_manager) allows users to store, generate, and manage their passwords for local applications and online services. + +- [Vaultwarden](examples/vaultwarden) - Lightweight Bitwarden server API implementation written in Rust. Unlocks paid Bitwarden features such as 2FA. +- [Bitwarden Unified](examples/bitwarden-unified) - Official Bitwarden deployment option (beta) targeting selfhosters by providing a resource-efficient, single Docker image with multiple database support. +- [Passbolt CE](examples/passbolt) - Passbolt CE open source password manager for teams based on GPG. + +### Proxy + +**[`^ back to top ^`](#-project-list)** + +A [proxy](https://en.wikipedia.org/wiki/Proxy_server) is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. + +- [Traefik](examples/traefik) - Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Marathon, …) to manage its configuration automatically and dynamically. +- [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination. +- [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically. +- ~~[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy)~~ - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers. + +### Identity Management - Single Sign-On (SSO) & LDAP + +**[`^ back to top ^`](#-project-list)** + +[Single sign-on (SSO)](https://en.wikipedia.org/wiki/Single_sign-on) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. + +- [Authelia](examples/authelia) - Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests. Recommended to combine with [Traefik](examples/traefik). +- [Authentik](examples/authentik) - Authentik is an open-source Identity Provider focused on flexibility and versatility. +- [Keycloak](examples/keycloak) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services. +- [lldap](examples/lldap) - lldap is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more. + +### Large Language Models & AI + +**[`^ back to top ^`](#-project-list)** + +A [Large Language Model (LLM)](https://en.wikipedia.org/wiki/Large_language_model) is a language model notable for its ability to achieve general-purpose language generation and other natural language processing tasks such as classification. LLMs can be used for text generation, a form of generative [AI](https://en.wikipedia.org/wiki/Artificial_intelligence), by taking an input text and repeatedly predicting the next token or word. + +- [Ollama + Open WebUI](examples/ollama-ui) - Get up and running with Llama 3, Mistral, Gemma, and other large language models using Ollama. Using an interactive, user-friendly WebUI via Open WebUI (formerly known as Ollama WebUI). +- [Serge](examples/serge) - A web interface for chatting with Alpaca through llama.cpp. Fully dockerized, with an easy to use API. + +### Virtual Private Network (VPN) & Remote Access + +**[`^ back to top ^`](#-project-list)** + +A [VPN](https://en.wikipedia.org/wiki/Virtual_private_network) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet. + +- [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI. +- [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. +- [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2. +- [OpenVPN-AS](examples/openvpn) - OpenVPN Access Server delivers an enterprise VPN solution for businesses of all sizes, providing a securely encrypted connection to private networks over unsecured public internet. +- [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO. +- ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required. +- [Headscale](examples/headscale) - An open source, self-hosted implementation of the Tailscale control server. +- [Guacamole](examples/guacamole) - Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, SSH and RDP. + +### Domain Name Service (DNS) + +**[`^ back to top ^`](#-project-list)** + +[DNS](https://en.wikipedia.org/wiki/Domain_Name_System) servers and management tools with advertisement blocking funtionality, primarily aimed at home or small networks. + +- [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking. +- [AdGuard Home Sync](examples/adguard-home-sync) - Synchronize AdGuardHome config to replica instances. +- [Technitium DNS](examples/technitium-dns) - An open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. +- [Pihole](examples/pihole) - Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. +- [Cloudflare DDNS](examples/cloudflare-ddns) - Dynamic DNS (DDNS) is a service that keeps the DNS updated with a web property's correct IP address, even if that IP address is constantly being updated. + +### Software Development - Project Management, DevOps + +**[`^ back to top ^`](#-project-list)** + +Tools and software for [software project management](https://en.wikipedia.org/wiki/Software_project_management). + +- [JetBrains YouTrack](examples/jetbrains-youtrack) - YouTrack is a proprietary, commercial browser-based bug tracker, issue tracking system and project management software developed by JetBrains. +- [Leantime](examples/leantime) - Leantime is an open source project management system for small teams and startups written in PHP, Javascript using MySQL. +- [Gitea](examples/gitea) - Community managed fork of Gogs, lightweight code hosting solution. +- [Drone](examples/drone) - Drone is a continuous delivery system built on container technology. Drone uses a simple YAML build file, to define and execute build pipelines inside Docker containers. +- [Gitlab Community](examples/gitlab-ce) - Self Hosted Git repository management, code reviews, issue tracking, activity feeds and wikis. +- [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server. +- [Onedev](examples/onedev) - Self-hosted Git Server with CI/CD and Kanban. + +### Automation and Monitoring + +**[`^ back to top ^`](#-project-list)** + +[Automation](https://en.wikipedia.org/wiki/Automation) software designed to reduce human intervention in processes. + +- [n8n](examples/n8n) - Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services. +- [Home Assistant](examples/home-assistant) - Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. +- [Portainer](examples/portainer) - Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters). +- [Dockge](https://github.com/louislam/dockge/blob/master/compose.yaml) - A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager. +- [Uptimekuma](examples/uptimekuma) - Uptime Kuma is an easy-to-use self-hosted monitoring tool. +- [Changedetection](examples/changedetection) - Self-hosted tool for staying up-to-date with web-site content changes. +- [Grafana+Loki+Promtail+InfluxDB+Telegraf](examples/grafana-monitoring) - Grafana is the open source analytics & monitoring solution for every database. Combined with other open-source tools like Loki, Promtail, InfluxDB and Telegraf, monitoring data can be aggregated, normalized, filtered, parsed and finally visualized within a web dashboard. +- [Speedtest-Tracker](examples/speedtest-tracker) - Continuously track your internet speed. +- [Openspeedtest](examples/openspeedtest) - A free and open-source HTML5 network performance estimation tool written in vanilla JavaScript and only uses built-in web APIs like XHR, HTML, CSS, JS and SVG. +- [Goaccess](examples/nginx-proxy-manager-goaccess) - Real-time web log analyzer and interactive viewer that visualizes various logs of popular reverse proxies such as Nginx, Nginx Proxy Manager and Traefik. +- [WatchYourLAN](examples/watchyourlan) - Lightweight network IP scanner with web GUI. +- [Watchtower](examples/watchtower) - A container-based solution for automating Docker container base image updates. +- [Unify Network Application](examples/unify-network-application) - The Unifi-network-application software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance. +- [UpSnap](examples/upsnap) - A simple wake on lan app written with SvelteKit, Go, PocketBase and nmap. + +### Recipe Management + +**[`^ back to top ^`](#-project-list)** + +Software and tools for managing [recipes](https://en.wikipedia.org/wiki/Recipe). + +- [Tandoor](examples/tandoor) - Django application to manage, tag and search recipes using either built-in models or external storage providers hosting PDFs, Images or other files. +- [Mealie](examples/mealie) - Material design inspired recipe manager with category and tag management, shopping-lists, meal-planner, and site customizations. Mealie is focused on simple user interactions to keep the whole family using the app. + +### Photo and Video Galleries + +**[`^ back to top ^`](#-project-list)** + +A [gallery](https://en.wikipedia.org/wiki/Gallery_Software) is software that helps the user publish or share photos, pictures, videos or other digital media. + +- [Immich](examples/immich) - Self-hosted photo and video backup solution directly from your mobile phone. Alternative to Google Photos. +- [Photoprism](examples/photoprism) - Personal photo management powered by Go and Google TensorFlow. Browse, organize, and share your personal photo collection, using the latest technologies to automatically tag and find pictures. +- [Stash](examples/stash) - Stash is a self-hosted webapp written in Go which organizes and serves your porn. +- [LibrePhotos](examples/librephotos) - A self-hosted open source photo management service, with face recognition, geolocation, and more. +- [Chevereto](examples/chevereto) - Ultimate image sharing software. Create your very own personal image hosting website in just minutes. + +### Audio and Video Management + +**[`^ back to top ^`](#-project-list)** + +Software to manage audio and video material. + +- [Arr-Suite](examples/arr-suite) - Docker stack consisting of Prowlarr, Sonarr, Radarr, Lidarr, Readarr, Flaresolverr, Qbittorrent and Emby. +- [Raveberry](examples/raveberry) - A multi-user music server with a focus on participation. +- [Deemix](examples/deemix) - deemix is a barebone deezer downloader library built from the ashes of Deezloader Remix. +- [Forte](examples/forte) - forte is a self-hosted music platform. You can either connect to a forte server or create your own server for your friends & family. However, it is also very convenient to use forte on your local machine as a stand-alone music player. Supports group streaming sessions. +- [MeTube](examples/metube) - Web GUI for youtube-dl (using the yt-dlp fork) with playlist support. Allows you to download videos and audio only from YouTube and dozens of other sites. +- [Transmission](examples/transmission) - Transmission is a fast, easy, and free BitTorrent client. +- [FlareSolverr](examples/flaresolverr) - FlareSolverr is a proxy server to bypass Cloudflare and DDoS-GUARD protection. +- [Plex](examples/plex) - Plex organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices. +- [Jellyfin](examples/jellyfin) - Jellyfin is the volunteer-built media solution that puts you in control of your media. Stream to any device from your own server, with no strings attached. +- [Jackett](examples/jackett) - Jackett translates queries from apps (Sonarr, Radarr, SickRage, CouchPotato, Mylar3, Lidarr, DuckieTV, qBittorrent, Nefarious etc.) into tracker-site-specific http queries, parses the html or json response, and then sends results back to the requesting software. This allows for getting recent uploads (like RSS) and performing searches. Jackett is a single repository of maintained indexer scraping & translation logic - removing the burden from other apps. +- [Lidarr](examples/lidarr) - Lidarr is a music collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new albums from your favorite artists and will interface with clients and indexers to grab, sort, and rename them. +- [Prowlarr](examples/prowlarr) - Prowlarr is an indexer manager/proxy built on the popular *arr .net/reactjs base stack to integrate with your various PVR apps. Prowlarr supports management of both Torrent Trackers and Usenet Indexers. It integrates seamlessly with Lidarr, Mylar3, Radarr, Readarr, and Sonarr offering complete management of your indexers with no per app Indexer setup required (we do it all). +- [Radarr](examples/radarr) - Radarr is a movie collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new movies and will interface with clients and indexers to grab, sort, and rename them. It can also be configured to automatically upgrade the quality of existing files in the library when a better quality format becomes available. +- [Sonarr](examples/sonarr) - Sonarr is a PVR for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new episodes of your favorite shows and will grab, sort and rename them. It can also be configured to automatically upgrade the quality of files already downloaded when a better quality format becomes available. +- [Ombi](examples/ombi) - Ombi is a tool that enables users to manage requests for movies and TV shows on their Plex server. It provides an easy-to-use interface for users to request new content, leave notes and report issues. Ombi also offers notification and newsletter features, making it easier for server owners to manage user requests and share new content updates. + +### Archiving and Digital Preservation (DP) + +**[`^ back to top ^`](#-project-list)** + +Digital [archiving](https://en.wikipedia.org/wiki/Archival_science) and [preservation](https://en.wikipedia.org/wiki/Digital_preservation) software. + +- [Archivebox](examples/archivebox) - ArchiveBox is a powerful, self-hosted internet archiving solution to collect, save, and view websites offline. +- [Shiori](examples/shiori) - Simple bookmark manager and website archiver built with Go. +- [Readeck](examples/readeck) - Readeck is a simple web application that lets you save the precious readable content of web pages you like and want to keep forever. + +### Document Management + +**[`^ back to top ^`](#-project-list)** + +A [document management system](https://en.wikipedia.org/wiki/Document_management_system) (DMS) is a system used to receive, track, manage and store documents and reduce paper. + +- [Paperless NGX](examples/paperless-ngx) - A community-supported supercharged version of paperless: scan, index and archive all your physical documents. +- [Papermerge](examples/papermerge) - Free and open source document management system with OCR designed for scanned documents, digital archives, pdf, tiff, jpeg. +- [DocuSeal](examples/docuseal) - Create, fill, and sign digital documents (alternative to DocuSign). +- [Koillection](examples/koillection) - Koillection is a self-hosted service allowing users to manage any kind of collections. +- [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads. + +### Pastebins + +**[`^ back to top ^`](#-project-list)** + +A [pastebin](https://en.wikipedia.org/wiki/Pastebin) is a type of online content-hosting service used for sharing and storing code and text. + +- [PrivateBin](examples/privatebin) - PrivateBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data. +- [Hemmelig](examples/hemmelig) - Keep your sensitive information out of chat logs, emails, and more with encrypted secrets. Free encrypted secret sharing for everyone! + +### File Transfer & Synchronization + +**[`^ back to top ^`](#-project-list)** + +- [ownCloud OCIS](examples/owncloud-ocis) - ownCloud Infinite Scale (oCIS) is the new file sync & share platform written in Golang that will be the foundation of your data management platform. +- [ownCloud](https://doc.owncloud.com/server/next/admin_manual/installation/docker/#docker-compose) - ownCloud is an open-source file sync, share and content collaboration software that lets teams work on data easily from anywhere, on any device. +- [Nextcloud](examples/nextcloud) - Access and share your files, calendars, contacts, mail and more from any device, on your terms. +- [Seafile](examples/seafile) - File hosting and sharing solution primary for teams and organizations. +- [SFTPGo](examples/sftpgo) - Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob. +- [Filebrowser](examples/filebrowser) - filebrowser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit your files. +- [FileRun](examples/filerun) - FileRun is a self-hosted File Sync and Share web-based application. It is a full featured web based file manager with an easy to use user interface. +- [Gokapi](examples/gokapi) - Lightweight selfhosted Firefox Send alternative without public upload. AWS S3 supported. +- [Projectsend](examples/projectsend) - ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs and much more! +- [Pwndrop](examples/pwndrop) - pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV. +- [Droppy](examples/droppy) (deprecated) - droppy is a self-hosted file storage server with a web interface and capabilities to edit files and view media directly in the browser. It is particularly well-suited to be run on low-end hardware like the Raspberry Pi. +- [PairDrop](examples/pairdrop) - PairDrop is a sublime alternative to AirDrop that works on all platforms. Send images, documents or text via peer to peer connection to devices in the same local network/Wi-Fi or to paired devices. +- [MinIO](examples/minio) - MinIO is an object storage server, compatible with Amazon S3 cloud storage service, mainly used for storing unstructured data (such as photos, videos, log files, etc.). +- [Transfer.sh](examples/transfer.sh) - Easy and fast file sharing from the command-line. +- [Transfer.zip](examples/transfer.zip) - Transfer files securely and E2E encrypted (AES-256 GCM) between browsers using WebRTC Peer2peer. +- [Send](examples/send) - Simple, private file sharing with encryption. A fork of Mozilla's Firefox Send. +- [Syncthing](examples/syncthing) - Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers. + +### Backups + +**[`^ back to top ^`](#awesome-sysadmin)** + +[Backup](https://en.wikipedia.org/wiki/Backup) software. + +- [Duplicati](examples/duplicati) - Duplicati is a backup client that securely stores encrypted, incremental, compressed remote backups of local files on cloud storage services and remote file servers. +- [Duplicacy](examples/duplicacy) - A lock-free deduplication cloud backup tool. + +### Note-taking & Editors + +**[`^ back to top ^`](#-project-list)** + +[Note taking](https://en.wikipedia.org/wiki/Note-taking) editors. + +- [Excalidraw](examples/excalidraw) - Excalidraw is a virtual collaborative whiteboard tool that lets you easily sketch diagrams that have a hand-drawn feel to them. +- [HedgeDoc](examples/hedgedoc) - HedgeDoc lets you create real-time collaborative markdown notes. +- [Overleaf](examples/overleaf) - Overleaf is a collaborative cloud-based LaTeX editor used for writing, editing and publishing scientific documents. +- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs. +- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser. +- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking. + +### URL Shorteners + +**[`^ back to top ^`](#-project-list)** + +- [YOURLS](examples/yourls) - The de-facto standard self hosted URL shortener in PHP. + +### Blogging Platforms and Homepages + +**[`^ back to top ^`](#-project-list)** + +A [blog](https://en.wikipedia.org/wiki/Blog) is a discussion or informational website consisting of discrete, diary-style text entries (posts). + +- [Ghost](examples/ghost) - Ghost is a free and open source blogging platform written in JavaScript and distributed under the MIT License, designed to simplify the process of online publishing for individual bloggers as well as online publications. +- [WordPress](examples/wordpress) - WordPress is a free and open-source content management system written in hypertext preprocessor language and paired with a MySQL or MariaDB database with supported HTTPS. +- [Nginx + PHP](examples/nginx-php) - Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. Combined with PHP, a general-purpose scripting language geared toward web development, server-side functions can be implemented for the webs. + +### Communication - Social Networks, Forums and Video Conferencing + +**[`^ back to top ^`](#-project-list)** + +[Social Networking](https://en.wikipedia.org/wiki/Social_networking_service) and [Forum](https://en.wikipedia.org/wiki/Internet_forum) software. + +- [Rocket.Chat](examples/rocketchat) - Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. +- [Mattermost](examples/mattermost) - Mattermost is an open source platform for secure collaboration across the entire software development lifecycle. +- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more. +- [Mirotalk P2P](examples/mirotalk) - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms. +- [Reactive-Resume](examples/rxresume) - A one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. + +### E-commerce + +**[`^ back to top ^`](#-project-list)** + +[E-commerce](https://en.wikipedia.org/wiki/E-commerce) software. + +- [EverShop](examples/evershop) - EverShop is a GraphQL Based and React ecommerce platform with essential commerce features. Built with React, modular and fully customizable. + +### Analytics + +**[`^ back to top ^`](#-project-list)** + +[Analytics](https://en.wikipedia.org/wiki/Analytics) is the systematic computational analysis of data or statistics. It is used for the discovery, interpretation, and communication of meaningful patterns in data. + +- [Matomo](examples/matomo) - Matomo is the leading Free/Libre open analytics platform. +- [Plausible](examples/plausible) - Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics. + +### Security & Privacy + +**[`^ back to top ^`](#-project-list)** + +Software that helps to increase security and privacy. + +- [Nessus](examples/nessus) - Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. +- [Greenbone](examples/greenbone) - Greenbone is the world's most trusted provider of open source vulnerability management. +- [SonarQube](examples/sonarqube) - SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. +- [Fail2ban](examples/fail2ban) - Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent against brute-force attacks. +- [Tor-Browser](examples/tor-browser) - Running a Tor browser instance on any headless server. +- [Firefox](examples/firefox) - Firefox by linuxserver.io allows you to run the popular Firefox web broser on a remote server. +- [Bibliogram](examples/bibliogram) (deprecated) - Bibliogram is a private front-end frontend to Instagram, similar to Invidous. +- [Nitter](examples/nitter) - Nitter is an alternative front-end to Twitter, and was inspired by Invidious. +- [Unify Network Application](examples/unify-network-application) - The Unifi-network-application software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance. + +### Wikis & Knowledge Base + +**[`^ back to top ^`](#-project-list)** + +A [wiki](https://en.wikipedia.org/wiki/Wiki) is a publication collaboratively edited and managed by its own audience directly using a web browser. + +- [Bookstack](examples/bookstack) - BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. +- [Wiki.js](examples/wikijs) - Wiki.js is an open source project that has been made possible due to the generous contributions by community backers. +- [Answer](examples/answer) - An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more. +- [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser. +- [Obsidian-Gitsync-Perlite](https://github.com/l4rm4nd/Obsidian-Gitsync-Perlite) - Continuously sync Obsidian markdown notes from GitHub and publish it for the webs. +- [Memos](examples/memos) - An open-source, self-hosted memo hub with knowledge management and social networking. +- [HedgeDoc](examples/hedgedoc) - HedgeDoc lets you create real-time collaborative markdown notes. +- [Docmost](examples/docmost) - Docmost is an open source collaborative documentation and wiki software. It is an open-source alternative to the likes of Confluence and Notion. + +### Money, Budgeting & Management + +**[`^ back to top ^`](#-project-list)** + +[Money management](https://en.wikipedia.org/wiki/Money_management) and budgeting software. + +- [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data. +- [Money-Balancer](examples/money-balancer) - A simple application for managing debt with your friends! +- [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances. +- [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads. + +### Genealogy + +**[`^ back to top ^`](#-project-list)** + +[Genealogy software](https://en.wikipedia.org/wiki/Genealogy_software) used to record, organize, and publish genealogical data. + +- [webtrees](examples/webtrees) - webtrees is the web's leading online collaborative genealogy application. It allows you to view and edit your genealogy on your selfhosted website. +- [Gramps-Web](examples/gramps) - Gramps Web is a web app for collaborative genealogy. It is based on and interoperable with Gramps, the leading open source genealogy desktop application. + +### Asset Management + +**[`^ back to top ^`](#-project-list)** + +[Asset management](https://en.wikipedia.org/wiki/Asset_management) is a systematic approach to the governance and realization of all value for which a group or entity is responsible. + +- [Domainmod](examples/domainmod) - DomainMOD is an open source application used to manage your domains and other internet assets in a central location. +- [Snipe-IT](examples/snipe-it) - Snipe-IT is a free, open source IT asset management system written in PHP. +- [Koillection](examples/koillection) - Koillection is a self-hosted service allowing users to manage any kind of collections. +- [VoucherVault](examples/vouchervault) - Django web application to store and manage vouchers, coupons, loyalty and gift cards digitally. Supports expiry notifications, transaction histories and file uploads. + +### Request Bins + +**[`^ back to top ^`](#-project-list)** + +A request bin service allows one to collect and inspect HTTP requests. It may be used to create mock API endpoints or troubleshoot HTTP requests. Also used by security professionals to verify security vulnerabilities like Server Side Request Forgery (SSRF) and others. + +- [RequestBin](examples/requestbin) - RequestBin gives you a unique URL that collects HTTP requests for debugging and development purposes. +- [Webhook.site](examples/webhook.site) - Easily test HTTP webhooks with this handy tool that displays requests instantly. +- [Request-Baskets](https://github.com/darklynx/request-baskets) - HTTP requests collector to test webhooks, notifications, REST clients and more. +- [Mockbin](https://github.com/Kong/mockbin) - Mock, Test & Track HTTP Requests and Response for Microservices. + +### Games and Control Servers + +**[`^ back to top ^`](#-project-list)** + +Multiplayer game servers, browser games and utilities for managing game servers. + +- [cs2-dedicated-server](examples/cs2-dedicated-server) - CS2 Dedicated Server Docker Image with an RCON web-based control panel. +- [posio](examples/posio) - A multiplayer geography game using Websockets. +- [Monkeytype](examples/monkeytype) - The most customizable typing website with a minimalistic design and a ton of features. Test yourself in various modes, track your progress and improve your speed. + +### Miscellaneous + +**[`^ back to top ^`](#-project-list)** + +Software that does not fit in another section. + +- [Network-Multitool](examples/network-multitool) - Multi-arch multitool for container network troubleshooting. +- [IT-Tools](examples/it-tools) - Collection of handy online tools for developers, with great UX. diff --git a/examples/adguard-home-sync/README.md b/examples/adguard-home-sync/README.md new file mode 100644 index 0000000..e11f747 --- /dev/null +++ b/examples/adguard-home-sync/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/bakito/adguardhome-sync diff --git a/examples/adguard-home-sync/docker-compose.yml b/examples/adguard-home-sync/docker-compose.yml new file mode 100644 index 0000000..14d592d --- /dev/null +++ b/examples/adguard-home-sync/docker-compose.yml @@ -0,0 +1,21 @@ +version: "2.1" +services: + adguardhome-sync: + image: linuxserver/adguardhome-sync + container_name: adguardhome-sync + hostname: adguardhome-sync + environment: + - ORIGIN_URL=http://10.10.10.10:8080 # your main adguard instance for synchronization + - ORIGIN_USERNAME=admin1 + - ORIGIN_PASSWORD=password1 + - REPLICA_URL=http://20.20.20.20:8080 # your replica adguard instance to be synced with main instance + - REPLICA_USERNAME=admin2 + - REPLICA_PASSWORD=password2 + - CRON=*/30 * * * * # run every 30 minute; see https://crontab.guru/ + - RUNONSTART=true + - TZ=Europe/Berlin + - PUID=1000 + - PGID=1000 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home-sync:/config diff --git a/examples/adguard-home/README.md b/examples/adguard-home/README.md new file mode 100644 index 0000000..3e9cfb0 --- /dev/null +++ b/examples/adguard-home/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/AdguardTeam/AdGuardHome diff --git a/examples/adguard-home/docker-compose.yml b/examples/adguard-home/docker-compose.yml new file mode 100644 index 0000000..193a761 --- /dev/null +++ b/examples/adguard-home/docker-compose.yml @@ -0,0 +1,37 @@ +version: "3" + +services: + adguard: + container_name: adguard + hostname: adguard + image: adguard/adguardhome:latest + ports: + - 3000:3000/tcp # only required during initial setup + - 8080:80/tcp # web interface after setup + - 53:53/tcp # dns + - 53:53/udp # dns + # - 67:67/udp # dhcp + # - 68:68/tcp # dhcp + # - 68:68/udp # dhcp + # - 784:784/udp # dns-over-quic + # - 853:853/tcp # dns over tls + # - 853:853/udp # dns over tls + # - 5443:5443/tcp # dnscrypt + # - 5443:5443/udp # dnscrypt + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home/work:/opt/adguardhome/work + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home/conf:/opt/adguardhome/conf + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.adguard.rule=Host(`dns.example.com`) + # - traefik.http.services.adguard.loadbalancer.server.port=8080 + # # Optional part for traefik middlewares + # - traefik.http.routers.adguard.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/examples/answer/README.md b/examples/answer/README.md new file mode 100644 index 0000000..4b015b2 --- /dev/null +++ b/examples/answer/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/answerdev/answer diff --git a/examples/answer/docker-compose.yml b/examples/answer/docker-compose.yml new file mode 100644 index 0000000..3e70826 --- /dev/null +++ b/examples/answer/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3" + +services: + answer: + container_name: answer + image: answerdev/answer + ports: + - '9080:80' + expose: + - 80 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/answer/data:/data + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.answer.rule=Host(`faq.example.com`) + # - traefik.http.services.answer.loadbalancer.server.port=80 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.answer.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/examples/archivebox/README.md b/examples/archivebox/README.md new file mode 100644 index 0000000..0a44398 --- /dev/null +++ b/examples/archivebox/README.md @@ -0,0 +1,17 @@ +# References + +- https://github.com/ArchiveBox/ArchiveBox +- https://github.com/ArchiveBox/ArchiveBox/blob/dev/docker-compose.yml + +# Notes + +Before starting the compose stack, ensure that you have downloaded the sonic configuration file, if you plan on using the sonic container. + +Place the config file in the bind volume mount path for sonic. + +The default username and password are: archivebox + +> [!CAUTION] +> Please read the [official storage requirements](https://github.com/ArchiveBox/ArchiveBox#storage-requirements) if your ArchiveBox instance is running slow, sluggish or times out. +> +> **TLDR**: Do not store the Docker volume data on a network storage like SMB/NFS. diff --git a/examples/archivebox/docker-compose.yml b/examples/archivebox/docker-compose.yml new file mode 100644 index 0000000..740c49d --- /dev/null +++ b/examples/archivebox/docker-compose.yml @@ -0,0 +1,84 @@ +version: "3.9" + +services: + archivebox: + image: archivebox/archivebox:dev + container_name: archivebox + command: server --quick-init 0.0.0.0:8000 + restart: unless-stopped + ports: + - 8000:8000 + expose: + - 8000 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/data:/data # archivebox application data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/crontabs:/var/spool/cron/crontabs # archivebox crontab data for scheduled runs + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/source-code:/app/archivebox # bind mounts the archivebox source code for development + environment: + # see https://docs.archivebox.io/en/master/Configuration.html for more details + - ADMIN_USERNAME=archivebox # your initial username + - ADMIN_PASSWORD=archivebox # your initial password + - ALLOWED_HOSTS=* + - PUBLIC_INDEX=False + - PUBLIC_SNAPSHOTS=False + - PUBLIC_ADD_VIEW=False + - PUID=1000 + - PGID=1000 + - SEARCH_BACKEND_ENGINE=sonic + - SEARCH_BACKEND_HOST_NAME=sonic + - SEARCH_BACKEND_PASSWORD=deport-silver-showcase-pusher-radiantly + - MEDIA_MAX_SIZE=750m + - TIMEOUT=60 + - CHECK_SSL_VALIDITY=False + - SAVE_TITLE=False + - SAVE_FAVICON=False + - SAVE_WGET=False + - SAVE_WARC=False + - SAVE_PDF=True + - SAVE_SCREENSHOT=True + - SAVE_DOM=True + - SAVE_SINGLEFILE=True + - SAVE_READABILITY=False + - SAVE_GIT=False + - SAVE_MEDIA=True + - SUBMIT_ARCHIVE_DOT_ORG=False + - SAVE_ARCHIVE_DOT_ORG=False + #networks: + # - proxy + # - archivebox_default + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.archivebox.rule=Host(`archive.exmple.com`) + # - traefik.http.services.archivebox.loadbalancer.server.port=8000 + # # Part for optional traefik middlewares + # - traefik.http.routers.archivebox.middlewares=local-ipwhitelist@file + + +### Example: To run the Sonic full-text search backend, first download the config file to sonic.cfg +# $ curl -O https://raw.githubusercontent.com/ArchiveBox/ArchiveBox/master/etc/sonic.cfg +# After starting, backfill any existing Snapshots into the full-text index: +# $ docker-compose run archivebox update --index-only + + sonic: + image: valeriansaliou/sonic:latest + container_name: archivebox-sonic + expose: + - 1491 + environment: + - SEARCH_BACKEND_PASSWORD=deport-silver-showcase-pusher-radiantly + volumes: + # Example: To run the Sonic full-text search backend, first download the config file to sonic.cfg + # curl https://raw.githubusercontent.com/ArchiveBox/ArchiveBox/master/etc/sonic.cfg -o /mnt/docker-volumes/archivebox/sonic/sonic.cfg + # After starting, backfill any existing Snapshots into the full-text index: + # $ docker-compose run archivebox update --index-only + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/sonic/sonic.cfg:/etc/sonic.cfg:ro + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/archivebox/sonic/store:/var/lib/sonic/store + #networks: + # - archivebox_default + +#networks: +# proxy: +# external: true +# archivebox_default: +# external: false diff --git a/examples/archivebox/sonic.cfg b/examples/archivebox/sonic.cfg new file mode 100644 index 0000000..10d94ea --- /dev/null +++ b/examples/archivebox/sonic.cfg @@ -0,0 +1,66 @@ +# Sonic +# Fast, lightweight and schema-less search backend +# Configuration file +# Example: https://github.com/valeriansaliou/sonic/blob/master/config.cfg + + +[server] + +log_level = "warn" + + +[channel] + +inet = "0.0.0.0:1491" +tcp_timeout = 300 + +auth_password = "${env.SEARCH_BACKEND_PASSWORD}" + +[channel.search] + +query_limit_default = 65535 +query_limit_maximum = 65535 +query_alternates_try = 10 + +suggest_limit_default = 5 +suggest_limit_maximum = 20 + + +[store] + +[store.kv] + +path = "/var/lib/sonic/store/kv/" + +retain_word_objects = 100000 + +[store.kv.pool] + +inactive_after = 1800 + +[store.kv.database] + +flush_after = 900 + +compress = true +parallelism = 2 +max_files = 100 +max_compactions = 1 +max_flushes = 1 +write_buffer = 16384 +write_ahead_log = true + +[store.fst] + +path = "/var/lib/sonic/store/fst/" + +[store.fst.pool] + +inactive_after = 300 + +[store.fst.graph] + +consolidate_after = 180 + +max_size = 2048 +max_words = 250000 diff --git a/examples/arr-suite/README.md b/examples/arr-suite/README.md new file mode 100644 index 0000000..c782755 --- /dev/null +++ b/examples/arr-suite/README.md @@ -0,0 +1,84 @@ +# References + +- https://docs.linuxserver.io/images/docker-prowlarr/ +- https://docs.linuxserver.io/images/docker-sonarr/ +- https://docs.linuxserver.io/images/docker-radarr/ +- https://docs.linuxserver.io/images/docker-lidarr/ +- https://docs.linuxserver.io/images/docker-readarr/ +- https://github.com/FlareSolverr/FlareSolverr +- https://docs.linuxserver.io/images/docker-qbittorrent/ +- https://hub.docker.com/r/qmcgaw/gluetun +- https://docs.linuxserver.io/images/docker-emby/ +- https://docs.linuxserver.io/images/docker-jellyfin (alternative option to emby) + +# Notes + +> [!WARNING] +> Downloading copyright restricted movies or media in general is illegal in most countries. +> +> Use this docker stack responsibly! + +> [!CAUTION] +> This setup makes use of gluetun to obtain a vpn killswitch network. This requires a vpn provider like mullvad or others. + +Docker stack consisting of various arr-services like: + +- Prowlarr + - Used as indexer for torrent links +- Sonarr + - Used for tv shows +- Radarr + - Used for movies +- Lidarr + - Used for music +- Readarr + - Used for books +- Flaresolverr + - Used to bypass Cloudflare for prowlarr + - You must add it at prowlarr as indexer with the tag `flaresolverr` +- Qbittorrent + - Used as download client; run behind gluetun vpn killswitch container + - A temporary password for the `admin` user will be printed to the container log on startup. Change it immediately to a static one that does not change again. +- Gluetun + - Used for establishing an openvpn/wireguard killswitch vpn connection for qbittorrent + - Requires an active subscription for a vpn provider (e.g. Mullvad) +- Emby / Jellyfin + - Used to manage your media libraries and stream it from various devices + +The following bind mount volumes are defined: + +- `/arr-suite/configs/` + - holds the config files of an arr container +- `/arr-suite/media/` + - will hold your media files such as movies, music, books, tv-shows, qbittorrent downloads etc. + +## Setup + +You can follow this Youtube tutorial on how to setup most of the arr applications: + +https://www.youtube.com/watch?v=LD8-Qr3B2-o + +**Note**: As all arr containers live within the same Docker network, you can easily reference container names instead of IPs. Docker will resolve the container names automatically to the current docker containers' IP. No need for port mappings or defining your Docker server's IP address. Use Docker networks! The only exception is qbittorrent, which uses the vpn killswitch network of the gluetun container. Here, the gluetun container will expose qbittorrent's web ui on TCP/8080 and the IP address of your docker host server. Setup qbittorrent in all arr-applications using your server's local IP address, on which port 8080 is mapped to. + +> [!WARNING] +> We configured qbittorrent to use the non-default path `/media/downloads` for downloads. +> +> Please define this location path in the qbittorrent admin panel too! + +![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/278b800d-2b6b-45cb-a44c-7f56def7f9d3) + +![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/8915f9f3-081f-41d2-9c5e-bdf9553e09c2) + +![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/94de5802-3b26-420b-bb1d-ac82cd5a5cfb) + +![image](https://github.com/Haxxnet/Compose-Examples/assets/21357789/19a26a74-dae0-4381-9614-46d20f912542) + +## Traefik + Emby + HTTP Headers + +During the setup of Emby in a web browser (HTTPS via Traefik) you may notice errors in the developer console, which prevent the web page from loading properly. + +Those errors occur, if you have configured secure HTTP response headers such as X-Content-Type-Options with the directive "nosniff". + +To complete the web-based setup, you either have to temporarely disable the HTTP header or browse the Emby instance without Traefik as reverse proxy. + +After the setup was completed, the errors are gone and you can use Emby regularly with Traefik, HTTPS and any X-Content-Type-Options header configuration. diff --git a/examples/arr-suite/docker-compose.yml b/examples/arr-suite/docker-compose.yml new file mode 100644 index 0000000..2f0cf44 --- /dev/null +++ b/examples/arr-suite/docker-compose.yml @@ -0,0 +1,263 @@ +version: "3.6" + +services: + + # image used to index torrent links from the internet + prowlarr: + image: linuxserver/prowlarr:latest + container_name: arr-suite-prowlarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/prowlarr:/config # database and Prowlarr configs + expose: + - 9696/tcp # web ui + ports: + - 9696:9696/tcp # web ui + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.prowlarr.rule=Host(`prowlarr.example.com`) + # - traefik.http.services.prowlarr.loadbalancer.server.port=9696 + # # Optional part for traefik middlewares + # - traefik.http.routers.prowlarr.middlewares=local-ipwhitelist@file + + # image used to scan for tv shows + sonarr: + image: linuxserver/sonarr:latest + container_name: arr-suite-sonarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/sonarr:/config # database and Radarr configs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + expose: + - 8989/tcp # web ui + ports: + - 8989:8989/tcp # web ui + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.sonarr.rule=Host(`sonarr.example.com`) + # - traefik.http.services.sonarr.loadbalancer.server.port=8989 + # # Optional part for traefik middlewares + # - traefik.http.routers.sonarr.middlewares=local-ipwhitelist@file + + # image used to scan for movies + radarr: + image: linuxserver/radarr:latest + container_name: arr-suite-radarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/radarr:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + expose: + - 7878/tcp # web ui + ports: + - 7878:7878/tcp # web ui + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.radarr.rule=Host(`radarr.example.com`) + # - traefik.http.services.radarr.loadbalancer.server.port=7878 + # # Optional part for traefik middlewares + # - traefik.http.routers.radarr.middlewares=local-ipwhitelist@file + + # image used to scan for music + lidarr: + image: linuxserver/lidarr:latest + container_name: arr-suite-lidarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/lidarr:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + expose: + - 8686/tcp # web ui + ports: + - 8686:8686/tcp # web ui + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.lidarr.rule=Host(`lidarr.example.com`) + # - traefik.http.services.lidarr.loadbalancer.server.port=8686 + # # Optional part for traefik middlewares + # - traefik.http.routers.lidarr.middlewares=local-ipwhitelist@file + + # image used to scan for books + readarr: + image: linuxserver/readarr:develop + container_name: arr-suite-readarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/readarr:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/media # location of media and qbittorrent download folder + expose: + - 8787/tcp # web ui + ports: + - 8787:8787/tcp # web ui + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.readarr.rule=Host(`readarr.example.com`) + # - traefik.http.services.readarr.loadbalancer.server.port=8787 + # # Optional part for traefik middlewares + # - traefik.http.routers.readarr.middlewares=local-ipwhitelist@file + + # image used to bypass cloudflare for prowlarr + flaresolverr: + image: flaresolverr/flaresolverr:latest + container_name: arr-suite-flaresolverr + environment: + - LOG_LEVEL=info + - LOG_HTML=false + - CAPTCHA_SOLVER=none + - TZ=Europe/Berlin + expose: + - 8191/tcp # listening port for selenium + restart: unless-stopped + #networks: + # - proxy + + # image used for vpn killswitch network + gluetun: + image: qmcgaw/gluetun:latest + container_name: arr-suite-gluetun + cap_add: + - NET_ADMIN + ports: + - 8080:8080 # qbittorrent http web ui + environment: + # see https://github.com/qdm12/gluetun-wiki for more details + # example envs based on https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/mullvad.md + - VPN_SERVICE_PROVIDER=mullvad # define the vpn provider + - VPN_TYPE=wireguard # define the vpn protocol to use + - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # define your wireguard private key here + - WIREGUARD_ADDRESSES=10.64.222.21/32 # define the ipv4 vpn network subnet here + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/gluetun:/gluetun + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.example.com`) + # - traefik.http.services.qbittorrent.loadbalancer.server.port=8080 + # # Optional part for traefik middlewares + # - traefik.http.routers.qbittorrent.middlewares=local-ipwhitelist@file + + # image used to download stuff; run over gluetun network (vpn killswitch) + qbittorrent: + image: linuxserver/qbittorrent:latest + container_name: arr-suite-qbittorrent + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - WEBUI_PORT=8080 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/qbittorrent:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media/downloads:/media/downloads + depends_on: + - gluetun + network_mode: container:arr-suite-gluetun # use the gluetun container network (vpn killswitch) + restart: unless-stopped + + # image used to manage media and stream it + emby: + image: linuxserver/emby:latest + container_name: arr-suite-emby + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby:/config # emby data storage location; can grow very large + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/emby/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs + expose: + - 8096/tcp # http web ui + - 8920/tcp # https web ui + ports: + - 8096:8096/tcp # http web ui + #devices: + # - /dev/dri:/dev/dri #optional + # - /dev/vchiq:/dev/vchiq #optional + # - /dev/video10:/dev/video10 #optional + # - /dev/video11:/dev/video11 #optional + # - /dev/video12:/dev/video12 #optional + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.emby.rule=Host(`emby.example.com`) + # - traefik.http.services.emby.loadbalancer.server.port=8096 + # # Optional part for traefik middlewares + # - traefik.http.routers.emby.middlewares=local-ipwhitelist@file + + # image used to manage media and stream it + #jellyfin: + # image: linuxserver/jellyfin:latest + # container_name: arr-suite-jellyfin + # environment: + # - PUID=1000 + # - PGID=1000 + # - TZ=Europe/Berlin + # volumes: + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin:/config # emby data storage location; can grow very large + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/media:/data # media goes here + # #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/arr-suite/configs/jellyfin/lib:/opt/vc/lib # optional; path for Raspberry Pi OpenMAX libs + # expose: + # - 8096/tcp # http web ui + # ports: + # - 8096:8096/tcp # http web ui + # #devices: + # # - /dev/dri:/dev/dri #optional + # # - /dev/vchiq:/dev/vchiq #optional + # # - /dev/video10:/dev/video10 #optional + # # - /dev/video11:/dev/video11 #optional + # # - /dev/video12:/dev/video12 #optional + # restart: unless-stopped + # #networks: + # # - proxy + # #labels: + # # - traefik.enable=true + # # - traefik.docker.network=proxy + # # - traefik.http.routers.jellyfin.rule=Host(`jellyfin.example.com`) + # # - traefik.http.services.jellyfin.loadbalancer.server.port=8096 + # # # Optional part for traefik middlewares + # # - traefik.http.routers.jellyfin.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/authelia/README.md b/examples/authelia/README.md new file mode 100644 index 0000000..2b7d719 --- /dev/null +++ b/examples/authelia/README.md @@ -0,0 +1,23 @@ +# References + +- https://github.com/authelia/authelia +- https://www.youtube.com/watch?v=u6H-Qwf4nZA&t=1314s +- https://docs.technotim.live/posts/authelia-traefik/ + +# Notes + +You have to put the configuration files from the directory `config` here to your Docker volume bind mount. + +The do the following: + +1. Adjust the configuration.yml to your needs. Especially replace exmaple.com with your own domain name. Add all your to be protected subdomains to the access_control area. Replace all secrets with your secure strings (may use `openssl rand -base64 35` to generate a secure, random string). +2. Adjust users_database.yml and add your user accounts. You can create new password hashes via `docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password 'ExamplePassword'` +3. Finally, add authelia as middleware for each container to protect. I recommend using labels. Note that authelia should always be listed first. + +```` + labels: + - traefik.enable=true + - traefik.http.routers.protected-service.middlewares=authelia@docker,local-ipwhitelist@file +```` + +**Note**: You can also add Authelia as file provider middleware. See [here](../traefik/fileConfig.yml) for an example Traefik dynamic configuration file. Afterwards, you can use the file provider `authelia@file` instead or besides of `authelia@docker`. diff --git a/examples/authelia/config/configuration.yml b/examples/authelia/config/configuration.yml new file mode 100644 index 0000000..1689aa6 --- /dev/null +++ b/examples/authelia/config/configuration.yml @@ -0,0 +1,176 @@ +--- +############################################################### +# Authelia configuration # +############################################################### + +server: + address: 'tcp://:9091/' + +log: + level: debug + +theme: dark + +identity_validation: + reset_password: + jwt_secret: unsecure_jwt_secret + +totp: + issuer: authelia.com + +# duo_api: +# hostname: api-123456789.example.com +# integration_key: ABCDEF +# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE +# secret_key: 1234567890abcdefghifjkl + +password_policy: + standard: + enabled: true + min_length: 16 + max_length: 0 + require_uppercase: true + require_lowercase: true + require_number: true + require_special: true + +authentication_backend: + file: + path: /config/users_database.yml + password: + algorithm: argon2id + iterations: 1 + salt_length: 16 + parallelism: 8 + memory: 64 + +access_control: + default_policy: deny + rules: + # Rules applied to everyone + # chose from bypass, one_factor and two_factor + - domain: public.example.com + policy: bypass + - domain: subdomain1.example.com + policy: one_factor + - domain: subdomain2.example.com + policy: two_factor + subject: + - "group:admins" # access restriction based on groups + +session: + name: authelia_session + # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE + secret: unsecure_session_secret + expiration: 1h # 1 hour + inactivity: 5m # 5 minutes + cookies: + - domain: example.com + authelia_url: 'https://example.com' + default_redirection_url: 'https://www.example.com' # must be diffent to authelia_url + + redis: + host: authelia-redis + port: 6379 + # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE + password: SuperSecureRedisAuthPassword # must be the same as in the docker-compose.yml defined for the redis service + +regulation: + max_retries: 3 + find_time: 120 + ban_time: 300 + +# yubikey support +webauthn: + disable: false + display_name: Authelia + attestation_conveyance_preference: indirect + user_verification: preferred + timeout: 60s + +storage: + encryption_key: a_very_important_secret # Now required + local: + path: /config/db.sqlite3 + +notifier: + # smtp: + # username: test + # # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE + # password: password + # host: smtp.gmail.com + # port: 465 + # sender: "MySender " + filesystem: + filename: /config/notifications.txt + +#identity_providers: +# oidc: +# hmac_secret: 'a-very-secure-hmac-secret' +# jwks: +# - key_id: 'authelia' +# algorithm: 'RS256' +# use: 'sig' +# certificate_chain: | +# -----BEGIN CERTIFICATE----- +# +# -----END CERTIFICATE----- +# key: | +# -----BEGIN PRIVATE KEY----- +# +# -----END PRIVATE KEY----- +# enable_client_debug_messages: false +# minimum_parameter_entropy: 8 +# enforce_pkce: 'public_clients_only' +# enable_pkce_plain_challenge: false +# enable_jwt_access_token_stateless_introspection: false +# discovery_signed_response_alg: 'none' +# discovery_signed_response_key_id: '' +# require_pushed_authorization_requests: false +# lifespans: +# access_token: '1h' +# authorize_code: '1m' +# id_token: '1h' +# refresh_token: '90m' +# cors: +# endpoints: +# - 'authorization' +# - 'token' +# - 'revocation' +# - 'introspection' +# allowed_origins: +# - 'https://immich.example.com' +# allowed_origins_from_client_redirect_uris: false +# clients: +# - client_id: immich +# client_name: Immich OIDC +# client_secret: 'a-very-secure-client-secret' +# public: false +# authorization_policy: one_factor # may use two_factor to enforce 2FA +# consent_mode: explicit +# token_endpoint_auth_method: "client_secret_basic" +# pre_configured_consent_duration: 1w +# scopes: +# - openid +# - groups +# - email +# - profile +# redirect_uris: # adjust to your domains +# - https://authelia.example.com/ +# - https://authelia.example.com/oauth2/callback +# - https://immich.example.com/oauth2/callback +# - https://immich.example.com/auth/login +# - https://immich.example.com/user-settings +# - https://immich.example.com +# - app.immich:/ +# - https://immich.example.com/api/oauth/mobile-redirect +# grant_types: +# - refresh_token +# - authorization_code +# response_types: +# - code +# response_modes: +# - form_post +# - query +# - fragment +... diff --git a/examples/authelia/config/users_database.yml b/examples/authelia/config/users_database.yml new file mode 100644 index 0000000..835e5f8 --- /dev/null +++ b/examples/authelia/config/users_database.yml @@ -0,0 +1,19 @@ +--- +############################################################### +# Users Database # +############################################################### + +# This file can be used if you do not have an LDAP set up. + +# List of users +users: + yourUsername: # define here your username + disabled: false + displayname: "My Authelia User" + # Password is authelia + password: "$argon2id$v=19$m=65536,t=3,p=4$mTOaOa3MOexX7JQ02BdXzw$OzAxTnSPEnahQgIi+y4QPP5/xYIQ8uEWDYW+vlupeTM" # generate a secure hash with: $ docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'password' + email: authelia@example.com + groups: + - admins + - dev +... diff --git a/examples/authelia/docker-compose.yml b/examples/authelia/docker-compose.yml new file mode 100644 index 0000000..191c343 --- /dev/null +++ b/examples/authelia/docker-compose.yml @@ -0,0 +1,40 @@ +version: '3.3' + +services: + authelia: + image: authelia/authelia + container_name: authelia + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/config:/config + networks: + - proxy + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.authelia.rule=Host(`auth.example.com`)' # replace with your domain name + - 'traefik.http.routers.authelia.entrypoints=https' + - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.example.com' # replace with your domain name + - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length + expose: + - 9091 + restart: unless-stopped + environment: + - TZ=Europe/Berlin + + redis: + image: redis:alpine + container_name: authelia-redis + command: redis-server --requirepass SuperSecureRedisAuthPassword # also reflect this in the authelia config file + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authelia/redis:/data + networks: + - proxy + expose: + - 6379 + restart: unless-stopped + environment: + - TZ=Europe/Berlin + +networks: + proxy: + external: true diff --git a/examples/authentik/.env b/examples/authentik/.env new file mode 100644 index 0000000..04690ed --- /dev/null +++ b/examples/authentik/.env @@ -0,0 +1,12 @@ +# define the version to use +AUTHENTIK_VERSION=2024.8 + +# database credentials +PG_USER=authentik +PG_DB=authentik + +# generate via: pwgen -s 40 1 +PG_PASS=7jFjT4pUyf0YOlQ84LrO6JdLVWpzKEGiEMtdVwBE + +# generate via: pwgen -s 50 1 +AUTHENTIK_SECRET_KEY=YZRzXecsKQVEJ3Lr5uoKRGXZkETsYjUDT1qtQ28JjzWzDYvcoG diff --git a/examples/authentik/README.md b/examples/authentik/README.md new file mode 100644 index 0000000..cb9eff7 --- /dev/null +++ b/examples/authentik/README.md @@ -0,0 +1,30 @@ +# References + +- https://goauthentik.io/docs/installation/ +- https://blog.lrvt.de/authentik-traefik-azure-ad/ + +# Notes + +Start by creating a new Docker network for separation: + +```` +docker network create authentik-internal +```` + +Then adjust the `.env` file with your private secrets and spawn up the stack: + +```` +docker compose up -d +```` + +After spawning up the Authentik stack, you will be greeted by Authentik's login dashboard. However, you have to onboard an admin user first. + +This is done by visiting the following URL: + +```` +# with TLS reverse proxy +https:///if/flow/initial-setup/ + +# without TLS reverse proxy +https://:9000/if/flow/initial-setup/ +```` diff --git a/examples/authentik/docker-compose.yml b/examples/authentik/docker-compose.yml new file mode 100644 index 0000000..f2480a6 --- /dev/null +++ b/examples/authentik/docker-compose.yml @@ -0,0 +1,109 @@ +version: "3.4" + +services: + + postgresql: + image: docker.io/library/postgres:16-alpine + container_name: authentik-psql + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/psql:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${PG_PASS:-authentik} + POSTGRES_USER: ${PG_USER:-authentik} + POSTGRES_DB: ${PG_DB:-authentik} + env_file: + - .env + networks: + - authentik-internal + + redis: + image: docker.io/library/redis:alpine + container_name: authentik-redis + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/redis:/data + networks: + - authentik-internal + + authentik-proxy: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8} + container_name: authentik + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-authentik} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-authentiksupersecretkey} + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/media:/media + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/custom-templates:/templates + ports: + - 9000 + expose: + - 9000 + - 9443 + env_file: + - .env + depends_on: + - postgresql + - redis + networks: + - proxy + - authentik-internal + #labels: + # - traefik.enable=true + # - traefik.http.routers.authentik.rule=Host(`authentik.example.com`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.example.com`) && PathPrefix(`/outpost.goauthentik.io/`) + # - traefik.http.services.authentik.loadbalancer.server.port=9000 + # - traefik.docker.network=proxy + # - traefik.http.middlewares.authentik.forwardauth.address=http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik + # - traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true + # - traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version + + worker: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.8} + container_name: authentik-worker + restart: unless-stopped + command: worker + user: root + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-authentik} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-authentiksupersecretkey} + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/certs:/certs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/media:/media + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/authentik/custom-templates:/templates + env_file: + - .env + depends_on: + - postgresql + - redis + networks: + - proxy + - authentik-internal + +networks: + proxy: + external: true + authentik-internal: + internal: true diff --git a/examples/bibliogram/README.md b/examples/bibliogram/README.md new file mode 100644 index 0000000..4c99468 --- /dev/null +++ b/examples/bibliogram/README.md @@ -0,0 +1,4 @@ +# References + +- https://hub.docker.com/r/schklom/bibliogram +- https://git.sr.ht/~cadence/bibliogram-docs/tree/master/docs/Configuring.md#files \ No newline at end of file diff --git a/examples/bibliogram/config.js b/examples/bibliogram/config.js new file mode 100644 index 0000000..4e6754d --- /dev/null +++ b/examples/bibliogram/config.js @@ -0,0 +1,3 @@ +module.exports = { + website_origin: "https://mydomain.net" +} \ No newline at end of file diff --git a/examples/bibliogram/docker-compose.yml b/examples/bibliogram/docker-compose.yml new file mode 100644 index 0000000..94edacb --- /dev/null +++ b/examples/bibliogram/docker-compose.yml @@ -0,0 +1,23 @@ +version: '3.4' +services: + bibliogram: + image: schklom/bibliogram + container_name: bibliogram + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bibliogram/config.js:/app/config.js:ro + ports: + - 10407:10407 + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.bibliogram.rule=Host(`bibliogram.example.com`) + # - traefik.http.services.bibliogram.loadbalancer.server.port=10407 + # # Optional part for traefik middlewares + # - traefik.http.routers.bibliogram.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/examples/bitwarden/README.md b/examples/bitwarden/README.md new file mode 100644 index 0000000..0cabd26 --- /dev/null +++ b/examples/bitwarden/README.md @@ -0,0 +1,7 @@ +# References + +- https://bitwarden.com/help/install-and-deploy-unified-beta/ + +# Note + +Does not work with MariaDB at the moment. See https://github.com/bitwarden/server/issues/2718 diff --git a/examples/bitwarden/docker-compose.yml b/examples/bitwarden/docker-compose.yml new file mode 100644 index 0000000..7d438be --- /dev/null +++ b/examples/bitwarden/docker-compose.yml @@ -0,0 +1,49 @@ +version: "3.8" + +services: + bitwarden: + image: bitwarden/self-host:2024.8.0-beta + container_name: bitwarden_unified + restart: always + depends_on: + - db + env_file: + - settings.env + ports: + - "8888:8080" + expose: + - 8080 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bitwarden-unified/data:/etc/bitwarden + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bitwarden-unified/data/logs:/var/log/bitwarden + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.bitwarden.rule=Host(`bitwarden.example.com`) + # - traefik.http.services.bitwarden.loadbalancer.server.port=8080 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.bitwarden.middlewares=local-ipwhitelist@file + + db: + image: postgres:alpine3.18 + container_name: bitwarden_unified_db + restart: always + environment: + POSTGRES_USER: "bitwarden" + POSTGRES_PASSWORD: "super_strong_password" + POSTGRES_DB: "bitwarden_vault" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bitwarden-unified/psql:/var/lib/postgresql/data + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/bitwarden/settings.env b/examples/bitwarden/settings.env new file mode 100644 index 0000000..6c2e31d --- /dev/null +++ b/examples/bitwarden/settings.env @@ -0,0 +1,61 @@ +##################### +# Required Settings # +##################### + +# Server hostname +BW_DOMAIN=bitwarden.example.com + +# Database +# Available providers are sqlserver, postgresql, or mysql/mariadb +BW_DB_PROVIDER=postgresql +BW_DB_SERVER=db +BW_DB_DATABASE=bitwarden_vault +BW_DB_USERNAME=bitwarden +BW_DB_PASSWORD=super_strong_password + +# Installation information +# Get your ID and key from https://bitwarden.com/host/ +BW_INSTALLATION_ID=xxxxxxxx-xxxxxxxx-xxxxxxxxx-xxxxxxxxxxx # change this !!! +BW_INSTALLATION_KEY=MyInstallationkey # change this !!! + +##################### +# Optional Settings # +##################### +# Learn more here: https://bitwarden.com/help/environment-variables/ + +# SSL +#BW_ENABLE_SSL=true +#BW_ENABLE_SSL_CA=true +#BW_SSL_CERT=ssl.crt +#BW_SSL_KEY=ssl.key +#BW_SSL_CA_CERT=ca.crt + +# Services +# Some services, namely for enterprise use cases, are disabled by default. Defaults shown below. +#BW_ENABLE_ADMIN=true +#BW_ENABLE_API=true +#BW_ENABLE_EVENTS=false +#BW_ENABLE_ICONS=true +#BW_ENABLE_IDENTITY=true +#BW_ENABLE_NOTIFICATIONS=true +#BW_ENABLE_SCIM=false +#BW_ENABLE_SSO=false + +#BW_ICONS_PROXY_TO_CLOUD=false + +# Mail +#globalSettings__mail__replyToEmail=noreply@$BW_DOMAIN +#globalSettings__mail__smtp__host=smtphost.example.com +#globalSettings__mail__smtp__port=587 +#globalSettings__mail__smtp__ssl=false +#globalSettings__mail__smtp__username=smtpusername +#globalSettings__mail__smtp__password=smtppassword + +# Yubikey +#globalSettings__yubico__clientId=REPLACE +#globalSettings__yubico__key=REPLACE + +# Other +#globalSettings__disableUserRegistration=true +#globalSettings__hibpApiKey=REPLACE +#adminSettings__admins="admin1@email.com,admin2@email.com" diff --git a/examples/bookstack/README.md b/examples/bookstack/README.md new file mode 100644 index 0000000..181ebad --- /dev/null +++ b/examples/bookstack/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-bookstack diff --git a/examples/bookstack/docker-compose.yml b/examples/bookstack/docker-compose.yml new file mode 100644 index 0000000..43c5e83 --- /dev/null +++ b/examples/bookstack/docker-compose.yml @@ -0,0 +1,58 @@ +version: "3" + +services: + bookstack: + image: linuxserver/bookstack + container_name: bookstack + hostname: bookstack + environment: + - PUID=1000 + - PGID=1000 + - APP_URL=http://127.0.0.1:8099 # change this to your prod url with https + - DB_HOST=bookstack_db + - DB_USER=bookstack + - DB_PASS=USERPW1 + - DB_DATABASE=bookstackapp + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bookstack/config:/config + restart: unless-stopped + ports: + - 8099:80 + depends_on: + - bookstack_db + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.bookstack.rule=Host(`bookstack.example.com`) + # - traefik.http.services.bookstack.loadbalancer.server.port=80 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.bookstack.middlewares=local-ipwhitelist@file,authelia@docker + + bookstack_db: + image: linuxserver/mariadb + container_name: bookstack_db + hostname: bookstack_db + environment: + - PUID=1000 + - PGID=1000 + - MYSQL_ROOT_PASSWORD=ROOTPW + - TZ=Europe/Berlin + - MYSQL_DATABASE=bookstackapp + - MYSQL_USER=bookstack + - MYSQL_PASSWORD=USERPW1 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bookstack/mariadb-config:/config + restart: unless-stopped + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/caddy/CaddyFile b/examples/caddy/CaddyFile new file mode 100644 index 0000000..be1952e --- /dev/null +++ b/examples/caddy/CaddyFile @@ -0,0 +1,4 @@ +service.example.com { + encode zstd gzip + reverse_proxy nginx:80 +} diff --git a/examples/caddy/README.md b/examples/caddy/README.md new file mode 100644 index 0000000..b6da371 --- /dev/null +++ b/examples/caddy/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/caddyserver/caddy diff --git a/examples/caddy/docker-compose.yml b/examples/caddy/docker-compose.yml new file mode 100644 index 0000000..36a7179 --- /dev/null +++ b/examples/caddy/docker-compose.yml @@ -0,0 +1,15 @@ +version: "3.7" +services: + caddy: + image: caddy:latest + container_name: caddy + restart: unless-stopped + environment: + - TZ=Europe/Berlin + ports: + - "80:80" + - "443:443" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/CaddyFile:/etc/caddy/Caddyfile + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/data:/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/caddy/config:/config diff --git a/examples/changedetection/README.md b/examples/changedetection/README.md new file mode 100644 index 0000000..1ab800a --- /dev/null +++ b/examples/changedetection/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-changedetection.io diff --git a/examples/changedetection/docker-compose.yml b/examples/changedetection/docker-compose.yml new file mode 100644 index 0000000..42cd545 --- /dev/null +++ b/examples/changedetection/docker-compose.yml @@ -0,0 +1,27 @@ +version: "2.1" +services: + changedetection: + image: lscr.io/linuxserver/changedetection.io:latest + container_name: changedetection + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/changedetection/config:/config + ports: + - 5000:5000 + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.changedetection.rule=Host(`changedetection.example.com`) + # - traefik.http.services.changedetection.loadbalancer.server.port=5000 + # - traefik.docker.network=proxy + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.changedetection.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true diff --git a/examples/chevereto/README.md b/examples/chevereto/README.md new file mode 100644 index 0000000..fd5d967 --- /dev/null +++ b/examples/chevereto/README.md @@ -0,0 +1,31 @@ +# References + +- https://github.com/chevereto/chevereto + +# Notes + +If you want to use bind mounts instead of Docker volumes, you can do so. + +However, the container will report back permission errors for the path `/var/www/html/images/_assets/`. Something like: + +```` +chevereto | Exception thrown in /var/www/html/app/src/Legacy/Classes/LocalStorage.php:45 +chevereto | +chevereto | # Message [Code #600] +chevereto | Path /var/www/html/images/_assets/ is not writable +```` + +Those can only be solved by spawning a shell into the Docker container and fixing the permissions as follows: + +```` +# spawning shell into the docker container +docker exec -it chevereto bash + +# fixing permissions to www-data +mkdir -p /var/www/html/images/_assets +chown -R www-data:www-data /var/www/html/images/* +chmod -R 777 /var/www/html/images/* +```` +No container restart necessary. The web application should now work flawlessly. + +Note: The permission issues only occur if bind mounts are used over Docker named volumes. diff --git a/examples/chevereto/docker-compose.yml b/examples/chevereto/docker-compose.yml new file mode 100644 index 0000000..084ea83 --- /dev/null +++ b/examples/chevereto/docker-compose.yml @@ -0,0 +1,60 @@ +version: "3.7" + +services: + chevereto: + image: ghcr.io/chevereto/chevereto:4.0 + container_name: chevereto + init: true + restart: unless-stopped + volumes: + - chevereto:/var/www/html/images + ports: + - 8999:80 + expose: + - 80 + environment: + CHEVERETO_DB_HOST: mariadb + CHEVERETO_DB_USER: chevereto + CHEVERETO_DB_PASS: chevereto + CHEVERETO_DB_PORT: 3306 + CHEVERETO_DB_NAME: chevereto + CHEVERETO_ASSET_STORAGE_TYPE: local + CHEVERETO_ASSET_STORAGE_URL: /images/_assets + CHEVERETO_ASSET_STORAGE_BUCKET: /var/www/html/images/_assets + # only enable the next env if chevereto is run behind a reverse proxy + # adjust to the corresponding http header of your reverse proxy, where a user's real IP is propagated + # see https://github.com/chevereto/chevereto/issues/44 + #CHEVERETO_HEADER_CLIENT_IP: X-Forwarded-For + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.chevereto.rule=Host(`chevereto.example.com`) + # - traefik.http.services.chevereto.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.chevereto.middlewares=authentik@docker + + mariadb: + image: mariadb + container_name: chevereto_mariadb + restart: unless-stopped + init: true + environment: + MYSQL_DATABASE: chevereto + MYSQL_USER: chevereto + MYSQL_PASSWORD: chevereto + MARIADB_ROOT_PASSWORD: chevereto + volumes: + - chevereto_mariadb:/var/lib/mysql + #networks: + # - proxy + +# volumes are recommended due to weird www-data permission in chevereto container +volumes: + chevereto: {} + chevereto_mariadb: {} + +#networks: +# proxy: +# external: true diff --git a/examples/cloudflare-ddns/README.md b/examples/cloudflare-ddns/README.md new file mode 100644 index 0000000..24e86e3 --- /dev/null +++ b/examples/cloudflare-ddns/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/favonia/cloudflare-ddns \ No newline at end of file diff --git a/examples/cloudflare-ddns/docker-compose.yml b/examples/cloudflare-ddns/docker-compose.yml new file mode 100644 index 0000000..823aece --- /dev/null +++ b/examples/cloudflare-ddns/docker-compose.yml @@ -0,0 +1,19 @@ +version: "3" +services: + cloudflare-ddns: + image: favonia/cloudflare-ddns:latest + container_name: cloudflare-ddns + #network_mode: host + restart: always + user: "1000:1000" + cap_drop: + - all + read_only: true + security_opt: + - no-new-privileges:true + environment: + - CF_API_TOKEN=YOUR-CLOUDFLARE-API-TOKEN # pls adjust + - DOMAINS=example.org,www.example.org,example.io # pls adjust; a list of fully qualified domain names separated by commas + - PROXIED=false # if true, instructs Cloudflare to cache webpages on your machine and hide its actual IP addresses + - TZ=Europe/Berlin + - IP6_PROVIDER=none # disbale IPv6 diff --git a/examples/code-server/README.md b/examples/code-server/README.md new file mode 100644 index 0000000..aa8d34d --- /dev/null +++ b/examples/code-server/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-code-server \ No newline at end of file diff --git a/examples/code-server/docker-compose.yml b/examples/code-server/docker-compose.yml new file mode 100644 index 0000000..5551a30 --- /dev/null +++ b/examples/code-server/docker-compose.yml @@ -0,0 +1,39 @@ +version: "2.1" + +services: + + code-server: + image: lscr.io/linuxserver/code-server:latest + container_name: code-server + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - PASSWORD=MyStrongLoginPassword + - SUDO_PASSWORD=MyOptionalStrongSudoPassword #optional + #- SUDO_PASSWORD_HASH= #optional + - PROXY_DOMAIN=vscode.example.com #optional + - DEFAULT_WORKSPACE=/config/workspace #optional + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vscode/config:/config + ports: + - 8443:8443 + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.codeserver.rule=Host(`code.example.com`) + # - traefik.http.services.codeserver.loadbalancer.server.port=8443 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.codeserver.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/examples/cs2-dedicated-server/README.md b/examples/cs2-dedicated-server/README.md new file mode 100644 index 0000000..2eb3cbb --- /dev/null +++ b/examples/cs2-dedicated-server/README.md @@ -0,0 +1,14 @@ +# References + +- https://github.com/joedwards32/CS2 +- https://github.com/shobhit-pathak/cs2-rcon-panel + +# Notes + +Minimum system requirements are: + +- 2 CPUs +- 2 GiB RAM +- 40 GB of disk space for the container or mounted as a persistent volume on /home/steam/cs2-dedicated/ + +Default login for the rcon panel is `cspanel:v67ic55x4ghvjfj`. diff --git a/examples/cs2-dedicated-server/docker-compose.yml b/examples/cs2-dedicated-server/docker-compose.yml new file mode 100644 index 0000000..e82bde1 --- /dev/null +++ b/examples/cs2-dedicated-server/docker-compose.yml @@ -0,0 +1,53 @@ +version: '3.7' + +services: + + cs2-server: + image: joedwards32/cs2 + container_name: cs2-dedicated-server + restart: unless-stopped + environment: + # Server configuration + - SRCDS_TOKEN= # Game Server Token from https://steamcommunity.com/dev/managegameservers + - CS2_SERVERNAME=MY-CS2-SERVER # (Set the visible name for your private server) + - CS2_CHEATS=0 # (0 - disable cheats, 1 - enable cheats) + - CS2_PORT=27015 # (CS2 server listen port tcp_udp) + - CS2_SERVER_HIBERNATE=0 # (Put server in a low CPU state when there are no players. 0 - hibernation disabled, 1 - hibernation enabled) + - CS2_LAN=0 # (0 - LAN mode disabled, 1 - LAN Mode enabled) + - CS2_RCONPW=cruelly-sequel-dejected # (RCON password) + - CS2_PW=sake-earthly-lair # (CS2 server password) + - CS2_MAXPLAYERS=10 # (Max players) + # Game modes + - CS2_GAMEALIAS=competitive # (Game type, e.g. casual, competitive, deathmatch. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers) + - CS2_GAMETYPE=0 # (Used if CS2_GAMEALIAS not defined. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers) + - CS2_GAMEMODE=1 # (Used if CS2_GAMEALIAS not defined. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers) + - CS2_MAPGROUP=mg_active # (Map pool) + - CS2_STARTMAP=de_dust2 # (Start map) + # Bots + - CS2_BOT_DIFFICULTY=0 # (0 - easy, 1 - normal, 2 - hard, 3 - expert) + - CS2_BOT_QUOTA=0 # (Number of bots) + - CS2_BOT_QUOTA_MODE=competitive # (fill, competitive) + # TV + - TV_AUTORECORD=0 # Automatically records all games as CSTV demos: 0=off, 1=on. + - TV_ENABLE=0 # Activates CSTV on server: 0=off, 1=on. + - TV_PORT=27020 # Host SourceTV port + - TV_PW=changeme # CSTV password for clients + - TV_RELAY_PW=changeme # CSTV password for relay proxies + - TV_MAXRATE=0 # World snapshots to broadcast per second. Affects camera tickrate. + - TV_DELAY=0 # Max CSTV spectator bandwidth rate allowed, 0 == unlimited + volumes: + - cs2:/home/steam/cs2-dedicated/ + ports: + - 27015:27015/tcp # TCP + - 27015:27015/udp # UDP + #- 27020:27020/udp # UDP + + cs2-rconpanel: + image: soren90/rcon-panel + container_name: cs2-rcon-panel + ports: + - 3000:3000 + restart: unless-stopped + +volumes: + cs2: diff --git a/examples/dashy/README.md b/examples/dashy/README.md new file mode 100644 index 0000000..828ae4f --- /dev/null +++ b/examples/dashy/README.md @@ -0,0 +1,10 @@ +# References + +- https://github.com/Lissy93/dashy + +# Notes + +> [!CAUTION] +> Dashy's authentication happens on the client side only, which can be easily bypassed by an attacker. It is not recommended to expose Dashy, as it is not considered secure. +> +> More information [here](https://subract.dev/posts/dashy/) \ No newline at end of file diff --git a/examples/dashy/docker-compose.yml b/examples/dashy/docker-compose.yml new file mode 100644 index 0000000..410b3b2 --- /dev/null +++ b/examples/dashy/docker-compose.yml @@ -0,0 +1,23 @@ +--- +version: "3.8" +services: + dashy: + container_name: dashy + hostname: dashy + image: lissy93/dashy + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/config/config.yml:/app/public/conf.yml + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/dashy/icons:/app/public/item-icons + environment: + - NODE_ENV=production + - UID=1000 + - GID=1000 + restart: unless-stopped + ports: + - 4000:80 + healthcheck: + test: ['CMD', 'node', '/app/services/healthcheck'] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s diff --git a/examples/deemix/README.md b/examples/deemix/README.md new file mode 100644 index 0000000..e29d0fe --- /dev/null +++ b/examples/deemix/README.md @@ -0,0 +1,3 @@ +# References + +- https://gitlab.com/Bockiii/deemix-docker diff --git a/examples/deemix/docker-compose.yml b/examples/deemix/docker-compose.yml new file mode 100644 index 0000000..9ea0b03 --- /dev/null +++ b/examples/deemix/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3" + +services: + deemix: + container_name: deemix + environment: + - PUID=1000 + - PGID=1000 + hostname: deemix + image: registry.gitlab.com/bockiii/deemix-docker:latest + restart: unless-stopped + ports: + - 6595:6595 + expose: + - 6595 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/deemix/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/deemix/downloads:/downloads + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.deemix.rule=Host(`deemix.example.com`) + # - traefik.http.services.deemix.loadbalancer.server.port=6595 + # # Optional part for traefik middlewares + # - traefik.http.routers.deemix.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/examples/docmost/README.md b/examples/docmost/README.md new file mode 100644 index 0000000..644ea72 --- /dev/null +++ b/examples/docmost/README.md @@ -0,0 +1,7 @@ +# References + +- https://github.com/docmost/docmost + +# Notes + +Ensure to adjust the `APP_URL` environment variable to your domain name with correct protocol (http or https) if you use a reverse proxy. diff --git a/examples/docmost/docker-compose.yml b/examples/docmost/docker-compose.yml new file mode 100644 index 0000000..2a24fec --- /dev/null +++ b/examples/docmost/docker-compose.yml @@ -0,0 +1,72 @@ +version: '3' + +services: + + docmost: + image: docmost/docmost:0.2.10 + container_name: docmost + depends_on: + - db + - redis + environment: + - APP_URL=http://127.0.0.1:3000 + - APP_SECRET=A_VERY_SECURE_STRING + - DATABASE_URL=postgresql://docmost:STRONG_DB_PASSWORD@db:5432/docmost?schema=public + - REDIS_URL=redis://redis:6379 + # --------- S3 Storage Configuration -------- + #- STORAGE_DRIVER=s3 # 'local' is the default; if you use s3 then fill out below env variables + #- AWS_S3_ACCESS_KEY_ID=xxx # Your AWS S3 access key ID + #- AWS_S3_SECRET_ACCESS_KEY=xxx # Your AWS S3 secret access key + #- AWS_S3_REGION=xxx # The region where your S3 bucket is located + #- AWS_S3_BUCKET=xxx # The name of your S3 bucket + #- AWS_S3_ENDPOINT=xxx # The endpoint URL for your S3 service (optional) + # --------- Mail Configuration -------- + #- MAIL_DRIVER=smtp + #- SMTP_HOST=smtp.gmail.com + #- SMTP_PORT=587 + #- SMTP_USERNAME=smtpuser + #- SMTP_PASSWORD=smtppassword + #- MAIL_FROM_ADDRESS=hello@example.com + #- MAIL_FROM_NAME=Docmost + ports: + - 3000:3000 + expose: + - 3000 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/storage:/app/data/storage + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.docmost.rule=Host(`wiki.example.com`) + # - traefik.http.services.docmost.loadbalancer.server.port=3000 + # # Optional part for traefik middlewares + # - traefik.http.routers.docmost.middlewares=local-ipwhitelist@file + + db: + image: postgres:16-alpine + container_name: docmost-db + environment: + - POSTGRES_DB=docmost + - POSTGRES_USER=docmost + - POSTGRES_PASSWORD=STRONG_DB_PASSWORD + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/database:/var/lib/postgresql/data + #networks: + # - proxy + + redis: + image: redis:7.2-alpine + container_name: docmost-redis + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docmost/redis:/data + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/docuseal/README.md b/examples/docuseal/README.md new file mode 100644 index 0000000..9a624cc --- /dev/null +++ b/examples/docuseal/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/docusealco/docuseal diff --git a/examples/docuseal/docker-compose.yml b/examples/docuseal/docker-compose.yml new file mode 100644 index 0000000..46c61d6 --- /dev/null +++ b/examples/docuseal/docker-compose.yml @@ -0,0 +1,52 @@ +version: '3' + +services: + + app: + image: docuseal/docuseal:latest + container_name: docuseal + restart: unless-stopped + environment: + - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/docuseal + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docuseal/data:/data + depends_on: + postgres: + condition: service_healthy + ports: + - 3000:3000 + expose: + - 3000 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.docuseal.rule=Host(`docuseal.example.com`) + # - traefik.http.services.docuseal.loadbalancer.server.port=3000 + # # Optional part for traefik middlewares + # - traefik.http.routers.docuseal.middlewares=local-ipwhitelist@file,authelia@docker + + postgres: + image: postgres:15-alpine + container_name: docuseal-db + restart: unless-stopped + environment: + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=postgres + - POSTGRES_DB=docuseal + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docuseal/pg_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + expose: + - 5432 + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/domainmod/README.md b/examples/domainmod/README.md new file mode 100644 index 0000000..f48c50b --- /dev/null +++ b/examples/domainmod/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/domainmod/domainmod \ No newline at end of file diff --git a/examples/domainmod/docker-compose.yml b/examples/domainmod/docker-compose.yml new file mode 100644 index 0000000..3acedee --- /dev/null +++ b/examples/domainmod/docker-compose.yml @@ -0,0 +1,40 @@ +--- +version: '3.7' +services: + app: + image: domainmod/domainmod:latest + container_name: domainmod_app + hostname: domainmod_app + depends_on: + - db + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - DOMAINMOD_WEB_ROOT= + - DOMAINMOD_DATABASE_HOST=db + - DOMAINMOD_DATABASE=domainmod + - DOMAINMOD_USER=domainmod + - DOMAINMOD_PASSWORD=password1 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/domainmod/app:/var/www/html + ports: + - 8080:80 + restart: unless-stopped + + db: + image: ghcr.io/linuxserver/mariadb:alpine + container_name: domainmod_db + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - MYSQL_DATABASE=domainmod + - MYSQL_USER=domainmod + - MYSQL_PASSWORD=password1 + - MYSQL_ROOT_PASSWORD=password2 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/domainmod/database:/config + expose: + - 3306 + restart: unless-stopped diff --git a/examples/drone/README.md b/examples/drone/README.md new file mode 100644 index 0000000..03c3d40 --- /dev/null +++ b/examples/drone/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/harness/drone diff --git a/examples/drone/docker-compose.yml b/examples/drone/docker-compose.yml new file mode 100644 index 0000000..f251cc2 --- /dev/null +++ b/examples/drone/docker-compose.yml @@ -0,0 +1,55 @@ +version: "3.7" + +services: + drone-server: + image: drone/drone:latest + container_name: drone-server + restart: unless-stopped + dns: + - 192.168.178.100 # specify your internal dns server for proper dns lookups; especially if you are using https and hostnames + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/drone/data:/var/lib/drone + #- /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - DRONE_DEBUG=true + #- DRONE_ADMIN=droneadm + #- DRONE_USER_CREATE=username:droneadm,admin:true + - DRONE_SERVER_PORT=:80 + - DRONE_DATABASE_DRIVER=sqlite3 + - DRONE_GIT_ALWAYS_AUTH=false + - DRONE_GITEA_SERVER=https://git.domain.tld # change this to your gitea instance + - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42 + - DRONE_SERVER_HOST=drone.domain.tld # change this to your drone instance + - DRONE_HOST=https://drone.domain.tld # change this to your drone instance; adjust http/https + - DRONE_SERVER_PROTO=https # adjust http/https + - DRONE_TLS_AUTOCERT=false + - DRONE_AGENTS_ENABLED=true + - DRONE_GITEA_CLIENT_ID=XXX-XXX # change this to your client ID from Gitea; see https://docs.drone.io/server/provider/gitea/ + - DRONE_GITEA_CLIENT_SECRET=XXX-XXX # change this to your client secret from Gitea; see https://docs.drone.io/server/provider/gitea/ + networks: + - proxy + labels: + - traefik.enable=true + - traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`) + - traefik.http.services.drone-server.loadbalancer.server.port=80 + - traefik.docker.network=proxy + # Part for local lan services only; disable to expose externally + - traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file + + drone-agent: + image: drone/agent:1.2.1 + command: agent + restart: unless-stopped + container_name: drone-agent + volumes: + - /var/run/docker.sock:/var/run/docker.sock # optional; necessary if you run docker runners and need access to docker socket + environment: + - DRONE_RPC_SERVER=http://drone-server:80 + - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42 + - DRONE_RUNNER_CAPACITY=2 + networks: + - proxy + +networks: + proxy: + external: true diff --git a/examples/droppy/README.md b/examples/droppy/README.md new file mode 100644 index 0000000..66d64bc --- /dev/null +++ b/examples/droppy/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/silverwind/droppy (deprecated) diff --git a/examples/droppy/docker-compose-deprecated.yml b/examples/droppy/docker-compose-deprecated.yml new file mode 100644 index 0000000..11701a0 --- /dev/null +++ b/examples/droppy/docker-compose-deprecated.yml @@ -0,0 +1,16 @@ +version: '2' + +services: + droppy: + container_name: droppy + image: silverwind/droppy + ports: + - 8989:8989 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/droppy/config:/config + - /path/to/my/data/for/sharing:/files # path to shared files + environment: + - UID=1000 + - GID=1000 + - TZ="Europe/Berlin" + restart: unless-stopped diff --git a/examples/duplicacy/README.md b/examples/duplicacy/README.md new file mode 100644 index 0000000..eb7f9e4 --- /dev/null +++ b/examples/duplicacy/README.md @@ -0,0 +1,4 @@ +# References + +- https://hub.docker.com/r/saspus/duplicacy-web +- https://spin.atomicobject.com/2021/02/06/duplicacy-docker-image/ diff --git a/examples/duplicacy/docker-compose.yml b/examples/duplicacy/docker-compose.yml new file mode 100644 index 0000000..be355b8 --- /dev/null +++ b/examples/duplicacy/docker-compose.yml @@ -0,0 +1,21 @@ +--- +version: '3.7' + +services: + duplicacy-web: + container_name: duplicacy-web + hostname: myhost # pls adjust + image: saspus/duplicacy-web:mini + environment: + - USR_ID=1000 # user account id on the system + - GRP_ID=1000 # group id on the system + - TZ=Europe/Berlin + - DUPLICACY_WEB_VERSION=latest + ports: + - "3875:3875/tcp" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/logs:/logs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicacy-web/cache:/cache + - /path/to/my/data/dir1:/data/dir1:ro # 1st path to your data for backup + - /path/to/my/data/dir2:/data/dir2:ro # 2nd path to your data for backup diff --git a/examples/duplicati/README.md b/examples/duplicati/README.md new file mode 100644 index 0000000..f90c80a --- /dev/null +++ b/examples/duplicati/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/duplicati/duplicati \ No newline at end of file diff --git a/examples/duplicati/docker-compose.yml b/examples/duplicati/docker-compose.yml new file mode 100644 index 0000000..9440ebf --- /dev/null +++ b/examples/duplicati/docker-compose.yml @@ -0,0 +1,28 @@ +version: "3" + +services: + duplicati: + container_name: duplicati + entrypoint: + - /init + ports: + - 8200:8200 # MGMT UI + environment: + - PUID=0 + - PGID=1000 + - TZ=Europe/Berlin + hostname: duplicati + image: linuxserver/duplicati:latest + #labels: + # - com.centurylinklabs.watchtower.enable=false + # - traefik.enable=true + # - traefik.http.routers.duplicati.rule=Host(`duplicati.example.com`) + # - traefik.http.services.duplicati.loadbalancer.server.port=8200 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.duplicati.middlewares=local-ipwhitelist@file + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/backups:/backups + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/duplicati/config:/config + - /path/to/my/data/to/backup:/source # change this diff --git a/examples/evershop/README.md b/examples/evershop/README.md new file mode 100644 index 0000000..0046ef6 --- /dev/null +++ b/examples/evershop/README.md @@ -0,0 +1,18 @@ +# References + +- https://github.com/evershopcommerce/evershop +- https://evershop.io/docs/development/getting-started/installation-guide + +# Notes + +After spawning up the docker containers, the webshop will be available on http://127.0.0.1:3000. + +You can access the admin dashboard at /admin. You must create a new admin user by Docker exec as follows: + +```` +# exec into the evershop container +docker exec -it evershop sh + +# creating a new admin user +npm run user:create -- --email "myemail@example.com" --password "MySuperSecurePassword" --name "MyName" +```` \ No newline at end of file diff --git a/examples/evershop/docker-compose.yml b/examples/evershop/docker-compose.yml new file mode 100644 index 0000000..ca4eabe --- /dev/null +++ b/examples/evershop/docker-compose.yml @@ -0,0 +1,48 @@ +version: '3.8' + +services: + + app: + image: evershop/evershop:latest + container_name: evershop + restart: always + environment: + DB_HOST: database + DB_PORT: 5432 + DB_PASSWORD: postgres + DB_USER: postgres + DB_NAME: postgres + depends_on: + - database + ports: + - 3000:3000 + expose: + - 3000 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.evershop.rule=Host(`shop.example.com`) + # - traefik.http.services.evershop.loadbalancer.server.port=3000 + # # Part for optional traefik middlewares + # - traefik.http.routers.evershop.middlewares=local-ipwhitelist@file,authelia@docker + + database: + image: postgres:16 + container_name: evershop-db + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/evershop/psqldata:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: postgres + POSTGRES_USER: postgres + POSTGRES_DB: postgres + expose: + - 5432 + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/excalidraw/README.md b/examples/excalidraw/README.md new file mode 100644 index 0000000..e98533b --- /dev/null +++ b/examples/excalidraw/README.md @@ -0,0 +1,10 @@ +# References + +- https://github.com/excalidraw/excalidraw + +# Notes + +Collaboration is not yet supported natively. You would have to also host an Excalidraw collaboration room: + +- https://github.com/excalidraw/excalidraw-room +- https://github.com/excalidraw/excalidraw/issues/4993#issuecomment-1783669768 \ No newline at end of file diff --git a/examples/excalidraw/docker-compose.yml b/examples/excalidraw/docker-compose.yml new file mode 100644 index 0000000..f8ea525 --- /dev/null +++ b/examples/excalidraw/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3.8" + +services: + excalidraw: + container_name: excalidraw + image: excalidraw/excalidraw:latest + ports: + - "3000:80" + restart: unless-stopped + stdin_open: true + healthcheck: + disable: true + environment: + - NODE_ENV=production + #networks: + # - proxy + #volumes: + # - ./:/opt/node_app/app:delegated + # - ./package.json:/opt/node_app/package.json + # - ./yarn.lock:/opt/node_app/yarn.lock + # - notused:/opt/node_app/app/node_modules + #labels: + # - traefik.enable=true + # - traefik.http.routers.excalidraw.rule=Host(`draw.example.com`) + # - traefik.http.services.excalidraw.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.excalidraw.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/fail2ban/README.md b/examples/fail2ban/README.md new file mode 100644 index 0000000..5f15069 --- /dev/null +++ b/examples/fail2ban/README.md @@ -0,0 +1,6 @@ +# References + +- https://github.com/crazy-max/docker-fail2ban +- https://blog.lrvt.de/configuring-fail2ban-with-traefik/ +- https://blog.lrvt.de/fail2ban-with-nginx-proxy-manager/ +- https://github.com/l4rm4nd/F2BFilters diff --git a/examples/fail2ban/docker-compose.yml b/examples/fail2ban/docker-compose.yml new file mode 100644 index 0000000..cc04635 --- /dev/null +++ b/examples/fail2ban/docker-compose.yml @@ -0,0 +1,18 @@ +version: "3" + +services: + fail2ban: + container_name: fail2ban + cap_add: + - NET_ADMIN + - NET_RAW + environment: + - TZ=Europe/Berlin + - F2B_DB_PURGE_AGE=14d + image: crazymax/fail2ban:latest + network_mode: host + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/fail2Ban/data:/data + - /path/to/my/logs/to/monitor:/var/log + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik diff --git a/examples/filebrowser/README.md b/examples/filebrowser/README.md new file mode 100644 index 0000000..9f186c8 --- /dev/null +++ b/examples/filebrowser/README.md @@ -0,0 +1,8 @@ +# References + +- https://github.com/hurlenko/filebrowser-docker +- https://github.com/filebrowser/filebrowser + +# Notes + +Default login is `admin:admin` as mentioned [here](https://filebrowser.org/installation#:~:text=You%20just%20need%20to%20go,Password%3A%20admin). diff --git a/examples/filebrowser/docker-compose.yml b/examples/filebrowser/docker-compose.yml new file mode 100644 index 0000000..9a733db --- /dev/null +++ b/examples/filebrowser/docker-compose.yml @@ -0,0 +1,15 @@ +version: "3" + +services: + filebrowser: + image: hurlenko/filebrowser + container_name: filebrowser + user: 1000:1000 # adjust to your needs + ports: + - 8080:8080 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/data:/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filebrowser/config:/config + environment: + - FB_BASEURL=/filebrowser + restart: unless-stopped diff --git a/examples/filerun/README.md b/examples/filerun/README.md new file mode 100644 index 0000000..9aeefda --- /dev/null +++ b/examples/filerun/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/filerun/docker diff --git a/examples/filerun/docker-compose.yml b/examples/filerun/docker-compose.yml new file mode 100644 index 0000000..fefad3f --- /dev/null +++ b/examples/filerun/docker-compose.yml @@ -0,0 +1,32 @@ +version: '2' + +services: + db: + image: mariadb:10.1 + container_name: filerun-db + environment: + - MYSQL_ROOT_PASSWORD=your_mysql_root_password + - MYSQL_USER=your_filerun_username + - MYSQL_PASSWORD=your_filerun_password + - MYSQL_DATABASE=your_filerun_database + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/db:/var/lib/mysql + + filerun: + image: filerun/filerun + container_name: filerun + environment: + - FR_DB_HOST=db + - FR_DB_PORT=3306 + - FR_DB_USER=your_filerun_username + - FR_DB_PASS=your_filerun_password + - FR_DB_NAME=your_filerun_database + depends_on: + - db + links: + - db:db + ports: + - 8080:80 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/html:/var/www/html + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/filerun/files:/user-files diff --git a/examples/firefly/.env b/examples/firefly/.env new file mode 100644 index 0000000..d4811a7 --- /dev/null +++ b/examples/firefly/.env @@ -0,0 +1,316 @@ +# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. +# Never set it to "testing". +APP_ENV=local + +# Set to true if you want to see debug information in error screens. +APP_DEBUG=false + +# This should be your email address. +# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE +# The variable is used in some errors shown to users who aren't admin. +SITE_OWNER=mail@example.com + +# The encryption key for your sessions. Keep this very secure. +# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it. +# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE +# +# Avoid the "#" character in your APP_KEY, it may break things. +# +APP_KEY=SomeRandomStringOf32CharsExactly + +# Firefly III will launch using this language (for new users and unauthenticated visitors) +# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang +# +# If text is still in English, remember that not everything may have been translated. +DEFAULT_LANGUAGE=en_US + +# The locale defines how numbers are formatted. +# by default this value is the same as whatever the language is. +DEFAULT_LOCALE=equal + +# Change this value to your preferred time zone. +# Example: Europe/Amsterdam +# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Europe/Berlin + +# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. +TRUSTED_PROXIES=* + +# The log channel defines where your log entries go to. +# Several other options exist. You can use 'single' for one big fat error log (not recommended). +# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. +# A rotating log option is 'daily', creates 5 files that (surprise) rotate. +# A cool option is 'papertrail' for cloud logging +# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time. +LOG_CHANNEL=stack + +# +# Used when logging to papertrail: +# +PAPERTRAIL_HOST= +PAPERTRAIL_PORT= + +# Log level. You can set this from least severe to most severe: +# debug, info, notice, warning, error, critical, alert, emergency +# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably +# nothing will get logged, ever. +APP_LOG_LEVEL=notice + +# Audit log level. +# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise. +AUDIT_LOG_LEVEL=info + +# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III +# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +# Use "pgsql" for PostgreSQL +# Use "mysql" for MySQL and MariaDB. +# Use "sqlite" for SQLite. +DB_CONNECTION=mysql +DB_HOST=db +DB_PORT=3306 +DB_DATABASE=firefly +DB_USERNAME=firefly +DB_PASSWORD=MySecretDatabasePassword +# leave empty or omit when not using a socket connection +DB_SOCKET= + +# MySQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MYSQL_USE_SSL=false +MYSQL_SSL_VERIFY_SERVER_CERT=true +# You need to set at least of these options +MYSQL_SSL_CAPATH=/etc/ssl/certs/ +MYSQL_SSL_CA= +MYSQL_SSL_CERT= +MYSQL_SSL_KEY= +MYSQL_SSL_CIPHER= + +# PostgreSQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +PGSQL_SSL_MODE=prefer +PGSQL_SSL_ROOT_CERT=null +PGSQL_SSL_CERT=null +PGSQL_SSL_KEY=null +PGSQL_SSL_CRL_FILE=null + +# more PostgreSQL settings +PGSQL_SCHEMA=public + +# If you're looking for performance improvements, you could install memcached or redis +CACHE_DRIVER=file +SESSION_DRIVER=file + +# If you set either of the options above to 'redis', you might want to update these settings too +# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or +# REDIS_PORT_FILE to set the value from a file instead of from an environment variable + +# can be tcp, unix or http +REDIS_SCHEME=tcp + +# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise. +REDIS_PATH= + +# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise. +REDIS_HOST=127.0.0.1 +REDIS_PORT=6379 + +# Use only with Redis 6+ with proper ACL set. Leave empty otherwise. +REDIS_USERNAME= +REDIS_PASSWORD= + +# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly. +REDIS_DB="0" +REDIS_CACHE_DB="1" + +# Cookie settings. Should not be necessary to change these. +# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set +# the value from a file instead of from an environment variable +# Setting samesite to "strict" may give you trouble logging in. +COOKIE_PATH="/" +COOKIE_DOMAIN= +COOKIE_SECURE=false +COOKIE_SAMESITE=lax + +# If you want Firefly III to email you, update these settings +# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MAIL_MAILER=log +MAIL_HOST=null +MAIL_PORT=2525 +MAIL_FROM=changeme@example.com +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null + +# Other mail drivers: +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MAILGUN_DOMAIN= +MAILGUN_SECRET= + +# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net +# If you use Docker or similar, you can set this variable from a file by appending it with _FILE +MAILGUN_ENDPOINT=api.mailgun.net + +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MANDRILL_SECRET= +SPARKPOST_SECRET= + +# Firefly III can send you the following messages. +SEND_ERROR_MESSAGE=true + +# These messages contain (sensitive) transaction information: +SEND_REPORT_JOURNALS=true + +# Set this value to true if you want to set the location +# of certain things, like transactions. Since this involves an external service, it's optional +# and disabled by default. +ENABLE_EXTERNAL_MAP=false + +# Set this value to true if you want Firefly III to download currency exchange rates +# from the internet. These rates are hosted by the creator of Firefly III inside +# an Azure Storage Container. +# Not all currencies may be available. Rates may be wrong. +ENABLE_EXTERNAL_RATES=false + +# The map will default to this location: +MAP_DEFAULT_LAT=51.983333 +MAP_DEFAULT_LONG=5.916667 +MAP_DEFAULT_ZOOM=6 + +# +# Firefly III authentication settings +# + +# +# Firefly III supports a few authentication methods: +# - 'web' (default, uses built in DB) +# - 'remote_user_guard' for Authelia etc +# Read more about these settings in the documentation. +# https://docs.firefly-iii.org/advanced-installation/authentication +# +# LDAP is no longer supported :( +# +AUTHENTICATION_GUARD=web + +# +# Remote user guard settings +# +AUTHENTICATION_GUARD_HEADER=REMOTE_USER +AUTHENTICATION_GUARD_EMAIL= + +# +# Firefly III generates a basic keypair for your OAuth tokens. +# If you want, you can overrule the key with your own (secure) value. +# It's also possible to set PASSPORT_PUBLIC_KEY_FILE or PASSPORT_PRIVATE_KEY_FILE +# if you're using Docker secrets or similar solutions for secret management +# +PASSPORT_PRIVATE_KEY= +PASSPORT_PUBLIC_KEY= + +# +# Extra authentication settings +# +CUSTOM_LOGOUT_URL= + +# You can disable the X-Frame-Options header if it interferes with tools like +# Organizr. This is at your own risk. Applications running in frames run the risk +# of leaking information to their parent frame. +DISABLE_FRAME_HEADER=false + +# You can disable the Content Security Policy header when you're using an ancient browser +# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really) +# This leaves you with the risk of not being able to stop XSS bugs should they ever surface. +# This is at your own risk. +DISABLE_CSP_HEADER=false + +# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here. +# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to. +# Do not prepend the TRACKER_URL with http:// or https:// +# The only tracker supported is Matomo. +# You can set the following variables from a file by appending them with _FILE: +TRACKER_SITE_ID= +TRACKER_URL= + +# +# Firefly III supports webhooks. These are security sensitive and must be enabled manually first. +# +ALLOW_WEBHOOKS=false + +# +# The static cron job token can be useful when you use Docker and wish to manage cron jobs. +# 1. Set this token to any 32-character value (this is important!). +# 2. Use this token in the cron URL instead of a user's command line token. +# +# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/ +# +# You can set this variable from a file by appending it with _FILE +# +STATIC_CRON_TOKEN= + +# You can fine tune the start-up of a Docker container by editing these environment variables. +# Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data. +# However if you know what you're doing you can significantly speed up container start times. +# Set each value to true to enable, or false to disable. + +# Set this to true to build all locales supported by Firefly III. +# This may take quite some time (several minutes) and is generally not recommended. +# If you wish to change or alter the list of locales, start your Docker container with +# `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true` +# and make sure your preferred locales are in your own locale.gen. +DKR_BUILD_LOCALE=false + +# Check if the SQLite database exists. Can be skipped if you're not using SQLite. +# Won't significantly speed up things. +DKR_CHECK_SQLITE=true + +# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists +# and is up to date. +DKR_RUN_MIGRATION=true + +# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date +# with the latest fixes (outside of migrations!) +DKR_RUN_UPGRADE=true + +# Verify database integrity. Includes all data checks and verifications. +# Disabling this makes Firefly III assume your DB is intact. +DKR_RUN_VERIFY=true + +# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state. +# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues. +DKR_RUN_REPORT=true + +# Generate OAuth2 keys. +# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if) +# you had previously generated keys already and they're stored in your database for restoration. +DKR_RUN_PASSPORT_INSTALL=true + +# Leave the following configuration vars as is. +# Unless you like to tinker and know what you're doing. +APP_NAME=FireflyIII +BROADCAST_DRIVER=log +QUEUE_DRIVER=sync +CACHE_PREFIX=firefly +PUSHER_KEY= +IPINFO_TOKEN= +PUSHER_SECRET= +PUSHER_ID= +DEMO_USERNAME= +DEMO_PASSWORD= +IS_HEROKU=false +FIREFLY_III_LAYOUT=v1 + +# +# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable. +# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking. +# This configuration value WILL NOT HELP. +# +# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff. +# +# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else. +# So when configuring anything WEB related this variable doesn't do anything. Nothing +# +# If you're stuck I understand you get desperate but look SOMEWHERE ELSE. +# +APP_URL=http://localhost diff --git a/examples/firefly/README.md b/examples/firefly/README.md new file mode 100644 index 0000000..2d0aff9 --- /dev/null +++ b/examples/firefly/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/firefly-iii/docker +- https://docs.firefly-iii.org/firefly-iii/installation/docker/ diff --git a/examples/firefly/docker-compose.yml b/examples/firefly/docker-compose.yml new file mode 100644 index 0000000..4b8567f --- /dev/null +++ b/examples/firefly/docker-compose.yml @@ -0,0 +1,26 @@ +version: '3.3' + +services: + app: + image: fireflyiii/core:latest + container_name: firefly + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/upload:/var/www/html/storage/upload + env_file: .env + ports: + - 80:8080 + depends_on: + - db + + db: + image: mariadb + container_name: firefly-db + restart: unless-stopped + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + - MYSQL_USER=firefly + - MYSQL_PASSWORD=MySecretDatabasePassword # if changed --> also update in .env file + - MYSQL_DATABASE=firefly + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefly/mysql:/var/lib/mysql diff --git a/examples/firefox/README.md b/examples/firefox/README.md new file mode 100644 index 0000000..221a529 --- /dev/null +++ b/examples/firefox/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/linuxserver/firefox diff --git a/examples/firefox/docker-compose.yml b/examples/firefox/docker-compose.yml new file mode 100644 index 0000000..bea9a2e --- /dev/null +++ b/examples/firefox/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3.3" + +services: + firefox: + image: lscr.io/linuxserver/firefox:latest + container_name: firefox + hostname: firefox + restart: unless-stopped + security_opt: + - seccomp:unconfined # optional + environment: + - PUID=1000 # optional + - PGID=1000 # optional + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firefox/config:/config + ports: + - 3210:3000 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.firefox.rule=Host(`firefox.example.com`) + # - traefik.http.services.firefox.loadbalancer.server.port=8080 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.firefox.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true diff --git a/examples/firezone/.env b/examples/firezone/.env new file mode 100644 index 0000000..4fb2521 --- /dev/null +++ b/examples/firezone/.env @@ -0,0 +1,33 @@ +# Change these settings +EXTERNAL_URL=https://firezone.example.com +DEFAULT_ADMIN_EMAIL=admin@example.com +DEFAULT_ADMIN_PASSWORD=ins4vOVm9RwuiY4j + +GUARDIAN_SECRET_KEY=qAWbvgyHUQVgRtF+JaJseNIt779CLADuYZdWfXPy4R6zQ51wom0SJtpvEVIGYKH0 +SECRET_KEY_BASE=lThlZfb7E79kgKdg7q9e2jf/XF7VXSg/sFFi6xD7CUhVOybLhkYPyeYbFmIJ3Nv0 +LIVE_VIEW_SIGNING_SALT=+lKcWppaW5GPqfYupk8qjuAfWuuHDxRA +COOKIE_SIGNING_SALT=i+nxqzyT +COOKIE_ENCRYPTION_SALT=CyMASGO+ +DATABASE_ENCRYPTION_KEY=ftVUOP6G7twvORBaxVR1Z1d8gaKeJMeOIOtR+Zc1sIs= +DATABASE_PASSWORD=cN8IrZTSBMgcu++k + +# The ability to change the IPv4 and IPv6 address pool will be removed +# in a future Firezone release in order to reduce the possible combinations +# of network configurations we need to handle. +# +# Due to the above, we recommend not changing these unless absolutely +# necessary. +WIREGUARD_IPV4_NETWORK=100.64.0.0/10 +WIREGUARD_IPV4_ADDRESS=100.64.0.1 +WIREGUARD_IPV6_NETWORK=fd00::/106 +WIREGUARD_IPV6_ADDRESS=fd00::1 + +#PHOENIX_EXTERNAL_TRUSTED_PROXIES=["192.168.178.0/24"] +#PHOENIX_PRIVATE_CLIENTS=["192.168.0.0/24"] + +# further env variables +# see https://github.com/firezone/firezone/blob/legacy/website/src/app/docs/reference/env-vars/readme.mdx + +TELEMETRY_ENABLED=false +CONNECTIVITY_CHECKS_ENABLED=false +LOCAL_AUTH_ENABLED=true diff --git a/examples/firezone/README.md b/examples/firezone/README.md new file mode 100644 index 0000000..7e7a3e1 --- /dev/null +++ b/examples/firezone/README.md @@ -0,0 +1,44 @@ +# Reference + +- https://github.com/l4rm4nd/firezone (fork, maintained) +- https://github.com/firezone/firezone/tree/legacy (EoL) + +> [!WARNING] +> Firezone v0.7 has reached End-of-Life on 31st January 2024. +> +> It undergoes a complete redesign (zero-knowledge, cloud) for v1.0 and won't provide any updates for the v0.7 (legacy) branch anymore. More information can be found [here](https://www.firezone.dev/blog/firezone-1-0). + +> [!TIP] +> A new fork (l4rm4nd/fireabend) tries to fix outdated dependencies and keep the software alive. +> +> The fork starts with a new v7.0.0 release version and tag. + +# Notes + +```` +# download compose file +wget https://raw.githubusercontent.com/Haxxnet/Compose-Examples/main/examples/firezone/docker-compose.yml + +# generate an .env file +docker run --rm ghcr.io/l4rm4nd/firezone:latest bin/gen-env > .env + +# adjust .env file to your needs +# define EXTERNAL_URL + DEFAULT_ADMIN_EMAIL + DEFAULT_ADMIN_PASSWORD + +# disable telemetry via .env +echo -e "\nTELEMETRY_ENABLED=false" >> .env + +# enable local auth +echo -e "\nLOCAL_AUTH_ENABLED=true" >> .env + +# migrate database and create admin user +docker compose run --rm firezone bin/migrate +docker compose run --rm firezone bin/create-or-reset-admin + +# spawn the container stack +docker compose up -d +```` + +Afterwards, the admin mgmt UI is accessible on http://127.0.0.1:13000. + +It is recommended to combine Firezone with a TLS reverse proxy such as Traefik as well as with an Identity Provider (IdP) such as Keycloak or Authentik for Single-Sign-On (SSO). Once SSO is enabled, you should disable the possibility for local authentication via the .env file. diff --git a/examples/firezone/docker-compose.yml b/examples/firezone/docker-compose.yml new file mode 100644 index 0000000..8cbbbb0 --- /dev/null +++ b/examples/firezone/docker-compose.yml @@ -0,0 +1,72 @@ +x-deploy: &default-deploy + restart_policy: + condition: unless-stopped + delay: 5s + window: 120s + update_config: + order: start-first + +version: "3.7" + +services: + + firezone: + image: l4rm4nd/firezone + container_name: firezone-web + ports: + - 51820:51820/udp + - 127.0.0.1:13000:13000/tcp + expose: + - 13000 + env_file: + # This should contain a list of env vars for configuring Firezone. + # See https://docs.firezone.dev/reference/env-vars for more info. + - ${FZ_INSTALL_DIR:-.}/.env + volumes: + # IMPORTANT: Persists WireGuard private key and other data. If + # /var/firezone/private_key exists when Firezone starts, it is + # used as the WireGuard private. Otherwise, one is generated. + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/data:/var/firezone + cap_add: + # Needed for WireGuard and firewall support. + - NET_ADMIN + - SYS_MODULE + sysctls: + # Needed for masquerading and NAT. + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv4.ip_forward=1 + - net.ipv6.conf.all.forwarding=1 + depends_on: + - postgres + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.firezone_https.rule=Host(`firezone.example.com`) + # - traefik.http.routers.firezone_https.tls=true + # - traefik.http.services.firezone.loadbalancer.server.port=13000 + # #- traefik.http.routers.firezone.middlewares=local-ipwhitelist@file + + deploy: + <<: *default-deploy + + postgres: + image: postgres:15-alpine + container_name: firezone-db + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/firezone/db:/var/lib/postgresql/data + environment: + POSTGRES_DB: ${DATABASE_NAME:-firezone} + POSTGRES_USER: ${DATABASE_USER:-postgres} + POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err} + deploy: + <<: *default-deploy + update_config: + order: stop-first + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/flame/README.md b/examples/flame/README.md new file mode 100644 index 0000000..e3cc335 --- /dev/null +++ b/examples/flame/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/pawelmalak/flame \ No newline at end of file diff --git a/examples/flame/docker-compose.yml b/examples/flame/docker-compose.yml new file mode 100644 index 0000000..debd47e --- /dev/null +++ b/examples/flame/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.6' + +services: + flame: + image: pawelmalak/flame + container_name: flame + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/flame:/app/data + #- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration + ports: + - 5005:5005 + environment: + - PASSWORD=MyStrongLoginPassword + restart: unless-stopped diff --git a/examples/flaresolverr/README.md b/examples/flaresolverr/README.md new file mode 100644 index 0000000..bf18739 --- /dev/null +++ b/examples/flaresolverr/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/flaresolverr/flaresolverr \ No newline at end of file diff --git a/examples/flaresolverr/docker-compose.yml b/examples/flaresolverr/docker-compose.yml new file mode 100644 index 0000000..c00de32 --- /dev/null +++ b/examples/flaresolverr/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.3' + +services: + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: flaresolverr + ports: + - 8191:8191 + environment: + - LOG_LEVEL=${LOG_LEVEL:-info} + - LOG_HTML=${LOG_HTML:-false} + - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none} + - TZ=Europe/Berlin + restart: unless-stopped diff --git a/examples/forte/README.md b/examples/forte/README.md new file mode 100644 index 0000000..11021c5 --- /dev/null +++ b/examples/forte/README.md @@ -0,0 +1,9 @@ +# References + +- https://github.com/kaangiray26/forte + +# Notes + +After deploying, the forte admin dashboard will be available on TCP/3000. You can log into the web dashboard using `forte` as username and `alternative` as password. Please change those default credentials. Use a reverse proxy like Traefik if you plan on exposing the forte instance, as HTTPS is required to stream flawlessly. + +After creating a user account via the forte web dashboard, you can browse https://forte.buzl.uk/ and use your own server to stream music from. Specify your created user account and the automatically created password token. \ No newline at end of file diff --git a/examples/forte/docker-compose.yml b/examples/forte/docker-compose.yml new file mode 100644 index 0000000..13dc5e0 --- /dev/null +++ b/examples/forte/docker-compose.yml @@ -0,0 +1,59 @@ +version: '3' + +services: + app: + image: kaangiray26/forte:4.3 + container_name: forte + restart: on-failure + ports: + - 3000:3000 + depends_on: + postgres: + condition: service_healthy + environment: + port: 3000 # Set Port + version: "4.3" # Set Version + verbose: false # Verbose Logging + custom_about: false # For your own about page + hostname: localhost # Set Hostname + NODE_ENV: production # Set Node Environment + POSTGRES_HOST: postgres # Postgres Host/IP + POSTGRES_USER: forte # Set Postgres Username + POSTGRES_PASSWORD: forte # Set Postgres Password + POSTGRES_PORT: 5432 # Postgres Database Port + POSTGRES_DB: forte # Set Postgres Database Name + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/forte/library:/library # your music library to import from + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.forte.rule=Host(`forte.example.com`) + # - traefik.http.services.forte.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # - traefik.http.middlewares.cors.headers.customResponseHeaders.Access-Control-Allow-Origin=https://forte.buzl.uk + # - traefik.http.middlewares.cors.headers.customFrameOptionsValue=forte.buzl.uk + # - traefik.http.middlewares.cors.headers.customResponseHeaders.Cross-Origin-Resource-Policy=cross-origin + # - traefik.http.routers.forte.middlewares=cors,local-ipwhitelist@file + + postgres: + image: kaangiray26/postgres:2.0 + container_name: forte-db + restart: always + environment: + POSTGRES_DB: forte # Set Postgres Database Name + POSTGRES_USER: forte # Set Postgres Username + POSTGRES_PASSWORD: forte # Set Postgres Password + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/forte/db:/var/lib/postgresql/data + healthcheck: + test: [ "CMD-SHELL", "pg_isready -U forte" ] + interval: 10s + timeout: 5s + retries: 5 + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/ghost/.env b/examples/ghost/.env new file mode 100644 index 0000000..e195a80 --- /dev/null +++ b/examples/ghost/.env @@ -0,0 +1,12 @@ +DB_CLIENT=mysql +DB_HOST=database +DB_USER=ghost +DB_ROOT_PASS=password1 +DB_USER_PASS=password2 +DB_NAME=ghost + +SMTP_HOST=smtp.google.com +SMTP_PORT=587 +SMTP_USER=blog@example.com +SMTP_PASS=my-secure-smtp-password +SMTP_MAIL_FROM="Ghost 50% for over 5 minutes.", + "name": "Docker Container CPU Usage alert", + "noDataState": "no_data", + "notifications": [ + { + "uid": "snCrPizgk" + } + ] + }, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "decimals": 2, + "fieldConfig": { + "defaults": { + "unit": "percent" + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 8, + "gridPos": { + "h": 13, + "w": 14, + "x": 10, + "y": 1 + }, + "hiddenSeries": false, + "id": 62652, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": false, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 2, + "points": true, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_container_name", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "SELECT mean(\"usage_percent\") FROM \"docker_container_cpu\" WHERE (\"docker.group\" =~ /^()$/ AND \"host\" =~ /^$server$/) AND $timeFilter GROUP BY time($__interval), \"container_name\" fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 50, + "visible": true + } + ], + "timeRegions": [ + { + "$$hashKey": "object:192", + "colorMode": "background6", + "fill": true, + "fillColor": "rgba(234, 112, 112, 0.12)", + "line": false, + "lineColor": "rgba(237, 46, 24, 0.60)", + "op": "time" + } + ], + "title": "Docker Container CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:73", + "format": "percent", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:74", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "UP" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 0, + "y": 5 + }, + "id": 61998, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + } + ], + "measurement": "dns_query", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "result_code" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "server", + "operator": "=", + "value": "8.8.8.8" + } + ] + } + ], + "title": "Google DNS", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "0": { + "index": 0, + "text": "UP" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 2, + "y": 5 + }, + "id": 62372, + "links": [ + { + "targetBlank": true, + "title": "Status Codes", + "url": "https://github.com/influxdata/telegraf/tree/master/plugins/inputs/dns_query" + } + ], + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "alias": "Cloudflare", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "groupBy": [ + { + "params": [ + "10s" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "dns_query", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "logs", + "select": [ + [ + { + "params": [ + "rcode_value" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "server", + "operator": "=", + "value": "1.1.1.1" + } + ] + } + ], + "title": "Cloudflare DNS", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 4, + "y": 7 + }, + "id": 61860, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "mem", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "title": "RAM usage", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 70 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 7, + "y": 7 + }, + "id": 61863, + "links": [], + "maxDataPoints": 100, + "options": { + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "swap", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "used_percent" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "title": "Swap usage", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 1 + }, + { + "color": "red", + "value": 5 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 8 + }, + "id": 61862, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "zombies" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "title": "Zombies", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + }, + { + "color": "green", + "value": 200 + }, + { + "color": "red", + "value": 300 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 11 + }, + "id": 62094, + "links": [ + { + "targetBlank": true, + "title": "Link", + "url": "http://192.168.178.220:81/login" + } + ], + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "groupBy": [ + { + "params": [ + "15m" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "http_response", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "logs", + "select": [ + [ + { + "params": [ + "http_response_code" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "server", + "operator": "=", + "value": "https://google.com" + } + ] + } + ], + "title": "Google", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "light-orange", + "value": 950 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 1200 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 4, + "y": 11 + }, + "id": 61865, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "total_threads" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "title": "Threads", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + }, + { + "color": "green", + "value": 200 + }, + { + "color": "red", + "value": 300 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 14 + }, + "id": 62045, + "links": [ + { + "targetBlank": true, + "title": "Link", + "url": "https://example.com" + } + ], + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "groupBy": [ + { + "params": [ + "15m" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "http_response", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "logs", + "select": [ + [ + { + "params": [ + "http_response_code" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "server", + "operator": "=", + "value": "https://www.reddit.com" + } + ] + } + ], + "title": "Reddit", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 300 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 500 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 4, + "y": 14 + }, + "id": 61864, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "total" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "title": "Processes", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 10, + "y": 14 + }, + "id": 63703, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "SELECT last(\"n_cpus\") FROM \"docker\" WHERE (\"host\" =~ /^$server$/) AND $timeFilter GROUP BY time($__interval) fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series" + } + ], + "title": "CPU Swarm", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-yellow", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "docker.running {host: OMV-Docker-Telegraf}" + }, + "properties": [ + { + "id": "displayName", + "value": "Running Containers" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "docker.paused {host: OMV-Docker-Telegraf}" + }, + "properties": [ + { + "id": "displayName", + "value": "Paused Containers" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "docker.stopped {host: OMV-Docker-Telegraf}" + }, + "properties": [ + { + "id": "displayName", + "value": "Stopped Containers" + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 14 + }, + "id": 62807, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": false, + "text": {} + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "SELECT last(\"n_containers_running\") AS \"running\", last(\"n_containers_paused\") AS \"paused\", last(\"n_containers_stopped\") AS \"stopped\" FROM \"docker\" WHERE $timeFilter", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series" + } + ], + "title": "Docker Containers", + "type": "bargauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + }, + { + "color": "green", + "value": 200 + }, + { + "color": "red", + "value": 300 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 17 + }, + "id": 63704, + "links": [ + { + "targetBlank": true, + "title": "Link", + "url": "https://example.com" + } + ], + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "groupBy": [ + { + "params": [ + "15m" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "http_response", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "logs", + "select": [ + [ + { + "params": [ + "http_response_code" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "server", + "operator": "=", + "value": "https://www.reddit.com" + } + ] + } + ], + "title": "Reddit", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 4 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 8 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 4, + "y": 17 + }, + "id": 61859, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "system", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "load5" + ], + "type": "field" + }, + { + "params": [], + "type": "last" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "title": "LA medium", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "yellow", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 10, + "y": 17 + }, + "id": 62803, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.3", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "SELECT last(\"n_images\") FROM \"docker\" WHERE (\"host\" =~ /^$server$/) AND $timeFilter GROUP BY time($__interval) fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series" + } + ], + "title": "Docker Images", + "type": "stat" + }, + { + "alert": { + "alertRuleTags": {}, + "conditions": [ + { + "evaluator": { + "params": [ + 50 + ], + "type": "gt" + }, + "operator": { + "type": "and" + }, + "query": { + "params": [ + "E", + "5m", + "now" + ] + }, + "reducer": { + "params": [], + "type": "avg" + }, + "type": "query" + } + ], + "executionErrorState": "alerting", + "for": "5m", + "frequency": "5m", + "handler": 1, + "message": "OMV Docker host has reach > 80% CPU load for a time perioud of 5 minutes. Watch out!", + "name": "CPU Usage alert", + "noDataState": "no_data", + "notifications": [ + { + "uid": "snCrPizgk" + } + ] + }, + "aliasColors": { + "CPU Average": "rgb(196, 22, 42)" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 4, + "fillGradient": 10, + "gridPos": { + "h": 13, + "w": 12, + "x": 0, + "y": 20 + }, + "hiddenSeries": false, + "id": 62434, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "paceLength": 10, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "Core 0", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu0" + } + ] + }, + { + "alias": "Core 1", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu1" + } + ] + }, + { + "alias": "Core 2", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT distinct(\"usage_idle\") *-1+100 FROM \"cpu\" WHERE (\"cpu\" = 'cpu1') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "C", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu2" + } + ] + }, + { + "alias": "Core 3", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT distinct(\"usage_idle\") *-1+100 FROM \"cpu\" WHERE (\"cpu\" = 'cpu2') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "D", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu3" + } + ] + }, + { + "alias": "Core 4", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT distinct(\"usage_idle\") *-1+100 FROM \"cpu\" WHERE (\"cpu\" = 'cpu2') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "F", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu4" + } + ] + }, + { + "alias": "Core 5", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT distinct(\"usage_idle\") *-1+100 FROM \"cpu\" WHERE (\"cpu\" = 'cpu2') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "G", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu5" + } + ] + }, + { + "alias": "Core 6", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT distinct(\"usage_idle\") *-1+100 FROM \"cpu\" WHERE (\"cpu\" = 'cpu2') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "H", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu6" + } + ] + }, + { + "alias": "Core 7", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$__interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "hide": false, + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT distinct(\"usage_idle\") *-1+100 FROM \"cpu\" WHERE (\"cpu\" = 'cpu2') AND $timeFilter GROUP BY time($__interval) fill(null)", + "rawQuery": false, + "refId": "I", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu7" + } + ] + }, + { + "alias": "CPU Average", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "groupBy": [ + { + "params": [ + "1s" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "cpu", + "orderByTime": "ASC", + "policy": "default", + "refId": "E", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "usage_idle" + ], + "type": "field" + }, + { + "params": [], + "type": "distinct" + }, + { + "params": [ + "*-1+100" + ], + "type": "math" + } + ] + ], + "tags": [ + { + "key": "cpu", + "operator": "=", + "value": "cpu-total" + } + ] + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 50, + "visible": true + } + ], + "timeRegions": [], + "title": "Host CPU Usage (Cores)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:296", + "format": "percent", + "logBase": 1, + "max": "100", + "show": true + }, + { + "$$hashKey": "object:297", + "format": "short", + "logBase": 1, + "show": false + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 13, + "w": 12, + "x": 12, + "y": 20 + }, + "height": "400", + "hiddenSeries": false, + "id": 12054, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/total/", + "color": "#BF1B00", + "fill": 0, + "linewidth": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "mem_inactive", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Memory usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 13, + "w": 12, + "x": 0, + "y": 33 + }, + "height": "300", + "hiddenSeries": false, + "id": 28239, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "hide": false, + "measurement": "cpu_percentageBusy", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /$server$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($interval), *", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "CPU usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:128", + "format": "percent", + "label": "CPU Usage %", + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:129", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "editable": true, + "error": false, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 13, + "w": 12, + "x": 12, + "y": 33 + }, + "hiddenSeries": false, + "id": 28572, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/ in$/", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $tag_interface: $col", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + }, + { + "alias": "$tag_host: $tag_interface: $col", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "function": "derivative", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + }, + { + "key": "interface", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "net_bytes_recv", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$server/ AND interface =~ /$netif/ AND $timeFilter GROUP BY time($interval), * fill(none)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Network Packets", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:875", + "format": "pps", + "label": "", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:876", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 13, + "w": 12, + "x": 0, + "y": 46 + }, + "height": "", + "hiddenSeries": false, + "id": 61960, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "kernel", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(processes_forked),1s) as forks FROM \"kernel\" WHERE \"host\" =~ /^$server$/ AND $timeFilter GROUP BY time($interval), host fill(null)", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "processes_forked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Forks", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "logBase": 1, + "show": true + }, + { + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 2, + "fillGradient": 5, + "grid": {}, + "gridPos": { + "h": 13, + "w": 12, + "x": 12, + "y": 46 + }, + "height": "350", + "hiddenSeries": false, + "id": 54694, + "interval": "$inter", + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "function": "mean", + "groupBy": [ + { + "interval": "auto", + "params": [ + "auto" + ], + "type": "time" + }, + { + "key": "host", + "params": [ + "tag" + ], + "type": "tag" + } + ], + "measurement": "system_load1", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT mean(load1) as short,mean(load5) as medium,mean(load15) as long FROM \"system\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), * ORDER BY asc", + "rawQuery": true, + "refId": "A", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "value" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Load averages", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:228", + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:229", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 59 + }, + "height": "", + "hiddenSeries": false, + "id": 61855, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.3", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "alias": "$tag_host: $col", + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "dsType": "influxdb", + "groupBy": [ + { + "params": [ + "$interval" + ], + "type": "time" + }, + { + "params": [ + "null" + ], + "type": "fill" + } + ], + "measurement": "processes", + "orderByTime": "ASC", + "policy": "default", + "query": "SELECT non_negative_derivative(mean(context_switches),1s)as \"context switches\" FROM \"kernel\" WHERE host =~ /$server$/ AND $timeFilter GROUP BY time($interval), host ORDER BY asc", + "rawQuery": true, + "refId": "B", + "resultFormat": "time_series", + "select": [ + [ + { + "params": [ + "blocked" + ], + "type": "field" + }, + { + "params": [], + "type": "mean" + } + ] + ], + "tags": [ + { + "key": "host", + "operator": "=~", + "value": "/^$server$/" + } + ] + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Context switches", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "logBase": 1, + "show": true + }, + { + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "influxdb", + "uid": "8zXyAXzRz" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 69 + }, + "id": 63558, + "panels": [], + "title": "Other", + "type": "row" + } + ], + "refresh": "15m", + "schemaVersion": 37, + "style": "dark", + "tags": [ + "influxdb", + "telegraf" + ], + "templating": { + "list": [ + { + "allFormat": "glob", + "current": { + "selected": false, + "text": "default", + "value": "default" + }, + "datasource": "InfluxDB telegraf", + "hide": 0, + "includeAll": false, + "label": "", + "multi": false, + "name": "datasource", + "options": [], + "query": "influxdb", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "auto": true, + "auto_count": 100, + "auto_min": "30s", + "current": { + "selected": false, + "text": "30s", + "value": "30s" + }, + "hide": 0, + "includeAll": false, + "label": "Sampling", + "multi": false, + "name": "inter", + "options": [ + { + "selected": false, + "text": "auto", + "value": "$__auto_interval_inter" + }, + { + "selected": false, + "text": "10s", + "value": "10s" + }, + { + "selected": true, + "text": "30s", + "value": "30s" + }, + { + "selected": false, + "text": "1m", + "value": "1m" + }, + { + "selected": false, + "text": "2m", + "value": "2m" + }, + { + "selected": false, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "10m", + "value": "10m" + }, + { + "selected": false, + "text": "30m", + "value": "30m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "10s,30s,1m,2m,5m,10m,30m,1h", + "queryValue": "", + "refresh": 2, + "skipUrlSync": false, + "type": "interval" + }, + { + "current": {}, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "definition": "", + "hide": 0, + "includeAll": false, + "label": "Server", + "multi": false, + "name": "server", + "options": [], + "query": "SHOW TAG VALUES FROM system WITH KEY=host", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": {}, + "datasource": { + "uid": "$datasource" + }, + "definition": "", + "hide": 0, + "includeAll": true, + "label": "Mountpoint", + "multi": true, + "name": "mountpoint", + "options": [], + "query": "SHOW TAG VALUES FROM \"disk\" WITH KEY = \"path\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": {}, + "datasource": { + "uid": "$datasource" + }, + "definition": "", + "hide": 0, + "includeAll": true, + "label": "CPU", + "multi": true, + "name": "cpu", + "options": [], + "query": "SHOW TAG VALUES FROM \"cpu\" WITH KEY = \"cpu\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "/cpu[0-9]/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": {}, + "datasource": { + "uid": "$datasource" + }, + "definition": "", + "hide": 0, + "includeAll": true, + "label": "Disk", + "multi": true, + "name": "disk", + "options": [], + "query": "SHOW TAG VALUES FROM \"diskio\" WITH KEY = \"name\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "/[a-z]d[\\D]$/", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": {}, + "datasource": { + "uid": "$datasource" + }, + "definition": "", + "hide": 0, + "includeAll": true, + "label": "Network interface", + "multi": true, + "name": "netif", + "options": [], + "query": "SHOW TAG VALUES FROM \"net\" WITH KEY = \"interface\" WHERE host =~ /$server/", + "refresh": 1, + "regex": "^(?!.*veth|all|tap).*$", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": false, + "text": "day", + "value": "day" + }, + "description": "", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "period", + "options": [ + { + "selected": true, + "text": "day", + "value": "day" + }, + { + "selected": false, + "text": "week", + "value": "week" + }, + { + "selected": false, + "text": "month", + "value": "month" + }, + { + "selected": false, + "text": "year", + "value": "year" + }, + { + "selected": false, + "text": "range", + "value": "range" + } + ], + "query": "day,week,month,year,range", + "skipUrlSync": false, + "type": "custom" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "My Grafana Dashboard", + "uid": "sF7d-FHZz122", + "version": 1, + "weekStart": "" +} diff --git a/examples/grafana-monitoring/README.md b/examples/grafana-monitoring/README.md new file mode 100644 index 0000000..f73073e --- /dev/null +++ b/examples/grafana-monitoring/README.md @@ -0,0 +1,18 @@ +# References + +- https://blog.lrvt.de/monitoring-dashboard-with-grafana-telegraf-influxdb-and-docker/ +- https://blog.lrvt.de/log-visualization-with-grafana-loki-promtail/ + +# Notes + +Spawning up this docker stack will provide you with: + +- A containerized Grafana web instance runnning on the default port TCP/3000 +- A containerized Telegraf instance that fetches data points from your docker host server +- A containerized InfluxDB instance for storing Telegraf data, which can be defined in Grafana as datasource (just specify `http://influxdb:8086`). Default database is `telegraf`. Default username is `telegrafuser`. Default password is `MyStrongTelegrafPassword`. Defaults can be changed in `/volume-data/influxdb/init/create-database.iql`. +- A containerized Promtail instance that can fetch various log files (bind mounted into the promtail container from your docker host server) and send them into the Loki container (e.g. /var/log/auth.log or your Traefik reverse proxy logs) +- A containerized Loki instance for storing Promtail log data, which can be defined in Grafana as datasource (just specify `http://loki:3100`). No authentication enabled per default. + +Finally, after configuring InfluxDB and Loki as datasources on Grafana, you can just import the provided `Grafana_Dashboard_Template.json` dashboard template YAML file in Grafana by browsing http://127.0.0.1:3000/dashboard/import. Your dashboard will look like the following: + + diff --git a/examples/grafana-monitoring/docker-compose.yml b/examples/grafana-monitoring/docker-compose.yml new file mode 100644 index 0000000..83a23b2 --- /dev/null +++ b/examples/grafana-monitoring/docker-compose.yml @@ -0,0 +1,104 @@ +version: "2" + +services: + + loki: + image: grafana/loki:2.9.10 + hostname: loki + container_name: loki + volumes: + - ./volume-data/loki:/etc/loki # place loki-config.yml + ports: + - "127.0.0.1:3100:3100" + restart: unless-stopped + user: 1000:1000 + command: -config.file=/etc/loki/loki-config.yml + #networks: + # - monitoring_default + + promtail: + image: grafana/promtail:latest + container_name: promtail + depends_on: + - loki + hostname: promtail + volumes: + - /var/log:/var/log:ro # let promtail access the docker host's log files + - ./volume-data/promtail:/etc/promtail # place promtail-config.yml + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/var/log/traefik # let promtail access your traefik reverse logs + restart: unless-stopped + command: -config.file=/etc/promtail/promtail-config.yml + #networks: + # - monitoring_default + + influxdb: + image: influxdb:1.8 + container_name: influxdb + hostname: influxdb + restart: unless-stopped + volumes: + - ./volume-data/influxdb/data:/var/lib/influxdb + - ./volume-data/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro # place infuxdb.conf + - ./volume-data/influxdb/init:/docker-entrypoint-initdb.d # place create-database.iql for database init + environment: + - INFLUXDB_ADMIN_USER=admin + - INFLUXDB_ADMIN_PASSWORD=SuperDuperAdminPW + #networks: + # - monitoring_default + + telegraf: + image: telegraf:latest + restart: unless-stopped + user: telegraf:$(stat -c '%g' /var/run/docker.sock) # see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/ + container_name: telegraf + hostname: telegraf + dns: + - 1.1.1.1 + - 8.8.8.8 + depends_on: + - influxdb + volumes: + - ./volume-data/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro # place telegraf.conf + - /:/hostfs:ro + - /etc:/hostfs/etc:ro + - /proc:/hostfs/proc:ro + - /sys:/hostfs/sys:ro + - /var/run/utmp:/var/run/utmp:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - HOST_ETC=/hostfs/etc + - HOST_PROC=/hostfs/proc + - HOST_SYS=/hostfs/sys + - HOST_MOUNT_PREFIX=/hostfs + #networks: + # - monitoring_default + + grafana: + container_name: grafana + hostname: grafana + user: 1000:1000 + depends_on: + - influxdb + - loki + - promtail + image: grafana/grafana:latest + restart: unless-stopped + #environment: + # - GF_SERVER_ROOT_URL=https://grafana.example.com # optional + volumes: + - ./volume-data/grafana:/var/lib/grafana + ports: + - 3000:3000 + #networks: + # - monitoring_default + #labels: + # - traefik.enable=true + # - traefik.http.routers.grafana.rule=Host(`grafana.example.com`) + # - traefik.http.services.grafana.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.grafana.middlewares=local-ipwhitelist@file + +#networks: +# monitoring_default: +# external: true diff --git a/examples/grafana-monitoring/volume-data/influxdb/influxdb.conf b/examples/grafana-monitoring/volume-data/influxdb/influxdb.conf new file mode 100644 index 0000000..b51a1b3 --- /dev/null +++ b/examples/grafana-monitoring/volume-data/influxdb/influxdb.conf @@ -0,0 +1,24 @@ +# Bind address to use for the RPC service for backup and restore. +bind-address = "127.0.0.1:8088" +[meta] + dir = "/var/lib/influxdb/meta" +[data] + dir = "/var/lib/influxdb/data" + wal-dir = "/var/lib/influxdb/wal" + series-id-set-cache-size = 100 +[http] + enabled = true + bind-address = ":8086" + auth-enabled = true +[logging] +[subscriber] +[[graphite]] +[[collectd]] +[[opentsdb]] +[[udp]] +[continuous_queries] +[tls] +[coordinator] +[retention] +[shard-precreation] +[monitor] diff --git a/examples/grafana-monitoring/volume-data/influxdb/init/create-database.iql b/examples/grafana-monitoring/volume-data/influxdb/init/create-database.iql new file mode 100644 index 0000000..74f347a --- /dev/null +++ b/examples/grafana-monitoring/volume-data/influxdb/init/create-database.iql @@ -0,0 +1,3 @@ +CREATE DATABASE telegraf WITH DURATION 31d +CREATE USER telegrafuser WITH PASSWORD 'MyStrongTelegrafPassword' +GRANT ALL ON telegraf to telegrafuser diff --git a/examples/grafana-monitoring/volume-data/loki/loki-config.yml b/examples/grafana-monitoring/volume-data/loki/loki-config.yml new file mode 100644 index 0000000..1179a8b --- /dev/null +++ b/examples/grafana-monitoring/volume-data/loki/loki-config.yml @@ -0,0 +1,48 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + grpc_listen_port: 9096 + +common: + path_prefix: /tmp/loki + storage: + filesystem: + chunks_directory: /tmp/loki/chunks + rules_directory: /tmp/loki/rules + replication_factor: 1 + ring: + instance_addr: 127.0.0.1 + kvstore: + store: inmemory + +limits_config: + reject_old_samples: true + reject_old_samples_max_age: 168h + retention_period: 360h + max_query_series: 100000 + max_query_parallelism: 2 + split_queries_by_interval: 0 + +schema_config: + configs: + - from: 2020-10-24 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + +query_range: + parallelise_shardable_queries: false + +querier: + max_concurrent: 2048 + +frontend: + max_outstanding_per_tenant: 4096 + compress_responses: true + +ruler: + alertmanager_url: http://localhost:9093 diff --git a/examples/grafana-monitoring/volume-data/promtail/promtail-config.yml b/examples/grafana-monitoring/volume-data/promtail/promtail-config.yml new file mode 100644 index 0000000..92c0276 --- /dev/null +++ b/examples/grafana-monitoring/volume-data/promtail/promtail-config.yml @@ -0,0 +1,35 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://loki:3100/loki/api/v1/push + +# local machine logs +scrape_configs: + - job_name: vpn + static_configs: + - targets: + - localhost + labels: + job: vpnlogs + __path__: /var/log/openvpn.log + + - job_name: auth + static_configs: + - targets: + - localhost + labels: + job: authlogs + __path__: /var/log/auth.log + + - job_name: traefik + static_configs: + - targets: + - localhost + labels: + job: traefiklogs + __path__: /var/log/traefik/*.log diff --git a/examples/grafana-monitoring/volume-data/telegraf/telegraf.conf b/examples/grafana-monitoring/volume-data/telegraf/telegraf.conf new file mode 100644 index 0000000..227ac93 --- /dev/null +++ b/examples/grafana-monitoring/volume-data/telegraf/telegraf.conf @@ -0,0 +1,159 @@ +# Telegraf Configuration +# +# Telegraf is entirely plugin driven. All metrics are gathered from the +# declared inputs, and sent to the declared outputs. +# +# Plugins must be declared in here to be active. +# To deactivate a plugin, comment out the name and any variables. +# +# Use 'telegraf -config telegraf.conf -test' to see what metrics a config +# file would generate. +# +# Environment variables can be used anywhere in this config file, simply surround +# them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"), +# for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR}) + + +# CUSTOM Docker +# ------------------------------------ + +[[inputs.net]] + interfaces = ["eth*", "tun0", "docker0", "dockernet*"] + ignore_protocol_stats = false + +#[[inputs.file]] +# files = ["/sys/class/thermal/thermal_zone0/temp"] +# name_override = "cpu_temperature" +# data_format = "value" +# data_type = "integer" + +[[inputs.http_response]] + urls = ["https://reddit.com", "https://google.com"] + method = "HEAD" + follow_redirects = true + +[[inputs.dns_query]] + servers = ["8.8.8.8", "1.1.1.1"] + +# influx v1.8 +[[outputs.influxdb]] + urls = ["http://influxdb:8086"] + database = "telegraf" + username = "telegrafuser" + password = "MyStrongTelegrafPassword" + skip_database_creation = true + +[[inputs.docker]] + endpoint = "unix:///var/run/docker.sock" + gather_services = false + container_name_include = [] + container_name_exclude = [] + timeout = "5s" + docker_label_include = [] + docker_label_exclude = [] + perdevice = true + total = false + +[[inputs.cpu]] + percpu = true + totalcpu = true + collect_cpu_time = false + report_active = false + +[[inputs.disk]] + ignore_fs = ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"] + +[[inputs.diskio]] + +[[inputs.kernel]] + +[[inputs.mem]] + +[[inputs.processes]] + +[[inputs.swap]] + +[[inputs.system]] + +# -------------------------------------- + +# Global tags can be specified here in key="value" format. +[global_tags] + # dc = "us-east-1" # will tag all metrics with dc=us-east-1 + # rack = "1a" + ## Environment variables can be used as tags, and throughout the config file + # user = "$USER" + +# Configuration for telegraf agent +[agent] + ## Default data collection interval for all inputs + interval = "30s" + + ## Rounds collection interval to 'interval' + ## ie, if interval="10s" then always collect on :00, :10, :20, etc. + round_interval = true + + ## Telegraf will send metrics to outputs in batches of at most + ## metric_batch_size metrics. + ## This controls the size of writes that Telegraf sends to output plugins. + metric_batch_size = 1000 + + ## Maximum number of unwritten metrics per output. Increasing this value + ## allows for longer periods of output downtime without dropping metrics at the + ## cost of higher maximum memory usage. + metric_buffer_limit = 10000 + + ## Collection jitter is used to jitter the collection by a random amount. + ## Each plugin will sleep for a random time within jitter before collecting. + ## This can be used to avoid many plugins querying things like sysfs at the + ## same time, which can have a measurable effect on the system. + collection_jitter = "0s" + + ## Default flushing interval for all outputs. Maximum flush_interval will be + ## flush_interval + flush_jitter + flush_interval = "10s" + ## Jitter the flush interval by a random amount. This is primarily to avoid + ## large write spikes for users running a large number of telegraf instances. + ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s + flush_jitter = "0s" + + ## By default or when set to "0s", precision will be set to the same + ## timestamp order as the collection interval, with the maximum being 1s. + ## ie, when interval = "10s", precision will be "1s" + ## when interval = "250ms", precision will be "1ms" + ## Precision will NOT be used for service inputs. It is up to each individual + ## service input to set the timestamp at the appropriate precision. + ## Valid time units are "ns", "us" (or "µs"), "ms", "s". + precision = "" + + ## Override default hostname, if empty use os.Hostname() + #hostname = "My-Hostname" + ## If set to true, do no set the "host" tag in the telegraf agent. + omit_hostname = false + + ## Log at debug level. + # debug = false + ## Log only error level messages. + # quiet = false + + ## Log target controls the destination for logs and can be one of "file", + ## "stderr" or, on Windows, "eventlog". When set to "file", the output file + ## is determined by the "logfile" setting. + # logtarget = "file" + + ## Name of the file to be logged to when using the "file" logtarget. If set to + ## the empty string then logs are written to stderr. + # logfile = "" + + ## The logfile will be rotated after the time interval specified. When set + ## to 0 no time based rotation is performed. Logs are rotated only when + ## written to, if there is no log activity rotation may be delayed. + # logfile_rotation_interval = "0d" + + ## The logfile will be rotated when it becomes larger than the specified + ## size. When set to 0 no size based rotation is performed. + # logfile_rotation_max_size = "0MB" + + ## Maximum number of rotated archives to keep, any older logs are deleted. + ## If set to -1, no archives are removed. + # logfile_rotation_max_archives = 5 diff --git a/examples/gramps/README.md b/examples/gramps/README.md new file mode 100644 index 0000000..241801f --- /dev/null +++ b/examples/gramps/README.md @@ -0,0 +1,5 @@ +# References + +- https://github.com/gramps-project/web +- https://www.grampsweb.org/ +- https://www.grampsweb.org/Deployment/ diff --git a/examples/gramps/docker-compose.yml b/examples/gramps/docker-compose.yml new file mode 100644 index 0000000..55e644b --- /dev/null +++ b/examples/gramps/docker-compose.yml @@ -0,0 +1,36 @@ +version: "3.7" + +services: + + grampsweb: + image: ghcr.io/gramps-project/grampsweb:latest + container_name: gramps-web + restart: unless-stopped + ports: + - 5000:5000 + expose: + - 5000 + environment: + GRAMPSWEB_TREE: "Gramps Web" # will create a new tree if not exists + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/users:/app/users # persist user database + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/indexdir:/app/indexdir # persist search index + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/thumbnail_cache:/app/thumbnail_cache # persist thumbnails + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/cache:/app/cache # persist export and report caches + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/secret:/app/secret # persist flask secret + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/database:/root/.gramps/grampsdb # persist Gramps database + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/media:/app/media # persist media files + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/gramps/tmp:/tmp + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.gramps.rule=Host(`family.lrvt.de`) + # - traefik.http.services.gramps.loadbalancer.server.port=5000 + # # Part for optional traefik middlewares + # - traefik.http.routers.gramps.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/greenbone/README.md b/examples/greenbone/README.md new file mode 100644 index 0000000..671eadf --- /dev/null +++ b/examples/greenbone/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/securecompliance/gvm \ No newline at end of file diff --git a/examples/greenbone/docker-compose.yml b/examples/greenbone/docker-compose.yml new file mode 100644 index 0000000..dc2efe9 --- /dev/null +++ b/examples/greenbone/docker-compose.yml @@ -0,0 +1,23 @@ +version: "3" +services: + gvm: + image: securecompliance/gvm + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/greenbone/database:/opt/database + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/greenbone/gvm:/var/lib/gvm + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/greenbone/plugins:/var/lib/openvas/plugins + environment: + - USERNAME="admin" + - PASSWORD="admin" + - RELAYHOST="smtp.gmail.com" + - SMTPPORT=465 + - AUTO_SYNC=true + - HTTPS=true + - TZ="Europe/Berlin" + - SSHD=false + - DB_PASSWORD="none" + ports: + - "9392:9392" # Web interface + #- "5432:5432" # Access PostgreSQL database from external tools + #- "2222:22" # SSH for remote sensors + restart: unless-stopped diff --git a/examples/guacamole/README.md b/examples/guacamole/README.md new file mode 100644 index 0000000..0999888 --- /dev/null +++ b/examples/guacamole/README.md @@ -0,0 +1,28 @@ +# References + +- https://hub.docker.com/r/guacamole/guacamole/ +- https://theko2fi.medium.com/apache-guacamole-session-recordings-and-playback-in-browser-f095fcfca387 + +# Notes + +Before spawning up the Docker Compose stack you have to pre-supply an `initdb.sql` initialization file for the Postgresql database. + +Please go ahead and create this init file in the corresponding Docker Volume bind mount. + +```` +# create volume dirs +mkdir -p /mnt/docker-volumes/guacamole/psql/init + +# create init file dynamically and place it to the new location +docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > /mnt/docker-volumes/guacamole/psql/init/initdb.sql +```` + +Afterwards, you can spawn up the Docker stack as follows: + +```` +docker compose up -d +```` + +The Guacamole login is available at `http://:8080/guacamole`. + +The default username is `guacadmin`. The default password is `guacadmin`. diff --git a/examples/guacamole/docker-compose.yml b/examples/guacamole/docker-compose.yml new file mode 100644 index 0000000..be97745 --- /dev/null +++ b/examples/guacamole/docker-compose.yml @@ -0,0 +1,64 @@ +version: '2.0' + +services: + + guacd: + image: guacamole/guacd + container_name: guacamole-guacd + restart: always + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/drive:/drive:rw + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/record:/record:rw + #networks: + # - proxy + + postgres: + image: postgres:15.2-alpine + container_name: guacamole-db + restart: always + environment: + - PGDATA=/var/lib/postgresql/data/guacamole + - POSTGRES_DB=guacamole_db + - POSTGRES_USER=guacamole_user + - POSTGRES_PASSWORD=ChooseYourOwnPasswordHere1234 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/init:/docker-entrypoint-initdb.d:z + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/data:/var/lib/postgresql/data:Z + #networks: + # - proxy + + # guacamole + guacamole: + image: guacamole/guacamole + container_name: guacamole-ui + restart: always + depends_on: + - guacd + - postgres + environment: + - GUACD_HOSTNAME=guacd + - POSTGRESQL_HOSTNAME=postgres + - POSTGRESQL_DATABASE=guacamole_db + - POSTGRESQL_USER=guacamole_user + - POSTGRESQL_PASSWORD=ChooseYourOwnPasswordHere1234 + links: + - guacd + ports: + # Guacamole is on :8080/guacamole, not /. + # Default login is guacadmin:guacadmin + - 8080:8080/tcp + expose: + - 8080 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.guacamole.rule=Host(`guacamole.example.com`) && PathPrefix(`/guacamole`) + # - traefik.http.services.guacamole.loadbalancer.server.port=8080 + # # Optional part for traefik middlewares + # - traefik.http.routers.guacamole.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/examples/headscale/README.md b/examples/headscale/README.md new file mode 100644 index 0000000..d04c582 --- /dev/null +++ b/examples/headscale/README.md @@ -0,0 +1,34 @@ +# References + +- https://headscale.net/running-headscale-container/ +- https://github.com/juanfont/headscale + +# Notes + +Please adjust the `docker-compose.yml` as well as `config.yaml` and adjust the `example.com` domain name. Also put the provided `config.yaml` into the corresponding config bind volume mount. + +Afterwards spawn the container stack with `docker compose up` and visit `https://./web` + +You must configure an API key in order to access and manage your headscale server. + +You can create those using docker exec: + +```` +# create an api key +docker exec headscale headscale apikeys create +```` + +Afterwards, your headscale server should be managable. + +1. Create a new user account on your headscale web interface +2. Download the official tailscale clients and spawn up tailscale pointing to your custom headscale login server. You'll obtain a unique device key or register url. +3. Browse the device view at your headscale web interface and create a new device. Select your previously created user account and define the previously obtained device key from the tailscale client. +4. If registering the new device was successful, the tailscale client will automatically connect. Enjoy! + +Note: You may use preauth keys instead to skip the device registering process. Read the official headscale documentation please. + + +```` +# connect via linux tailscale client +sudo tailscale up --login-server https://headscale.example.com +```` diff --git a/examples/headscale/config.yaml b/examples/headscale/config.yaml new file mode 100644 index 0000000..52ba593 --- /dev/null +++ b/examples/headscale/config.yaml @@ -0,0 +1,267 @@ +--- +# headscale will look for a configuration file named `config.yaml` (or `config.json`) in the following order: +# +# - `/etc/headscale` +# - `~/.headscale` +# - current working directory + +# The url clients will connect to. +# Typically this will be a domain like: +# +# https://myheadscale.example.com:443 +# +server_url: https://headscale.example.com # change to your domain + +# Address to listen to / bind to on the server +# +listen_addr: 0.0.0.0:8080 + +# Address to listen to /metrics, you may want +# to keep this endpoint private to your internal +# network +# +metrics_listen_addr: 127.0.0.1:9090 + +# Address to listen for gRPC. +# gRPC is used for controlling a headscale server +# remotely with the CLI +# Note: Remote access _only_ works if you have +# valid certificates. +grpc_listen_addr: 0.0.0.0:50443 + +# Allow the gRPC admin interface to run in INSECURE +# mode. This is not recommended as the traffic will +# be unencrypted. Only enable if you know what you +# are doing. +grpc_allow_insecure: false + +# Private key used encrypt the traffic between headscale +# and Tailscale clients. +# The private key file which will be +# autogenerated if it's missing +private_key_path: /var/lib/headscale/private.key + +# The Noise section includes specific configuration for the +# TS2021 Noise protocol +noise: + # The Noise private key is used to encrypt the + # traffic between headscale and Tailscale clients when + # using the new Noise-based protocol. + private_key_path: /var/lib/headscale/noise_private.key + +# List of IP prefixes to allocate tailaddresses from. +# Each prefix consists of either an IPv4 or IPv6 address, +# and the associated prefix length, delimited by a slash. +ip_prefixes: + - fd7a:115c:a1e0::/48 + - 100.64.0.0/10 + +# DERP is a relay system that Tailscale uses when a direct +# connection cannot be established. +# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp +# +# headscale needs a list of DERP servers that can be presented +# to the clients. +derp: + server: + # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config + # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place + enabled: false + + # Region ID to use for the embedded DERP server. + # The local DERP prevails if the region ID collides with other region ID coming from + # the regular DERP config. + region_id: 999 + + # Region code and name are displayed in the Tailscale UI to identify a DERP region + region_code: "headscale" + region_name: "Headscale Embedded DERP" + + # Listens in UDP at the configured address for STUN connections to help on NAT traversal. + # When the embedded DERP server is enabled stun_listen_addr MUST be defined. + # + # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/ + stun_listen_addr: "0.0.0.0:3478" + + # List of externally available DERP maps encoded in JSON + urls: + - https://controlplane.tailscale.com/derpmap/default + + # Locally available DERP map files encoded in YAML + # + # This option is mostly interesting for people hosting + # their own DERP servers: + # https://tailscale.com/kb/1118/custom-derp-servers/ + # + # paths: + # - /etc/headscale/derp-example.yaml + paths: [] + + # If enabled, a worker will be set up to periodically + # refresh the given sources and update the derpmap + # will be set up. + auto_update_enabled: true + + # How often should we check for DERP updates? + update_frequency: 24h + +# Disables the automatic check for headscale updates on startup +disable_check_updates: false + +# Time before an inactive ephemeral node is deleted? +ephemeral_node_inactivity_timeout: 30m + +# Period to check for node updates in the tailnet. A value too low will severily affect +# CPU consumption of Headscale. A value too high (over 60s) will cause problems +# to the nodes, as they won't get updates or keep alive messages in time. +# In case of doubts, do not touch the default 10s. +node_update_check_interval: 10s + +# SQLite config +db_type: sqlite3 +db_path: /var/lib/headscale/db.sqlite + +# # Postgres config +# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. +# db_type: postgres +# db_host: localhost +# db_port: 5432 +# db_name: headscale +# db_user: foo +# db_pass: bar +# db_ssl: false + +### TLS configuration +# +## Let's encrypt / ACME +# +# headscale supports automatically requesting and setting up +# TLS for a domain with Let's Encrypt. +# +# URL to ACME directory +acme_url: https://acme-v02.api.letsencrypt.org/directory + +# Email to register with ACME provider +acme_email: "" + +# Domain name to request a TLS certificate for: +tls_letsencrypt_hostname: "" + +# Client (Tailscale/Browser) authentication mode (mTLS) +# Acceptable values: +# - disabled: client authentication disabled +# - relaxed: client certificate is required but not verified +# - enforced: client certificate is required and verified +tls_client_auth_mode: relaxed + +# Path to store certificates and metadata needed by +# letsencrypt +tls_letsencrypt_cache_dir: /var/lib/headscale/cache + +# Type of ACME challenge to use, currently supported types: +# HTTP-01 or TLS-ALPN-01 +# See [docs/tls.md](docs/tls.md) for more information +tls_letsencrypt_challenge_type: HTTP-01 +# When HTTP-01 challenge is chosen, letsencrypt must set up a +# verification endpoint, and it will be listning on: +# :http = port 80 +tls_letsencrypt_listen: ":http" + +## Use already defined certificates: +tls_cert_path: "" +tls_key_path: "" + +log_level: info + +# Path to a file containg ACL policies. +# ACLs can be defined as YAML or HUJSON. +# https://tailscale.com/kb/1018/acls/ +acl_policy_path: "" + +## DNS +# +# headscale supports Tailscale's DNS configuration and MagicDNS. +# Please have a look to their KB to better understand the concepts: +# +# - https://tailscale.com/kb/1054/dns/ +# - https://tailscale.com/kb/1081/magicdns/ +# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/ +# +dns_config: + # List of DNS servers to expose to clients. + nameservers: + - 1.1.1.1 + + # Split DNS (see https://tailscale.com/kb/1054/dns/), + # list of search domains and the DNS to query for each one. + # + # restricted_nameservers: + # foo.bar.com: + # - 1.1.1.1 + # darp.headscale.net: + # - 1.1.1.1 + # - 8.8.8.8 + + # Search domains to inject. + domains: [] + + # Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). + # Only works if there is at least a nameserver defined. + magic_dns: true + + # Defines the base domain to create the hostnames for MagicDNS. + # `base_domain` must be a FQDNs, without the trailing dot. + # The FQDN of the hosts will be + # `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_). + base_domain: example.com + +# Unix socket used for the CLI to connect without authentication +# Note: for local development, you probably want to change this to: +# unix_socket: ./headscale.sock +unix_socket: /var/run/headscale.sock +unix_socket_permission: "0770" +# +# headscale supports experimental OpenID connect support, +# it is still being tested and might have some bugs, please +# help us test it. +# OpenID Connect +# oidc: +# issuer: "https://your-oidc.issuer.com/path" +# client_id: "your-oidc-client-id" +# client_secret: "your-oidc-client-secret" +# +# Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query +# parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email". +# +# scope: ["openid", "profile", "email", "custom"] +# extra_params: +# domain_hint: example.com +# +# List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the +# authentication request will be rejected. +# +# allowed_domains: +# - example.com +# allowed_users: +# - alice@example.com +# +# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. +# This will transform `first-name.last-name@example.com` to the namespace `first-name.last-name` +# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following +# namespace: `first-name.last-name.example.com` +# +# strip_email_domain: true + +# Logtail configuration +# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel +# to instruct tailscale nodes to log their activity to a remote server. +logtail: + # Enable logtail for this headscales clients. + # As there is currently no support for overriding the log server in headscale, this is + # disabled by default. Enabling this will make your clients send logs to Tailscale Inc. + enabled: false + +# Enabling this option makes devices prefer a random port for WireGuard traffic over the +# default static port 41641. This option is intended as a workaround for some buggy +# firewall devices. See https://tailscale.com/kb/1181/firewalls/ for more information. +randomize_client_port: false diff --git a/examples/headscale/docker-compose.yml b/examples/headscale/docker-compose.yml new file mode 100644 index 0000000..a26b391 --- /dev/null +++ b/examples/headscale/docker-compose.yml @@ -0,0 +1,52 @@ +version: '3.9' + +services: + headscale: + image: headscale/headscale:0.22 + pull_policy: always + container_name: headscale + restart: unless-stopped + command: headscale serve + expose: + - 8080 + networks: + - proxy + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/headscale/config:/etc/headscale + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/headscale/data:/var/lib/headscale/ + labels: + - traefik.enable=true + - traefik.http.routers.headscale-rtr.rule=Host(`headscale.example.com`) && PathPrefix(`/`) + - traefik.http.services.headscale-svc.loadbalancer.server.port=8080 + # Optional part for file upload max sizes + - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + + headscale-ui: + image: ghcr.io/gurucomputing/headscale-ui:latest + pull_policy: always + container_name: headscale-ui + networks: + - proxy + restart: unless-stopped + expose: + - 80 + #dns: + # - 1.1.1.1 + labels: + - traefik.enable=true + - traefik.http.routers.headscale-ui-rtr.rule=Host(`headscale.example.de`) && PathPrefix(`/web`) + - traefik.http.services.headscale-ui-svc.loadbalancer.server.port=80 + # Optional part for traefik middlewares; protect the headscale ui interface; access from local lan only + - traefik.http.routers.headscale-ui-rtr.middlewares=local-ipwhitelist@file + # Optional part for file upload max sizes + - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + +networks: + proxy: + external: true diff --git a/examples/hedgedoc/README.md b/examples/hedgedoc/README.md new file mode 100644 index 0000000..a6a932c --- /dev/null +++ b/examples/hedgedoc/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/hedgedoc/hedgedoc diff --git a/examples/hedgedoc/docker-compose.yml b/examples/hedgedoc/docker-compose.yml new file mode 100644 index 0000000..ae70909 --- /dev/null +++ b/examples/hedgedoc/docker-compose.yml @@ -0,0 +1,68 @@ +version: '3' + +services: + + database: + image: postgres:13.4-alpine + container_name: hedgedoc-db + environment: + - POSTGRES_USER=hedgedoc + - POSTGRES_PASSWORD=password + - POSTGRES_DB=hedgedoc + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/database:/var/lib/postgresql/data + restart: always + #networks: + # - proxy + + app: + image: quay.io/hedgedoc/hedgedoc:1.10.0 + container_name: hedgedoc-app + environment: + - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc + - CMD_DOMAIN=collab.example.com + - CMD_URL_ADDPORT=false + - CMD_PROTOCOL_USESSL=true + - CMD_SESSION_SECRET="discolor-subtitle-seducing-result-ceramics" # define secret + - CMD_ALLOW_EMAIL_REGISTER="false" # disallow registration + - CMD_EMAIL="false" # disallow login; only guest notes + # ------- OAUTH SSO ------- + # see https://docs.goauthentik.io/integrations/services/hedgedoc/ + #- CMD_ALLOW_ANONYMOUS_EDITS=False + #- CMD_OAUTH2_USER_PROFILE_URL=https://authentik.example.com/application/o/userinfo/ + #- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username + #- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name + #- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email + #- CMD_OAUTH2_TOKEN_URL=https://authentik.example.com/application/o/token/ + #- CMD_OAUTH2_AUTHORIZATION_URL=https://authentik.example.com/application/o/authorize/ + #- CMD_OAUTH2_CLIENT_ID= + #- CMD_OAUTH2_CLIENT_SECRET= + #- CMD_OAUTH2_PROVIDERNAME=Authentik + #- CMD_OAUTH2_SCOPE=openid email profile + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/uploads:/hedgedoc/public/uploads + ports: + - 3000:3000/tcp + expose: + - 3000 + restart: always + depends_on: + - database + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.hedgedoc.rule=Host(`collab.example.com`) + # - traefik.http.routers.hedgedoc.service=hedgedoc + # - traefik.http.services.hedgedoc.loadbalancer.server.port=3000 + # - traefik.http.routers.hedgedoc.middlewares=local-ipwhitelist@file + # # prevent unauthorized access to the /metrics endpoint + # - traefik.http.routers.hedgedoc-metrics.rule=Host(`collab.example.com`) && PathPrefix(`/metrics`) + # - traefik.http.routers.hedgedoc-metrics.service=hedgedoc + # - traefik.http.services.hedgedoc-metrics.loadbalancer.server.port=3000 + # - traefik.http.routers.hedgedoc-metrics.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/heimdall/README.md b/examples/heimdall/README.md new file mode 100644 index 0000000..36924ac --- /dev/null +++ b/examples/heimdall/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/Heimdall \ No newline at end of file diff --git a/examples/heimdall/docker-compose.yml b/examples/heimdall/docker-compose.yml new file mode 100644 index 0000000..3e104e9 --- /dev/null +++ b/examples/heimdall/docker-compose.yml @@ -0,0 +1,16 @@ +version: "3" + +services: + heimdall: + image: linuxserver/heimdall:latest + container_name: heimdall + hostname: heimdall + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + ports: + - 8099:80 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/heimdall:/config diff --git a/examples/hemmelig/README.md b/examples/hemmelig/README.md new file mode 100644 index 0000000..b0923e1 --- /dev/null +++ b/examples/hemmelig/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/HemmeligOrg/Hemmelig.app diff --git a/examples/hemmelig/docker-compose.yml b/examples/hemmelig/docker-compose.yml new file mode 100644 index 0000000..b7d61cb --- /dev/null +++ b/examples/hemmelig/docker-compose.yml @@ -0,0 +1,34 @@ +services: + hemmelig: + image: hemmeligapp/hemmelig:latest + container_name: hemmelig + hostname: hemmelig + init: true + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hemmelig/files:/var/tmp/hemmelig/upload/files + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hemmelig/database:/home/node/hemmelig/database/ + environment: + - SECRET_LOCAL_HOSTNAME=0.0.0.0 # The local hostname for the fastify instance + - SECRET_PORT=3000 # The port number for the fastify instance + - SECRET_HOST= # Used for i.e. set cors to your domain name + - SECRET_DISABLE_USERS=false # Disable user registration + - SECRET_ENABLE_FILE_UPLOAD=true # Enable or disable file upload + - SECRET_FILE_SIZE=10 # Set the total allowed upload file size in mb + - SECRET_FORCED_LANGUAGE=en # Set the default language for the application + - SECRET_JWT_SECRET=!changeme! # Override this for the secret signin JWT tokens for log in + - SECRET_MAX_TEXT_SIZE=256 # The max text size for the secret. Is set in kb. i.e. 256 for 256kb + ports: + - "3000:3000" + restart: always + stop_grace_period: 1m + healthcheck: + test: "wget -O /dev/null localhost:3000 || exit 1" + timeout: 5s + retries: 1 + #labels: + # - traefik.enable=true + # - traefik.http.routers.hemmelig.rule=Host(`hemmelig.example.com`) + # - traefik.http.services.hemmelig.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.hemmelig.middlewares=local-ipwhitelist@file,basic-auth@file diff --git a/examples/homarr/README.md b/examples/homarr/README.md new file mode 100644 index 0000000..01ea78a --- /dev/null +++ b/examples/homarr/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/ajnart/homarr diff --git a/examples/homarr/docker-compose.yml b/examples/homarr/docker-compose.yml new file mode 100644 index 0000000..d515c85 --- /dev/null +++ b/examples/homarr/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3' +services: + homarr: + container_name: homarr + image: ghcr.io/ajnart/homarr:latest + restart: unless-stopped + environment: + - PASSWORD=MySecureLoginPassword + - TZ="Europe/Berlin" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homarr/configs:/app/data/configs + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homarr/icons:/app/public/icons # optional for custom icons + ports: + - '7575:7575' diff --git a/examples/home-assistant/README.md b/examples/home-assistant/README.md new file mode 100644 index 0000000..83c394c --- /dev/null +++ b/examples/home-assistant/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-homeassistant diff --git a/examples/home-assistant/docker-compose.yml b/examples/home-assistant/docker-compose.yml new file mode 100644 index 0000000..507d5a2 --- /dev/null +++ b/examples/home-assistant/docker-compose.yml @@ -0,0 +1,18 @@ +--- +version: "2.1" +services: + homeassistant: + image: linuxserver/homeassistant:latest + container_name: homeassistant + network_mode: host + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homeassistant/config:/config + #ports: + # - 8123:8123 #optional + #devices: + # - /path/to/device:/path/to/device #optional + restart: unless-stopped diff --git a/examples/homepage/README.md b/examples/homepage/README.md new file mode 100644 index 0000000..9a9bb6b --- /dev/null +++ b/examples/homepage/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/benphelps/homepage diff --git a/examples/homepage/docker-compose.yml b/examples/homepage/docker-compose.yml new file mode 100644 index 0000000..35b1b78 --- /dev/null +++ b/examples/homepage/docker-compose.yml @@ -0,0 +1,22 @@ +version: "3.3" +services: + homepage: + image: ghcr.io/gethomepage/homepage:latest + container_name: homepage + restart: unless-stopped + ports: + - 3000:3000 + environment: + - PUID=1000 + - PGID=1000 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homepage/config:/app/config # Make sure your local config directory exists + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homepage/icons:/app/public/icons + # - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations + #labels: + # - traefik.enable=true + # - traefik.http.routers.homepage.rule=Host(`home.example.com`) + # - traefik.http.services.homepage.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.homepage.middlewares=local-ipwhitelist@file diff --git a/examples/homer/README.md b/examples/homer/README.md new file mode 100644 index 0000000..31160e6 --- /dev/null +++ b/examples/homer/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/bastienwirtz/homer diff --git a/examples/homer/docker-compose.yml b/examples/homer/docker-compose.yml new file mode 100644 index 0000000..acc2ee5 --- /dev/null +++ b/examples/homer/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.6' + +services: + homer: + image: b4bz/homer:latest + container_name: homer + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/homer:/www/assets + ports: + - "8080:8080" + restart: unless-stopped + environment: + - UID=1000 + - GID=1000 diff --git a/examples/immich/.env b/examples/immich/.env new file mode 100644 index 0000000..0addd5b --- /dev/null +++ b/examples/immich/.env @@ -0,0 +1,18 @@ +# Versioning +IMMICH_VERSION=v1.116.2 + +# Database +DB_HOSTNAME=immich-database +DB_USERNAME=postgres +DB_PASSWORD=MySecureDatabasePassword # change this +DB_DATABASE_NAME=immich +DB_DATABASE_LOCATION=/mnt/docker-volumes/immich/database # change this + +# Redis +REDIS_HOSTNAME=immich-redis + +# Upload File Config +UPLOAD_LOCATION=/mnt/docker-volumes/immich/uploads # change this + +# JWT SECRET +JWT_SECRET=9C9E6EE5B56F137D2123123123123 # change this to a secure random secret diff --git a/examples/immich/README.md b/examples/immich/README.md new file mode 100644 index 0000000..40c28d4 --- /dev/null +++ b/examples/immich/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/immich-app/immich +- https://blog.lrvt.de/configuring-authelia-oidc-for-immich/ diff --git a/examples/immich/docker-compose.yml b/examples/immich/docker-compose.yml new file mode 100644 index 0000000..e70950b --- /dev/null +++ b/examples/immich/docker-compose.yml @@ -0,0 +1,86 @@ +version: "3.8" + +services: + immich-server: + container_name: immich-server + image: altran1502/immich-server:${IMMICH_VERSION:-release} + volumes: + - ${UPLOAD_LOCATION}:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + environment: + - NODE_ENV=production + ports: + - 2283:3001 + expose: + - 3001 + depends_on: + - immich-redis + - immich-database + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=false + # - traefik.http.routers.immich.rule=Host(`immich.example.com`) + # - traefik.http.services.immich.loadbalancer.server.port=3001 + # - traefik.docker.network=proxy + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5000MB + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5000MB + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5000MB + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5000MB + # # Part for local lan services only + # - traefik.http.routers.immich.middlewares=local-ipwhitelist@file + # - "com.centurylinklabs.watchtower.enable=true" + + immich-machine-learning: + image: altran1502/immich-machine-learning:${IMMICH_VERSION:-release} + container_name: immich-ml + volumes: + - ${UPLOAD_LOCATION}:/usr/src/app/upload + - model-cache:/cache + env_file: + - .env + environment: + - NODE_ENV=production + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + #networks: + # - proxy + + immich-redis: + container_name: immich-redis + image: redis:6.2-alpine + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + #networks: + # - proxy + + immich-database: + container_name: immich-database + image: tensorchord/pgvecto-rs:pg14-v0.2.0 + env_file: + - .env + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + PG_DATA: /var/lib/postgresql/data + volumes: + - ${DB_DATABASE_LOCATION}:/var/lib/postgresql/data + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + #networks: + # - proxy + +volumes: + model-cache: + +#networks: +# proxy: +# external: true diff --git a/examples/ipsec-vpn-server/README.md b/examples/ipsec-vpn-server/README.md new file mode 100644 index 0000000..d4e652f --- /dev/null +++ b/examples/ipsec-vpn-server/README.md @@ -0,0 +1,34 @@ +# References + +- https://github.com/hwdsl2/docker-ipsec-vpn-server +- https://blog.lrvt.de/dockerized-ikev2-vpn/ + +# Notes + +> IKEv2 mode has improvements over IPsec/L2TP and IPsec/XAuth ("Cisco IPsec"), and does not require an IPsec PSK, username or password. + +--> Therefore, IKEv2 only was chosen as preset via the environment variables of the provided docker-compose.yml. + +```` +# copy IKEv2 VPN profile from docker container onto host +docker cp ipsec-vpn-server:/etc/ipsec.d/vpnclient.p12 ./ + +# inspect randomly created certificate password +docker logs ipsec-vpn-server + +# elevated powershell; import the VPN profile into Windows using the password from docker logs above +# if you have not chosen to use a randomly created password (env var VPN_PROTECT_CONFIG=yes), then use a blank entry and just hit enter +certutil.exe -f -importpfx .\vpnclient.p12 NoExport + +# elevated powershell; set additional reg key to harden IKEv2 key exchange +REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2048_AES256 /t REG_DWORD /d 0x1 /f + +# lowpriv powershell; add the IKEv2 VPN connection +powershell -command "Add-VpnConnection -ServerAddress 'vpn.example.com' -Name 'IKEVPN' -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required -PassThru" + +powershell -command "Set-VpnConnectionIPsecConfiguration -ConnectionName 'IKEVPN' -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force" + +# force Windows to use the IKE VPN DNS servers by adjusting the metric level +# see https://superuser.com/a/966833 +netsh int ip set interface interface="IKEVPN" metric=1 +```` diff --git a/examples/ipsec-vpn-server/docker-compose.yml b/examples/ipsec-vpn-server/docker-compose.yml new file mode 100644 index 0000000..47bc6b1 --- /dev/null +++ b/examples/ipsec-vpn-server/docker-compose.yml @@ -0,0 +1,31 @@ +version: '3' + +services: + vpn: + image: hwdsl2/ipsec-vpn-server + hostname: ipsec-vpn-server + container_name: ipsec-vpn-server + environment: + #- VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`; only necessary if not IKEv2 only + #- VPN_USER=vpn # define your vpn username; only necessary if not IKEv2 only + #- VPN_PASSWORD=Cy7jRPIZGVK7dbAF5v # set a secure vpn password; e.g. via `openssl rand -base64 16`; only necessary if not IKEv2 only + #- VPN_ADDL_USERS=additional_username_1 additional_username_2 # add additional users; usernames must be separated by spaces, no duplicates allowed + #- VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2 # define pws for additional users; passwords must be separated by spaces + #- VPN_ADDL_IP_ADDRS=192.168.42.2 192.168.42.3 # assign static IPs to clients; IKEv2 mode does NOT support this feature + #- VPN_DNS_SRV1=1.1.1.1 # optionally use custom primary dns server; default is Google DNS + #- VPN_DNS_SRV2=1.0.0.1 # optionally use custom secondary dns server; default is Google DNS + #- VPN_CLIENT_NAME=vpnclient # optionally set your first vpn client name; default is vpnclient + #- VPN_DNS_NAME=vpn.example.com # optionally define dns name + #- VPN_PUBLIC_IP=103.10.199.1 # optionally define public IP address; this variable has no effect for IKEv2 mode + - VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password + - VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2 + #- VPN_DISABLE_IPSEC_L2TP=yes # disable IPsec/L2TP mode + #- VPN_DISABLE_IPSEC_XAUTH=yes # disable IPsec/XAuth ("Cisco IPsec") mode + restart: always + ports: + - "500:500/udp" + - "4500:4500/udp" + privileged: true + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ipsec-vpn-server/data:/etc/ipsec.d # required to enable IKEv2 + - /lib/modules:/lib/modules:ro # required to pass kernel modules diff --git a/examples/it-tools/README.md b/examples/it-tools/README.md new file mode 100644 index 0000000..ee500cc --- /dev/null +++ b/examples/it-tools/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/CorentinTh/it-tools diff --git a/examples/it-tools/docker-compose.yml b/examples/it-tools/docker-compose.yml new file mode 100644 index 0000000..f9ac298 --- /dev/null +++ b/examples/it-tools/docker-compose.yml @@ -0,0 +1,23 @@ +version: '3.3' + +services: + it-tools: + image: corentinth/it-tools + container_name: it-tools + hostname: it-tools + restart: unless-stopped + ports: + - 8080:80/tcp + #networks: + # - proxy # or use dev for testing purposes + #labels: + # - traefik.enable=true + # - traefik.http.routers.it-tools.rule=Host(`tools.example.com`) + # - traefik.http.services.it-tools.loadbalancer.server.port=80 + # - traefik.docker.network=proxy # or use dev for testing purposes + ## # Part for optional traefik middlewares + # - traefik.http.routers.it-tools.middlewares=local-ipwhitelist@file + +#networks: +# proxy: # or use dev for testing purposes +# external: true diff --git a/examples/jackett/README.md b/examples/jackett/README.md new file mode 100644 index 0000000..bdd3a46 --- /dev/null +++ b/examples/jackett/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-jackett \ No newline at end of file diff --git a/examples/jackett/docker-compose.yml b/examples/jackett/docker-compose.yml new file mode 100644 index 0000000..874bfec --- /dev/null +++ b/examples/jackett/docker-compose.yml @@ -0,0 +1,17 @@ +version: "2.1" + +services: + jackett: + image: lscr.io/linuxserver/jackett:latest + container_name: jackett + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - AUTO_UPDATE=true #optional + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jackett/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jackett/downloads:/downloads + ports: + - 9117:9117 + restart: unless-stopped diff --git a/examples/jellyfin/README.md b/examples/jellyfin/README.md new file mode 100644 index 0000000..99c1c36 --- /dev/null +++ b/examples/jellyfin/README.md @@ -0,0 +1,3 @@ +# References + +- https://jellyfin.org/docs/general/installation/container#docker \ No newline at end of file diff --git a/examples/jellyfin/docker-compose.yml b/examples/jellyfin/docker-compose.yml new file mode 100644 index 0000000..626f98f --- /dev/null +++ b/examples/jellyfin/docker-compose.yml @@ -0,0 +1,15 @@ +version: '3.3' +services: + jellyfin: + image: jellyfin/jellyfin:latest + container_name: jellyfin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/cache:/cache + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/jellyfin/media:/media + network_mode: host + restart: unless-stopped + #environment: + # - JELLYFIN_PublishedServerUrl=http://example.com # Optional - alternative address used for autodiscovery + #extra_hosts: + # - "host.docker.internal:host-gateway" # Optional - may be necessary for docker healthcheck to pass if running in host network mode diff --git a/examples/jetbrains-youtrack/README.md b/examples/jetbrains-youtrack/README.md new file mode 100644 index 0000000..81aa914 --- /dev/null +++ b/examples/jetbrains-youtrack/README.md @@ -0,0 +1,14 @@ +# References + +- https://hub.docker.com/r/jetbrains/youtrack/ + +# Note + +The JetBrains YouTrack container runs as specific user with a UID and GUID of `13001`. + +Therefore, ensure proper permissions on the Docker data bind mount volumes: + +```` +sudo chown -R 13001:13001 /mnt/docker-volumes/youtrack +sudo chmod -R 777 /mnt/docker-volumes/youtrack +```` diff --git a/examples/jetbrains-youtrack/docker-compose.yml b/examples/jetbrains-youtrack/docker-compose.yml new file mode 100644 index 0000000..ee2fa70 --- /dev/null +++ b/examples/jetbrains-youtrack/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3.5' + +services: + youtrack: + image: jetbrains/youtrack:2022.3.65373 + container_name: youtrack + hostname: youtrack + user: 13001:13001 # this is the default UID:GUID; see https://hub.docker.com/r/jetbrains/youtrack/ + restart: unless-stopped + ports: + - 8080:8080 # web ui + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/data:/opt/youtrack/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/conf:/opt/youtrack/conf + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/logs:/opt/youtrack/logs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/youtrack/backups:/opt/youtrack/backups + #networks: + # - proxy + deploy: + placement: + constraints: + - node.labels.youtrack.data == true + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.youtrack.rule=Host(`projects.example.com`) + # - traefik.http.services.youtrack.loadbalancer.server.port=8080 + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.youtrack.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/keycloak/README.md b/examples/keycloak/README.md new file mode 100644 index 0000000..b415b07 --- /dev/null +++ b/examples/keycloak/README.md @@ -0,0 +1,23 @@ +# References + +- https://github.com/keycloak/keycloak +- https://www.keycloak.org/getting-started/getting-started-docker + +# Notes + +```` +# copy example env file +cp env.example .env + +# adjust env to your needs +# adjust the compose.yml to your needs +nano .env +nano docker-compose.yml + +# create docker networks +docker network create proxy +docker network create keycloak-internal + +# spawn the stack +docker compose up -d +```` diff --git a/examples/keycloak/docker-compose.yml b/examples/keycloak/docker-compose.yml new file mode 100644 index 0000000..c905efe --- /dev/null +++ b/examples/keycloak/docker-compose.yml @@ -0,0 +1,76 @@ +version: '3.7' + +services: + postgres: + image: postgres:16-alpine + container_name: keycloak-db + restart: always + expose: + - 5432 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/keycloak/database:/var/lib/postgresql/data + environment: + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + healthcheck: + test: [ "CMD", "pg_isready", "-q", "-d", "${POSTGRES_DB}", "-U", "${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 60s + networks: + - keycloak-internal + + keycloak: + image: quay.io/keycloak/keycloak:25.0 + container_name: keycloak-app + command: start + environment: + KC_HOSTNAME: ${KEYCLOAK_HOSTNAME} + KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB} + KC_DB_USERNAME: ${POSTGRES_USER} + KC_DB_PASSWORD: ${POSTGRES_PASSWORD} + KC_PROXY_HEADERS: 'xforwarded' + KC_HTTP_ENABLED: true + KC_HEALTH_ENABLED: true + PROXY_ADDRESS_FORWARDING: 'true' + healthcheck: + test: + - "CMD-SHELL" + - | + exec 3<>/dev/tcp/localhost/9000 && + echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n' >&3 && + cat <&3 | tee /tmp/healthcheck.log | grep -q '200 OK' + interval: 10s + timeout: 5s + retries: 3 + start_period: 90s + ports: + - 8080:8080 + expose: + - 8080 # web ui http + - 9000 # health endpoint + restart: always + depends_on: + postgres: + condition: service_healthy + networks: + - keycloak-internal + - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.keycloak.rule=Host(`keycloak.example.com`) + # - traefik.http.services.keycloak.loadbalancer.server.port=8080 + # # Optional part for traefik middlewares + # - traefik.http.routers.keycloak.middlewares=local-ipwhitelist@file + +networks: + keycloak-internal: + internal: true + proxy: + external: true diff --git a/examples/keycloak/env.example b/examples/keycloak/env.example new file mode 100644 index 0000000..a5ba4e9 --- /dev/null +++ b/examples/keycloak/env.example @@ -0,0 +1,11 @@ +# define FQDN hostname +KEYCLOAK_HOSTNAME=keycloak.example.com + +# define login credentials +KEYCLOAK_ADMIN=admin +KEYCLOAK_ADMIN_PASSWORD=password + +# define database credentials +POSTGRES_DB=keycloak_db +POSTGRES_USER=keycloak_db_user +POSTGRES_PASSWORD=keycloak_db_user_password diff --git a/examples/koillection/.env b/examples/koillection/.env new file mode 100644 index 0000000..aa9adf0 --- /dev/null +++ b/examples/koillection/.env @@ -0,0 +1,45 @@ +######################################################################################################## +# WEB +# +# APP_DEBUG=1 displays detailed error message +# +# APP_SECRET is a random string used for security, you can use for example openssl rand -base64 21 +# APP_SECRET is automatically generated when using Docker +# +# PHP_TZ, see possible values here https://www.w3schools.com/php/php_ref_timezones.asp +######################################################################################################## + +APP_DEBUG=0 +APP_ENV=prod +#APP_SECRET= + +HTTPS_ENABLED=1 +UPLOAD_MAX_FILESIZE=20M +PHP_MEMORY_LIMIT=512M +PHP_TZ=Europe/Paris + + +######################################################################################################## +# API +# +# +# JWT_PASSPHRASE is a random string used for security, you can use for example openssl rand -base64 21 +# JWT_PASSPHRASE is automatically generated when using Docker +######################################################################################################## + +CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$' +JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem +JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem +#JWT_PASSPHRASE= + +######################################################################################################## +# DATABASE +######################################################################################################## + +DB_DRIVER=pdo_pgsql +DB_NAME=koillection +DB_HOST=db +DB_PORT=5432 +DB_USER=koillection +DB_PASSWORD=change_me! +DB_VERSION=16 diff --git a/examples/koillection/README.md b/examples/koillection/README.md new file mode 100644 index 0000000..b0d93a1 --- /dev/null +++ b/examples/koillection/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/benjaminjonard/koillection diff --git a/examples/koillection/docker-compose.yml b/examples/koillection/docker-compose.yml new file mode 100644 index 0000000..dab69b1 --- /dev/null +++ b/examples/koillection/docker-compose.yml @@ -0,0 +1,68 @@ +version: '3.3' + +services: + + db: + image: postgres:16-alpine + container_name: koillection-db + hostname: koillection-db + restart: unless-stopped + expose: + - 5432 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/koillection/database:/var/lib/postgresql/data + environment: + - POSTGRES_DB=${DB_NAME:-koillection} + - POSTGRES_USER=${DB_USER:-koillection} + - POSTGRES_PASSWORD=${DB_PASSWORD:-koillection} + #networks: + # - proxy + + koillection: + image: koillection/koillection:latest + container_name: koillection + hostname: koillection + depends_on: + - db + restart: unless-stopped + ports: + - 8888:80/tcp + expose: + - 80 + environment: + - APP_DEBUG=${APP_DEBUG:-0} + - APP_ENV=${APP_ENV:-prod} + - HTTPS_ENABLED=${HTTPS_ENABLED:-0} + - UPLOAD_MAX_FILESIZE=${UPLOAD_MAX_FILESIZE:-20M} + - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-512M} + - PHP_TZ=${PHP_TZ:-Europe/Berlin} + - CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$' + - JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem + - JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem + - DB_DRIVER=${DB_DRIVER:-pdo_pgsql} + - DB_HOST=${DB_HOST:-db} + - DB_NAME=${DB_NAME:-koillection} + - DB_USER=${DB_USER:-koillection} + - DB_PASSWORD=${DB_PASSWORD:-koillection} + - DB_PORT=${DB_PORT:-5432} + - DB_VERSION=${DB_VERSION:-16} + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/koillection/uploads:/uploads + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.koillection.rule=Host(`collection.example.com`) + # - traefik.http.services.koillection.loadbalancer.server.port=80 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.koillection.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/leantime/.env b/examples/leantime/.env new file mode 100644 index 0000000..c2eb9a1 --- /dev/null +++ b/examples/leantime/.env @@ -0,0 +1,165 @@ +# This is a sample configuration file with all possible configuration options. +# If you don't want to maintain a file like this you can pass in all variables via Server Variables + +## Minimum Configuration, these are required for installation + +LEAN_PORT = 80 # The port to expose and access Leantime +LEAN_APP_URL = 'https://leantime.example.com' # Base URL, only needed for subfolder installation +LEAN_APP_DIR = '' # Base of application without trailing slash (used for cookies), e.g, /leantime + +LEAN_PORT = '8081' + +LEAN_DEBUG = 0 # Debug flag + +# Database - MySQL container +MYSQL_ROOT_PASSWORD = 'changeme123' # Database password +MYSQL_DATABASE = 'leantime' # Database name +MYSQL_USER = 'lean' # Database username +MYSQL_PASSWORD = 'changeme123' # Database password + +# Database - leantime container +LEAN_DB_HOST = 'leantime_db' # Database host +LEAN_DB_USER = 'lean' # Database username (needs to be the same as MYSQL_USER) +LEAN_DB_PASSWORD = 'changeme123' # Database password (needs to be the same as MYSQL_PASSWORD) +LEAN_DB_DATABASE = 'leantime' # Database name (needs to be the same as MYSQL_DATABASE) +LEAN_DB_PORT = '3306' # Database port + + +## Optional Configuration, you may omit these from your .env file + +## Default Settings +LEAN_SITENAME = 'Leantime' # Name of your site, can be changed later +LEAN_LANGUAGE = 'en-US' # Default language +LEAN_DEFAULT_TIMEZONE = 'Europe/Berlin' # Set default timezone +LEAN_ENABLE_MENU_TYPE = false # Enable to specifiy menu on a project by project basis +LEAN_SESSION_PASSWORD = '3evBlq9zdUEuzKvVJHWWx3QzsQhturBApxwcws2m' #Salting sessions. Replace with a strong password +LEAN_SESSION_EXPIRATION = 28800 # How many seconds after inactivity should we logout? 28800seconds = 8hours +LEAN_LOG_PATH = null # Default Log Path (including filename), if not set /logs/error.log will be used + +## Look & Feel, these settings are available in the UI and can be overwritten there. +LEAN_LOGO_PATH = '/images/logo.svg' # Default logo path, can be changed later +LEAN_PRINT_LOGO_URL = '/images/logo.jpg' # Default logo URL use for printing (must be jpg or png format) +LEAN_DEFAULT_THEME = 'default' # Default theme +LEAN_PRIMARY_COLOR = '#1b75bb' # Primary Theme color +LEAN_SECONDARY_COLOR = '#81B1A8' # Secondary Theme Color + +## Fileuploads + +# Local File Uploads +LEAN_USER_FILE_PATH = 'userfiles/' # Local relative path to store uploaded files (if not using S3) +LEAN_DB_BACKUP_PATH = 'backupdb/' # Local relative path to store backup files, need permission to write + +# S3 File Uploads +# LEAN_USE_S3 = false # Set to true if you want to use S3 instead of local files +# LEAN_S3_KEY = '' # S3 Key +# LEAN_S3_SECRET = '' # S3 Secret +# LEAN_S3_BUCKET = '' # Your S3 bucket +# LEAN_S3_USE_PATH_STYLE_ENDPOINT = false # Sets the endpoint style: false => https://[bucket].[endpoint] ; true => https://[endpoint]/[bucket] +# LEAN_S3_REGION = '' # S3 region +# LEAN_S3_FOLDER_NAME = '' # Foldername within S3 (can be emtpy) +# LEAN_S3_END_POINT = null # S3 EndPoint S3 Compatible (https://sfo2.digitaloceanspaces.com) + +## Email +LEAN_EMAIL_RETURN = '' # Return email address, needs to be valid email address format +LEAN_EMAIL_USE_SMTP = false # Use SMTP? If set to false, the default php mail() function will be used +LEAN_EMAIL_SMTP_HOSTS = '' # SMTP host +LEAN_EMAIL_SMTP_AUTH = true # SMTP authentication required +LEAN_EMAIL_SMTP_USERNAME = '' # SMTP username +LEAN_EMAIL_SMTP_PASSWORD = '' # SMTP password +LEAN_EMAIL_SMTP_AUTO_TLS = true # SMTP Enable TLS encryption automatically if a server supports it +LEAN_EMAIL_SMTP_SECURE = '' # SMTP Security protocol (usually one of: TLS, SSL, STARTTLS) +LEAN_EMAIL_SMTP_SSLNOVERIFY = false # SMTP Allow insecure SSL: Don't verify certificate, accept self-signed, etc. +LEAN_EMAIL_SMTP_PORT = '' # Port (usually one of 25, 465, 587, 2526) + +## Ldap +# LEAN_LDAP_USE_LDAP = false # Set to true if you want to use LDAP +# LEAN_LDAP_LDAP_TYPE = 'OL' # Select the correct directory type. Currently Supported: OL - OpenLdap, AD - Active Directory +# LEAN_LDAP_HOST = '' # FQDN +# LEAN_LDAP_PORT = 389 # Default Port +# LEAN_LDAP_DN = '' # Location of users, example: CN=users,DC=example,DC=com + + # Leantime->Ldap attribute mapping +# LEAN_LDAP_KEYS="{ +# \"username\":\"uid\", +# \"groups\":\"memberOf\", +# \"email\":\"mail\", +# \"firstname\":\"displayname\", +# \"lastname\":\"\", +# \"phonenumber\":\"telephoneNumber\" +# }" + +# For AD use these default attributes +# LEAN_LDAP_KEYS="{ +# \"username\":\"cn\", +# \"groups\":\"memberOf\", +# \"email\":\"mail\", +# \"firstname\":\"givenName\", +# \"lastname\":\"sn\", +# \"phonenumber\":\"telephoneNumber\" +# }" + +# LEAN_LDAP_DEFAULT_ROLE_KEY = 20; # Default Leantime Role on creation. (set to editor) + +# Default role assignments upon first login. +# (Optional) Can be updated later in user settings for each user +# LEAN_LDAP_GROUP_ASSIGNMENT="{ +# \"5\": { +# \"ltRole\":\"readonly\", +# \"ldapRole\":\"readonly\" +# }, +# \"10\": { +# \"ltRole\":\"commenter\", +# \"ldapRole\":\"commenter\" +# }, +# \"20\": { +# \"ltRole\":\"editor\", +# \"ldapRole\":\"editor\" +# }, +# \"30\": { +# \"ltRole\":\"manager\", +# \"ldapRole\":\"manager\" +# }, +# \"40\": { +# \"ltRole\":\"admin\", +# \"ldapRole\":\"administrators\" +# }, +# \"50\": { +# \"ltRole\":\"owner\", +# \"ldapRole\":\"administrators\" +# } +# }" + +## OpenID Connect +# required +# LEAN_OIDC_ENABLE = false +# LEAN_OIDC_CLIENT_ID = +# LEAN_OIDC_CLIENT_SECRET = + +# required - the url for your provider (examples down below) +#LEAN_OIDC_PROVIDER_URL = + +# optional - these will be read from the well-known configuration if possible +#LEAN_OIDC_AUTH_URL_OVERRIDE = +#LEAN_OIDC_TOKEN_URL_OVERRIDE = +#LEAN_OIDC_JWKS_URL_OVERRIDE = +#LEAN_OIDC_USERINFO_URL_OVERRIDE = + +# optional - override the public key for RSA validation +#LEAN_OIDC_CERTIFICATE_STRING = +#LEAN_OIDC_CERTIFICATE_FILE = + +# optional - override the requested scopes +#LEAN_OIDC_SCOPES = + +# optional - override the keys used for these fields +#LEAN_OIDC_FIELD_EMAIL = +#LEAN_OIDC_FIELD_FIRSTNAME = +#LEAN_OIDC_FIELD_LASTNAME = + +## OpenID Connect setting for github +#LEAN_OIDC_PROVIDER_URL = https://token.actions.githubusercontent.com/ +#LEAN_OIDC_AUTH_URL_OVERRIDE = https://github.com/login/oauth/authorize +#LEAN_OIDC_TOKEN_URL_OVERRIDE = https://github.com/login/oauth/access_token +#LEAN_OIDC_USERINFO_URL_OVERRIDE = https://api.github.com/user,https://api.github.com/user/emails +#LEAN_OIDC_SCOPES = user:email +#LEAN_OIDC_FIELD_EMAIL = 0.email diff --git a/examples/leantime/README.md b/examples/leantime/README.md new file mode 100644 index 0000000..d81ea70 --- /dev/null +++ b/examples/leantime/README.md @@ -0,0 +1,9 @@ +# References + +- https://github.com/Leantime/docker-leantime + +# Notes + +Ensure to define the variable `LEAN_APP_URL` in the `.env` file. + +Otherwise, you may get errors (CSS/JS not properly loaded). Especially if you use a reverse proxy in front. diff --git a/examples/leantime/docker-compose.yml b/examples/leantime/docker-compose.yml new file mode 100644 index 0000000..a77b42a --- /dev/null +++ b/examples/leantime/docker-compose.yml @@ -0,0 +1,43 @@ +version: '3.3' + +services: + leantime_db: + image: mysql:8.0 + container_name: leantime-mysql + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/mysql:/var/lib/mysql + restart: unless-stopped + env_file: ./.env + command: --character-set-server=UTF8MB4 --collation-server=UTF8MB4_unicode_ci + #networks: + # - proxy + + leantime: + image: leantime/leantime:latest + container_name: leantime + restart: unless-stopped + env_file: ./.env + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/public_data:/var/www/html/public/userfiles + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/leantime/data:/var/www/html/userfiles + ports: + - "8080:80" # The port to expose and access Leantime + depends_on: + - leantime_db # Don't start Leantime unless leantime_db is running + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.leantime.rule=Host(`leantime.example.com`) + # - traefik.http.services.leantime.loadbalancer.server.port=80 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.leantime.middlewares=local-ipwhitelist@file,authelia@file,basic-auth@file + +#networks: +# proxy: +# external: true diff --git a/examples/librephotos/.env b/examples/librephotos/.env new file mode 100644 index 0000000..cc44400 --- /dev/null +++ b/examples/librephotos/.env @@ -0,0 +1,62 @@ +# This file contains all the things you need to change to set up your Libre Photos. +# There are a few items that must be set for it to work such as the location of your photos. +# After the mandatory entries there are some optional ones that you may set. + +# Start of mandatory changes. + +# Location of your photos. +scanDirectory=/mnt/docker-volumes/librephotos/pictures + +# Internal data of LibrePhotos +data=/mnt/docker-volumes/librephotos/data + +# ------------------------------------------------------------------------------------------------ + +# Wow, we are at the optional now. Pretty easy so far. You do not have to change any of the below. + +#What port should Libre Photos be accessed at (Default 3000) +httpPort=3000 + +# What branch should we install the latest weekly build or the development branch (dev) +tag=latest + +# Number of workers, which take care of the request to the api. This setting can dramatically affect the ram usage. +# A positive integer generally in the 2-4 x $(NUM_CORES) range. +# You’ll want to vary this a bit to find the best for your particular workload. +# Each worker needs 800MB of RAM. Change at your own will. Default is 2. +gunniWorkers=2 + +# You can set the database name. Did you know Libre Photos was forked from OwnPhotos? +dbName=librephotos + +# Here you can change the user name for the database. +dbUser=docker + +# The password used by the database. +dbPass=AaAa1234 + +# Default minimum rating to interpret as favorited. This default value is used when creating a new user. +# Users can change this in their settings (Dashboards > Library). +DEFAULT_FAVORITE_MIN_RATING=4 + +# Database host. Only change this if you want to use your own existing Postgres server. If using your own server, you can remove the 'db' container from docker-compose.yml. If you're changing the name of the DB's container name (DB_CONT_NAME further down), you need to set this variable to match that name too. +dbHost=db + +# Set the names of the docker containers to your own entries. Or don't, I'm not your dad. +# Changing these will require you to `make rename` to rename the services, and start the system with your chosen `docker-compose up -d` invocation again. +# Note that changing the DB_CONT_NAME will also need you to set the `dbHost` variable to the same value. +DB_CONT_NAME=db +BACKEND_CONT_NAME=backend +FRONTEND_CONT_NAME=frontend +PROXY_CONT_NAME=proxy +REDIS_CONT_NAME=redis +PGADMIN_CONT_NAME=pgadmin +# --------------------------------------------------------------------------------------------- + +# If you are not a developer ignore the following parameters: you will never need them. + +# Where shall we store the backend and frontend code files. +codedir=./librephotos/code + +# Location for pgAdmin +pgAdminLocation=./librephotos/pgadmin diff --git a/examples/librephotos/README.md b/examples/librephotos/README.md new file mode 100644 index 0000000..579dfc9 --- /dev/null +++ b/examples/librephotos/README.md @@ -0,0 +1,3 @@ +# References + +- https://docs.librephotos.com/1/standard_install/ \ No newline at end of file diff --git a/examples/librephotos/docker-compose.yml b/examples/librephotos/docker-compose.yml new file mode 100644 index 0000000..7f08722 --- /dev/null +++ b/examples/librephotos/docker-compose.yml @@ -0,0 +1,90 @@ +# DO NOT EDIT +# The .env file has everything you need to edit. +# Run options: +# 1. Use prebuilt images (preferred method): +# run cmd: docker-compose up -d +# 2. Build images on your own machine: +# build cmd: COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose build +# run cmd: docker-compose up -d + +version: "3.8" +services: + proxy: + image: reallibrephotos/librephotos-proxy:${tag} + container_name: librephotos-proxy + restart: unless-stopped + volumes: + - ${scanDirectory}:/data + - ${data}/protected_media:/protected_media + ports: + - ${httpPort}:80 + depends_on: + - backend + - frontend + + db: + image: postgres:13 + container_name: librephotos-db + restart: unless-stopped + environment: + - POSTGRES_USER=${dbUser} + - POSTGRES_PASSWORD=${dbPass} + - POSTGRES_DB=${dbName} + volumes: + - ${data}/db:/var/lib/postgresql/data + command: postgres -c fsync=off -c synchronous_commit=off -c full_page_writes=off -c random_page_cost=1.0 + healthcheck: + test: psql -U ${dbUser} -d ${dbName} -c "SELECT 1;" + interval: 5s + timeout: 5s + retries: 5 + + frontend: + image: reallibrephotos/librephotos-frontend:${tag} + container_name: frontend + restart: unless-stopped + + backend: + image: reallibrephotos/librephotos:${tag} + container_name: librephotos-backend + restart: unless-stopped + volumes: + - ${scanDirectory}:/data + - ${data}/protected_media:/protected_media + - ${data}/logs:/logs + - ${data}/cache:/root/.cache + environment: + - SECRET_KEY=${shhhhKey:-} + - BACKEND_HOST=backend + - ADMIN_EMAIL=${adminEmail:-} + - ADMIN_USERNAME=${userName:-} + - ADMIN_PASSWORD=${userPass:-} + - DB_BACKEND=postgresql + - DB_NAME=${dbName} + - DB_USER=${dbUser} + - DB_PASS=${dbPass} + - DB_HOST=${dbHost} + - DB_PORT=5432 + - REDIS_HOST=redis + - REDIS_PORT=6379 + - MAPBOX_API_KEY=${mapApiKey:-} + - WEB_CONCURRENCY=${gunniWorkers:-1} + - SKIP_PATTERNS=${skipPatterns:-} + - ALLOW_UPLOAD=${allowUpload:-false} + - DEBUG=0 + - HEAVYWEIGHT_PROCESS=${HEAVYWEIGHT_PROCESS:-} + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + + redis: + image: redis:6 + container_name: librephotos-redis + restart: unless-stopped + healthcheck: + test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ] + interval: 5s + timeout: 5s + retries: 12 diff --git a/examples/lidarr/README.md b/examples/lidarr/README.md new file mode 100644 index 0000000..0db3ea2 --- /dev/null +++ b/examples/lidarr/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-lidarr \ No newline at end of file diff --git a/examples/lidarr/docker-compose.yml b/examples/lidarr/docker-compose.yml new file mode 100644 index 0000000..f950897 --- /dev/null +++ b/examples/lidarr/docker-compose.yml @@ -0,0 +1,17 @@ +version: "2.1" + +services: + lidarr: + image: lscr.io/linuxserver/lidarr:latest + container_name: lidarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/lidarr/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/lidarr/music:/music + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/lidarr/downloads:/downloads # Should be the same as the download client's folder + ports: + - 8686:8686 + restart: unless-stopped diff --git a/examples/lldap/README.md b/examples/lldap/README.md new file mode 100644 index 0000000..1d61575 --- /dev/null +++ b/examples/lldap/README.md @@ -0,0 +1,8 @@ +# References + +- https://github.com/lldap/lldap + +# Notes + +An Authelia example configuration can be found: +- https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml diff --git a/examples/lldap/docker-compose.yml b/examples/lldap/docker-compose.yml new file mode 100644 index 0000000..ab905a0 --- /dev/null +++ b/examples/lldap/docker-compose.yml @@ -0,0 +1,31 @@ +version: '3.3' + +services: + lldap: + image: lldap/lldap:stable + container_name: lldap + hostname: lldap + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/lldap/data:/data # For the config file, server private key and the sqlite database. + environment: + - LLDAP_JWT_SECRET=CHANGEME + - LLDAP_LDAP_USER_PASS=CHANGEME + - LLDAP_LDAP_BASE_DN=dc=example,dc=com + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + ports: + - 3890:3890 # LDAP + - 17170:17170 # WEB UI + #networks: + # - proxy + #expose: + # - 17170 + #labels: + # - traefik.enable=true + # - traefik.http.routers.lldap.rule=Host(`lldap.example.com`) + # - traefik.http.services.lldap.loadbalancer.server.port=17170 + +#networks: +# proxy: +# external: true diff --git a/examples/matomo/README.md b/examples/matomo/README.md new file mode 100644 index 0000000..ffc54dd --- /dev/null +++ b/examples/matomo/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/matomo-org/matomo diff --git a/examples/matomo/db.env b/examples/matomo/db.env new file mode 100644 index 0000000..69b78c3 --- /dev/null +++ b/examples/matomo/db.env @@ -0,0 +1,8 @@ +MYSQL_PASSWORD=makeitup2 +MYSQL_DATABASE=matomo +MYSQL_USER=matomo +MATOMO_DATABASE_ADAPTER=mysql +MATOMO_DATABASE_TABLES_PREFIX=matomo_ +MATOMO_DATABASE_USERNAME=matomo +MATOMO_DATABASE_PASSWORD= +MATOMO_DATABASE_DBNAME=matomo diff --git a/examples/matomo/docker-compose.yml b/examples/matomo/docker-compose.yml new file mode 100644 index 0000000..4a27969 --- /dev/null +++ b/examples/matomo/docker-compose.yml @@ -0,0 +1,41 @@ +version: "2" + +services: + matomo: + container_name: matomo + image: matomo + ports: + - 8099:80 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/apache/apache2.conf:/etc/apache2/apache2.conf:ro + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/html:/var/www/html + environment: + - MATOMO_DATABASE_HOST=matomo_db + #- VIRTUAL_HOST=matomo.example.com + #- LETSENCRYPT_HOST=stats.mysite.ext + #- LETSENCRYPT_EMAIL=email@something.ext + env_file: + - ./db.env + depends_on: + - matomo_db + restart: unless-stopped + #labels: + # - traefik.enable=true + # - traefik.http.routers.matomo.rule=Host(`matomo.example.com`) + # - traefik.http.services.matomo.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only + # # - traefik.http.routers.matomo.middlewares=local-ipwhitelist@file + + + matomo_db: + container_name: matomo_db + image: mariadb + command: --max-allowed-packet=64MB + environment: + - MYSQL_ROOT_PASSWORD=makeitup + env_file: + - ./db.env + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/matomo/database:/var/lib/mysql diff --git a/examples/mattermost/.env b/examples/mattermost/.env new file mode 100644 index 0000000..345559a --- /dev/null +++ b/examples/mattermost/.env @@ -0,0 +1,61 @@ +# Domain of service +DOMAIN=mattermost.example.com + +# Container settings +## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'. +## A list of these tz database names can be looked up at Wikipedia +## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Europe/Berlin +RESTART_POLICY=unless-stopped + +# Postgres settings +## Documentation for this image and available settings can be found on hub.docker.com +## https://hub.docker.com/_/postgres +## Please keep in mind this will create a superuser and it's recommended to use a less privileged +## user to connect to the database. +## A guide on how to change the database user to a nonsuperuser can be found in docs/creation-of-nonsuperuser.md +POSTGRES_IMAGE_TAG=16-alpine +#POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data +POSTGRES_DATA_PATH=${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mattermost/psql +POSTGRES_USER=mmuser +POSTGRES_PASSWORD=mmuserpassword +POSTGRES_DB=mattermost + +# Mattermost settings +## Inside the container the uid and gid is 2000. The folder owner can be set with +## `sudo chown -R 2000:2000 ./volumes/app/mattermost`. +MATTERMOST_CONFIG_PATH=${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mattermost/config +MATTERMOST_DATA_PATH=${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mattermost/data +MATTERMOST_LOGS_PATH=${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mattermost/logs +MATTERMOST_PLUGINS_PATH=${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mattermost/plugins +MATTERMOST_CLIENT_PLUGINS_PATH=${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mattermost/plugins +MATTERMOST_BLEVE_INDEXES_PATH=${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mattermost/bleve-indexes + +## Bleve index (inside the container) +MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes + +## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing. +MATTERMOST_IMAGE=mattermost-enterprise-edition +MATTERMOST_IMAGE_TAG=release-9.11 + +## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use +## it if you know what you're doing. +## See https://github.com/mattermost/docker/issues/18 +MATTERMOST_CONTAINER_READONLY=false + +## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant +## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host +## or for using it behind another existing reverse proxy. +APP_PORT=8065 + +## Configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at +## https://docs.mattermost.com/administration/config-settings.html +## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes +## the system console as well and settings set with env variables will be greyed out. + +## Below one can find necessary settings to spin up the Mattermost container +MM_SQLSETTINGS_DRIVERNAME=postgres +MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10 + +## Example settings (any additional setting added here also needs to be introduced in the docker-compose.yml) +MM_SERVICESETTINGS_SITEURL=https://${DOMAIN} diff --git a/examples/mattermost/README.md b/examples/mattermost/README.md new file mode 100644 index 0000000..3dd1eb7 --- /dev/null +++ b/examples/mattermost/README.md @@ -0,0 +1,14 @@ +# References + +- https://github.com/mattermost/docker +- https://docs.mattermost.com/install/install-docker.html + +# Notes + +The bind volume permissions must be adjusted: + +```` +sudo chown -R 2000:2000 /mnt/docker-volumes/mattermost/* +```` + +Finally, run `docker compose up` to spawn the container. diff --git a/examples/mattermost/docker-compose.yml b/examples/mattermost/docker-compose.yml new file mode 100644 index 0000000..0b740e1 --- /dev/null +++ b/examples/mattermost/docker-compose.yml @@ -0,0 +1,82 @@ +version: "2.4" + +services: + postgres: + image: postgres:${POSTGRES_IMAGE_TAG} + container_name: mattermost-db + restart: ${RESTART_POLICY} + security_opt: + - no-new-privileges:true + pids_limit: 100 + read_only: true + tmpfs: + - /tmp + - /var/run/postgresql + volumes: + - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data + environment: + # timezone inside container + - TZ + # necessary Postgres options/variables + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + #networks: + # - mattermost_default + + mattermost: + image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG} + container_name: mattermost + depends_on: + - postgres + restart: ${RESTART_POLICY} + security_opt: + - no-new-privileges:true + pids_limit: 200 + read_only: ${MATTERMOST_CONTAINER_READONLY} + ports: + - 8065:8056/tcp # mattermost http + #- 8443:8443/tcp # mattermost calls + #- 8443:8443/udp # mattermost calls + expose: + - 8065 + - 8443 + tmpfs: + - /tmp + volumes: + - ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw + - ${MATTERMOST_DATA_PATH}:/mattermost/data:rw + - ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw + - ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw + - ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw + - ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw + environment: + # timezone inside container + - TZ + # necessary Mattermost options/variables (see env.example) + - MM_SQLSETTINGS_DRIVERNAME + - MM_SQLSETTINGS_DATASOURCE + # necessary for bleve + - MM_BLEVESETTINGS_INDEXDIR + # additional settings + - MM_SERVICESETTINGS_SITEURL + #networks: + # - proxy + # - mattermost_default + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.mattermost.rule=Host(`mattermost.example.com`) + # - traefik.http.services.mattermost.loadbalancer.server.port=8065 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for file uploads; allow 50MB + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for file uploads; allow 50MB + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for file uploads; allow 50MB + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for file uploads; allow 50MB + # # Part for optional traefik middlewares + # - traefik.http.routers.mattermost.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true +# mattermost_default: +# external: false \ No newline at end of file diff --git a/examples/mealie/README.md b/examples/mealie/README.md new file mode 100644 index 0000000..e60bf27 --- /dev/null +++ b/examples/mealie/README.md @@ -0,0 +1,4 @@ +# References + +- https://nightly.mealie.io/documentation/getting-started/installation/sqlite/ +- https://github.com/hay-kot/mealie diff --git a/examples/mealie/docker-compose.yml b/examples/mealie/docker-compose.yml new file mode 100644 index 0000000..47c80e5 --- /dev/null +++ b/examples/mealie/docker-compose.yml @@ -0,0 +1,53 @@ +version: "3.7" + +services: + mealie-frontend: + image: hkotel/mealie:frontend-v1.0.0beta-5 + container_name: mealie-frontend + hostname: mealie-frontend + depends_on: + - mealie-api + environment: + # Set Frontend ENV Variables Here + - API_URL=http://mealie-api:9000 + restart: unless-stopped + ports: + - "9925:3000" # adjust to your liking + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mealie/data:/app/data/ + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.mealie.rule=Host(`mealie.example.com`) + # - traefik.http.services.mealie.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.mealie.middlewares=local-ipwhitelist@file,basic-auth@file + + mealie-api: + image: hkotel/mealie:api-v1.0.0beta-5 + container_name: mealie-api + hostname: mealie-api + deploy: + resources: + limits: + memory: 512M # Setting a memory limit will improve idle performance. + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mealie/data:/app/data/ + #networks: + # - proxy + environment: + # Set Backend ENV Variables Here + - ALLOW_SIGNUP=true # disable after setting up your accounts! + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - MAX_WORKERS=1 + - WEB_CONCURRENCY=1 + - BASE_URL=https://mealie.example.com # adjust this! + restart: unless-stopped + +#networks: +# proxy: +# external: true diff --git a/examples/memos/README.md b/examples/memos/README.md new file mode 100644 index 0000000..fecb061 --- /dev/null +++ b/examples/memos/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/usememos/memos diff --git a/examples/memos/docker-compose.yml b/examples/memos/docker-compose.yml new file mode 100644 index 0000000..82c4cc6 --- /dev/null +++ b/examples/memos/docker-compose.yml @@ -0,0 +1,23 @@ +version: "3.0" + +services: + memos: + image: neosmemo/memos:latest + container_name: memos + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/memos/data:/var/opt/memos + ports: + - 5230:5230 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.memos.rule=Host(`memosservice.example.com`) + # - traefik.http.services.memos.loadbalancer.server.port=5230 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.memos.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/metube/README.md b/examples/metube/README.md new file mode 100644 index 0000000..7cf4bfe --- /dev/null +++ b/examples/metube/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/alexta69/metube diff --git a/examples/metube/docker-compose.yml b/examples/metube/docker-compose.yml new file mode 100644 index 0000000..9576c8a --- /dev/null +++ b/examples/metube/docker-compose.yml @@ -0,0 +1,25 @@ +version: "3" + +services: + metube: + image: alexta69/metube + container_name: metube + hostname: metube + restart: unless-stopped + ports: + - "8081:8081" # web ui + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/metube/downloads:/downloads + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.metube.rule=Host(`metube.example.com`) + # - traefik.http.services.metube.loadbalancer.server.port=8081 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.metube.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true diff --git a/examples/minio/README.md b/examples/minio/README.md new file mode 100644 index 0000000..eae65d8 --- /dev/null +++ b/examples/minio/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/bitnami/minio/ \ No newline at end of file diff --git a/examples/minio/docker-compose.yml b/examples/minio/docker-compose.yml new file mode 100644 index 0000000..e7e00f4 --- /dev/null +++ b/examples/minio/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3" + +services: + minio-s3: + image: bitnami/minio:2023 + container_name: minio + hostname: minio + environment: + - MINIO_ROOT_USER=minio # change this + - MINIO_ROOT_PASSWORD=XscUJuDQP4WuWA55vfXNrc7 # change this + ports: + - 9001:9001/tcp + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/minio/data:/data + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.minio.rule=Host(`s3.example.com`) + # - traefik.http.services.minio.loadbalancer.server.port=9001 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.minio.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true diff --git a/examples/mirotalk/.env b/examples/mirotalk/.env new file mode 100644 index 0000000..4aa4d89 --- /dev/null +++ b/examples/mirotalk/.env @@ -0,0 +1,169 @@ +# Domain + +HOST=localhost + +# Signaling Server listen port + +PORT=3000 + +# Enable self-signed certs (app/ssl) + +HTTPS=false # true or false + +# Time Zone corresponding to timezone identifiers from the IANA Time Zone Database es Europe/Rome default UTC + +TZ=UTC + +# Logs + +LOGS_DEBUG=true # true or false +LOGS_COLORS=true # true or false + +# Cors +# Origin: Allow specified origin es '["https://example.com", "https://subdomain.example.com", "http://localhost:3000"]' or +# all origins '*' if not specified as per default. +# Methods: Allow only GET and POST methods + +CORS_ORIGIN='*' +CORS_METHODS='["GET", "POST"]' + +# IP whitelist +# Access to the instance is restricted to only the specified IP addresses in the allowed list. This feature is disabled by default. + +IP_WHITELIST_ENABLED=false # true or false +IP_WHITELIST_ALLOWED='["127.0.0.1", "::1"]' + +# OIDC - OpenID Connect +# 1. Sign up for an account at https://auth0.com. +# 2. Navigate to https://manage.auth0.com/ to create a new application tailored to your specific requirements. +# For those seeking an open-source solution, check out: https://github.com/panva/node-oidc-provider + +OIDC_ENABLED=false # true or false +OIDC_ISSUER_BASE_URL='https://server.example.com' +OIDC_BASE_URL='http://localhost:3000' # https://p2p.mirotalk.com +OIDC_CLIENT_ID='ClientID' +OIDC_CLIENT_SECRET='ClientSecret' +OIDC_AUTH_REUIRED=false # set to true if authentication is required for all routes +SESSION_SECRET='mirotalk-p2p-oidc-secret' + +# Host protection +# HOST_PROTECTED: +# - When set to true, it requires a valid username and password from the HOST_USERS list to initialize or join a room. +# - When OIDC_ENABLED is utilized alongside host protection, the authenticated user will be recognized as valid.# HOST_USER_AUTH: When set to true, it also requires a valid username and password for joining the room. +# HOST_USERS: This is the list of valid users along with their credentials. + +HOST_PROTECTED=false # true or false +HOST_USER_AUTH=false # true or false +HOST_USERS='[{"username": "username", "password": "password"},{"username": "username2", "password": "password2"}]' + +# JWT token config + +JWT_KEY=mirotalkp2p_jwt_secret +JWT_EXP=1h + +# Presenters list +# In our virtual room, the first participant to join will assume the role of the presenter. +# Additionally, we have the option to include more presenters and co-presenters, each identified by their username. + +PRESENTERS='["Miroslav Pejic", "miroslav.pejic.85@gmail.com"]' + +# Ngrok +# 1. Goto https://ngrok.com +# 2. Get started for free +# 3. Copy YourNgrokAuthToken: https://dashboard.ngrok.com/get-started/your-authtoken + +NGROK_ENABLED=false # true or false +NGROK_AUTH_TOKEN=YourNgrokAuthToken + +# Stun +# About: https://bloggeek.me/webrtcglossary/stun/ +# Check: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ + +STUN_SERVER_ENABLED=true # true or false +STUN_SERVER_URL=stun:stun.l.google.com:19302 + +# Turn +# About: https://bloggeek.me/webrtcglossary/turn/ +# Recommended: https://github.com/coturn/coturn +# Installation: https://github.com/miroslavpejic85/mirotalk/blob/master/docs/coturn.md +# Free one: https://www.metered.ca/tools/openrelay/ (Please, create your own account) +# Check: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ + +TURN_SERVER_ENABLED=true # true or false +TURN_SERVER_URL=turn:a.relay.metered.ca:443 +TURN_SERVER_USERNAME=e8dd65b92c62d3e36cafb807 +TURN_SERVER_CREDENTIAL=uWdWNmkhvyqTEswO + +# IP lookup +# Using GeoJS to get more info about peer by IP +# Doc: https://www.geojs.io/docs/v1/endpoints/geo/ + +IP_LOOKUP_ENABLED=false # true or false + +# API +# The response will give you a entrypoint / Room URL for your meeting. +# curl -X POST "http://localhost:3000/api/v1/meeting" -H "authorization: mirotalkp2p_default_secret" -H "Content-Type: application/json" + +API_KEY_SECRET=mirotalkp2p_default_secret +API_DISABLED='["token", "meetings"]' + +# Survey URL +# Using to redirect the client after close the call (feedbacks, website...) + +SURVEY_ENABLED=false # true or false +SURVEY_URL=https://www.questionpro.com/t/AUs7VZq00L + +# Redirect URL on leave room +# Upon leaving the room, users who either opt out of providing feedback or if the survey is disabled +# will be redirected to a specified URL. If enabled false the default '/newrcall' URL will be used. + +REDIRECT_ENABLED=false # true or false +REDIRECT_URL='https://p2p.mirotalk.com' + +# Sentry (optional) +# 1. Goto https://sentry.io/ +# 2. Create account +# 3. Goto Settings/Projects/YourProjectName/Client Keys (DSN) + +SENTRY_ENABLED=false # true or false +SENTRY_DSN=YourClientKeyDSN +SENTRY_TRACES_SAMPLE_RATE=1.0 + +# Slack Integration (optional) +# 1. Goto https://api.slack.com/apps/ +# 2. Create your app +# 3. On Settings - Basic Information - App Credentials chose your Signing Secret +# 4. Create a Slash Commands and put as Request URL: https://your.domain.name/slack + +SLACK_ENABLED=false # true or false +SLACK_SIGNING_SECRET=YourSlackSigningSecret + +# ChatGPT/OpenAI +# 1. Goto https://platform.openai.com/ +# 2. Create your account +# 3. Generate your APIKey https://platform.openai.com/account/api-keys + +CHATGPT_ENABLED=false +CHATGPT_BASE_PATH=https://api.openai.com/v1/ +CHATGPT_APIKEY=YourOpenAiApiKey +CHATGPT_MODEL=gpt-3.5-turbo +CHATGPT_MAX_TOKENS=1000 +CHATGPT_TEMPERATURE=0 + +# Configure email settings for notifications or alerts +# Refer to the documentation for Gmail configuration: https://support.google.com/mail/answer/185833?hl=en + +EMAIL_ALERT=false # true or false +EMAIL_HOST=smtp.gmail.com +EMAIL_PORT=587 +EMAIL_USERNAME=your_username +EMAIL_PASSWORD=your_password +EMAIL_SEND_TO=p2p.mirotalk@gmail.com + +# Stats +# Umami: https://github.com/umami-software/umami +# We use our Self-hosted Umami to track aggregated usage statistics in order to improve our service. + +STATS_ENABLED=false # true or false +STATS_SCR=https://stats.mirotalk.com/script.js +STATS_ID=c7615aa7-ceec-464a-baba-54cb605d7261 diff --git a/examples/mirotalk/README.md b/examples/mirotalk/README.md new file mode 100644 index 0000000..91d97bd --- /dev/null +++ b/examples/mirotalk/README.md @@ -0,0 +1,11 @@ +# References + +- https://github.com/miroslavpejic85/mirotalk + +# Notes + +You must use a reverse proxy and enable SSL to proxy to the container port TCP/3000. + +This is necessary as you are not allowed to run WebRTC on plaintext HTTP after Chrome 47+. + +For testing purposes only, running MiroTalk on localhost (127.0.0.1) should work fine though. diff --git a/examples/mirotalk/docker-compose.yml b/examples/mirotalk/docker-compose.yml new file mode 100644 index 0000000..0251f17 --- /dev/null +++ b/examples/mirotalk/docker-compose.yml @@ -0,0 +1,24 @@ +version: '3.7' + +services: + mirotalk: + image: mirotalk/p2p:latest + restart: unless-stopped + container_name: mirotalk + hostname: mirotalk + ports: + # use a reverse proxy with SSL/TLS support + # otherwise webrtc won't work with plaintext http after Chrome 47+ + # see https://stackoverflow.com/questions/52759992/how-to-access-camera-and-microphone-in-chrome-without-https/58449078#58449078 + - 3000:3000 # WEB UI; + volumes: + - .env:/src/.env:ro + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mirotalk/app:/src/app:ro # only necessary if you want to adjust the code itself (js, css, etc.) + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/mirotalk/public:/src/public:ro # only necessary if you want to adjust the code itself (js, css, etc.) + #labels: + #- traefik.enable=true + #- traefik.http.routers.mirotalk.rule=Host(`meet.example.com`) # pls adjust + #- traefik.http.services.mirotalk.loadbalancer.server.port=3000 + #- traefik.docker.network=proxy + ## Part for local lan services only; disable to expose externally + ##- traefik.http.routers.mirotalk.middlewares=local-ipwhitelist@file diff --git a/examples/money-balancer/README.md b/examples/money-balancer/README.md new file mode 100644 index 0000000..79fddfa --- /dev/null +++ b/examples/money-balancer/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/dorianim/money-balancer diff --git a/examples/money-balancer/docker-compose.yml b/examples/money-balancer/docker-compose.yml new file mode 100644 index 0000000..d40a373 --- /dev/null +++ b/examples/money-balancer/docker-compose.yml @@ -0,0 +1,12 @@ +version: "3" +services: + money-balancer: + image: ghcr.io/dorianim/money-balancer + restart: unless-stopped + container_name: money-balancer + ports: + - 8000:8000 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/money-balancer/data:/data + environment: + - JWT_SECRET=ThisIsAVerySecretString # change this diff --git a/examples/monkeytype/README.md b/examples/monkeytype/README.md new file mode 100644 index 0000000..eeae82c --- /dev/null +++ b/examples/monkeytype/README.md @@ -0,0 +1,5 @@ +# References + +- https://github.com/TheMythologist/monketype_docker +- https://hub.docker.com/r/themythologist/monkeytype +- https://github.com/monkeytypegame/monkeytype diff --git a/examples/monkeytype/docker-compose.yml b/examples/monkeytype/docker-compose.yml new file mode 100644 index 0000000..ca1ee87 --- /dev/null +++ b/examples/monkeytype/docker-compose.yml @@ -0,0 +1,23 @@ +version: '3.3' + +services: + monkeytype: + image: themythologist/monkeytype:frontend-latest + container_name: monkeytype + hostname: monkeytype + restart: unless-stopped + ports: + - 5000:5000/tcp + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.monkeytype.rule=Host(`monkeytype.example.com`) + # - traefik.http.services.monkeytype.loadbalancer.server.port=5000 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.monkeytype.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/n8n/.env b/examples/n8n/.env new file mode 100644 index 0000000..d0128c5 --- /dev/null +++ b/examples/n8n/.env @@ -0,0 +1,22 @@ +## database settings +POSTGRES_USER=postgres +POSTGRES_PASSWORD=MySecureRootDbUserPassword +POSTGRES_DB=n8n +POSTGRES_NON_ROOT_USER=n8n +POSTGRES_NON_ROOT_PASSWORD=MySecureDatabaseUserPassword + +## application settings +N8N_NODE_ENV=production +N8N_TZ=Europe/Berlin + +## tls proxy settings +N8N_HOST=n8n.example.com +N8N_PROTOCOL=http +N8N_WEBHOOK_URL=https://n8n.example.com/ + +## npm extra options +# this will install additional npm packages during container start +EXTRA_NODE_MODULES=lodash + +# this will whitelist additional npm packages +NODE_FUNCTION_ALLOW_EXTERNAL=lodash \ No newline at end of file diff --git a/examples/n8n/README.md b/examples/n8n/README.md new file mode 100644 index 0000000..008c925 --- /dev/null +++ b/examples/n8n/README.md @@ -0,0 +1,31 @@ +# References + +- https://github.com/n8n-io/n8n +- https://github.com/n8n-io/n8n-hosting/tree/main/docker-compose/withPostgres + +# Notes + +You have to pre-supply a database init script to properly setup the postgresql database beforehand. + +Please follow these steps to do so: + +```` +# create new directory for database +mkdir -p /mnt/docker-volumes/n8n/storage + +# move the init file from this repo to the new location +mv init-database.sh /mnt/docker-volumes/n8n/. + +# fix permissions +sudo chown -R 0:1000 /mnt/docker-volumes/n8n/ +sudo chmod -R 775 /mnt/docker-volumes/n8n/ + +# adjust environment variables +nano .env +```` + +Afterwards, you can proceed spawning up the docker compose stack: + +```` +docker compose up -d +```` diff --git a/examples/n8n/docker-compose.yml b/examples/n8n/docker-compose.yml new file mode 100644 index 0000000..3137808 --- /dev/null +++ b/examples/n8n/docker-compose.yml @@ -0,0 +1,75 @@ +version: '3.8' + +services: + + n8n-db: + image: postgres:16-alpine + container_name: n8n-db + restart: unless-stopped + environment: + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + - POSTGRES_NON_ROOT_USER + - POSTGRES_NON_ROOT_PASSWORD + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/database:/var/lib/postgresql/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/init-database.sh:/docker-entrypoint-initdb.d/init-data.sh:ro + healthcheck: + test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}'] + interval: 5s + timeout: 5s + retries: 10 + #networks: + # - n8n-internal + + n8n: + image: n8nio/n8n + container_name: n8n + hostname: n8n + restart: unless-stopped + environment: + # database settings + - DB_TYPE=postgresdb + - DB_POSTGRESDB_HOST=n8n-db + - DB_POSTGRESDB_DATABASE=${POSTGRES_DB} + - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER} + - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD} + # application settings + - NODE_ENV=${N8N_NODE_ENV} + - GENERIC_TIMEZONE=${N8N_TZ} + # tls proxy settings + - N8N_HOST=${N8N_HOST} + - N8N_PROTOCOL=${N8N_PROTOCOL} + - WEBHOOK_URL=${N8N_WEBHOOK_URL} + # npm extra options + - EXTRA_NODE_MODULES=${N8N_EXTRA_NODE_MODULES} + - NODE_FUNCTION_ALLOW_EXTERNAL=${N8N_NODE_FUNCTION_ALLOW_EXTERNAL} + ports: + - 5678:5678 + expose: + - 5678 + links: + - n8n-db + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/storage:/home/node/.n8n + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/n8n/files:/files + depends_on: + n8n-db: + condition: service_healthy + #networks: + # - proxy + # - n8n-internal + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.n8n.rule=Host(`n8n.example.com`) + # - traefik.http.services.n8n.loadbalancer.server.port=5678 + # # Part for optional traefik middlewares + # - traefik.http.routers.n8n.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true +# n8n-internal: +# internal: true diff --git a/examples/n8n/init-database.sh b/examples/n8n/init-database.sh new file mode 100644 index 0000000..f98a972 --- /dev/null +++ b/examples/n8n/init-database.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -e; + + +if [ -n "${POSTGRES_NON_ROOT_USER:-}" ] && [ -n "${POSTGRES_NON_ROOT_PASSWORD:-}" ]; then + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}'; + GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER}; + GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER}; + EOSQL +else + echo "SETUP INFO: No Environment variables given!" +fi diff --git a/examples/nessus/README.md b/examples/nessus/README.md new file mode 100644 index 0000000..a77880c --- /dev/null +++ b/examples/nessus/README.md @@ -0,0 +1,3 @@ +# References + +- https://docs.tenable.com/nessus/Content/DeployNessusDocker.htm \ No newline at end of file diff --git a/examples/nessus/docker-compose.yml b/examples/nessus/docker-compose.yml new file mode 100644 index 0000000..f180b24 --- /dev/null +++ b/examples/nessus/docker-compose.yml @@ -0,0 +1,13 @@ +version: "3.7" +services: + nessus: + hostname: nessus + container_name: nessus + image: tenableofficial/nessus:latest + ports: + - 8834:8834/tcp # WEB UI + environment: + - ACTIVATION_CODE=XXX-XXXXX-XXXXX-XXXX # change this + - USERNAME=nessus + - PASSWORD=MyVeryStrongNessusLoginPassword + restart: always diff --git a/examples/network-multitool/README.md b/examples/network-multitool/README.md new file mode 100644 index 0000000..d3a2850 --- /dev/null +++ b/examples/network-multitool/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/wbitt/Network-MultiTool diff --git a/examples/network-multitool/docker-compose.yml b/examples/network-multitool/docker-compose.yml new file mode 100644 index 0000000..d2ca64f --- /dev/null +++ b/examples/network-multitool/docker-compose.yml @@ -0,0 +1,10 @@ +version: "3" + +services: + network-multitool: + image: wbitt/network-multitool:alpine-extra + container_name: network-multitool + environment: + - HTTP_PORT=9988 # useful to daemonize the container; see https://hub.docker.com/r/praqma/network-multitool + - HTTPS_PORT=9989 # useful to daemonize the container; see https://hub.docker.com/r/praqma/network-multitool + restart: unless-stopped diff --git a/examples/nextcloud/.env b/examples/nextcloud/.env new file mode 100644 index 0000000..6f8ee42 --- /dev/null +++ b/examples/nextcloud/.env @@ -0,0 +1,24 @@ +# settings for the mariadb container +MYSQL_HOST=nextcloud-db +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud +MYSQL_PASSWORD=nextcloud +MYSQL_ROOT_PASSWORD=nextcloud-root-pw +MYSQL_PUID=1000 +MYSQL_PGID=1000 +MSQL_TZ=Europe/Berlin + +# settings for the nextcloud container +NC_ADMIN_USER=admin +NC_ADMIN_USER_PASSWORD=adminpass + +# settings for reverse proxy usage +#NC_TRUSTED_DOMAINS=cloud.example.com +#NC_TRUSTEDPROXIES=172.16.0.0/24 +#NC_OVERWRITEPROTOCOL=https +#NC_OVERWRITECLIURL=https://cloud.example.com +#NC_OVERWRITEHOST=cloud.example.com + +# settings for the redis container +REDIS_HOST=nextcloud-redis +REDIS_PASSWORD=nextcloud diff --git a/examples/nextcloud/README.md b/examples/nextcloud/README.md new file mode 100644 index 0000000..f1459e2 --- /dev/null +++ b/examples/nextcloud/README.md @@ -0,0 +1,51 @@ +# References + +- https://github.com/nextcloud/docker +- https://hub.docker.com/r/linuxserver/nextcloud + +# Notes + +If you plan on using a reverse proxy, you will have to adjust Nextcloud's `config.php` configuration file. + +The configuration file is located at: + +```` +# linuxserver image +//config/www/nextcloud/config/config.php + +# official nextcloud image +//nextcloud/app/config/config.php +```` + +Within this configuration file, you should adjust the following: + +- `trusted_domains` with your domain and subdomain names +- `trusted_proxies` with the IP address of your reverse proxy (defined as array) +- `overwriteprotocol` set to `https` to force encrypted https protocol communication +- `maintenance_window_start` to remove warnings in nextcloud's security scan +- `default_phone_region` to remove warnings in nextcloud's security scan + +Adjust the PHP file like follows: + +```` + + array ( + 0 => 'nextcloud.example.com', + 1 => 'nextcloud.anotherdomain.com', + ), + 'trusted_proxies' => + array ( + 0 => ['10.0.0.0/8'], + 1 => ['172.16.0.0/12'], + 2 => ['192.168.0.0/16'], + ), + 'overwriteprotocol' => 'https', + 'maintenance_window_start' => 1, + 'default_phone_region' => 'DE', + ... +); +```` +After adjusting, restart the Nextcloud container. diff --git a/examples/nextcloud/docker-compose-mariadb-redis.yml b/examples/nextcloud/docker-compose-mariadb-redis.yml new file mode 100644 index 0000000..58ce30b --- /dev/null +++ b/examples/nextcloud/docker-compose-mariadb-redis.yml @@ -0,0 +1,82 @@ +services: + + nextcloud-db: + image: mariadb:lts + container_name: nextcloud-db + hostname: nextcloud-db + command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nextcloud/database:/var/lib/mysql + environment: + - MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud} + - MYSQL_USER=${MYSQL_USER:-nextcloud} + - MYSQL_PASSWORD=${MYSQL_PASSWORD:-nextcloud} + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-nextcloud-root-pw} + - MYSQL_INITDB_SKIP_TZINFO=1 + - MARIADB_AUTO_UPGRADE=1 + - PUID=${MYSQL_PUID:-1000} + - PGID=${MYSQL_PGID:-1000} + - TZ=${MSQL_TZ:-Europe/Berlin} + #networks: + # - proxy + + nextcloud-redis: + image: redis:alpine + container_name: nextcloud-redis + hostname: nextcloud-redis + restart: unless-stopped + command: + - /bin/sh + - -c + - redis-server --requirepass "$${REDIS_PASSWORD:-nextcloud}" + #networks: + # - proxy + + nextcloud-app: + image: nextcloud:29-apache + container_name: nextcloud-app + hostname: nextcloud-app + restart: unless-stopped + expose: + - 80/tcp + ports: + - 8080:80 + depends_on: + - nextcloud-db + - nextcloud-redis + environment: + - NEXTCLOUD_ADMIN_USER=${NC_ADMIN_USER:-admin} + - NEXTCLOUD_ADMIN_PASSWORD=${NC_ADMIN_USER_PASSWORD:-adminpass} + - NEXTCLOUD_TRUSTED_DOMAINS=${NC_TRUSTED_DOMAINS:-cloud.example.com} + - TRUSTED_PROXIES=${NC_TRUSTEDPROXIES:-172.16.0.0/24} + #- OVERWRITEPROTOCOL=${NC_OVERWRITEPROTOCOL:-http} + #- OVERWRITECLIURL=${NC_OVERWRITECLIURL:-http://127.0.0.1:8080} + #- OVERWRITEHOST=${NC_OVERWRITEHOST:-127.0.0.1:8080} + - MYSQL_HOST=${MYSQL_HOST:-nextcloud-db} + - MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud} + - MYSQL_USER=${MYSQL_USER:-nextcloud} + - MYSQL_PASSWORD=${MYSQL_PASSWORD:-nextcloud} + - REDIS_HOST=${REDIS_HOST:-nextcloud-redis} + - REDIS_HOST_PASSWORD=${REDIS_PASSWORD:-nextcloud} + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nextcloud/data:/var/www/html/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nextcloud/app:/var/www/html + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.nextcloud.rule=(Host(`cloud.example.com`)) # pls change + # - traefik.http.services.nextcloud.loadbalancer.server.port=80 + # - traefik.http.routers.nextcloud.middlewares=local-ipwhitelist@file,authelia@docker + # - traefik.docker.network=proxy + # - traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav + # - traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/ + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # only necessary for enabled file uploads + +#networks: +# proxy: +# external: true diff --git a/examples/nextcloud/docker-compose-sqlite.yml b/examples/nextcloud/docker-compose-sqlite.yml new file mode 100644 index 0000000..0f3784d --- /dev/null +++ b/examples/nextcloud/docker-compose-sqlite.yml @@ -0,0 +1,36 @@ +services: + nextcloud: + image: linuxserver/nextcloud:latest + container_name: nextcloud + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nextcloud/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nextcloud/data:/data + expose: + - 443 + ports: + - 9443:443 + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.nextcloud.rule=(Host(`cloud.example.com`)) + # - traefik.http.services.nextcloud.loadbalancer.server.port=443 + # - traefik.http.services.nextcloud.loadbalancer.server.scheme=https + # - traefik.http.services.nextcloud.loadbalancer.serverstransport=insecureTransport@file + # - traefik.http.routers.nextcloud.middlewares=local-ipwhitelist@file,authelia@docker + # - traefik.docker.network=proxy + # - traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav + # - traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/ + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # only necessary for enabled file uploads + +#networks: +# proxy: +# external: true diff --git a/examples/nginx-php/README.md b/examples/nginx-php/README.md new file mode 100644 index 0000000..6572ec3 --- /dev/null +++ b/examples/nginx-php/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/_/nginx diff --git a/examples/nginx-php/custom-php.ini b/examples/nginx-php/custom-php.ini new file mode 100644 index 0000000..b1c428f --- /dev/null +++ b/examples/nginx-php/custom-php.ini @@ -0,0 +1,38 @@ +[PHP] + +engine = On +short_open_tag = Off +precision = 14 +output_buffering = 4096 +zlib.output_compression = Off +implicit_flush = Off +unserialize_callback_func = +serialize_precision = -1 + +; disable potentially harmful functions +disable_functions = proc_open, popen, disk_free_space, diskfreespace, set_time_limit, leak, tmpfile, exec, system, shell_exec, passthru, show_source, system, phpinfo, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority +allow_url_fopen = On +allow_url_include = Off + +; prevent version disclosure +expose_php = Off +display_errors = Off +html_errors = Off +display_startup_errors = Off +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; disable file uploads +file_uploads = On +upload_max_filesize = 2M +max_file_uploads = 20 +default_socket_timeout = 60 + +; SQL Injection Prevention +magic_quotes_gpc = Off +magic_quotes_runtime = Off +magic_quotes_sybase = Off diff --git a/examples/nginx-php/docker-compose.yml b/examples/nginx-php/docker-compose.yml new file mode 100644 index 0000000..97826e4 --- /dev/null +++ b/examples/nginx-php/docker-compose.yml @@ -0,0 +1,41 @@ +version: "3" + +services: + web: + image: nginx:stable-alpine + hostname: nginx + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/www-data:/var/www # place your files for web here + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/nginx-conf:/etc/nginx/conf.d # place provided nginx.conf here + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/logs:/var/log/nginx + container_name: nginx + restart: unless-stopped + ports: + - 8080:80 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.nginx.rule=Host(`nginx.example.com`) + # - traefik.http.services.nginx.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only + # #- traefik.http.routers.nginx.middlewares=error-pages-middleware@docker + + php: + image: php:8-fpm-alpine + hostname: php + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx/www-data:/var/www # must be same path to www-data as above + #- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/php/custom-php.ini:/usr/local/etc/php/conf.d/php.ini:ro + container_name: php + restart: unless-stopped + working_dir: /var/www + expose: + - 9000 + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/nginx-php/nginx.conf b/examples/nginx-php/nginx.conf new file mode 100644 index 0000000..72b8052 --- /dev/null +++ b/examples/nginx-php/nginx.conf @@ -0,0 +1,30 @@ +server { + listen 80; + server_name nginx.example.com; + root /var/www/; + index index.html index.php; + + #error_page 404 /error/404.html; + + client_max_body_size 10M; # change this + #set_real_ip_from 172.16.0.0/12; + #set_real_ip_from 192.168.0.0/16; + real_ip_header X-Forwarded-For; + proxy_hide_header X-Powered-By; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + location ~ \.php$ { + fastcgi_pass php:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PHP_VALUE "error_log=/etc/nginx/conf.d/php_error.log"; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + include fastcgi_params; + } + + server_tokens off; + etag off; +} diff --git a/examples/nginx-proxy-manager-goaccess/README.md b/examples/nginx-proxy-manager-goaccess/README.md new file mode 100644 index 0000000..f942428 --- /dev/null +++ b/examples/nginx-proxy-manager-goaccess/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/xavier-hernandez/goaccess-for-nginxproxymanager diff --git a/examples/nginx-proxy-manager-goaccess/docker-compose.yml b/examples/nginx-proxy-manager-goaccess/docker-compose.yml new file mode 100644 index 0000000..ffc1272 --- /dev/null +++ b/examples/nginx-proxy-manager-goaccess/docker-compose.yml @@ -0,0 +1,17 @@ +version: "3" + +services: + goaccess: + image: xavierh/goaccess-for-nginxproxymanager:latest + container_name: goaccess + restart: always + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx-proxy-manager/data/logs:/opt/log:ro + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - SKIP_ARCHIVED_LOGS=False #optional + - BASIC_AUTH=False #optional + - BASIC_AUTH_USERNAME=user #optional + - BASIC_AUTH_PASSWORD=pass #optional \ No newline at end of file diff --git a/examples/nginx-proxy-manager/README.md b/examples/nginx-proxy-manager/README.md new file mode 100644 index 0000000..5c9047e --- /dev/null +++ b/examples/nginx-proxy-manager/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/NginxProxyManager/nginx-proxy-manager diff --git a/examples/nginx-proxy-manager/docker-compose.yml b/examples/nginx-proxy-manager/docker-compose.yml new file mode 100644 index 0000000..628e944 --- /dev/null +++ b/examples/nginx-proxy-manager/docker-compose.yml @@ -0,0 +1,29 @@ +version: "3" + +services: + npm: + container_name: npm + environment: + - TZ=Europe/Berlin + - PUID=1000 # see https://nginxproxymanager.com/advanced-config/ + - PGID=1000 # see https://nginxproxymanager.com/advanced-config/ + hostname: npm + #networks: + # - npm_proxy + image: jc21/nginx-proxy-manager:latest + ports: + - 80:80/tcp # HTTP + - 443:443/tcp # HTTPS + - 81:81/tcp # MGMT UI, do not expose publicly + restart: unless-stopped + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 30s + timeout: 3s + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx-proxy-manager/data:/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nginx-proxy-manager/letsencrypt:/etc/letsencrypt + +#networks: +# npm_proxy: +# external: true diff --git a/examples/nitter/README.md b/examples/nitter/README.md new file mode 100644 index 0000000..0e5d3a5 --- /dev/null +++ b/examples/nitter/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/zedeus/nitter/blob/master/docker-compose.yml +- https://github.com/zedeus/nitter/blob/master/nitter.example.conf \ No newline at end of file diff --git a/examples/nitter/docker-compose.yml b/examples/nitter/docker-compose.yml new file mode 100644 index 0000000..c457645 --- /dev/null +++ b/examples/nitter/docker-compose.yml @@ -0,0 +1,30 @@ +services: + + nitter: + image: zedeus/nitter:latest + container_name: nitter + ports: + - "8080:8080" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nitter/nitter.conf:/src/nitter.conf:ro + depends_on: + - nitter-redis + restart: unless-stopped + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:8080/Jack/status/20 || exit 1 + interval: 30s + timeout: 5s + retries: 2 + + nitter-redis: + image: redis:6-alpine + container_name: nitter-redis + command: redis-server --save 60 1 --loglevel warning + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/nitter/data:/data + restart: unless-stopped + healthcheck: + test: redis-cli ping + interval: 30s + timeout: 5s + retries: 2 \ No newline at end of file diff --git a/examples/nitter/nitter.conf b/examples/nitter/nitter.conf new file mode 100644 index 0000000..a58038a --- /dev/null +++ b/examples/nitter/nitter.conf @@ -0,0 +1,44 @@ +[Server] +address = "0.0.0.0" +port = 8080 +https = false # disable to enable cookies when not using https +httpMaxConnections = 100 +staticDir = "./public" +title = "nitter" +hostname = "nitter.net" + +[Cache] +listMinutes = 240 # how long to cache list info (not the tweets, so keep it high) +rssMinutes = 10 # how long to cache rss queries +redisHost = "nitter-redis" +redisPort = 6379 +redisPassword = "" +redisConnections = 20 # connection pool size +redisMaxConnections = 30 +# max, new connections are opened when none are available, but if the pool size +# goes above this, they're closed when released. don't worry about this unless +# you receive tons of requests per second + +[Config] +hmacKey = "secretkey" # random key for cryptographic signing of video urls +base64Media = false # use base64 encoding for proxied media urls +enableRSS = true # set this to false to disable RSS feeds +enableDebug = false # enable request logs and debug endpoints +proxy = "" # http/https url, SOCKS proxies are not supported +proxyAuth = "" +tokenCount = 10 +# minimum amount of usable tokens. tokens are used to authorize API requests, +# but they expire after ~1 hour, and have a limit of 187 requests. +# the limit gets reset every 15 minutes, and the pool is filled up so there's +# always at least $tokenCount usable tokens. again, only increase this if +# you receive major bursts all the time + +# Change default preferences here, see src/prefs_impl.nim for a complete list +[Preferences] +theme = "Nitter" +replaceTwitter = "nitter.net" +replaceYouTube = "piped.video" +replaceReddit = "teddit.net" +proxyVideos = true +hlsPlayback = false +infiniteScroll = false diff --git a/examples/obsidian-remote/README.md b/examples/obsidian-remote/README.md new file mode 100644 index 0000000..1af0418 --- /dev/null +++ b/examples/obsidian-remote/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/sytone/obsidian-remote diff --git a/examples/obsidian-remote/docker-compose.yml b/examples/obsidian-remote/docker-compose.yml new file mode 100644 index 0000000..875e407 --- /dev/null +++ b/examples/obsidian-remote/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3.8' +services: + obsidian: + image: 'ghcr.io/sytone/obsidian-remote:latest' + container_name: obsidian-remote + restart: unless-stopped + ports: + - 8080:8080 # Obsidian Web Interface + #- 27123:27123 # Local REST API Plugin HTTP Server Port + #- 27124:27124 # Local REST API Plugin HTTPS Server Port + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/obsidian-remote/vaults:/vaults # The location on the host for your Obsidian Vaults + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/obsidian-remote/config:/config # The location to store Obsidan configuration and ssh data for obsidian-git + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - DOCKER_MODS=linuxserver/mods:universal-git # Use to add mods to the container like git. + - KEYBOARD=de-de-qwertz # Used to se the keyboard being used for input. E.g. KEYBOARD=en-us-qwerty or KEYBOARD=de-de-qwertz diff --git a/examples/ollama-ui/README.md b/examples/ollama-ui/README.md new file mode 100644 index 0000000..3e79c5a --- /dev/null +++ b/examples/ollama-ui/README.md @@ -0,0 +1,23 @@ +# References + +- https://github.com/ollama/ollama +- https://hub.docker.com/r/ollama/ollama +- https://github.com/open-webui/open-webui + +# Notes + +You can spawn Ollama first and then download the [respective LLM models](https://ollama.com/library) via docker exec. Alternatively, spawn the whole stack directly and download LLM models within Open WebUI using a browser. + +```` +# spawn ollama and ui +docker compose up -d + +# (optional) download an llm model via docker exec +docker exec ollama ollama run llama3:8b +```` + +Afterwards, we can browse Open WebUI on `http://127.0.0.1:8080` and register our first user account. You may want to disable open user registration later on by uncommenting the env `ENABLE_SIGNUP` variable and restarting the Open WebUI container. + +> [!TIP] +> +> You likely want to pass a GPU into the Ollama container. Please read [this](https://hub.docker.com/r/ollama/ollama). diff --git a/examples/ollama-ui/docker-compose.yml b/examples/ollama-ui/docker-compose.yml new file mode 100644 index 0000000..694b7b1 --- /dev/null +++ b/examples/ollama-ui/docker-compose.yml @@ -0,0 +1,39 @@ +services: + + ui: + image: ghcr.io/open-webui/open-webui:main + container_name: ollama-ui + restart: always + ports: + - 8080 + expose: + - 8080 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ollama/open-webui:/app/backend/data + environment: + #- "ENABLE_SIGNUP=false" + - "OLLAMA_BASE_URL=http://ollama:11434" + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.ollama-ui.rule=Host(`ai.example.com`) + # - traefik.http.services.ollama-ui.loadbalancer.server.port=8080 + # # Optional part for traefik middlewares + # - traefik.http.routers.ollama-ui.middlewares=local-ipwhitelist@file,authelia@docker + + ollama: + image: ollama/ollama:latest + container_name: ollama + restart: always + expose: + - 11434 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ollama/data:/root/.ollama + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/ombi/README.md b/examples/ombi/README.md new file mode 100644 index 0000000..4ad4e77 --- /dev/null +++ b/examples/ombi/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/linuxserver/ombi \ No newline at end of file diff --git a/examples/ombi/docker-compose.yml b/examples/ombi/docker-compose.yml new file mode 100644 index 0000000..b894492 --- /dev/null +++ b/examples/ombi/docker-compose.yml @@ -0,0 +1,15 @@ +version: "2.1" +services: + ombi: + image: lscr.io/linuxserver/ombi:latest + container_name: ombi + environment: + - PUID=1000 + - PGID=1000 + - TZ=UTC/Chicago + # - BASE_URL=/ombi #optional + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ombi/config:/config + ports: + - 3579:3579 + restart: unless-stopped \ No newline at end of file diff --git a/examples/onedev/README.md b/examples/onedev/README.md new file mode 100644 index 0000000..01042e4 --- /dev/null +++ b/examples/onedev/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/theonedev/onedev diff --git a/examples/onedev/docker-compose.yml b/examples/onedev/docker-compose.yml new file mode 100644 index 0000000..66da7a5 --- /dev/null +++ b/examples/onedev/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3.3' + +services: + onedev: + image: 1dev/server:latest + container_name: onedev + hostname: onedev + restart: unless-stopped + ports: + - 6610:6610/tcp + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/onedev:/opt/onedev + environment: + - initial_user=1dev # only used for init, may change + - initial_password=onedev # only used for init, may change + - initial_email=onedev@example.com # only used for init, may change + - initial_server_url=http://localhost:6610 # adjust + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.onedev.rule=Host(`onedev.example.com`) + # - traefik.http.services.onedev.loadbalancer.server.port=6610 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.onedev.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true diff --git a/examples/openspeedtest/README.md b/examples/openspeedtest/README.md new file mode 100644 index 0000000..e5ef1a6 --- /dev/null +++ b/examples/openspeedtest/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/openspeedtest/Speed-Test diff --git a/examples/openspeedtest/docker-compose.yml b/examples/openspeedtest/docker-compose.yml new file mode 100644 index 0000000..00e69e5 --- /dev/null +++ b/examples/openspeedtest/docker-compose.yml @@ -0,0 +1,18 @@ +version: "3" +services: + openspeedtest: + image: openspeedtest/latest:latest + container_name: openspeedtest + ports: + - 3380:3000 # HTTP + - 3001:3001 # HTTPS + restart: always + #labels: + # - traefik.enable=true + # - traefik.http.routers.openspeedtest.middlewares=local-ipwhitelist@file, limit + # - traefik.http.routers.openspeedtest.rule=Host(`speedtest.example.com`) + # - traefik.http.services.openspeedtest.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000 + # - traefik.http.middlewares.test-compress.compress=true diff --git a/examples/openvpn/README.md b/examples/openvpn/README.md new file mode 100644 index 0000000..fb19b76 --- /dev/null +++ b/examples/openvpn/README.md @@ -0,0 +1,16 @@ +# References + +- https://openvpn.net/as-docs/docker.html + +# Notes + +Default username is `openvpn`. + +The password is auto-generated and displayed in container logs. Inspect the logs until you find the line `Auto-generated pass = ""`. + +For example: +```` +docker compose logs -f | grep pass +```` + +Admin web UI is accessible at `https://:943/admin`. diff --git a/examples/openvpn/docker-compose.yml b/examples/openvpn/docker-compose.yml new file mode 100644 index 0000000..e45400f --- /dev/null +++ b/examples/openvpn/docker-compose.yml @@ -0,0 +1,36 @@ +version: '3.3' + +services: + openvpn-as: + image: openvpn/openvpn-as + container_name: openvpn-as + hostname: openvpn-as + restart: always + cap_add: + - NET_ADMIN + ports: + - 443:443/tcp # openvpn over tcp + - 1194:1194/udp # openvpn over udp + - 943:943/tcp # openvpn admin ui + expose: + - 443 # openvpn over tcp + - 1194 # openvpn over udp + - 943 # openvpn as admin ui + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/openvpn:/openvpn + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.openvpn.rule=Host(`openvpn.example.com`) + # - traefik.http.services.openvpn.loadbalancer.server.port=943 + # # Optional part when proxying to services that already provide ssl/tls + # - traefik.http.services.openvpn.loadbalancer.server.scheme=https + # - traefik.http.services.openvpn.loadbalancer.serverstransport=insecureTransport@file + # # Optional part for traefik middlewares + # - traefik.http.routers.openvpn.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/overleaf/README.md b/examples/overleaf/README.md new file mode 100644 index 0000000..ccfb5b1 --- /dev/null +++ b/examples/overleaf/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/overleaf/overleaf diff --git a/examples/overleaf/docker-compose.yml b/examples/overleaf/docker-compose.yml new file mode 100644 index 0000000..a6ea3f7 --- /dev/null +++ b/examples/overleaf/docker-compose.yml @@ -0,0 +1,125 @@ +version: '2.2' +services: + sharelatex: + restart: always + image: sharelatex/sharelatex + container_name: sharelatex + depends_on: + mongo: + condition: service_healthy + redis: + condition: service_started + ports: + - 8888:80 + links: + - mongo + - redis + stop_grace_period: 60s + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sharelatex/data:/var/lib/overleaf + ######################################################################## + #### Server Pro: Uncomment the following line to mount the docker #### + #### socket, required for Sibling Containers to work #### + ######################################################################## + # - /var/run/docker.sock:/var/run/docker.sock + environment: + + OVERLEAF_APP_NAME: Overleaf Community Edition + OVERLEAF_MONGO_URL: mongodb://mongo/sharelatex + + # Same property, unfortunately with different names in + # different locations + OVERLEAF_REDIS_HOST: redis + REDIS_HOST: redis + + ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file' + + # Enables Thumbnail generation using ImageMagick + ENABLE_CONVERSIONS: 'true' + + # Disables email confirmation requirement + EMAIL_CONFIRMATION_DISABLED: 'true' + + # temporary fix for LuaLaTex compiles + # see https://github.com/overleaf/overleaf/issues/695 + TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var + + ## Set for SSL via nginx-proxy + #VIRTUAL_HOST: 103.112.212.22 + + # OVERLEAF_SITE_URL: http://overleaf.example.com + # OVERLEAF_NAV_TITLE: Overleaf Community Edition + # OVERLEAF_HEADER_IMAGE_URL: http://example.com/mylogo.png + # OVERLEAF_ADMIN_EMAIL: support@it.com + + # OVERLEAF_LEFT_FOOTER: '[{"text": "Another page I want to link to can be found here"} ]' + # OVERLEAF_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]' + + # OVERLEAF_EMAIL_FROM_ADDRESS: "hello@example.com" + + # OVERLEAF_EMAIL_AWS_SES_ACCESS_KEY_ID: + # OVERLEAF_EMAIL_AWS_SES_SECRET_KEY: + + # OVERLEAF_EMAIL_SMTP_HOST: smtp.example.com + # OVERLEAF_EMAIL_SMTP_PORT: 587 + # OVERLEAF_EMAIL_SMTP_SECURE: false + # OVERLEAF_EMAIL_SMTP_USER: + # OVERLEAF_EMAIL_SMTP_PASS: + # OVERLEAF_EMAIL_SMTP_TLS_REJECT_UNAUTH: true + # OVERLEAF_EMAIL_SMTP_IGNORE_TLS: false + # OVERLEAF_EMAIL_SMTP_NAME: '127.0.0.1' + # OVERLEAF_EMAIL_SMTP_LOGGER: true + # OVERLEAF_CUSTOM_EMAIL_FOOTER: "This system is run by department x" + + # ENABLE_CRON_RESOURCE_DELETION: true + + ################ + ## Server Pro ## + ################ + + # SANDBOXED_COMPILES: 'true' + + # SANDBOXED_COMPILES_SIBLING_CONTAINERS: 'true' + # SANDBOXED_COMPILES_HOST_DIR: '/var/sharelatex_data/data/compiles' + + # DOCKER_RUNNER: 'false' + + ## Works with test LDAP server shown at bottom of docker compose + # OVERLEAF_LDAP_URL: 'ldap://ldap:389' + # OVERLEAF_LDAP_SEARCH_BASE: 'ou=people,dc=planetexpress,dc=com' + # OVERLEAF_LDAP_SEARCH_FILTER: '(uid={{username}})' + # OVERLEAF_LDAP_BIND_DN: 'cn=admin,dc=planetexpress,dc=com' + # OVERLEAF_LDAP_BIND_CREDENTIALS: 'GoodNewsEveryone' + # OVERLEAF_LDAP_EMAIL_ATT: 'mail' + # OVERLEAF_LDAP_NAME_ATT: 'cn' + # OVERLEAF_LDAP_LAST_NAME_ATT: 'sn' + # OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: 'true' + + # OVERLEAF_TEMPLATES_USER_ID: "578773160210479700917ee5" + # OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS: '[ {"name":"All Templates","url":"/templates/all"}]' + + + # OVERLEAF_PROXY_LEARN: "true" + + mongo: + restart: always + image: mongo:5.0 + container_name: sharelatex-mongo + expose: + - 27017 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sharelatex/mongo:/data/db + healthcheck: + test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet + interval: 10s + timeout: 10s + retries: 5 + + redis: + restart: always + image: redis:6.2-alpine + container_name: sharelatex-redis + expose: + - 6379 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sharelatex/redis:/data diff --git a/examples/owncloud-ocis/README.md b/examples/owncloud-ocis/README.md new file mode 100644 index 0000000..4c9b5e5 --- /dev/null +++ b/examples/owncloud-ocis/README.md @@ -0,0 +1,12 @@ +# References + +- https://github.com/owncloud/ocis/tree/master/deployments/examples +- https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_traefik + +# Notes + +After spawning up the docker container, a new admin password will be generated automatically. You can obtain the admin password either via the container logs or by inspecting the created `ocis.yaml` file within your volume mounts. + +It is recommended to use Owncloud OCIS behind a reverse proxy (e.g. Traefik). If you already run a Traefik reverse proxy, just uncomment and adjust the labels. + +Note: The docker volume mounts must be writable by the container. OCIS does not support UID/GUID mappings yet. So 0777 linux permissions likely required. diff --git a/examples/owncloud-ocis/docker-compose.yml b/examples/owncloud-ocis/docker-compose.yml new file mode 100644 index 0000000..241d714 --- /dev/null +++ b/examples/owncloud-ocis/docker-compose.yml @@ -0,0 +1,46 @@ +--- +version: "3.7" + +services: + + ocis: + image: owncloud/ocis:latest + container_name: owncloud-ocis + hostname: owncloud-ocis + restart: unless-stopped + entrypoint: + - /bin/sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] + environment: + - OCIS_URL=https://localhost:9200 # adjust to your FQDN domain; https required + - PROXY_TLS=true # disable if you use a reverse proxy with SSL support in front + - OCIS_INSECURE=true # required if you use a reverse proxy with SSL support in front + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/owncloud-ocis/config:/etc/ocis + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/owncloud-ocis/data:/var/lib/ocis + ports: + - 9200:9200 + expose: + - 9200 + #labels: + # - traefik.enable=true + # - traefik.http.routers.ocis.rule=Host(`cloud.example.com`) # adjust to your domain + # - traefik.http.services.ocis.loadbalancer.server.port=9200 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # - traefik.http.routers.ocis.middlewares=local-ipwhitelist@file,authelia@docker + # - traefik.docker.network=dev + # # disallow listing version details via /status.php endpoint + # - traefik.http.routers.ocis-version-disclosure.rule=Host(`cloud.example.com`) && Path(`/status.php`) + # - traefik.http.routers.ocis-version-disclosure.middlewares=local-ipwhitelist@file + #networks: + # - dev + +#networks: +# dev: +# external: true diff --git a/examples/pairdrop/README.md b/examples/pairdrop/README.md new file mode 100644 index 0000000..1f17018 --- /dev/null +++ b/examples/pairdrop/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/linuxserver/pairdrop diff --git a/examples/pairdrop/docker-compose.yml b/examples/pairdrop/docker-compose.yml new file mode 100644 index 0000000..a967311 --- /dev/null +++ b/examples/pairdrop/docker-compose.yml @@ -0,0 +1,33 @@ +version: "2.1" + +services: + pairdrop: + image: linuxserver/pairdrop:latest + container_name: pairdrop + hostname: pairdrop + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - RATE_LIMIT=false #optional + - WS_FALLBACK=false #optional + ports: + - 3215:3000 + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.pairdrop.rule=Host(`airdrop.example.com`) + # - traefik.http.services.pairdrop.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.pairdrop.middlewares=local-ipwhitelist@file,basic-auth@file + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # only necessary for enabled file uploads + +#networks: +# proxy: +# external: true diff --git a/examples/paperless-ngx/README.md b/examples/paperless-ngx/README.md new file mode 100644 index 0000000..360790f --- /dev/null +++ b/examples/paperless-ngx/README.md @@ -0,0 +1,5 @@ +# References + +- https://github.com/paperless-ngx/paperless-ngx +- https://docs.paperless-ngx.com/configuration/ +- https://hub.docker.com/r/linuxserver/paperless-ngx (deprecated) diff --git a/examples/paperless-ngx/docker-compose-deprecated.yml b/examples/paperless-ngx/docker-compose-deprecated.yml new file mode 100644 index 0000000..4e58a79 --- /dev/null +++ b/examples/paperless-ngx/docker-compose-deprecated.yml @@ -0,0 +1,24 @@ +version: "2.1" +services: + paperless-ngx: + image: lscr.io/linuxserver/paperless-ngx:latest + container_name: paperless-ngx + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + #- PAPERLESS_URL=https://docs.example.com # uncomment and adjust if behind reverse proxy + #- REDIS_URL= #optional + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/data:/data + ports: + - 8000:8000 + restart: unless-stopped + #labels: + # - traefik.enable=true + # - traefik.http.routers.paperless-ngx.rule=Host(`docs.example.com`) + # - traefik.http.services.paperless-ngx.loadbalancer.server.port=8000 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.paperless-ngx.middlewares=local-ipwhitelist@file diff --git a/examples/paperless-ngx/docker-compose.yml b/examples/paperless-ngx/docker-compose.yml new file mode 100644 index 0000000..242db67 --- /dev/null +++ b/examples/paperless-ngx/docker-compose.yml @@ -0,0 +1,77 @@ +version: "3.4" + +services: + broker: + image: docker.io/library/redis:7 + container_name: paperless-ngx-redis + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/redis:/data + #networks: + # - proxy + + db: + image: docker.io/library/postgres:13 + container_name: paperless-ngx-db + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/database:/var/lib/postgresql/data + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: paperless + #networks: + # - proxy + + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + container_name: paperless-ngx-web + restart: unless-stopped + depends_on: + - db + - broker + ports: + - "8910:8000" + healthcheck: + test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/data:/usr/src/paperless/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/media:/usr/src/paperless/media + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/export:/usr/src/paperless/export + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/paperless-ngx/consume:/usr/src/paperless/consume + environment: + PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_DBHOST: db + USERMAP_UID: 1000 + USERMAP_GID: 1000 + PAPERLESS_ADMIN_USER: admin + PAPERLESS_ADMIN_MAIL: admin@example.com + PAPERLESS_ADMIN_PASSWORD: MySuperStrongLoginPassword # change + PAPERLESS_SECRET_KEY: 6eKz1nYhNmpf8w3HoMeCdnIoUqCF8Q1aif3BGks74pU # adjust this key if you plan to make paperless available publicly + PAPERLESS_URL: http://127.0.0.1:8910 # adjust; also sets ALLOWED_HOSTS, CORS_ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS + PAPERLESS_ALLOWED_HOSTS: localhost,paperless.example.com,127.0.0.1:8910 # comma separated list; add your domain name + PAPERLESS_TIME_ZONE: Europe/Berlin + PAPERLESS_OCR_LANGUAGE: eng # default language to use for OCR + # The container already installs English, German, Italian, Spanish and French + # You may want additional languages to install for text recognition; + #PAPERLESS_OCR_LANGUAGES: tur ces + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.paperless-ngx.rule=Host(`paperless.example.com`) + # - traefik.http.services.paperless-ngx.loadbalancer.server.port=8000 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.paperless-ngx.middlewares=local-ipwhitelist@file,basic-auth@file + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + +#networks: +# proxy: +# external: true diff --git a/examples/papermerge/README.md b/examples/papermerge/README.md new file mode 100644 index 0000000..d26b12e --- /dev/null +++ b/examples/papermerge/README.md @@ -0,0 +1,8 @@ +# References + +- https://github.com/ciur/papermerge/blob/master/docker/docker-compose.yml +- https://hub.docker.com/r/linuxserver/papermerge (deprecated) + +# Notes + +Default login is `admin:admin` diff --git a/examples/papermerge/docker-compose-deprecated.yml b/examples/papermerge/docker-compose-deprecated.yml new file mode 100644 index 0000000..2aaa9e0 --- /dev/null +++ b/examples/papermerge/docker-compose-deprecated.yml @@ -0,0 +1,16 @@ +version: "3" + +services: + papermerge: + container_name: papermerge + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + hostname: papermerge + image: linuxserver/papermerge:latest + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/importer_dir:/mnt/media/importer_dir + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/data:/data diff --git a/examples/papermerge/docker-compose.yml b/examples/papermerge/docker-compose.yml new file mode 100644 index 0000000..39b36ec --- /dev/null +++ b/examples/papermerge/docker-compose.yml @@ -0,0 +1,85 @@ +version: '3.7' + +services: + + app: + image: eugenci/papermerge:2.0.0 + container_name: papermerge-app + restart: unless-stopped + expose: + - 8000 + ports: + - 8888:8000 + depends_on: + - db + - redis + - worker + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/media_root:/opt/media + environment: + - DJANGO_SETTINGS_MODULE=config.settings.production + - POSTGRES_USER=dbuser + - POSTGRES_PASSWORD=dbpass + - POSTGRES_DB=dbname + - POSTGRES_HOST=db + - POSTGRES_PORT=5432 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.papermerge.rule=Host(`papermerge.example.com`) + # - traefik.http.services.papermerge.loadbalancer.server.port=8000 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.papermerge.middlewares=local-ipwhitelist@file,authelia@docker + + db: + image: postgres:12.3-alpine + container_name: papermerge-db + restart: unless-stopped + expose: + - 5432 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/psql-data:/var/lib/postgresql/data/ + environment: + - POSTGRES_USER=dbuser + - POSTGRES_PASSWORD=dbpass + - POSTGRES_DB=dbname + #networks: + # - proxy + + redis: + container_name: papermerge-redis + image: redis:6-alpine + restart: unless-stopped + expose: + - 6379 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/redis-data:/data + #networks: + # - proxy + + worker: + image: eugenci/papermerge-worker:v2.0.0 + container_name: papermerge-worker + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/media_root:/opt/media + environment: + - DJANGO_SETTINGS_MODULE=config.settings.production + - POSTGRES_USER=dbuser + - POSTGRES_PASSWORD=dbpass + - POSTGRES_DB=dbname + - POSTGRES_HOST=db + - POSTGRES_PORT=5432 + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/passbolt/README.md b/examples/passbolt/README.md new file mode 100644 index 0000000..6efd294 --- /dev/null +++ b/examples/passbolt/README.md @@ -0,0 +1,19 @@ +# References + +- https://help.passbolt.com/hosting/install/ce/docker.html + +# Notes + +Passbolt container runs as specific user with a UID and GUID of `33`. + +Therefore, ensure proper permissions on the Docker data bind mount volumes: + +```` +sudo chgrp 33 /mnt/docker-volumes/passbolt/gpg +sudo chmod 770 /mnt/docker-volumes/passbolt/gpg + +sudo chgrp 33 /mnt/docker-volumes/passbolt/jwt +sudo chmod 770 /mnt/docker-volumes/passbolt/jwt +```` + +After spawning up the container, you have to create your user account first. Please follow the referenced link above, which leads you to the official documentation and how-tos. It is also recommended to add SMTP into the mix to retrieve important emails. diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml new file mode 100644 index 0000000..64f6c92 --- /dev/null +++ b/examples/passbolt/docker-compose.yml @@ -0,0 +1,45 @@ +version: '3.9' + +services: + db: + image: mariadb:10.3 + container_name: passbolt-db + hostname: passbolt-db + restart: unless-stopped + environment: + MYSQL_RANDOM_ROOT_PASSWORD: "true" + MYSQL_DATABASE: "passbolt" + MYSQL_USER: "passbolt" + MYSQL_PASSWORD: "P4ssb0lt" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/mariadb:/var/lib/mysql + + passbolt: + image: passbolt/passbolt:latest-ce # alternatively, you can use the rootless image passbolt/passbolt:latest-ce-non-root + container_name: passbolt + hostname: passbolt + restart: unless-stopped + depends_on: + - db + environment: + APP_FULL_BASE_URL: http://127.0.0.1:8543 # adjust http/https and add your hostname or domain + DATASOURCES_DEFAULT_HOST: "db" + DATASOURCES_DEFAULT_USERNAME: "passbolt" + DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt" + DATASOURCES_DEFAULT_DATABASE: "passbolt" + #EMAIL_DEFAULT_FROM_NAME: "Passbolt CE" + #EMAIL_DEFAULT_FROM: "passbolt@gmail.com" + #EMAIL_TRANSPORT_DEFAULT_HOST: smtp.gmail.com + #EMAIL_TRANSPORT_DEFAULT_PORT: 587 + #EMAIL_TRANSPORT_DEFAULT_USERNAME: "smtp_user" + #EMAIL_TRANSPORT_DEFAULT_PASSWORD: "smtp_pass" + #EMAIL_TRANSPORT_DEFAULT_TLS: true # or false; default null + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/gpg:/etc/passbolt/gpg + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/jwt:/etc/passbolt/jwt + command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"] + ports: + - 8543:80 # HTTP + - 8432:443 # HTTPS + # - 8543:8080 # alternative port mappings if rootless image is used + # - 8432:4433 # alternative port mappings if rootless image is used diff --git a/examples/photoprism/README.md b/examples/photoprism/README.md new file mode 100644 index 0000000..92171d9 --- /dev/null +++ b/examples/photoprism/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/photoprism/photoprism diff --git a/examples/photoprism/docker-compose.yml b/examples/photoprism/docker-compose.yml new file mode 100644 index 0000000..26ce668 --- /dev/null +++ b/examples/photoprism/docker-compose.yml @@ -0,0 +1,22 @@ +version: "3" + +services: + photoprism: + image: photoprism/photoprism:latest + container_name: photoprism + hostname: photoprism + environment: + - PHOTOPRISM_ADMIN_PASSWORD=MySecureLoginPasswordForPhotoprism + - PHOTOPRISM_DEBUG=false + - PHOTOPRISM_PUBLIC=false + - PHOTOPRISM_UPLOAD_NSFW=true + - PHOTOPRISM_DETECT_NSFW=false + - PHOTOPRISM_HTTP_HOST=0.0.0.0 + - PHOTOPRISM_HTTP_PORT=2342 + - PHOTOPRISM_DATABASE_DRIVER=sqlite + ports: + - 2342:2342 + restart: unless-stopped + volumes: + - /path/to/my/locally/stored/media/files:/photoprism/originals + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/photoprism/storage:/photoprism/storage diff --git a/examples/pi-hole/README.md b/examples/pi-hole/README.md new file mode 100644 index 0000000..e6d41d8 --- /dev/null +++ b/examples/pi-hole/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/pihole/pihole diff --git a/examples/pi-hole/docker-compose.yml b/examples/pi-hole/docker-compose.yml new file mode 100644 index 0000000..5d9c83e --- /dev/null +++ b/examples/pi-hole/docker-compose.yml @@ -0,0 +1,37 @@ +version: "3" + +# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ +services: + pihole: + container_name: pihole + image: pihole/pihole:latest + # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" + ports: + - "53:53/tcp" # DNS TCP + - "53:53/udp" # DNS UDP + - "80:80/tcp" # WEB ADMIN GUI + #- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server + environment: + TZ: 'Europe/Berlin' + WEBPASSWORD: 'MySecureLoginPasswordForWebApp' + # Volumes store your data between container upgrades + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/pihole/data:/etc/pihole + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/pihole/dnsmasq:/etc/dnsmasq.d + # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + cap_add: + - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.pihole.rule=Host(`pihole.example.com`) + # - traefik.http.services.pihole.loadbalancer.server.port=80 + # # Optional part for traefik middlewares + # - traefik.http.routers.pihole.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/plausible/.env b/examples/plausible/.env new file mode 100644 index 0000000..9cbc9fd --- /dev/null +++ b/examples/plausible/.env @@ -0,0 +1,8 @@ +ADMIN_USER_EMAIL=john.doe@example.com # this is your admin user for login +ADMIN_USER_NAME=superuser # this is your admin username +ADMIN_USER_PWD=MyVeryStrongLoginPasswordForPlausible # change this +BASE_URL=https://plausible.example.com:443 # change this +SECRET_KEY_BASE=9meoKctVLEjZGm+CQwNbgZdAiWnw== # change this to a secure random secret +DISABLE_REGISTRATION=true +PSQL_PASS=password +TOTP_VAULT_KEY=9meoKctVLEjZGm+CQwNbgZdAiWnw== # change this to a secure random secret diff --git a/examples/plausible/README.md b/examples/plausible/README.md new file mode 100644 index 0000000..58188d5 --- /dev/null +++ b/examples/plausible/README.md @@ -0,0 +1,46 @@ +# References + +- https://github.com/plausible/analytics + +# Notes + +You have to place two clickhouse configuration files at the corresponding Docker bind volume mounts before starting the stack: + +```` +wget https://raw.githubusercontent.com/plausible/hosting/master/clickhouse/clickhouse-config.xml +wget https://raw.githubusercontent.com/plausible/hosting/master/clickhouse/clickhouse-user-config.xml + +mv clickhouse-config.xml /mnt/docker-volumes/plausible/clickhouse/. +mv clickhouse-user-config.xml /mnt/docker-volumes/plausible/clickhouse/. + +docker compose up +```` + +## Retention Time + +Plausible's Clickhouse event database will grow over time. There is no retention time currently implemented or defined. See https://github.com/plausible/analytics/discussions/1354. + +However, it is possible to manually define a `TTL`, which will automatically prune event data that hit a specific age. Note that the example commands below will set the retention time to 356 days. So event or session data, older than 365 days (1 year), will automatically be pruned from the database. + +> [!WARNING] +> By running the below commands you will configure a retention time. This can cause data loss and impact the statistics shown in the Plausible dashboard. Please run wisely and choose your preferred retention time. +> +> The example uses 365 days, so you can inspect website statistics back to 1 year. For Plausible v1 the table names are called `events` and `sessions` without `_v2`. + +```` +# exec into the running docker container +docker compose exec plausible_events_db clickhouse-client + +# select the correct database +\c plausible_events_db + +# alter events_v2 table and add TTL with retention time +ALTER TABLE events_v2 MODIFY TTL timestamp + INTERVAL 365 DAY; + +# alter sessions_v2 table and add TTL with retention time +ALTER TABLE sessions_v2 MODIFY TTL timestamp + INTERVAL 365 DAY; + +# optimization +OPTIMIZE TABLE events_v2 FINAL; +OPTIMIZE TABLE sessions_v2 FINAL; +```` diff --git a/examples/plausible/docker-compose.yml b/examples/plausible/docker-compose.yml new file mode 100644 index 0000000..ad7467d --- /dev/null +++ b/examples/plausible/docker-compose.yml @@ -0,0 +1,57 @@ +version: "3.3" +services: + + plausible_db: + image: postgres:16-alpine + container_name: plausible-db + restart: always + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plausible/database/:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=${PSQL_PASS:-password} + #networks: + # - proxy + + plausible_events_db: + container_name: plausible-events-db + image: clickhouse/clickhouse-server:24.3.3.102-alpine + restart: always + environment: + - CLICKHOUSE_UID=1000 + - CLICKHOUSE_GID=1000 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plausible/event-data:/var/lib/clickhouse + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro + ulimits: + nofile: + soft: 262144 + hard: 262144 + #networks: + # - proxy + + plausible: + container_name: plausible + image: ghcr.io/plausible/community-edition:v2.1 + restart: always + command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run" + depends_on: + - plausible_db + - plausible_events_db + ports: + - 8000:8000 # WEB UI + env_file: + - .env + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.plausible.rule=Host(`plausible.example.com`) + # - traefik.http.services.plausible.loadbalancer.server.port=8000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # # - traefik.http.routers.plausible.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/plex/README.md b/examples/plex/README.md new file mode 100644 index 0000000..ca5693d --- /dev/null +++ b/examples/plex/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/plexinc/pms-docker \ No newline at end of file diff --git a/examples/plex/docker-compose.yml b/examples/plex/docker-compose.yml new file mode 100644 index 0000000..527471e --- /dev/null +++ b/examples/plex/docker-compose.yml @@ -0,0 +1,16 @@ +version: '3.3' + +services: + pms-docker: + image: plexinc/pms-docker + container_name: plex + environment: + - TZ=Europe/Berlin + - PLEX_CLAIM=claim-dvmURANy9Z7MbJhmY7V7 # pls adjust + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plex/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plex/transcode:/transcode + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/plex/media:/data + restart: unless-stopped + ports: + - '32400:32400' diff --git a/examples/portainer/README.md b/examples/portainer/README.md new file mode 100644 index 0000000..10003e1 --- /dev/null +++ b/examples/portainer/README.md @@ -0,0 +1,8 @@ +# References + +- https://github.com/portainer/portainer +- https://www.portainer.io/take-5 + +# Notes + +Complete the form [here](https://www.portainer.io/take-5) and you'll receive a Portainer Business serial for free. diff --git a/examples/portainer/docker-compose.yml b/examples/portainer/docker-compose.yml new file mode 100644 index 0000000..de898bd --- /dev/null +++ b/examples/portainer/docker-compose.yml @@ -0,0 +1,35 @@ +version: '3' + +services: + portainer: + image: portainer/portainer-ee:2.21.0-alpine # or use community edition via portainer/portainer-ce + container_name: portainer-ee # may rename to portainer-ce if community edition is used + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - portainer_data:/data + ports: + - 9443:9443 + expose: + - 9443 + - 9000 + - 8000 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.portainer.rule=Host(`portainer.example.com`) + # - traefik.http.services.portainer.loadbalancer.server.port=9000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.portainer.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true + +volumes: + portainer_data: + external: true + name: portainer_data diff --git a/examples/posio/README.md b/examples/posio/README.md new file mode 100644 index 0000000..ed6a666 --- /dev/null +++ b/examples/posio/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/abrenaut/posio (original) +- https://github.com/l4rm4nd/posio (fork with docker image) diff --git a/examples/posio/docker-compose.yml b/examples/posio/docker-compose.yml new file mode 100644 index 0000000..fdc8abf --- /dev/null +++ b/examples/posio/docker-compose.yml @@ -0,0 +1,27 @@ +version: '3.3' + +services: + posio: + image: l4rm4nd/posio:latest + container_name: posio + restart: unless-stopped + ports: + - 5000:5000/tcp + expose: + - 5000/tcp + environment: + - POSIO_SETTINGS=/app/posio/config.py + - FLASK_APP=/app/posio/game_master.py + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.posio.rule=Host(`posio.example.com`) + # - traefik.http.services.posio.loadbalancer.server.port=5000 + # # Optional part for traefik middlewares + # - traefik.http.routers.posio.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/privatebin/README.md b/examples/privatebin/README.md new file mode 100644 index 0000000..f582db0 --- /dev/null +++ b/examples/privatebin/README.md @@ -0,0 +1,9 @@ +# References + +- https://github.com/PrivateBin/PrivateBin + +# Notes + +You have to put the example config files to your Docker volume bind mount path. + +Only the `config.php` is necessary for a default installation with 10 MB file upload limit. If you want to increase this upload limit, you must also use the other config files. diff --git a/examples/privatebin/configs/config.php b/examples/privatebin/configs/config.php new file mode 100644 index 0000000..6b75176 --- /dev/null +++ b/examples/privatebin/configs/config.php @@ -0,0 +1,226 @@ +;project page." + +; (optional) notice to display +;notice = "Note: Kittens will die if you abuse this service." + +; by default PrivateBin will guess the visitors language based on the browsers +; settings. Optionally you can enable the language selection menu, which uses +; a session cookie to store the choice until the browser is closed. +languageselection = true + +; set the language your installs defaults to, defaults to English +; if this is set and language selection is disabled, this will be the only language +languagedefault = "en" + +; (optional) URL shortener address to offer after a new paste is created +; it is suggested to only use this with self-hosted shorteners as this will leak +; the pastes encryption key. Ensure to set basepath above if you use YOURLS. +; urlshortener = "https://shortener.example.com/api?link=" +; urlshortener = "${basepath}shortenviayourls?link=" + +; (optional) Let users create a QR code for sharing the paste URL with one click. +; It works both when a new paste is created and when you view a paste. +qrcode = true + +; (optional) IP based icons are a weak mechanism to detect if a comment was from +; a different user when the same username was used in a comment. It might be +; used to get the IP of a non anonymous comment poster if the server salt is +; leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs. +; Can be set to one these values: "none" / "vizhash" / "identicon" (default). +icon = "identicon" + +; Content Security Policy headers allow a website to restrict what sources are +; allowed to be accessed in its context. You need to change this if you added +; custom scripts from third-party domains to your templates, e.g. tracking +; scripts or run your site behind certain DDoS-protection services. +; Check the documentation at https://content-security-policy.com/ +; Notes: +; - If you use a bootstrap theme, you can remove the allow-popups from the +; sandbox restrictions. +; - By default this disallows to load images from third-party servers, e.g. when +; they are embedded in pastes. If you wish to allow that, you can adjust the +; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images +; for details. +; - The 'unsafe-eval' is used in two cases; to check if the browser supports +; async functions and display an error if not and for Chrome to enable +; webassembly support (used for zlib compression). You can remove it if Chrome +; doesn't need to be supported and old browsers don't need to be warned. +; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads" + +; stay compatible with PrivateBin Alpha 0.19, less secure +; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of +; sha256 in HMAC for the deletion token +; zerobincompatibility = false + +; Enable or disable the warning message when the site is served over an insecure +; connection (insecure HTTP instead of HTTPS), defaults to true. +; Secure transport methods like Tor and I2P domains are automatically whitelisted. +; It is **strongly discouraged** to disable this. +; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information. +httpwarning = true + +; Pick compression algorithm or disable it. Only applies to pastes/comments +; created after changing the setting. +; Can be set to one these values: "none" / "zlib" (default). +; compression = "zlib" + +[expire] +; expire value that is selected per default +; make sure the value exists in [expire_options] +default = "1hour" + +[expire_options] +; Set each one of these to the number of seconds in the expiration period, +; or 0 if it should never expire +5min = 300 +;25min = 1500 +1hour = 3600 +4hours = 14400 +1day = 86400 +;5days = 432000 +1week = 604800 +; Well this is not *exactly* one month, it's 30 days: +;1month = 2592000 +;1year = 31536000 +;never = 0 + +[formatter_options] +; Set available formatters, their order and their labels +plaintext = "Plain Text" +syntaxhighlighting = "Source Code" +markdown = "Markdown" + +[traffic] +; time limit between calls from the same IP address in seconds +; Set this to 0 to disable rate limiting. +limit = 10 + +; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted +; from the rate-limit. Invalid IPs will be ignored. If multiple values are to +; be exempted, the list needs to be comma separated. Leave unset to disable +; exemptions. +; exempted = "1.2.3.4,10.10.10/24" + +; (optional) If you want only some source IP addresses (v4 or v6) or subnets +; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be +; ignored. If multiple values are to be exempted, the list needs to be comma +; separated. Leave unset to allow anyone to create pastes. +; creators = "1.2.3.4,10.10.10/24" + +; (optional) if your website runs behind a reverse proxy or load balancer, +; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR +header = "X_FORWARDED_FOR" + +[purge] +; minimum time limit between two purgings of expired pastes, it is only +; triggered when pastes are created +; Set this to 0 to run a purge every time a paste is created. +limit = 300 + +; maximum amount of expired pastes to delete in one purge +; Set this to 0 to disable purging. Set it higher, if you are running a large +; site +batchsize = 10 + +[model] +; name of data model class to load and directory for storage +; the default model "Filesystem" stores everything in the filesystem +class = Filesystem +[model_options] +dir = PATH "data" + +;[model] +; example of a Google Cloud Storage configuration +;class = GoogleCloudStorage +;[model_options] +;bucket = "my-private-bin" +;prefix = "pastes" + +;[model] +; example of DB configuration for MySQL +;class = Database +;[model_options] +;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8" +;tbl = "privatebin_" ; table prefix +;usr = "privatebin" +;pwd = "Z3r0P4ss" +;opt[12] = true ; PDO::ATTR_PERSISTENT + +;[model] +; example of DB configuration for SQLite +;class = Database +;[model_options] +;dsn = "sqlite:" PATH "data/db.sq3" +;usr = null +;pwd = null +;opt[12] = true ; PDO::ATTR_PERSISTENT + +;[model] +; example of DB configuration for PostgreSQL +;class = Database +;[model_options] +;dsn = "pgsql:host=localhost;dbname=privatebin" +;tbl = "privatebin_" ; table prefix +;usr = "privatebin" +;pwd = "Z3r0P4ss" +;opt[12] = true ; PDO::ATTR_PERSISTENT + +[yourls] +; When using YOURLS as a "urlshortener" config item: +; - By default, "urlshortener" will point to the YOURLS API URL, with or without +; credentials, and will be visible in public on the PrivateBin web page. +; Only use this if you allow short URL creation without credentials. +; - Alternatively, using the parameters in this section ("signature" and +; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin +; instance with "shortenviayourls?link=" appended. For example: +; urlshortener = "${basepath}shortenviayourls?link=" +; This URL will in turn call YOURLS on the server side, using the URL from +; "apiurl" and the "access signature" from the "signature" parameters below. + +; (optional) the "signature" (access key) issued by YOURLS for the using account +; signature = "" +; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL +; apiurl = "https://yourls.example.com/yourls-api.php" \ No newline at end of file diff --git a/examples/privatebin/configs/nginx.conf b/examples/privatebin/configs/nginx.conf new file mode 100644 index 0000000..fa07b08 --- /dev/null +++ b/examples/privatebin/configs/nginx.conf @@ -0,0 +1,71 @@ +# Sets the worker threads to the number of CPU cores available in the system for best performance. +# Should be > the number of CPU cores. +# Maximum number of connections = worker_processes * worker_connections +worker_processes auto; + +# Maximum number of open files per worker process. +# Should be > worker_connections. +worker_rlimit_nofile 8192; + +events { + # If you need more connections than this, you start optimizing your OS. + # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests. + # Should be < worker_rlimit_nofile. + worker_connections 8000; +} + +# Log errors and warnings to this file +# This is only used when you don't override it on a server{} level +error_log /dev/stderr warn; + +# The file storing the process ID of the main process +pid /run/nginx.pid; + +# The process is managed in the docker-env +daemon off; + +# Free some CPU cycles +timer_resolution 500ms; + +http { + # Specify MIME types for files. + include mime.types; + default_type application/octet-stream; + + # Update charset_types to match updated mime.types. + # text/html is always included by charset module. + charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml; + + # Include $http_x_forwarded_for within default format used in log files + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Hide used software + server_tokens off; + + # Default charset + charset utf-8; + + # How long to allow each connection to stay idle. + # Longer values are better for each individual client, particularly for SSL, + # but means that worker connections are tied up longer. + keepalive_timeout 20s; + + # Speed up file transfers by using sendfile() to copy directly + # between descriptors rather than using read()/write(). + # For performance reasons, on FreeBSD systems w/ ZFS + # this option should be disabled as ZFS's ARC caches + # frequently used files in RAM by default. + sendfile on; + + # Don't send out partial frames; this increases throughput + # since TCP frames are filled up before being sent out. + tcp_nopush on; + + # Allow up to 512 MiB payload, privatebin defaults to 10 MiB. + client_max_body_size 512M; + + # Load even moar configs + include /etc/nginx/http.d/*.conf; +} diff --git a/examples/privatebin/configs/nginx_sites_available_privatebin.conf b/examples/privatebin/configs/nginx_sites_available_privatebin.conf new file mode 100644 index 0000000..cca7903 --- /dev/null +++ b/examples/privatebin/configs/nginx_sites_available_privatebin.conf @@ -0,0 +1,30 @@ +# mysite_nginx.conf + +# the upstream component nginx needs to connect to +upstream privatebin-docker { + server 127.0.0.1:9988; +} + +# configuration of the server +server { + # the port your site will be served on + # the domain name it will serve for + server_name privatebin.example.com + charset utf-8; + + # max upload size + client_max_body_size 0; # adjust to taste + + # Finally, send all non-media requests to the Privatebin server. + # if you use cloudflare, please read this https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection + location / { + proxy_pass http://privatebin-docker; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_redirect off; + client_max_body_size 0; # adjust to taste + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + } + + #add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; diff --git a/examples/privatebin/configs/php.ini b/examples/privatebin/configs/php.ini new file mode 100644 index 0000000..f68fe39 --- /dev/null +++ b/examples/privatebin/configs/php.ini @@ -0,0 +1,64 @@ +; session.use_strict_mode specifies whether the module will use strict session id mode. If this +; mode is enabled, the module does not accept uninitialized session ID. If uninitialized session ID +; is sent from browser, new session ID is sent to browser. Applications are protected from session +; fixation via session adoption with strict mode. Defaults to 0 (disabled). +session.use_strict_mode=On + +; Enable assert() evaluation. +assert.active=Off + +; This determines whether errors should be printed to the screen as part of the output or if they +; should be hidden from the user. Value "stderr" sends the errors to stderr instead of stdout. +display_errors=Off + +; Tells whether script error messages should be logged to the server's error log or error_log. +; You're strongly advised to use error logging in place of error displaying on production web sites. +log_errors=On + + + +; increase size limits +upload_max_filesize=1000M +post_max_size=1000M +memory_limit=2000M + + +; best practices + +; Disable deprecated short open tags (" + local?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}" + ROOT_URL: ${ROOT_URL:-http://localhost:${HOST_PORT:-3000}} + PORT: ${PORT:-3000} + DEPLOY_METHOD: docker + DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-linux} + depends_on: + - mongodb + + mongodb: + container_name: rocketchat-db + hostname: rocketchat-db + image: docker.io/bitnami/mongodb:${MONGODB_VERSION:-4.4} + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/rocketchat/mongodb:/bitnami/mongodb + environment: + MONGODB_REPLICA_SET_MODE: primary + MONGODB_REPLICA_SET_NAME: ${MONGODB_REPLICA_SET_NAME:-rs0} + MONGODB_PORT_NUMBER: ${MONGODB_PORT_NUMBER:-27017} + MONGODB_INITIAL_PRIMARY_HOST: ${MONGODB_INITIAL_PRIMARY_HOST:-mongodb} + MONGODB_INITIAL_PRIMARY_PORT_NUMBER: ${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017} + MONGODB_ADVERTISED_HOSTNAME: ${MONGODB_ADVERTISED_HOSTNAME:-mongodb} + MONGODB_ENABLE_JOURNAL: ${MONGODB_ENABLE_JOURNAL:-true} + ALLOW_EMPTY_PASSWORD: ${ALLOW_EMPTY_PASSWORD:-yes} + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/rxresume/README.md b/examples/rxresume/README.md new file mode 100644 index 0000000..60c9d7f --- /dev/null +++ b/examples/rxresume/README.md @@ -0,0 +1,4 @@ +# Reference + +- https://github.com/AmruthPillai/Reactive-Resume +- https://github.com/AmruthPillai/Reactive-Resume/tree/main/tools/compose diff --git a/examples/rxresume/docker-compose-v3.yml b/examples/rxresume/docker-compose-v3.yml new file mode 100644 index 0000000..9d6ee63 --- /dev/null +++ b/examples/rxresume/docker-compose-v3.yml @@ -0,0 +1,143 @@ +version: "3.8" + +# This docker compose example targets rxresume < 4.0 +# For a newer version, please see https://github.com/AmruthPillai/Reactive-Resume/tree/main/tools/compose + +# Make sure that you expose both the client and server container behind the same (sub)domain, +# which is properly resolvable. Otherwise, you'll either receive DNS or CORS errors, as the domain +# cannot be resolved by the containers properly or since the Same Origin Policy (SOP) will prevent +# access from Domain A (client) to Domain B (server). So let both containers run on the same domain +# and tell your reverse proxy (here traefik) that the server container will handle all /api requests. + +# If PDF export keeps failing, you may want to enable the `extra_hosts` definition in the client's +# Docker Compose service definition. Specify your domain name and your server's IP address where +# Traefik is listening on TCP/80 and TCP/443. See this GitHub issue here: +# https://github.com/AmruthPillai/Reactive-Resume/issues/721#issuecomment-1530550167 + +# Also ensure to create a new resume always as soon as you've changed your setup or the Docker +# Compose file. Older resumes may introduce previous errors, which are false positives and only +# occur for the old resume. + +# If you use Nginx Proxy Manager as reverse proxy, may have a read here: +# https://github.com/AmruthPillai/Reactive-Resume/issues/721#issuecomment-1405283786 + +services: + postgres: + image: postgres:alpine + container_name: rxresume-db + restart: always + expose: + - 5432 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/rxresume/postgresql:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + start_period: 15s + interval: 30s + timeout: 30s + retries: 3 + environment: + - POSTGRES_DB=postgres + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=postgres + networks: + - proxy + + server: + image: amruthpillai/reactive-resume:server-latest + container_name: rxresume-server + restart: always + #extra_hosts: + # - "resume.example.com:10.10.0.100" # optionally enable if PDF export keeps failing; specify your domain and server's IP address where traefik is running + expose: + - 3100 + depends_on: + - postgres + environment: + - PUBLIC_URL=http://resume.example.com + - PUBLIC_SERVER_URL=http://resume.example.com/api # only change the subdomain, leave /api as is + - PUBLIC_GOOGLE_CLIENT_ID= + - POSTGRES_DB=postgres + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=postgres + - SECRET_KEY=change-me-to-something-secure + - POSTGRES_HOST=postgres + - POSTGRES_PORT=5432 + - POSTGRES_SSL_CERT= + - JWT_SECRET=change-me-to-something-secure + - JWT_EXPIRY_TIME=604800 + - GOOGLE_CLIENT_SECRET= + - GOOGLE_API_KEY= + - MAIL_FROM_NAME=Reactive Resume + - MAIL_FROM_EMAIL=noreply@rxresu.me + - MAIL_HOST= + - MAIL_PORT= + - MAIL_USERNAME= + - MAIL_PASSWORD= + - STORAGE_BUCKET= + - STORAGE_REGION= + - STORAGE_ENDPOINT= + - STORAGE_URL_PREFIX= + - STORAGE_ACCESS_KEY= + - STORAGE_SECRET_KEY= + - PDF_DELETION_TIME= + networks: + - proxy + labels: + - traefik.enable=true + - traefik.http.routers.rxresume-server.rule=Host(`resume.example.com`) && PathPrefix(`/api`) # only change the subdomain, leave /api as is + - traefik.http.services.rxresume-server.loadbalancer.server.port=3100 + - traefik.docker.network=proxy + # Part for optional traefik middlewares + - traefik.http.routers.rxresume-server.middlewares=path-strip # may add local-ipwhitelist@file for access control + - traefik.http.middlewares.path-strip.stripprefix.prefixes=/api + - traefik.http.middlewares.path-strip.stripprefix.forceSlash=false + + client: + image: amruthpillai/reactive-resume:client-latest + container_name: rxresume-client + restart: always + #extra_hosts: + # - "resume.example.com:10.10.0.100" # # optionally enable if PDF export keeps failing; specify your domain and server's IP address where traefik is running + expose: + - 3000 + depends_on: + - server + environment: + - PUBLIC_URL=http://resume.example.com + - PUBLIC_SERVER_URL=http://resume.example.com/api # only change the subdomain, leave /api as is + - PUBLIC_GOOGLE_CLIENT_ID= + networks: + - proxy + labels: + - traefik.enable=true + - traefik.http.routers.rxresume-client.rule=Host(`resume.example.com`) + - traefik.http.services.rxresume-client.loadbalancer.server.port=3000 + - traefik.docker.network=proxy + # Part for optional traefik middlewares + #- traefik.http.routers.rxresume-client.middlewares=local-ipwhitelist@file # may enable this middleware for access control + + traefik: + image: traefik:v2.10.1 + container_name: rxresume-traefik + restart: unless-stopped + command: + - "--log.level=INFO" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + ports: + - 80:80 + - 8080:8080 + environment: + - VIRTUAL_HOST=resume.example.com + - VIRTUAL_PORT=80 + networks: + - proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + +networks: + proxy: + external: true diff --git a/examples/rxresume/docker-compose-v4.yml b/examples/rxresume/docker-compose-v4.yml new file mode 100644 index 0000000..17520b0 --- /dev/null +++ b/examples/rxresume/docker-compose-v4.yml @@ -0,0 +1,106 @@ +version: "3.8" + +services: + postgres: + image: postgres:16-alpine + container_name: rx-db + restart: unless-stopped + expose: + - 5432 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/rxresume/database:/var/lib/postgresql/data + environment: + - POSTGRES_DB=postgres + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=postgres + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres -d postgres"] + interval: 10s + timeout: 5s + retries: 5 + #networks: + # - proxy + + minio: + image: minio/minio + container_name: rx-minio + restart: unless-stopped + command: server /data + ports: + - 9000:9000 + expose: + - 9000 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/rxresume/minio:/data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.minio.rule=Host(`storage.example.com`) + # - traefik.http.services.minio.loadbalancer.server.port=9000 + # # Optional part for traefik middlewares + # - traefik.http.routers.minio.middlewares=local-ipwhitelist@file + + chrome: + image: ghcr.io/browserless/chromium:latest + container_name: rx-chrome + restart: unless-stopped + environment: + - TIMEOUT=10000 + - CONCURRENT=10 + - TOKEN=chrome_token + - EXIT_ON_HEALTH_FAILURE=true + - PRE_REQUEST_HEALTH_CHECK=true + #networks: + # - proxy + + app: + image: amruthpillai/reactive-resume:latest + container_name: rx-resume + restart: unless-stopped + ports: + - 3000:3000 + expose: + - 3000 + depends_on: + - postgres + - minio + - chrome + environment: + - PORT=3000 + - NODE_ENV=production + - PUBLIC_URL=http://localhost:3000 # replace with your https url if reverse proxy in use; e.g. https://resume.example.com + - STORAGE_URL=http://localhost:9000/default # replace with your https url if reverse proxy in use; e.g. https://storage.example.com + - CHROME_TOKEN=chrome_token + - CHROME_URL=ws://chrome:3000 + - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/postgres + - ACCESS_TOKEN_SECRET=access_token_secret + - REFRESH_TOKEN_SECRET=refresh_token_secret + - MAIL_FROM=noreply@localhost + # - SMTP_URL=smtp://user:pass@smtp:587 # Optional + - STORAGE_ENDPOINT=minio + - STORAGE_PORT=9000 + - STORAGE_REGION=us-east-1 # Optional + - STORAGE_BUCKET=default + - STORAGE_ACCESS_KEY=minioadmin + - STORAGE_SECRET_KEY=minioadmin + - STORAGE_USE_SSL=false + - DISABLE_SIGNUPS=false + - DISABLE_EMAIL_AUTH=false + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.rxresume.rule=Host(`resume.example.com`) + # - traefik.http.services.rxresume.loadbalancer.server.port=3000 + # # Optional part for traefik middlewares + # - traefik.http.routers.rxresume.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/seafile/README.md b/examples/seafile/README.md new file mode 100644 index 0000000..b4474b9 --- /dev/null +++ b/examples/seafile/README.md @@ -0,0 +1,27 @@ +# References + +- https://github.com/haiwen/seafile-docker + +# Notes + +If you run seafile behind a SSL/TLS reverse proxy with HTTPS, you will likely see a few error messages during login or uploads. + +### CSRF Verification Failed + +During first login, you may receive a CSRF verification error. This is caused by the Django CMS, which verifies requests based on the Referer HTTP header. + +To fix the issue, add your domain via the following config line in `/mnt/docker-volumes/seafile/data/seafile/conf/seahub_settings.py`: + +```` +CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] +```` + +See https://github.com/haiwen/seafile/issues/2707#issuecomment-1732493096 + +### Network Error During File Uploads + +Once logged into Seafile you may notice that file uploads do not work yet. You will receive a network failure error when trying to upload something. + +This is caused by Seafile's default settings using HTTP urls for `SERVICE_URL` and `FILE_SERVER_ROOT`. + +Head over to the system administration area at `/sys/web-settings/` and adjust both URL variables to use HTTPS instead. diff --git a/examples/seafile/docker-compose.yml b/examples/seafile/docker-compose.yml new file mode 100644 index 0000000..00716fb --- /dev/null +++ b/examples/seafile/docker-compose.yml @@ -0,0 +1,61 @@ +version: '3.6' + +services: + db: + image: mariadb:10.11 + container_name: seafile-mysql + environment: + - MYSQL_ROOT_PASSWORD=db_dev # Requested, set the root's password of MySQL service. + - MYSQL_LOG_CONSOLE=true + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/seafile/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. + #networks: + # - proxy + + memcached: + image: memcached:1.6.18 + container_name: seafile-memcached + entrypoint: memcached -m 256 + restart: unless-stopped + #networks: + # - proxy + + seafile: + image: seafileltd/seafile-mc:latest + container_name: seafile + restart: unless-stopped + ports: + - "7780:80" # HTTP + - "7443:443" # HTTPS + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/seafile/data:/shared # Requested, specifies the path to Seafile data persistent store. + environment: + - DB_HOST=db + - DB_ROOT_PASSWD=db_dev # Requested, the value shuold be root's password of MySQL service. + - TIME_ZONE=Europe/Berlin # Optional, default is UTC. Should be uncomment and set to your local time zone. + - SEAFILE_ADMIN_EMAIL=john.doe@example.com # Specifies Seafile admin user, default is 'me@example.com'. + - SEAFILE_ADMIN_PASSWORD=MySecureLoginPassword # Specifies Seafile admin password, default is 'asecret'. + - SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not. + - SEAFILE_SERVER_HOSTNAME=seafile.example.com # Specifies your host name if https is enabled. + depends_on: + - db + - memcached + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.seafile.rule=Host(`seafile.example.com`) + # - traefik.http.services.seafile.loadbalancer.server.port=80 + # # Optional part for file upload max sizes + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 + # # Optional part for traefik middlewares + # - traefik.http.routers.seafile.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true diff --git a/examples/send/README.md b/examples/send/README.md new file mode 100644 index 0000000..538acf8 --- /dev/null +++ b/examples/send/README.md @@ -0,0 +1,10 @@ +# References + +- https://github.com/timvisee/send +- https://github.com/timvisee/send/blob/master/docs/docker.md + +# Notes + +After spawning the container, you may have to adjust the bind volume mount permissions again. + +If you want to force darkmode, please read [here](https://github.com/timvisee/send/issues/174#issuecomment-1802243265). diff --git a/examples/send/docker-compose.yml b/examples/send/docker-compose.yml new file mode 100644 index 0000000..20d227f --- /dev/null +++ b/examples/send/docker-compose.yml @@ -0,0 +1,86 @@ +version: "3" + +services: + + send: + image: registry.gitlab.com/timvisee/send:latest # official image + #image: l4rm4nd/send:latest # image of a fork with darkmode only + container_name: send-app + restart: unless-stopped + read_only: true + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + ports: + - 1234:1234 + expose: + - 1234 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/send/uploads:/uploads + #- ./logo.png:/app/dist/mylogo.png:ro # pass custom logo into the container + environment: + - NODE_ENV=production # default is development + - DETECT_BASE_URL=true + #- BASE_URL=https://send.example.com # optional; if used then protocol handler (http/https) is mandatory + - PORT=1234 + - REDIS_HOST=redis + # For local uploads storage + - FILE_DIR=/uploads + # To customize upload limits + - EXPIRE_TIMES_SECONDS=3600,86400,604800,2592000,31536000 # Expire time options to show in UI dropdown, e.g. 3600,86400,604800,2592000,31536000 + - DEFAULT_EXPIRE_SECONDS=604800 # Default expire time in UI (defaults to 86400) + - MAX_EXPIRE_SECONDS=31536000 # Maximum upload expiry time in seconds (defaults to 604800 aka 7 days) + - DOWNLOAD_COUNTS=1,2,5,10,50 # Download limit options to show in UI dropdown, e.g. 10,1,2,5,10,15,25,50,100,1000 + - DEFAULT_DOWNLOADS=10 + - MAX_DOWNLOADS=10 # Maximum number of downloads (defaults to 100) + - MAX_FILE_SIZE=2684354560 # Maximum upload file size in bytes (defaults to 2147483648 aka 2GB) + # ---------------------------------------------------------------------------------- + # Custom Branding; see https://github.com/timvisee/send/blob/master/server/config.js + # ---------------------------------------------------------------------------------- + #- CUSTOM_TITLE=Send + #- CUSTOM_DESCRIPTION=Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever. + #- CUSTOM_FOOTER_TEXT= + #- CUSTOM_FOOTER_URL= + #- CUSTOM_LOCALE= + #- UI_CUSTOM_ASSETS_ANDROID_CHROME_192PX=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_ANDROID_CHROME_512PX=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_APPLE_TOUCH_ICON=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_FAVICON_16PX=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_FAVICON_32PX=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_ICON=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_SAFARI_PINNED_TAB=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_FACEBOOK=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_TWITTER=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_ASSETS_WORDMARK=mylogo.png # use a custom logo; if NODE_ENV=production you must use an internal image; otherwise any http(s) url works too + #- UI_CUSTOM_CSS= + #- UI_COLOR_PRIMARY=0a84ff + #- UI_COLOR_ACCENT=003eaa + #- SEND_FOOTER_CLI_URL=https://github.com/timvisee/ffsend + #- SEND_FOOTER_DMCA_URL= + #- SEND_FOOTER_SOURCE_URL=https://github.com/timvisee/send + # ---------------------------------------------------------------------------------- + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.send.rule=Host(`send.example.com`) + # - traefik.http.services.send.loadbalancer.server.port=1234 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5GB + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5GB + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5GB + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=5000000000 # optional, only necessary for file uploads; allow 5GB + + redis: + image: redis:alpine + container_name: send-redis + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/send/redis:/data + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/serge/README.md b/examples/serge/README.md new file mode 100644 index 0000000..6c436a8 --- /dev/null +++ b/examples/serge/README.md @@ -0,0 +1,7 @@ +# References + +- https://github.com/serge-chat/serge + +# Notes + +TBD diff --git a/examples/serge/docker-compose.yml b/examples/serge/docker-compose.yml new file mode 100644 index 0000000..2dbe26c --- /dev/null +++ b/examples/serge/docker-compose.yml @@ -0,0 +1,26 @@ +services: + + serge: + image: ghcr.io/serge-chat/serge:main + container_name: serge + restart: unless-stopped + ports: + - 8008 + expose: + - 8008 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/serge/weights:/usr/src/app/weights + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/serge/datadb:/data/db/ + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.serge.rule=Host(`serge.example.com`) + # - traefik.http.services.serge.loadbalancer.server.port=8080 + # # Optional part for traefik middlewares + # - traefik.http.routers.serge.middlewares=local-ipwhitelist@file,authelia@docker + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/sftpgo/README.md b/examples/sftpgo/README.md new file mode 100644 index 0000000..0bdde6a --- /dev/null +++ b/examples/sftpgo/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/drakkan/sftpgo diff --git a/examples/sftpgo/docker-compose.yml b/examples/sftpgo/docker-compose.yml new file mode 100644 index 0000000..204dc4a --- /dev/null +++ b/examples/sftpgo/docker-compose.yml @@ -0,0 +1,38 @@ +services: + + sftpgo: + image: drakkan/sftpgo:v2-alpine + user: 1000:1000 + restart: unless-stopped + ports: + - 8888:8080 # HTTP + #- 2022:2022" # SFTP + #- 8443:443" # HTTPS + #- 5007:5007 # WEBDAV + environment: + # These are the settings to access your db + SFTPGO_WEBDAVD__BINDINGS__0__PORT: 5007 + SFTPGO_DATA_PROVIDER__DRIVER: mysql + SFTPGO_DATA_PROVIDER__NAME: sftpgo + SFTPGO_DATA_PROVIDER__HOST: mysql + SFTPGO_DATA_PROVIDER__PORT: 3306 + SFTPGO_DATA_PROVIDER__USERNAME: sftpgo # please change + SFTPGO_DATA_PROVIDER__PASSWORD: sftpgo # please change + SFTPGO_COMMON__DEFENDER__ENABLED: true + SFTPGO_COMMON__DEFENDER__BAN_TIME: 15 + SFTPGO_COMMON__DEFENDER__BAN_TIME_INCREMENT: 100 + SFTPGO_COMMON__DEFENDER__THRESHOLD: 5 + SFTPGO_COMMON__DEFENDER__OBSERVATION_TIME: 15 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sftpgo/data:/srv/sftpgo + + mysql: + image: mysql:latest + restart: always + environment: + MYSQL_DATABASE: sftpgo + MYSQL_USER: sftpgo # please change + MYSQL_PASSWORD: sftpgo # please change + MYSQL_ROOT_PASSWORD: MySecureRootDatabasePassword + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sftpgo/mysql:/var/lib/mysql diff --git a/examples/shiori/README.md b/examples/shiori/README.md new file mode 100644 index 0000000..3cbb929 --- /dev/null +++ b/examples/shiori/README.md @@ -0,0 +1,8 @@ +# References + +- https://github.com/nicholaswilde/docker-shiori +- https://github.com/go-shiori/shiori + +# Notes + +Default login is `shiori:gopher` diff --git a/examples/shiori/docker-compose.yml b/examples/shiori/docker-compose.yml new file mode 100644 index 0000000..d8b1db1 --- /dev/null +++ b/examples/shiori/docker-compose.yml @@ -0,0 +1,32 @@ +version: "2.1" + +services: + + shiori: + image: nicholaswilde/shiori:latest + container_name: shiori + environment: + - TZ=Europe/Berlin + - PUID=1000 + - PGID=1000 + - SHIORI_DIR=/data + expose: + - 8080 + ports: + - 8080:8080 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/shiori/data:/data + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.shiori.rule=Host(`shiori.example.com`) + # - traefik.http.services.shiori.loadbalancer.server.port=8080 + # # Part for optional traefik middlewares + # - traefik.http.routers.shiori.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/snipe-it/README.md b/examples/snipe-it/README.md new file mode 100644 index 0000000..e2cc01c --- /dev/null +++ b/examples/snipe-it/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/linuxserver/snipe-it diff --git a/examples/snipe-it/docker-compose.yml b/examples/snipe-it/docker-compose.yml new file mode 100644 index 0000000..44270eb --- /dev/null +++ b/examples/snipe-it/docker-compose.yml @@ -0,0 +1,36 @@ +--- +version: "2.1" +services: + snipe-it: + image: lscr.io/linuxserver/snipe-it:latest + container_name: snipe-it + environment: + - PUID=1000 + - PGID=1000 + - APP_URL=http://localhost:8080 + - MYSQL_PORT_3306_TCP_ADDR=mariadb + - MYSQL_PORT_3306_TCP_PORT=3306 + - MYSQL_DATABASE=snipeitdb + - MYSQL_USER=snipeit + - MYSQL_PASSWORD=VeryStrongDatabasePassword + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/snipeit/config:/config + ports: + - 8080:80 + restart: unless-stopped + + mariadb: + image: lscr.io/linuxserver/mariadb:latest + container_name: mariadb + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - MYSQL_ROOT_PASSWORD=MyVeryStrongDatabaseRootPassword # change this + - MYSQL_DATABASE=snipeitdb + - MYSQL_USER=snipeit + - MYSQL_PASSWORD=VeryStrongDatabasePassword # change this + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/snipeit/mariadb:/config + restart: unless-stopped diff --git a/examples/sonarqube/README.md b/examples/sonarqube/README.md new file mode 100644 index 0000000..e9570d6 --- /dev/null +++ b/examples/sonarqube/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/_/sonarqube diff --git a/examples/sonarqube/docker-compose.yml b/examples/sonarqube/docker-compose.yml new file mode 100644 index 0000000..4ee7923 --- /dev/null +++ b/examples/sonarqube/docker-compose.yml @@ -0,0 +1,37 @@ +version: "3" + +services: + sonarqube: + image: sonarqube:8.5.1-community + container_name: sonarqube + ports: + - 9000:9000 # WEB UI + environment: + - sonar.jdbc.username=sonar + - sonar.jdbc.password=sonar + - sonar.search.javaAdditionalOpts=-Dbootstrap.system_call_filter=false + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sonarqube/logs:/opt/sonarqube/logs + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sonarqube/data:/opt/sonarqube/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sonarqube/extensions:/opt/sonarqube/extensions + + db: + image: postgres:13.1 + container_name: sonarqube_db + hostname: db + environment: + - POSTGRES_USER=sonar + - POSTGRES_PASSWORD=sonar + volumes: + - pg_db:/var/lib/postgresql + - pg_data:/var/lib/postgresql/data + ulimits: + nofile: + soft: 65536 + hard: 65536 + +volumes: + pg_db: + driver: local + pg_data: + driver: local diff --git a/examples/sonarr/README.md b/examples/sonarr/README.md new file mode 100644 index 0000000..4de5fd4 --- /dev/null +++ b/examples/sonarr/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-sonarr \ No newline at end of file diff --git a/examples/sonarr/docker-compose.yml b/examples/sonarr/docker-compose.yml new file mode 100644 index 0000000..9151cbd --- /dev/null +++ b/examples/sonarr/docker-compose.yml @@ -0,0 +1,17 @@ +version: "2.1" + +services: + sonarr: + image: lscr.io/linuxserver/sonarr:latest + container_name: sonarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sonarr/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sonarr/tv:/tv + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sonarr/downloads:/downloads # Should be the same as the download client's folder + ports: + - 8989:8989 + restart: unless-stopped diff --git a/examples/speedtest-tracker/README.md b/examples/speedtest-tracker/README.md new file mode 100644 index 0000000..f08a7be --- /dev/null +++ b/examples/speedtest-tracker/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/henrywhitaker3/Speedtest-Tracker diff --git a/examples/speedtest-tracker/docker-compose.yml b/examples/speedtest-tracker/docker-compose.yml new file mode 100644 index 0000000..30fadbb --- /dev/null +++ b/examples/speedtest-tracker/docker-compose.yml @@ -0,0 +1,20 @@ +version: '3.3' +services: + speedtest: + container_name: speedtest + image: henrywhitaker3/speedtest-tracker + ports: + - 8765:80 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/speedtest-tracker/config:/config + environment: + - TZ=Europe/Berlin + - PGID=1000 + - PUID=1000 + - OOKLA_EULA_GDPR=true + logging: + driver: "json-file" + options: + max-file: "10" + max-size: "200k" + restart: unless-stopped diff --git a/examples/stash/README.md b/examples/stash/README.md new file mode 100644 index 0000000..1558aa5 --- /dev/null +++ b/examples/stash/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/stashapp/stash +- https://raw.githubusercontent.com/stashapp/stash/develop/docker/production/docker-compose.yml diff --git a/examples/stash/docker-compose.yml b/examples/stash/docker-compose.yml new file mode 100644 index 0000000..e305b5d --- /dev/null +++ b/examples/stash/docker-compose.yml @@ -0,0 +1,45 @@ +# APPNICENAME=Stash +version: '3.4' + +services: + stash: + image: stashapp/stash:latest + container_name: stash + hostname: stash + restart: unless-stopped + ## the container's port must be the same with the STASH_PORT in the environment section + ports: + - "9999:9999" + ## If you intend to use stash's DLNA functionality uncomment the below network mode and comment out the above ports section + # network_mode: host + logging: + driver: "json-file" + options: + max-file: "10" + max-size: "2m" + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_METADATA=/metadata/ + - STASH_CACHE=/cache/ + ## Adjust below to change default port (9999) + - STASH_PORT=9999 + volumes: + - /etc/localtime:/etc/localtime:ro + ## Keep configs, scrapers, and plugins here. + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/stash/config:/root/.stash + ## Point this at your collection. + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/stash/data:/data + ## This is where your stash's metadata lives + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/stash/metadata:/metadata + ## Any other cache content. + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/stash/cache:/cache + ## Where to store generated content (screenshots,previews,transcodes,sprites) + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/stash/generated:/generated + #labels: + # - traefik.enable=true + # - traefik.http.routers.stash.rule=Host(`stash.example.com`) + # - traefik.http.services.stash.loadbalancer.server.port=9999 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.stash.middlewares=local-ipwhitelist@file,basic-auth@file diff --git a/examples/syncthing/README.md b/examples/syncthing/README.md new file mode 100644 index 0000000..6676837 --- /dev/null +++ b/examples/syncthing/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/syncthing/syncthing +- https://docs.syncthing.net/intro/getting-started.html diff --git a/examples/syncthing/docker-compose.yml b/examples/syncthing/docker-compose.yml new file mode 100644 index 0000000..9894cfe --- /dev/null +++ b/examples/syncthing/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3" + +services: + syncthing: + image: syncthing/syncthing + container_name: syncthing + hostname: syncthing + environment: + - PUID=1000 + - PGID=1000 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/syncthing:/var/syncthing # your path on where to store synched files + ports: + - 8384:8384 # Web UI + #- 22000:22000/tcp # TCP file transfers + #- 22000:22000/udp # QUIC file transfers + #- 21027:21027/udp # Receive local discovery broadcasts + restart: unless-stopped + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.syncthing.rule=Host(`synchting.example.com`) + # - traefik.http.services.syncthing.loadbalancer.server.port=8384 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.syncthing.middlewares=local-ipwhitelist@file,basic-auth@file + +#networks: +# proxy: +# external: true diff --git a/examples/tandoor/.env b/examples/tandoor/.env new file mode 100644 index 0000000..dce096b --- /dev/null +++ b/examples/tandoor/.env @@ -0,0 +1,161 @@ +# only set this to true when testing/debugging +# when unset: 1 (true) - dont unset this, just for development +DEBUG=0 +SQL_DEBUG=0 + +# HTTP port to bind to +# TANDOOR_PORT=8080 + +# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,... +ALLOWED_HOSTS=* + +# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one +# ---------------------------- REQUIRED ------------------------- +SECRET_KEY=ThisShouldBeAVerySecureAndLongSecretStringNobodyKnows +# --------------------------------------------------------------- + +# your default timezone See https://timezonedb.com/time-zones for a list of timezones +TIMEZONE=Europe/Berlin + +# add only a database password if you want to run with the default postgres, otherwise change settings accordingly +DB_ENGINE=django.db.backends.postgresql +# DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl +POSTGRES_HOST=db_recipes +POSTGRES_PORT=5432 +POSTGRES_USER=djangouser +# ---------------------------- REQUIRED ------------------------- +POSTGRES_PASSWORD=ThisShouldBeASecureDatabasePassword +# --------------------------------------------------------------- +POSTGRES_DB=djangodb + +# database connection string, when used overrides other database settings. +# format might vary depending on backend +# DATABASE_URL = engine://username:password@host:port/dbname + +# the default value for the user preference 'fractions' (enable/disable fraction support) +# default: disabled=0 +FRACTION_PREF_DEFAULT=0 + +# the default value for the user preference 'comments' (enable/disable commenting system) +# default comments enabled=1 +COMMENT_PREF_DEFAULT=0 + +# Users can set a amount of time after which the shopping list is refreshed when they are in viewing mode +# This is the minimum interval users can set. Setting this to low will allow users to refresh very frequently which +# might cause high load on the server. (Technically they can obviously refresh as often as they want with their own scripts) +SHOPPING_MIN_AUTOSYNC_INTERVAL=5 + +# Default for user setting sticky navbar +# STICKY_NAV_PREF_DEFAULT=1 + +# If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/) +# Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/' +# SCRIPT_NAME=/recipes + +# If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN / +# this is not required if you are just using a subfolder +# This can either be a relative path from the applications base path or the url of an external host +# STATIC_URL=/static/ + +# If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN / +# this is not required if you are just using a subfolder +# This can either be a relative path from the applications base path or the url of an external host +#MEDIA_URL=https://tandoor.example.com/media/ + +# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples +# provided that include an additional nxginx container to handle media file serving. +# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method. +# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate +GUNICORN_MEDIA=1 + +# S3 Media settings: store mediafiles in s3 or any compatible storage backend (e.g. minio) +# as long as S3_ACCESS_KEY is not set S3 features are disabled +# S3_ACCESS_KEY= +# S3_SECRET_ACCESS_KEY= +# S3_BUCKET_NAME= +# S3_REGION_NAME= # default none, set your region might be required +# S3_QUERYSTRING_AUTH=1 # default true, set to 0 to serve media from a public bucket without signed urls +# S3_QUERYSTRING_EXPIRE=3600 # number of seconds querystring are valid for +# S3_ENDPOINT_URL= # when using a custom endpoint like minio + +# Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host +# Required for email confirmation and password reset (automatically activates if host is set) +# EMAIL_HOST= +# EMAIL_PORT= +# EMAIL_HOST_USER= +# EMAIL_HOST_PASSWORD= +# EMAIL_USE_TLS=0 +# EMAIL_USE_SSL=0 +# email sender address (default 'webmaster@localhost') +# DEFAULT_FROM_EMAIL= +# prefix used for account related emails (default "[Tandoor Recipes] ") +# ACCOUNT_EMAIL_SUBJECT_PREFIX= + +# allow authentication via reverse proxy (e.g. authelia), leave off if you dont know what you are doing +# see docs for more information https://vabene1111.github.io/recipes/features/authentication/ +# when unset: 0 (false) +REVERSE_PROXY_AUTH=0 + +# Default settings for spaces, apply per space and can be changed in the admin view +# SPACE_DEFAULT_MAX_RECIPES=0 # 0=unlimited recipes +# SPACE_DEFAULT_MAX_USERS=0 # 0=unlimited users per space +# SPACE_DEFAULT_MAX_FILES=0 # Maximum file storage for space in MB. 0 for unlimited, -1 to disable file upload. +# SPACE_DEFAULT_ALLOW_SHARING=1 # Allow users to share recipes with public links + +# allow people to create accounts on your application instance (without an invite link) +# when unset: 0 (false) +# ENABLE_SIGNUP=0 + +# If signup is enabled you might want to add a captcha to it to prevent spam +# HCAPTCHA_SITEKEY= +# HCAPTCHA_SECRET= + +# if signup is enabled you might want to provide urls to data protection policies or terms and conditions +# TERMS_URL= +# PRIVACY_URL= +# IMPRINT_URL= + +# enable serving of prometheus metrics under the /metrics path +# ATTENTION: view is not secured (as per the prometheus default way) so make sure to secure it +# trough your web server (or leave it open of you dont care if the stats are exposed) +# ENABLE_METRICS=0 + +# allows you to setup OAuth providers +# see docs for more information https://vabene1111.github.io/recipes/features/authentication/ +# SOCIAL_PROVIDERS = allauth.socialaccount.providers.github, allauth.socialaccount.providers.nextcloud, + +# Should a newly created user from a social provider get assigned to the default space and given permission by default ? +# ATTENTION: This feature might be deprecated in favor of a space join and public viewing system in the future +# default 0 (false), when 1 (true) users will be assigned space and group +# SOCIAL_DEFAULT_ACCESS = 1 + +# if SOCIAL_DEFAULT_ACCESS is used, which group should be added +# SOCIAL_DEFAULT_GROUP=guest + +# Django session cookie settings. Can be changed to allow a single django application to authenticate several applications +# when running under the same database +# SESSION_COOKIE_DOMAIN=.example.com +# SESSION_COOKIE_NAME=sessionid # use this only to not interfere with non unified django applications under the same top level domain + +# by default SORT_TREE_BY_NAME is disabled this will store all Keywords and Food in the order they are created +# enabling this setting makes saving new keywords and foods very slow, which doesn't matter in most usecases. +# however, when doing large imports of recipes that will create new objects, can increase total run time by 10-15x +# Keywords and Food can be manually sorted by name in Admin +# This value can also be temporarily changed in Admin, it will revert the next time the application is started +# This will be fixed/changed in the future by changing the implementation or finding a better workaround for sorting +# SORT_TREE_BY_NAME=0 +# LDAP authentication +# default 0 (false), when 1 (true) list of allowed users will be fetched from LDAP server +#LDAP_AUTH= +#AUTH_LDAP_SERVER_URI= +#AUTH_LDAP_BIND_DN= +#AUTH_LDAP_BIND_PASSWORD= +#AUTH_LDAP_USER_SEARCH_BASE_DN= +#AUTH_LDAP_TLS_CACERTFILE= + +# Enables exporting PDF (see export docs) +# Disabled by default, uncomment to enable +# ENABLE_PDF_EXPORT=1 + +# Recipe exports are cached for a certain time by default, adjust time if needed +# EXPORT_FILE_CACHE_DURATION=600 diff --git a/examples/tandoor/README.md b/examples/tandoor/README.md new file mode 100644 index 0000000..640a686 --- /dev/null +++ b/examples/tandoor/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/TandoorRecipes/recipes diff --git a/examples/tandoor/docker-compose.yml b/examples/tandoor/docker-compose.yml new file mode 100644 index 0000000..60209d7 --- /dev/null +++ b/examples/tandoor/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3" +services: + db_recipes: + restart: always + container_name: tandoor_db + image: postgres:11-alpine + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/tandoor/postgresql:/var/lib/postgresql/data + env_file: + - ./.env + + web_recipes: + restart: always + container_name: tandoor_recipes + ports: + - 8080:8080 + image: vabene1111/recipes:latest + env_file: + - ./.env + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/tandoor/staticfiles:/opt/recipes/staticfiles + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/tandoor/nginx_config:/opt/recipes/nginx/conf.d + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/tandoor/mediafiles:/opt/recipes/mediafiles + depends_on: + - db_recipes + labels: + - traefik.enable=true + - traefik.http.routers.tandoor.rule=Host(`tandoor.example.com`) + - traefik.http.services.tandoor.loadbalancer.server.port=8080 + - traefik.docker.network=proxy + # Part for local lan services only + #- traefik.http.routers.tandoor.middlewares=local-ipwhitelist@file diff --git a/examples/technitium/README.md b/examples/technitium/README.md new file mode 100644 index 0000000..42a0bce --- /dev/null +++ b/examples/technitium/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/TechnitiumSoftware/DnsServer diff --git a/examples/technitium/docker-compose.yml b/examples/technitium/docker-compose.yml new file mode 100644 index 0000000..3bfb292 --- /dev/null +++ b/examples/technitium/docker-compose.yml @@ -0,0 +1,42 @@ +version: "3" +services: + dns-server: + container_name: dns-server + hostname: dns-server + image: technitium/dns-server:latest + # Use "host" network mode for DHCP deployments + # network_mode: "host" + ports: + #- "5380:5380/tcp" #DNS web console + - "53:53/udp" #DNS service + - "53:53/tcp" #DNS service + - "5380:5380/tcp" #Web UI + #- 5380:5380/tcp #WEBGUI + # - "67:67/udp" #DHCP service + # - "853:853/tcp" #DNS-over-TLS service + # - "443:443/tcp" #DNS-over-HTTPS service + # - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal + # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy + environment: + - DNS_SERVER_DOMAIN=technitium.example.com #The primary domain name used by this DNS Server to identify itself. + # - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password. + # - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user. + # - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled. + # - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx. + # - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks. + # - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option. + # - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option. + # - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone. + # - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests. + # - DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses. + # - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson. + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/technitium/config:/etc/dns/config + restart: unless-stopped + labels: + - traefik.enable=true + - traefik.http.routers.technitium.rule=Host(`technitium.example.com`) + - traefik.http.services.technitium.loadbalancer.server.port=5380 + - traefik.docker.network=proxy + # Part for local lan services only + #- traefik.http.routers.technitium.middlewares=local-ipwhitelist@file diff --git a/examples/tor-browser/README.md b/examples/tor-browser/README.md new file mode 100644 index 0000000..2954561 --- /dev/null +++ b/examples/tor-browser/README.md @@ -0,0 +1,3 @@ +# References + +- https://hub.docker.com/r/domistyle/tor-browser diff --git a/examples/tor-browser/docker-compose.yml b/examples/tor-browser/docker-compose.yml new file mode 100644 index 0000000..43156bd --- /dev/null +++ b/examples/tor-browser/docker-compose.yml @@ -0,0 +1,14 @@ +services: + torbrowser: + image: domistyle/tor-browser:latest + restart: unless-stopped + ports: + - 5800:5800 # Provides a web interface to access the Tor browser + #- 5900:5900 # Provides direct access to the VNC server; optional + environment: + #- DISPLAY_WIDTH=1280 # default; optional + #- DISPLAY_HEIGHT=768 # default; optional + #- KEEP_APP_RUNNING=0 # default; optional + - TZ=Europe/Berlin + #volumes: + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/torbrowser/data:/app/Browser/TorBrowser/Data/Tor # optional, just to speed up container recreation diff --git a/examples/traefik/README.md b/examples/traefik/README.md new file mode 100644 index 0000000..dfb663a --- /dev/null +++ b/examples/traefik/README.md @@ -0,0 +1,28 @@ +# References + +- https://github.com/traefik/traefik +- https://docs.ibracorp.io/traefik/master/docker-compose +- https://blog.lrvt.de/nginx-proxy-manager-versus-traefik/ +- https://blog.lrvt.de/configuring-fail2ban-with-traefik/ +- https://github.com/l4rm4nd/F2BFilters + +# Notes + +Spawning up a Traefik reverse proxy can be done in various ways. + +There are options to outsource the Traefik configuration into static and dynamic YAML configuration files. Alternatively, the configuration parameters can be defined directly as command definitions, which are applied during runtime of the Traefik container. We've provided both options as Docker Compose examples. + +Please remember to configure logrotation on your Docker host server if you've enabled Traefik access logs. See `logrotate_example.txt` as example. The logs will increase in size and may cause disk space issues, if not handled properly. + +### Spawning up Traefik with outsourced configuration files + +1. Put the provided `traefik.yml` (static) and `fileConfig.yml` (dynamic) configuration files to your volume bind mount (here `/mnt/docker-volumes/traefik`). +2. Add your Cloudflare API token as environment variable to the `docker-compose.yml` file and define your Cloudflare email address in the `traefik.yml` file. May adjust to your preferred certresolver. The example given is for Cloudflare. +3. Adjust the static and dynamic configuration files to your needs. Especially replace the `example.com` strings with your domain name in the `traefik.yml` static configuration file. Also adjust the authelia and basic auth definitions in the `fileConfig.yml` dynamic configuration file with secure values and your domain names. + +### Spawning up Traefik with configuration command definitions + +1. Use the `docker-compose-command-config.yml` example as a reference point. +2. Put the provided `fileConfig.yml` (dynamic) configuration file to your volume bind mount (here `/mnt/docker-volumes/traefik`). +3. Add your Cloudflare API token as environment variable in the compose file. Define your Cloudflare email address in the command definitions of the compose file. May adjust to your preferred certresolver. The example given is for Cloudflare. +4. Adjust the dynamic configuration file `fileConfig.yml` to your needs. Especially adjust the authelia and basic auth definitions with secure values and your domain names. diff --git a/examples/traefik/docker-compose-command-config.yml b/examples/traefik/docker-compose-command-config.yml new file mode 100644 index 0000000..bf54014 --- /dev/null +++ b/examples/traefik/docker-compose-command-config.yml @@ -0,0 +1,71 @@ +# This docker compose example configures traefik by command definitions. +# This makes the traefik.yml static configuration obsolete. +# Note that we still reference a dynamic configuration for best practice + +version: '3.8' + +services: + traefik: + image: traefik:2.11 + container_name: traefik + command: + - --providers.docker=true # enable docker provider + - --providers.docker.network=proxy # define default network to monitor for docker provider + - --providers.docker.exposedbydefault=false # do not expose docker hosts per default + - --providers.file.watch=true # monitor file provider for changes + - --providers.file.filename=/etc/traefik/fileConfig.yml # location of the dynamic configuration + - --entrypoints.http.address=:80 # entrypoint for unencrypted http + - --entrypoints.http.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32 # define cloudflare ip ranges as trusted + - --entrypoints.http.http.redirections.entryPoint.to=https # automatic redirect from http to https + - --entrypoints.http.http.redirections.entryPoint.scheme=https # automatic redirect from http to https + - --entrypoints.https.address=:443 # entrypoint for encrypted https + - --entrypoints.https.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32 # define cloudflare ip ranges as trusted + - --entrypoints.https.http.middlewares=security-headers@file,rate-limit@file # define default middlewares for all proxy entries + - --api.dashboard=true # enable traefik api dashboard + - --api.insecure=true # expose traefik api dashboard on TCP/8080 without need for router + #################################################### + # !!! ADJUST TO YOUR INFRASTRUCTURE SETUP BELOW !!!! + - --entrypoints.https.http.tls.certresolver=myresolver # define default cert resolver + - --entrypoints.https.http.tls.domains[0].main=example.com # define main domain, change to your domain + - --entrypoints.https.http.tls.domains[0].sans=*.example.com # define sans domain, change to your domain + - --certificatesresolvers.myresolver.acme.email=myemail@domain.tld # define your email address + #- --certificatesresolvers.myresolver.acme.httpchallenge=true # use http challenge + #- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=http # define entrypoint for http challenge + - --certificatesresolvers.myresolver.acme.dnschallenge=true # enable dns challenge to obtain wildcard certificates + - --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare # define provider for certificates + - --certificatesresolvers.myresolver.acme.storage=/etc/traefik/acme.json # define acme path for certificate information + - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53 # define dns servers for your resolver, here cloudflare + #################################################### + - --log.level=INFO # enable log level + - --accesslog=true # enable access logs + - --accesslog.filepath=/logs/traefik.log # define access log path + - --accesslog.format=json # set access log format to json instead clm + - --accesslog.bufferingsize=0 # set access log buffer size to 0 + - --accesslog.filters.statuscodes=400-599 # only log http errors in logs; alternatively set 200-599 to include successful http requests + - --accesslog.fields.headers.defaultmode=drop # drop all headers + - --serversTransport.insecureSkipVerify=true # set insecureSkipVerify to true to allow self-signed certificates + labels: + - traefik.enable=true # enable traefik + - traefik.http.routers.api.rule=Host(`traefik.example.com`) # define subdomain for the traefik api dashboard + - traefik.http.routers.api.service=api@internal # enable traefik api dashboard + - traefik.http.routers.api.middlewares=local-ipwhitelist@file,basic-auth@file # protect dashboard with basic auth and restrict access to private class subnets only + ports: + - 80:80 # http + - 443:443 # https + - 127.0.0.1:8080:8080 # traefik api dashboard + networks: + - proxy # define traefik docker network + environment: + - TZ=Europe/Berlin # define timezone + - CF_DNS_API_TOKEN= # define your cloudflare api token + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # pass docker socket as read-only + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik:/etc/traefik/ # bind mount volume for persistent traefik data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/logs # bind mount volume for persistent traefik logs + restart: always # always restart traefik + extra_hosts: + - host.docker.internal:172.17.0.1 # define internal ip; helps traefik to resolve containers running in host network mode + +networks: + proxy: + external: true diff --git a/examples/traefik/docker-compose.yml b/examples/traefik/docker-compose.yml new file mode 100644 index 0000000..9beb945 --- /dev/null +++ b/examples/traefik/docker-compose.yml @@ -0,0 +1,32 @@ +version: '3' +services: + traefik: + container_name: traefik + image: traefik:v3.1 + ports: + - 80:80/tcp # HTTP + - 443:443/tcp # HTTPS + - 443:443/udp # HTTPS via HTTP/3 QUIC UDP + - 127.0.0.1:8080:8080 # MGMT WEB UI + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # ro = read-only access to the docker.sock + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik:/etc/traefik/ # put the provided traefik.yml and fileConfig.yml files at this location + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/traefik/logs:/logs + networks: + - proxy + environment: + - TZ=Europe/Berlin + - CF_DNS_API_TOKEN=MyCloudflareApiToken # change this if you use Cloudflare + labels: + - traefik.enable=true + - traefik.http.routers.api.rule=Host(`traefik.example.com`) # Define the subdomain for the traefik dashboard. + - traefik.http.routers.api.service=api@internal # Enable Traefik API. + - traefik.http.routers.api.middlewares=local-ipwhitelist@file,basic-auth@file # protect dashboard with basic auth and restrict access to private class subnets only + #- traefik.http.middlewares.basic-auth-global.basicauth.users=admin:$$apr1$$epoKf5li$$QfTMJZOCS/halv3CiIUEu0 # protect the traefik dashboard by basic auth (pw=password) + restart: always + extra_hosts: + - host.docker.internal:172.17.0.1 + +networks: + proxy: + external: true diff --git a/examples/traefik/fileConfig.yml b/examples/traefik/fileConfig.yml new file mode 100644 index 0000000..967ba26 --- /dev/null +++ b/examples/traefik/fileConfig.yml @@ -0,0 +1,119 @@ +http: + + ## EXTERNAL ROUTING EXAMPLE - Only use if you want to proxy something manually ## + #routers: + # homeassistant: + # entryPoints: + # - https + # - http + # rule: 'Host(`ha.example.com`)' + # service: homeassistant + # middlewares: + # - "local-ipwhitelist@file" + + # pve: + # entryPoints: + # - https + # - http + # rule: 'Host(`pve.example.com`)' + # service: pve + # middlewares: + # - "local-ipwhitelist@file" + + ## SERVICES EXAMPLE ## + #services: + # homeassistant: + # loadBalancer: + # serversTransport: insecureTransport + # servers: + # - url: http://192.168.1.10:8123 + + # pve: + # loadBalancer: + # serversTransport: insecureTransport + # servers: + # - url: https://192.168.1.20:8006 + + # allow self-signed certificates for proxied web services + serversTransports: + insecureTransport: + insecureSkipVerify: true + + ## MIDDLEWARES ## + middlewares: + # Only Allow Local networks + local-ipwhitelist: + ipAllowList: + sourceRange: + - 127.0.0.1/32 # localhost + - 10.0.0.0/8 # private class A + - 172.16.0.0/12 # private class B + - 192.168.0.0/16 # private class C + #ipstrategy: # enable this when cloudflare proxy in use + # depth: 1 # enable this when cloudflare proxy in use + + # Security headers + security-headers: + headers: + customResponseHeaders: # field names are case-insensitive + #X-Robots-Tag: "all,noarchive,nosnippet,notranslate,noimageindex" + Server: "" # prevent version disclosure + X-Powered-By: "" # prevent version disclosure + X-Forwarded-Proto: "https" + #Permissions-Policy: "accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()" + #Cross-Origin-Embedder-Policy: "unsafe-none" + #Cross-Origin-Opener-Policy: "same-origin" + #Cross-Origin-Resource-Policy: "same-site" + sslProxyHeaders: + X-Forwarded-Proto: "https" + hostsProxyHeaders: + - "X-Forwarded-Host" + customRequestHeaders: + X-Forwarded-Proto: "https" + contentTypeNosniff: true # X-Content-Type-Options + customFrameOptionsValue: "SAMEORIGIN" # X-Frame-Options + browserXssFilter: false # X-XSS-Protection; deprecated + referrerPolicy: "strict-origin-when-cross-origin" # Referrer-Policy + forceSTSHeader: true # HTTP-Strict-Transport-Security (HSTS) + stsIncludeSubdomains: true # HTTP-Strict-Transport-Security (HSTS) + stsSeconds: 63072000 # HTTP-Strict-Transport-Security (HSTS) + stsPreload: true # HTTP-Strict-Transport-Security (HSTS) + #contentSecurityPolicy: "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content" # Content-Security-Policy (CSP) + + # Authelia guard + #authelia: + # forwardauth: + # address: http://authelia:9091/api/authz/forward-auth # replace example.com with your domain name + # trustForwardHeader: true + # authResponseHeaders: + # - Remote-User + # - Remote-Groups + # - Remote-Name + # - Remote-Email + + # rate limiting + rate-limit: + rateLimit: + average: 100 + period: 1 + burst: 100 + + # basic auth popup + basic-auth: + basicAuth: + # https://hostingcanada.org/htpasswd-generator/ + users: "admin:$$apr1$$epoKf5li$$QfTMJZOCS/halv3CiIUEu0" # admin:password + +# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.9&config=intermediate&guideline=5.6 +tls: + options: + default: + #sniStrict: true # prevents leaking default cert; see https://doc.traefik.io/traefik/v2.2/https/tls/#strict-sni-checking + minVersion: VersionTLS12 + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 diff --git a/examples/traefik/logrotate_example.txt b/examples/traefik/logrotate_example.txt new file mode 100644 index 0000000..4823942 --- /dev/null +++ b/examples/traefik/logrotate_example.txt @@ -0,0 +1,14 @@ +# place this example code at /etc/logrotate.d/traefik on your docker host server +# please adjust the custom file path below, where your traefik logs are stored +# please adjust the below traefik container name to send the USR1 signal for log rotation + +compress +/mnt/docker-volumes/traefik/logs/*.log { + size 20M + daily + rotate 14 + missingok + notifempty postrotate + docker kill --signal="USR1" traefik # adjust this line to your traefik container name + endscript +} diff --git a/examples/traefik/traefik.yml b/examples/traefik/traefik.yml new file mode 100644 index 0000000..6017029 --- /dev/null +++ b/examples/traefik/traefik.yml @@ -0,0 +1,135 @@ +# Traefik global configuration +global: + checkNewVersion: true + sendAnonymousUsage: false + +# Enable traefik ui dashboard +api: + dashboard: true + insecure: true + +# Log level INFO|DEBUG|ERROR +log: + level: INFO + +#metrics: +# influxDB2: +# address: http://influxdb2:8086 +# token: my-secure-token-secret +# org: influx-org +# bucket: influx-bucket +# addEntryPointsLabels: true +# addRoutersLabels: true +# addServicesLabels: true +# pushInterval: 60s + +# Configuring Multiple Filters +accessLog: + filePath: "/logs/traefik.log" + format: json + filters: + statusCodes: + # - "200" # log successful http requests + - "400-599" # log failed http requests + #retryAttempts: true + #minDuration: "10ms" + # collect logs as in-memory buffer before writing into log file + bufferingSize: 0 + fields: + headers: + defaultMode: drop # drop all headers per default + names: + User-Agent: keep # log user agent strings + +# The setting below is to allow insecure backend connections. +serverTransport: + insecureSkipVerify: true + +# Traefik entrypoints (network ports) configuration +entryPoints: + # Not used in apps, but redirect everything from HTTP to HTTPS + http: + address: :80 + forwardedHeaders: + trustedIPs: &trustedIps + # Start of Clouflare public IP list for HTTP requests, remove this if you don't use it; https://www.cloudflare.com/de-de/ips/ + - 103.21.244.0/22 + - 103.22.200.0/22 + - 103.31.4.0/22 + - 104.16.0.0/13 + - 104.24.0.0/14 + - 108.162.192.0/18 + - 131.0.72.0/22 + - 141.101.64.0/18 + - 162.158.0.0/15 + - 172.64.0.0/13 + - 173.245.48.0/20 + - 188.114.96.0/20 + - 190.93.240.0/20 + - 197.234.240.0/22 + - 198.41.128.0/17 + - 2400:cb00::/32 + - 2606:4700::/32 + - 2803:f800::/32 + - 2405:b500::/32 + - 2405:8100::/32 + - 2a06:98c0::/29 + - 2c0f:f248::/32 + # End of Cloudlare public IP list + http: + redirections: + entryPoint: + to: https + scheme: https + + # HTTPS endpoint, with domain wildcard + https: + address: :443 + forwardedHeaders: + # Reuse list of Cloudflare Trusted IP's above for HTTPS requests + trustedIPs: *trustedIps + # enable HTTP3 QUIC via UDP/443 + #http3: + # advertisedPort: '443' + http: + tls: + # Generate a wildcard domain certificate + certResolver: myresolver + domains: + - main: example.com # change this to your proxy domain + sans: + - '*.example.com' # change this to your proxy domain + middlewares: + - security-headers@file # reference to a dynamic middleware for setting http security headers per default + - rate-limit@file # reference to a dynamic middleware for enabling rate limiting per default + +providers: + providersThrottleDuration: 2s + + # File provider for connecting things that are outside of docker / defining middleware + file: + filename: /etc/traefik/fileConfig.yml + watch: true + + # Docker provider for connecting all apps that are inside of the docker network + docker: + watch: true + network: proxy # Add Your Docker Network Name Here + # Default host rule to containername.domain.example + defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" # change 'example.com' to your proxy domain + exposedByDefault: false + +# Use letsencrypt to generate ssl certificates +certificatesResolvers: + myresolver: + acme: + email: example@example.com # the email address used for ssl certificate registration + storage: /etc/traefik/acme.json + #httpChallenge: # acme http challenge; requires port 80 and proper dns entries + # entryPoint: http # specify the entry point for the HTTP challenge (adjust if needed) + dnsChallenge: # acme dns challenge; requires api token of dns provider + provider: cloudflare + # Used to make sure the dns challenge is propagated to the right dns servers + resolvers: + - "1.1.1.1:53" + - "1.0.0.1:53" diff --git a/examples/transfer.sh/README.md b/examples/transfer.sh/README.md new file mode 100644 index 0000000..3347a6f --- /dev/null +++ b/examples/transfer.sh/README.md @@ -0,0 +1,9 @@ +# References + +- https://github.com/dutchcoders/transfer.sh + +# Notes + +Ensure that the bind mount volume can be written by the container. + +The provided container image uses `5000` as PUID and PGID as default. If you want to change those, you have to build the container image locally. Read [here](https://github.com/dutchcoders/transfer.sh#building-the-container) for more details. diff --git a/examples/transfer.sh/docker-compose.yml b/examples/transfer.sh/docker-compose.yml new file mode 100644 index 0000000..fcdb6b0 --- /dev/null +++ b/examples/transfer.sh/docker-compose.yml @@ -0,0 +1,34 @@ +version: '3.3' + +services: + transfer: + image: dutchcoders/transfer.sh:latest-noroot + container_name: transfer + hostname: transfer + restart: unless-stopped + ports: + - 8080:8080/tcp + expose: + - 8080 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/transfer:/tmp + command: + - --provider=local + - --basedir=/tmp/ + #networks: + # - dev # or use dev for testing purposes + #labels: + # - traefik.enable=true + # - traefik.http.routers.transfer.rule=Host(`transfer.example.com`) + # - traefik.http.services.transfer.loadbalancer.server.port=8080 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.transfer.middlewares=local-ipwhitelist@file + +#networks: +# dev: # or use dev for testing purposes +# external: true diff --git a/examples/transfer.zip/README.md b/examples/transfer.zip/README.md new file mode 100644 index 0000000..395d0d2 --- /dev/null +++ b/examples/transfer.zip/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/l4rm4nd/transfer.zip-web (fork with external DockerHub images) +- https://github.com/robinkarlberg/transfer.zip-web (original, no Docker images) \ No newline at end of file diff --git a/examples/transfer.zip/docker-compose.yml b/examples/transfer.zip/docker-compose.yml new file mode 100644 index 0000000..e93b340 --- /dev/null +++ b/examples/transfer.zip/docker-compose.yml @@ -0,0 +1,41 @@ +version: '3.3' + +services: + web-server: + #build: web-server + image: l4rm4nd/transferzip:web-server + hostname: web-server + container_name: transferzip-web + restart: unless-stopped + expose: + - 80 + depends_on: + - signaling-server + ports: + - 9001:80 + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.transferzip.rule=Host(`transfer.example.com`) + # - traefik.http.services.transferzip.loadbalancer.server.port=80 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.transferzip.middlewares=local-ipwhitelist@file,authelia@file,basic-auth@file + + signaling-server: + #build: signaling-server + image: l4rm4nd/transferzip:signaling-server + hostname: signaling-server + container_name: transferzip-signaling + restart: unless-stopped + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/transmission/README.md b/examples/transmission/README.md new file mode 100644 index 0000000..7799c75 --- /dev/null +++ b/examples/transmission/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-transmission \ No newline at end of file diff --git a/examples/transmission/docker-compose.yml b/examples/transmission/docker-compose.yml new file mode 100644 index 0000000..c7231e5 --- /dev/null +++ b/examples/transmission/docker-compose.yml @@ -0,0 +1,19 @@ +version: "2.1" + +services: + transmission: + image: lscr.io/linuxserver/transmission:latest + container_name: transmission + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - '${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/transmission/config:/config' + - '${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/transmission/downloads:/downloads' + - '${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/transmission/watch:/watch' + ports: + - 9091:9091 # web ui + - 51413:51413 # torrent port tcp + - 51413:51413/udp # torrent port udp + restart: unless-stopped diff --git a/examples/trsync/README.md b/examples/trsync/README.md new file mode 100644 index 0000000..a554a53 --- /dev/null +++ b/examples/trsync/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/l4rm4nd/TRSync diff --git a/examples/trsync/docker-compose.yml b/examples/trsync/docker-compose.yml new file mode 100644 index 0000000..64d4834 --- /dev/null +++ b/examples/trsync/docker-compose.yml @@ -0,0 +1,10 @@ +version: '3.3' +services: + trsync: + image: l4rm4nd/trsync:latest + container_name: trsync + ports: + - '8000:8000' + environment: + - SECRET_KEY=ChooseStrongSecretKeyHere # pls change + - DOMAIN=trsync.example.com # your hostname to put in Django's ALLOW_HOSTS diff --git a/examples/unify-network-application/README.md b/examples/unify-network-application/README.md new file mode 100644 index 0000000..395bb24 --- /dev/null +++ b/examples/unify-network-application/README.md @@ -0,0 +1,12 @@ +# References + +- https://hub.docker.com/r/linuxserver/unifi-network-application +- https://github.com/Haxxnet/Compose-Examples/issues/16#issuecomment-1733524477 + +# Notes + +Note that you are mounting a file named init-mongo.js into the mongo db container. This file is necessary to initialize the mongo database (see https://hub.docker.com/_/mongo/ at "Initializing a fresh instance"). + +It basically defines the database name and user credentials for the unifi-network-application container. + +These parameters are also referenced in the docker-compose.yml file. So either leave as is or adjust everywhere accordingly. diff --git a/examples/unify-network-application/docker-compose.yml b/examples/unify-network-application/docker-compose.yml new file mode 100644 index 0000000..7d62805 --- /dev/null +++ b/examples/unify-network-application/docker-compose.yml @@ -0,0 +1,44 @@ +version: "2.1" + +services: + unifi-network-application: + image: lscr.io/linuxserver/unifi-network-application:latest + container_name: unifi-network-application + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - MONGO_USER=unifi + - MONGO_PASS=unifi + - MONGO_HOST=unifi-db + - MONGO_PORT=27017 + - MONGO_DBNAME=unifi-db + - MEM_LIMIT=1024 #optional + - MEM_STARTUP=1024 #optional + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/unifi-network-application/config:/config + depends_on: + - unifi-db + ports: + - 8443:8443 + - 3478:3478/udp + - 10001:10001/udp + - 8080:8080 + - 1900:1900/udp #optional + - 8843:8843 #optional + - 8880:8880 #optional + - 6789:6789 #optional + - 5514:5514/udp #optional + restart: unless-stopped + + unifi-db: + image: mongo:4.4 + container_name: unifi-network-application-mongodb + restart: unless-stopped + expose: + - 27017 + environment: + - MONGO_INITDB_DATABASE=unifi-db + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/unifi-network-application/mongodb_data:/data/db + - ./init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro diff --git a/examples/unify-network-application/init-mongo.js b/examples/unify-network-application/init-mongo.js new file mode 100644 index 0000000..f6c4d9e --- /dev/null +++ b/examples/unify-network-application/init-mongo.js @@ -0,0 +1,2 @@ +db.getSiblingDB("unifi-db").createUser({user: "unifi", pwd: "unifi", roles: [{role: "readWrite", db: "unifi-db"}]}); +db.getSiblingDB("unifi-db_stat").createUser({user: "unifi", pwd: "unifi", roles: [{role: "readWrite", db: "unifi-db_stat"}]}); diff --git a/examples/upsnap/README.md b/examples/upsnap/README.md new file mode 100644 index 0000000..3c5252a --- /dev/null +++ b/examples/upsnap/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/seriousm4x/UpSnap diff --git a/examples/upsnap/docker-compose.yml b/examples/upsnap/docker-compose.yml new file mode 100644 index 0000000..b352c96 --- /dev/null +++ b/examples/upsnap/docker-compose.yml @@ -0,0 +1,20 @@ +version: "3" + +services: + upsnap: + image: ghcr.io/seriousm4x/upsnap:3 + container_name: upsnap + network_mode: host + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/upsnap/data:/app/pb_data + environment: + - TZ=Europe/Berlin # Set container timezone for cron schedules + - UPSNAP_INTERVAL=@every 10s # Sets the interval in which the devices are pinged + - UPSNAP_SCAN_RANGE=192.168.178.0/24 # Scan range is used for device discovery on local network + - UPSNAP_WEBSITE_TITLE=UpSnap # Custom website title + entrypoint: /bin/sh -c "./upsnap serve --http 0.0.0.0:5000" + healthcheck: + test: curl -fs "http://localhost:5000/api/health" || exit 1 + interval: 10s + #entrypoint: /bin/sh -c "apk update && apk add --no-cache && rm -rf /var/cache/apk/* && ./upsnap serve --http 0.0.0.0:8090" diff --git a/examples/uptime-kuma/README.md b/examples/uptime-kuma/README.md new file mode 100644 index 0000000..daacc11 --- /dev/null +++ b/examples/uptime-kuma/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/louislam/uptime-kuma diff --git a/examples/uptime-kuma/docker-compose.yml b/examples/uptime-kuma/docker-compose.yml new file mode 100644 index 0000000..a71d2b6 --- /dev/null +++ b/examples/uptime-kuma/docker-compose.yml @@ -0,0 +1,30 @@ +version: "3.8" + +services: + app: + container_name: uptime-kuma + hostname: uptime-kuma + image: louislam/uptime-kuma + restart: always + ports: + - 3001:3001 + expose: + - 3001 + dns: + - 1.1.1.1 + - 8.8.8.8 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/uptimekuma:/app/data + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.example.com`) + # - traefik.http.services.uptimekuma.loadbalancer.server.port=3001 + # - traefik.docker.network=proxy + # # Part for local lan services only + # #- traefik.http.routers.uptimekuma.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/vaultwarden/README.md b/examples/vaultwarden/README.md new file mode 100644 index 0000000..f007fe4 --- /dev/null +++ b/examples/vaultwarden/README.md @@ -0,0 +1,10 @@ +# References + +- https://github.com/dani-garcia/vaultwarden +- https://github.com/Bruceforce/vaultwarden-backup + +# Notes + +Disable open user registration after setting up your account. This can be done via the `/admin` web panel, if enabled, or by adjusting the `config.json` file. Alternatively via environment variables. See documentation [here](https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users). + +⚠️ Note: The WebSockets service for live sync has been integrated in the main HTTP server, which means simpler proxy setups that don't require a separate rule to redirect WS traffic to port 3012. Please check the updated examples in the [wiki](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples). It's recommended to migrate to this new setup as using the old server on port 3012 is deprecated, won't receive new features and will be removed in a future release. diff --git a/examples/vaultwarden/docker-compose.yml b/examples/vaultwarden/docker-compose.yml new file mode 100644 index 0000000..a958925 --- /dev/null +++ b/examples/vaultwarden/docker-compose.yml @@ -0,0 +1,78 @@ +version: "3" + +services: + vaultwarden: + image: vaultwarden/server:latest-alpine + container_name: vaultwarden + hostname: vaultwarden + restart: unless-stopped + dns: + - 1.1.1.1 + environment: + #- ADMIN_TOKEN=$$argon2id$$v=19$$m=19456,t=2,p=1$$UUZxK1FZMkZoRHFQRlVrTXZvS0E3bHpNQW55c2dBN2NORzdsa0Nxd1JhND0$$cUoId+JBUsJutlG4rfDZayExfjq4TCt48aBc9qsc3UI # see https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token + #- SIGNUPS_ALLOWED=false + #- SIGNUPS_VERIFY=true + #- INVITATIONS_ALLOWED=true # only admins and orga owners + #- globalSettings__mail__replyToEmail=bitwarden@example.com + #- globalSettings__mail__smtp__host=smtp.gmail.com + #- globalSettings__mail__smtp__username=bitwarden@example.com + #- globalSettings__mail__smtp__password=MyStrongSmtpLoginPassword + #- globalSettings__mail__smtp__ssl=true + #- globalSettings__mail__smtp__port=587 + - LOG_FILE=/data/logs/access.log + - WEBSOCKET_ENABLED=true + - ROCKET_ENV=prod + - ROCKET_WORKERS=10 + - TZ=Europe/Berlin + - LOG_LEVEL=error + - EXTENDED_LOGGING=true + ports: + - 8888:80 + #networks: + # - proxy + #labels: + # - com.centurylinklabs.watchtower.monitor-only=true + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`) + # - traefik.http.routers.vaultwarden.service=vaultwarden + # - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + # - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/admin`) + # - traefik.http.routers.vaultwarden-admin.service=vaultwarden + # - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80 + # - traefik.http.routers.vaultwarden-admin.middlewares=local-ipwhitelist@file,authelia@file + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/logs:/data/logs + + # this service will backup your vaultwarden instance correctly + # see https://github.com/Bruceforce/vaultwarden-backup for more information + vaultwarden-backup: + image: bruceforce/vaultwarden-backup:latest + container_name: vaultwarden-backup + hostname: vaultwarden-backup + restart: always + init: true + depends_on: + - vaultwarden + #labels: + # com.centurylinklabs.watchtower.monitor-only: true + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/data:/data/ + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vaultwarden/backup:/myBackup + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + #networks: + # - proxy + environment: + - TIMESTAMP=true + - DELETE_AFTER=30 + - UID=0 + - GID=1000 + - TZ=Europe/Berlin + - BACKUP_DIR=/myBackup + - CRON_TIME=50 3 * * * # see https://crontab.guru/, define without quotes! + +#networks: +# proxy: +# external: true diff --git a/examples/vouchervault/README.md b/examples/vouchervault/README.md new file mode 100644 index 0000000..d178ab1 --- /dev/null +++ b/examples/vouchervault/README.md @@ -0,0 +1,20 @@ +# References + +- https://github.com/l4rm4nd/VoucherVault +- https://github.com/l4rm4nd/VoucherVault/wiki/01-%E2%80%90-Installation + +# Notes + +> [!WARNING] +> The container runs as low-privileged `www-data` user. So you have to adjust the permissions for the persistent database bind mount volume. + +```` +# create volume dir for persistence +mkdir -p /mnt/docker-volumes/vouchervault/database + +# adjust permissions +sudo chown -R www-data:www-data /mnt/docker-volumes/vouchervault/* + +# spawn the container stack +docker compose up +```` diff --git a/examples/vouchervault/docker-compose.yml b/examples/vouchervault/docker-compose.yml new file mode 100644 index 0000000..79b7ee3 --- /dev/null +++ b/examples/vouchervault/docker-compose.yml @@ -0,0 +1,60 @@ +services: + + vouchervault: + image: l4rm4nd/vouchervault:1.6.x + container_name: vouchervault + environment: + # your FQDN or IP; used to define ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS + - DOMAIN=vouchervault.example.com + # set to True if you use a reverse proxy with tls; enables secure cookie flag and hsts + - SECURE_COOKIES=False + # send notifications xx days prior expiry + - EXPIRY_THRESHOLD_DAYS=90 + # define the timezone + - TZ=Europe/Berlin + # ------- OPTIONAL OIDC AUTH -------- + # Set to 'True' to enable OIDC authentication + #- OIDC_ENABLED=True + # Set to 'True' to allow the creation of new users through OIDC + #- OIDC_CREATE_USER=True + # The signing algorithm used by the OIDC provider (e.g., RS256, HS256) + #- OIDC_RP_SIGN_ALGO=RS256 + # URL of the JWKS endpoint for the OIDC provider + #- OIDC_OP_JWKS_ENDPOINT=https://authentik.example.com/application/o/vouchervault/jwks/ + # Client ID for your OIDC RP + #- OIDC_RP_CLIENT_ID=vouchervault + # Client secret for your OIDC RP + #- OIDC_RP_CLIENT_SECRET=super-secure-secret-key + # Authorization endpoint URL of the OIDC provider + #- OIDC_OP_AUTHORIZATION_ENDPOINT=https://authentik.example.com/application/o/authorize/ + # Token endpoint URL of the OIDC provider + #- OIDC_OP_TOKEN_ENDPOINT=https://authentik.example.com/application/o/token/ + # User info endpoint URL of the OIDC provider + #- OIDC_OP_USER_ENDPOINT=https://authentik.example.com/application/o/userinfo/ + restart: unless-stopped + expose: + - 8000 + ports: + - 8000:8000 + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/vouchervault/database:/opt/app/database + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.vouchervault.rule=Host(`vouchervault.example.com`) + # - traefik.http.services.vouchervault.loadbalancer.server.port=8000 + # # Optional part for traefik middlewares + # - traefik.http.routers.vouchervault.middlewares=local-ipwhitelist@file + + redis: + container_name: vouchervault-redis + image: redis:7.2-alpine + restart: unless-stopped + #networks: + # - proxy + +#networks: +# proxy: +# external: true diff --git a/examples/watchtower/.env b/examples/watchtower/.env new file mode 100644 index 0000000..818afdb --- /dev/null +++ b/examples/watchtower/.env @@ -0,0 +1,7 @@ +SMTP_PORT=587 +SMTP_USER=watchtower@example.com +SMTP_PASS=mysmtppassword +SMTP_MAIL_FROM=watchtower@example.com +SMTP_MAIL_TO=watchtower@example.com +SMTP_SERVER=smtp.google.com +API_TOKEN=My-HTTP-API-Token diff --git a/examples/watchtower/README.md b/examples/watchtower/README.md new file mode 100644 index 0000000..124a432 --- /dev/null +++ b/examples/watchtower/README.md @@ -0,0 +1,8 @@ +# References + +- https://github.com/containrrr/watchtower +- https://containrrr.dev/watchtower/ + +# Notes + +Running multiple Watchtower instances is only possible by using scope definitions. Please read [here](https://containrrr.dev/watchtower/running-multiple-instances/). Otherwise, any new Watchtower container will remove and clean up older instances. diff --git a/examples/watchtower/docker-compose.yml b/examples/watchtower/docker-compose.yml new file mode 100644 index 0000000..d4bea0d --- /dev/null +++ b/examples/watchtower/docker-compose.yml @@ -0,0 +1,27 @@ +version: "3.9" + +services: + watchtower: + container_name: watchtower + hostname: watchtower + environment: + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=${SMTP_PORT:-587} + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=${SMTP_USER:-smtpuser} + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=${SMTP_PASS:-smtppass} + #- WATCHTOWER_NOTIFICATION_EMAIL_FROM=${SMTP_MAIL_FROM:-watchtower@example.com} + #- WATCHTOWER_NOTIFICATION_EMAIL_TO=${SMTP_MAIL_TO:-watchtower@example.com} + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=${SMTP_SERVER:-smtp.google.com} + #- WATCHTOWER_HTTP_API_TOKEN=${API_TOKEN:-SecureApiToken} + #- WATCHTOWER_NOTIFICATIONS=email + #- WATCHTOWER_MONITOR_ONLY=true + - WATCHTOWER_SCHEDULE=0 0 6 * * * # requires a go cron syntax of 6 space-separated fields; see https://containrrr.dev/watchtower/arguments/#scheduling + - WATCHTOWER_CLEANUP=true # remove unused images afterwards + image: containrrr/watchtower:latest + labels: + com.centurylinklabs.watchtower: true + restart: always + network_mode: "host" + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + working_dir: / diff --git a/examples/watchyourlan/README.md b/examples/watchyourlan/README.md new file mode 100644 index 0000000..529a275 --- /dev/null +++ b/examples/watchyourlan/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/aceberg/WatchYourLAN diff --git a/examples/watchyourlan/docker-compose-v1.yml b/examples/watchyourlan/docker-compose-v1.yml new file mode 100644 index 0000000..2f33f28 --- /dev/null +++ b/examples/watchyourlan/docker-compose-v1.yml @@ -0,0 +1,18 @@ +version: "3" +services: + wyl: + image: aceberg/watchyourlan:1.0.6 + container_name: watchyourlan + network_mode: "host" + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/watchyourlan-v1:/data + environment: + TZ: Europe/Berlin # required: needs your TZ for correct time + IFACE: "ens18" # required: 1 or more interface + DBPATH: "/data/db.sqlite" # optional, default: /data/db.sqlite + GUIIP: "127.0.0.1" # optional, default: localhost + GUIPORT: "8840" # optional, default: 8840 + TIMEOUT: "120" # optional, time in seconds, default: 60 + #SHOUTRRR_URL: "telegram://" # optional, set url to notify + THEME: "darkly" # optional diff --git a/examples/watchyourlan/docker-compose-v2.yml b/examples/watchyourlan/docker-compose-v2.yml new file mode 100644 index 0000000..1ca6813 --- /dev/null +++ b/examples/watchyourlan/docker-compose-v2.yml @@ -0,0 +1,17 @@ +version: "3" + +services: + wyl: + image: aceberg/watchyourlan:v2 + container_name: watchyourlan-v2 + network_mode: "host" + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/watchyourlan-v2:/data/WatchYourLAN + environment: + TZ: Europe/Beelin # required: needs your TZ for correct time + IFACES: "ens18" # required: 1 or more interface + THEME: "sand" # optional + COLOR: "dark" # optional + #SHOUTRRR_URL: "telegram://" # optional, set url to notify + PORT: 8840 # optional, default: 8840 diff --git a/examples/webhook.site/README.md b/examples/webhook.site/README.md new file mode 100644 index 0000000..0475b41 --- /dev/null +++ b/examples/webhook.site/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/webhooksite/webhook.site diff --git a/examples/webhook.site/docker-compose.yml b/examples/webhook.site/docker-compose.yml new file mode 100644 index 0000000..e4fbfb2 --- /dev/null +++ b/examples/webhook.site/docker-compose.yml @@ -0,0 +1,63 @@ +version: '3' + +services: + webhook: + image: webhooksite/webhook.site + container_name: webhook + restart: unless-stopped + command: php artisan queue:work --daemon --tries=3 --timeout=10 + expose: + - 80 + environment: + - APP_ENV=dev + - APP_DEBUG=true + - APP_URL=http://localhost:8084 + - APP_LOG=errorlog + - DB_CONNECTION=sqlite + - REDIS_HOST=redis + - BROADCAST_DRIVER=redis + - CACHE_DRIVER=redis + - QUEUE_DRIVER=redis + - ECHO_HOST_MODE=path + depends_on: + - redis + #labels: + # - traefik.enable=true + # - traefik.docker.network=dev + # - traefik.http.routers.webhook.rule=Host(`hook.example.com`) + # - traefik.http.services.webhook.loadbalancer.server.port=80 + # # Optional part for traefik middlewares + # - traefik.http.routers.webhook.middlewares=local-ipwhitelist@file,authelia@docker + #networks: + # - dev + + redis: + image: redis:alpine + container_name: webhook-redis + restart: unless-stopped + #volumes: + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/requestbin/redis:/data + #networks: + # - dev + + laravel-echo-server: + image: webhooksite/laravel-echo-server + container_name: webhook-echo-server + restart: unless-stopped + environment: + - LARAVEL_ECHO_SERVER_AUTH_HOST=http://webhook + - LARAVEL_ECHO_SERVER_HOST=0.0.0.0 + - LARAVEL_ECHO_SERVER_PORT=6001 + - ECHO_REDIS_PORT=6379 + - ECHO_REDIS_HOSTNAME=redis + - ECHO_PROTOCOL=http + - ECHO_ALLOW_CORS=true + - ECHO_ALLOW_ORIGIN=* + - ECHO_ALLOW_METHODS=* + - ECHO_ALLOW_HEADERS=* + #networks: + # - dev + +#networks: +# dev: +# external: true diff --git a/examples/webtrees/README.md b/examples/webtrees/README.md new file mode 100644 index 0000000..ad07a1f --- /dev/null +++ b/examples/webtrees/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/fisharebest/webtrees diff --git a/examples/webtrees/docker-compose.yml b/examples/webtrees/docker-compose.yml new file mode 100644 index 0000000..4ed0179 --- /dev/null +++ b/examples/webtrees/docker-compose.yml @@ -0,0 +1,61 @@ +version: "3" + +services: + + app: + image: nathanvaughn/webtrees:latest + container_name: webtrees + depends_on: + - db + environment: + PRETTY_URLS: "1" + HTTPS: "0" + HTTPS_REDIRECT: "0" + LANG: "en-US" + BASE_URL: "https://family.example.com" # please adjust to your FQDN URL + DB_TYPE: "mysql" + DB_HOST: "db" + DB_PORT: "3306" + DB_USER: "webtrees" + DB_PASS: "badpassword" + DB_NAME: "webtrees" + DB_PREFIX: "wt_" + PUID: "1000" + PGID: "1000" + ports: + - 8080:80 + expose: + - 80 + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/webtrees/data:/var/www/webtrees/data/ + #networks: + # - proxy + # - webtrees-default + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.webtrees.rule=Host(`family.lrvt.de`) + # - traefik.http.services.webtrees.loadbalancer.server.port=80 + # # Part for optional traefik middlewares + # - traefik.http.routers.webtrees.middlewares=local-ipwhitelist@file + + db: + image: mariadb:latest + container_name: webtrees-db + environment: + MARIADB_DATABASE: "webtrees" + MARIADB_USER: "webtrees" + MARIADB_ROOT_PASSWORD: "badpassword" + MARIADB_PASSWORD: "badpassword" + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/webtrees/db:/var/lib/mysql + #networks: + # - webtrees-default + +#networks: +# proxy: +# external: true +# webtrees-default: +# external: false diff --git a/examples/wg-easy/README.md b/examples/wg-easy/README.md new file mode 100644 index 0000000..377bc79 --- /dev/null +++ b/examples/wg-easy/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/WeeJeWel/wg-easy diff --git a/examples/wg-easy/docker-compose.yml b/examples/wg-easy/docker-compose.yml new file mode 100644 index 0000000..6c20535 --- /dev/null +++ b/examples/wg-easy/docker-compose.yml @@ -0,0 +1,35 @@ +version: "3" + +services: + wg-easy: + cap_add: + - NET_ADMIN + - SYS_MODULE + container_name: wg-easy + environment: + - WG_HOST=vpn.example.com # your hostname or ip address + - PASSWORD=MyStrongPasswordForWebUi # change this + - WG_DEFAULT_DNS=1.1.1.1,8.8.8.8 # add your local dns like pihole + - WG_ALLOWED_IPS=0.0.0.0/0, ::/0 + - WG_DEVICE=eth0 + hostname: wireguard-easy + image: ghcr.io/wg-easy/wg-easy:13 + ports: + - 51820:51820/udp #VPN + - 51821:51821/tcp #WEBGUI + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wg-easy:/etc/wireguard + #networks: + # - proxy +# labels: +# - traefik.enable=true +# - traefik.http.routers.wireguard.rule=Host(`vpn.example.com`) +# - traefik.http.services.wireguard.loadbalancer.server.port=51821 +# - traefik.docker.network=proxy +# # Part for local lan services only +# - traefik.http.routers.wireguard.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/whoogle/README.md b/examples/whoogle/README.md new file mode 100644 index 0000000..570ca40 --- /dev/null +++ b/examples/whoogle/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/benbusby/whoogle-search/blob/main/docker-compose.yml \ No newline at end of file diff --git a/examples/whoogle/docker-compose.yml b/examples/whoogle/docker-compose.yml new file mode 100644 index 0000000..a1620dd --- /dev/null +++ b/examples/whoogle/docker-compose.yml @@ -0,0 +1,48 @@ +# can't use mem_limit in a 3.x docker-compose file in non swarm mode +# see https://github.com/docker/compose/issues/4513 +version: "2.4" + +services: + whoogle-search: + image: benbusby/whoogle-search + container_name: whoogle-search + restart: unless-stopped + pids_limit: 50 + mem_limit: 256mb + memswap_limit: 256mb + # user debian-tor from tor package + user: whoogle + security_opt: + - no-new-privileges + cap_drop: + - ALL + #tmpfs: + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/whoogle/config/:size=10M,uid=927,gid=927,mode=1700 + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/whoogle/var/lib/tor/:size=15M,uid=927,gid=927,mode=1700 + # - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/whoogle/run/tor/:size=1M,uid=927,gid=927,mode=1700 + #environment: # Uncomment to configure environment variables + # Basic auth configuration, uncomment to enable + #- WHOOGLE_USER= + #- WHOOGLE_PASS= + # Proxy configuration, uncomment to enable + #- WHOOGLE_PROXY_USER= + #- WHOOGLE_PROXY_PASS= + #- WHOOGLE_PROXY_TYPE= + # Site alternative configurations, uncomment to enable + # Note: If not set, the feature will still be available + # with default values. + #- WHOOGLE_ALT_TW=farside.link/nitter + #- WHOOGLE_ALT_YT=farside.link/invidious + #- WHOOGLE_ALT_IG=farside.link/bibliogram/u + #- WHOOGLE_ALT_RD=farside.link/libreddit + #- WHOOGLE_ALT_MD=farside.link/scribe + #- WHOOGLE_ALT_TL=farside.link/lingva + #- WHOOGLE_ALT_IMG=farside.link/rimgo + #- WHOOGLE_ALT_WIKI=farside.link/wikiless + #- WHOOGLE_ALT_IMDB=farside.link/libremdb + #- WHOOGLE_ALT_QUORA=farside.link/quetre + #env_file: # Alternatively, load variables from whoogle.env + #- whoogle.env + ports: + - 5000:5000 diff --git a/examples/wikijs/README.md b/examples/wikijs/README.md new file mode 100644 index 0000000..1a1eb89 --- /dev/null +++ b/examples/wikijs/README.md @@ -0,0 +1,3 @@ +# References + +- https://github.com/linuxserver/docker-wikijs diff --git a/examples/wikijs/docker-compose.yml b/examples/wikijs/docker-compose.yml new file mode 100644 index 0000000..031ff90 --- /dev/null +++ b/examples/wikijs/docker-compose.yml @@ -0,0 +1,29 @@ +version: "3" + +services: + wikijs: + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + image: linuxserver/wikijs:latest + container_name: wikijs + restart: unless-stopped + ports: + - 8888:3000 # WEB UI + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wikijs/config:/config + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wikijs/data:/data + links: + - db + + db: + environment: + - POSTGRES_PASSWORD=MySecureDatabasePassword + - POSTGRES_USER=wikijs + - POSTGRES_DB=wikijs + container_name: postgresql + image: postgres:13.4-bullseye + restart: unless-stopped + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wikijs/database:/var/lib/postgresql/data diff --git a/examples/wireguard/README.de b/examples/wireguard/README.de new file mode 100644 index 0000000..b5ba0ad --- /dev/null +++ b/examples/wireguard/README.de @@ -0,0 +1,3 @@ +# References + +https://docs.linuxserver.io/images/docker-wireguard diff --git a/examples/wireguard/docker-compose.yml b/examples/wireguard/docker-compose.yml new file mode 100644 index 0000000..757e891 --- /dev/null +++ b/examples/wireguard/docker-compose.yml @@ -0,0 +1,28 @@ +version: "3.7" + +services: + wireguard: + image: linuxserver/wireguard + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - SERVERURL=vpn.example.com #optional + - SERVERPORT=51820 #optional + - PEERS=1 #optional + - PEERDNS=auto #optional + - INTERNAL_SUBNET=10.13.13.0 #optional + - ALLOWEDIPS=0.0.0.0/0 #optional + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wireguard/config:/config + - /usr/src:/usr/src # location of kernel headers + - /lib/modules:/lib/modules + ports: + - 51820:51820/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + restart: unless-stopped \ No newline at end of file diff --git a/examples/wordpress/README.md b/examples/wordpress/README.md new file mode 100644 index 0000000..6269259 --- /dev/null +++ b/examples/wordpress/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/WordPress/WordPress +- https://github.com/docker/awesome-compose/tree/master/official-documentation-samples/wordpress/ diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml new file mode 100644 index 0000000..0b29999 --- /dev/null +++ b/examples/wordpress/docker-compose.yml @@ -0,0 +1,52 @@ +version: '3.3' + +services: + wordpress-db: + image: mariadb:10.11 + container_name: wordpress-db + hostname: wordpress-db + command: '--default-authentication-plugin=mysql_native_password' + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wordpress/mysql:/var/lib/mysql + restart: unless-stopped + environment: + - MYSQL_ROOT_PASSWORD=wordpressroot + - MYSQL_DATABASE=wordpress + - MYSQL_USER=wordpress + - MYSQL_PASSWORD=wordpress + #networks: + # - proxy + + wordpress: + image: wordpress:latest + container_name: wordpress + hostname: wordpress + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wordpress/data:/var/www/html + ports: + - 80:80 + expose: + - 80 + restart: unless-stopped + environment: + - WORDPRESS_DB_HOST=wordpress-db + - WORDPRESS_DB_USER=wordpress + - WORDPRESS_DB_PASSWORD=wordpress + - WORDPRESS_DB_NAME=wordpress + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.wordpress.rule=Host(`wordpress.example.com`) # please adjust + # - traefik.http.services.wordpress.loadbalancer.server.port=80 + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads + # - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads + # # Part for optional traefik middlewares + # - traefik.http.routers.wordpress.middlewares=local-ipwhitelist@file + +#networks: +# proxy: +# external: true diff --git a/examples/yourls/README.md b/examples/yourls/README.md new file mode 100644 index 0000000..61216f6 --- /dev/null +++ b/examples/yourls/README.md @@ -0,0 +1,9 @@ +# References + +- https://github.com/YOURLS/YOURLS + +# Notes + +The provided `docker-compose.yml` file bind mounts a custom Apache `security.conf` into the container. + +This ensures that YOURL's Apache web server does not disclose its detailed version information. diff --git a/examples/yourls/docker-compose.yml b/examples/yourls/docker-compose.yml new file mode 100644 index 0000000..8da752f --- /dev/null +++ b/examples/yourls/docker-compose.yml @@ -0,0 +1,49 @@ +version: '3.1' + +services: + + yourls: + image: yourls:latest + container_name: yourls + restart: unless-stopped + ports: + - 8080:80 + expose: + - 80 + environment: + YOURLS_SITE: https://myyourls.example.com # please adjust to your domain + YOURLS_USER: yourls-admin # please adjust + YOURLS_PASS: very-secury-admin-password # please adjust + YOURLS_DB_HOST: mysql + YOURLS_DB_USER: yourls + YOURLS_DB_NAME: yourls + YOURLS_DB_PASS: very-secure-database-password # please adjust + volumes: + - ./security.conf:/etc/apache2/conf-enabled/security.conf:ro + #networks: + # - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.yourls.rule=Host(`s.ptf.one`) + # - traefik.http.services.yourls.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for optional traefik middlewares + # - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,authelia@docker + + mysql: + image: mysql:latest + container_name: yourls-db + restart: unless-stopped + environment: + MYSQL_DATABASE: yourls + MYSQL_USER: yourls + MYSQL_PASSWORD: very-secure-database-password # please adjust + MYSQL_ROOT_PASSWORD: very-secure-database-root-password # please adjust + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/yourls/mysql:/var/lib/mysql + #networks: + # - proxy + +#networks: +# proxy: +# external: true \ No newline at end of file diff --git a/examples/yourls/security.conf b/examples/yourls/security.conf new file mode 100644 index 0000000..baa0955 --- /dev/null +++ b/examples/yourls/security.conf @@ -0,0 +1,5 @@ +# bind mount this file into the yourls container +# overwrites '/etc/apache2/conf-enabled/security.conf' to prevent version disclosure + +ServerTokens Prod +ServerSignature Off diff --git a/test.md b/test.md deleted file mode 100644 index e69de29..0000000