asc/rpg.ascorrea.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Anthony Correa
2023-03-19 18:24:13 -05:00
commit 090481ab0d
19 changed files with 280 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
home/certbot/.gitkeep Normal file
View File

0
home/certbot/conf/.gitkeep Normal file
View File

0
home/certbot/www/.gitkeep Normal file
View File

0
home/filebrowser/.gitkeep Normal file
View File

8
home/filebrowser/filebrowser.json Normal file
View File

@@ -0,0 +1,8 @@
{
"port": 80,
"baseURL": "/filebrowser",
"address": "",
"log": "stdout",
"database": "/database.db",
"root": "/srv"
}

0
home/filebrowser/srv/.gitkeep Normal file
View File

0
home/foundry/.gitkeep Normal file
View File

0
home/foundry/container_cache/.gitkeep Normal file
View File

0
home/html/certbot/.gitkeep Normal file
View File

2
home/html/test.php Normal file
View File

@@ -0,0 +1,2 @@
<?php
phpinfo();

97
home/nginx/conf.d/default.conf Normal file
View File

@@ -0,0 +1,97 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;
server_name example.org;
ssl_certificate /etc/nginx/ssl/live/rpg.ascorrea.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/rpg.ascorrea.com/privkey.pem;
location / {
root /var/www/html;
index index.html index.htm;
}
# pass the PHP scripts to FastCGI server listening on php:9000
#
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
}
location /podcast/eps {
root /var/www/html;
autoindex on;
}
location /foundry/ {
# Set proxy headers
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# These are important to support WebSockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Make sure to set your Foundry VTT port number
proxy_pass http://foundry:30000/foundry/;
}
location /filebrowser/ {
client_max_body_size 2048m;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://filebrowser:80/filebrowser/;
}
location /yacht/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://yacht:8000/;
}
}

32
home/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,32 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

0
home/yacht/.gitkeep Normal file
View File

1
root/compose.sh Normal file
View File

@@ -0,0 +1 @@
docker compose -f ~/compose.yml up -d

121
root/compose.yml Normal file
View File

@@ -0,0 +1,121 @@
version: "3"
secrets:
config_json_foundry:
file: foundry_secrets.json
services:
nginx:
container_name: nginx
image: nginx
hostname: nginx
volumes:
- type: bind
source: /home/html
target: /var/www/html
- type: bind
source: /home/nginx/conf.d
target: /etc/nginx/conf.d
read_only: true
- type: bind
source: /home/nginx/nginx.conf
target: /etc/nginx/nginx.conf
- type: bind
source: /home/certbot/www
target: /var/www/certbot
read_only: true
- type: bind
source: /home/certbot/conf
target: /etc/nginx/ssl
read_only: true
environment:
TZ: "America/Chicago"
UID: 33
GID: 33
ports:
- "80:80"
- "443:443"
networks:
- internal
certbot:
container_name: certbot
image: certbot/certbot:latest
volumes:
- type: bind
source: /home/certbot/www
target: /var/www/certbot
- type: bind
source: /home/certbot/conf
target: /etc/letsencrypt
php:
container_name: php
image: php:7.0-fpm
hostname: php
volumes:
- type: bind
source: /home/html
target: /var/www/html
environment:
TZ: "America/Chicago"
UID: 33
GID: 33
networks:
- internal
filebrowser:
container_name: filebrowser
image: filebrowser/filebrowser
hostname: filebrowser
volumes:
- type: bind
source: /home/filebrowser/srv
target: /srv
- type: bind
source: /home/filebrowser/database.db
target: /database.db
- type: bind
source: /home/filebrowser/filebrowser.json
target: /.filebrowser.json
- type: bind
source: /home/foundry/Data
target: /home/foundry/Data
environment:
TZ: "America/Chicago"
UID: 33
GID: 33
networks:
- internal
foundry:
container_name: foundry
image: felddy/foundryvtt:release
hostname: foundry
init: true
volumes:
- type: bind
source: /home/foundry
target: /data
environment:
TZ: "America/Chicago"
FOUNDRY_ROUTE_PREFIX: "foundry"
FOUNDRY_UID: 33
FOUNDRY_GID: 33
secrets:
- source: config_json_foundry
target: config.json
networks:
- internal
yacht:
container_name: yacht
image: selfhostedpro/yacht
hostname: yacht
ports:
- "8000:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/yacht:/config
volumes:
yacht:
external: false
driver: local
networks:
internal:
driver: bridge

14
root/install-docker.sh Normal file
View File

@@ -0,0 +1,14 @@
# https://docs.docker.com/engine/install/debian/
sudo apt-get update
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
mkdir -m 0755 -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

1
root/nginx-reload.sh Normal file
View File

@@ -0,0 +1 @@
docker exec -it nginx service nginx reload

2
root/obtain-certs.sh Normal file
View File

@@ -0,0 +1,2 @@
# https://mindsers.blog/post/https-using-nginx-certbot-docker/
docker compose -f ~/compose.yml run --rm certbot certonly --webroot --webroot-path /var/www/certbot -d rpg.ascorrea.com

2
root/renew.sh Normal file
View File

@@ -0,0 +1,2 @@
# https://mindsers.blog/post/https-using-nginx-certbot-docker/
docker compose run --rm certbot renew