reorganized

i believe everything works

.gitignore

@@ -1,19 +1,18 @@
 *.mp3
-root/secrets
-root/foundry_secrets.json
-home/certbot/conf/*
-!home/certbot/conf/.gitkeep
-home/dir2cast/getID3
-home/dir2cast/temp
-home/foundry/Data/modules/*
-!home/foundry/Data/modules/asc
-home/foundry/Data/systems/*
-home/foundry/Data/worlds/*
-home/foundry/container_cache
-home/yacht/data.sqlite
-home/filebrowser/database.db
+apps/certbot/conf/*
+!apps/certbot/conf/.gitkeep
+apps/dir2cast/getID3
+apps/dir2cast/temp
+apps/foundry/Data/modules/*
+!apps/foundry/Data/modules/asc
+apps/foundry/Data/systems/*
+apps/foundry/Data/worlds/*
+apps/foundry/foundry_secrets.json
+apps/foundry/container_cache
+apps/yacht/data.sqlite
+apps/filebrowser/database.db
 **/.idea/**
-home/vouch/config.yml
+apps/vouch/config.yml
 design/
 
 # General

.gitmodules

@@ -0,0 +1,12 @@
+[submodule "apps/dir2cast"]
+	path = apps/dir2cast
+	url = https://github.com/ben-xo/dir2cast
+[submodule "apps/rolladvantage"]
+	path = apps/rolladvantage
+	url = https://gitea.ascorrea.com/asc/rolladvantage.git
+[submodule "scripts/docker-install"]
+	path = scripts/docker-install
+	url = https://github.com/docker/docker-install
+[submodule "scripts/localhost-ssl"]
+	path = scripts/localhost-ssl
+	url = https://gist.github.com/jonsamp/587b78b7698be7c7fd570164a586e6b7

Dockerfile

@@ -0,0 +1,10 @@
+FROM nginx
+RUN echo $UID
+
+RUN mkdir -p /var/www/dir2cast
+RUN chgrp -R www-data /var/www/dir2cast
+
+COPY apps/dir2cast/dir2cast.php /var/www/dir2cast
+COPY apps/dir2cast/getID3 /var/www/dir2cast/getID3
+RUN ln -s /var/www/podcast/dir2cast.ini /var/www/dir2cast
+RUN ln -s /var/www/podcast/ /var/www/dir2cast

apps/filebrowser/Dockerfile

@@ -0,0 +1,4 @@
+FROM filebrowser/filebrowser
+COPY docker-entrypoint.sh /usr/local/bin
+RUN ln -s /usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh
+ENTRYPOINT ["/docker-entrypoint.sh"] 

apps/filebrowser/docker-entrypoint.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+USERS_DIR=/srv/filebrowser/files/users/
+
+echo "Initializing container" 
+/filebrowser config init 
+/filebrowser config set --auth.method=$AUTH_METHOD --auth.header=$AUTH_HEADER
+    
+mkdir -p $USERS_DIR
+    
+
+USER=anthonyscorrea@gmail.com
+/filebrowser users add $USER "" --perm.admin
+/filebrowser users update $USER --scope "users/$USER"
+mkdir -p $USERS_DIR$USER
+ln -s /srv/foundry/Data/modules $USERS_DIR$USER/foundry-modules
+ln -s /srv/foundry/Data/worlds $USERS_DIR$USER/foundry-worlds
+ln -s /srv/foundry/Data/systems $USERS_DIR$USER/foundry-systems
+ln -s /srv/metube $USERS_DIR$USER/metube
+ln -s /srv/foundry/ $USERS_DIR$USER/foundry
+
+USER=bcrase@gmail.com
+/filebrowser users add $USER "" 
+/filebrowser users update $USER --scope "users/$USER"
+mkdir -p $USERS_DIR$USER
+ln -s /srv/foundry/Data/worlds $USERS_DIR$USER/foundry-worlds
+ln -s /srv/metube $USERS_DIR$USER/metube
+
+USER=acorre20@gmail.com
+/filebrowser users add $USER ""
+/filebrowser users update $USER --scope "users/$USER"
+mkdir -p $USERS_DIR$USER
+ln -s /srv/foundry/Data/worlds $USERS_DIR$USER/foundry-worlds
+
+/filebrowser users add $USER ""
+/filebrowser users update $USER --scope "users/$USER"
+mkdir -p $USERS_DIR$USER
+
+
+exec "/filebrowser"

apps/filebrowser/filebrowser.json

@@ -0,0 +1,8 @@
+{
+  "port": 80,
+  "baseURL": "/filebrowser",
+  "address": "",
+  "log": "stdout",
+  "database": "/srv/filebrowser/database.db",
+  "root": "/srv/filebrowser/files"
+}

apps/filebrowser/filebrowser.nginx.conf

@@ -0,0 +1,20 @@
+location /filebrowser/ {
+		auth_request /vouch/validate;
+		auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
+		proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
+		add_header X-Vouch-User $auth_resp_x_vouch_user;
+		client_max_body_size                    2048m;
+		proxy_read_timeout                      86400s;
+		proxy_send_timeout                      86400s;
+		proxy_set_header                        X-Forwarded-Host $host;
+		proxy_set_header                        X-Forwarded-Server $host;
+		proxy_set_header                        X-Real-IP $remote_addr;
+		proxy_set_header                        Host $host;
+		proxy_set_header                        X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_http_version                      1.1;
+		proxy_redirect                          off;
+		proxy_set_header                        Upgrade $http_upgrade;
+		proxy_set_header                        Connection "upgrade";
+
+		proxy_pass http://filebrowser:80/filebrowser/;
+	}

apps/foundry/Dockerfile

@@ -0,0 +1 @@
+FROM felddy/foundryvtt:release

apps/foundry/foundry.nginx.conf

@@ -0,0 +1,24 @@
+location ~ ^/foundry/$ {
+		return 301 /foundry/game/;
+	}
+
+
+location /foundry/ {
+		auth_request /vouch/validate;
+		auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
+		proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
+		# Set proxy headers
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+
+		# These are important to support WebSockets
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+		#  may need to set
+		#    auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
+		#  in this bock as per https://github.com/vouch/vouch-proxy/issues/26#issuecomment-425215810
+		# set user header (usually an email)
+		proxy_pass http://foundry:30000/foundry/; 
+}
+

apps/foundry/foundry_secrets_sample.json

@@ -0,0 +1,3 @@
+{
+"foundry_admin_key": ""
+}

apps/foundry/options.json

@@ -1,7 +1,7 @@
 {
   "awsConfig": null,
   "compressStatic": false,
-  "dataPath": "/data",
+  "dataPath": "/srv/foundry",
   "fullscreen": false,
   "hostname": null,
   "language": "en.core",

apps/metube/metube.nginx.conf

@@ -0,0 +1,7 @@
+location /metube/ {
+        proxy_pass http://metube:8081;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+}

apps/nginx/conf.d/default.conf

@@ -0,0 +1,35 @@
+server {
+ 	server_name _;
+ 	# you can serve any number of redirects from here...
+ 	listen 80;
+ 	return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name rpg.ascorrea.com;
+	ssl_certificate /etc/nginx/ssl/live/rpg.ascorrea.com/fullchain.pem;
+	ssl_certificate_key /etc/nginx/ssl/live/rpg.ascorrea.com/privkey.pem;
+
+	ssl_stapling on;
+	ssl_stapling_verify on;
+	ssl_trusted_certificate /etc/nginx/ssl/live/rpg.ascorrea.com/fullchain.pem;
+
+	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+	ssl_ciphers         HIGH:!aNULL:!MD5;
+	
+#	include applications/vouch.conf;
+
+    root /var/www/html/;
+	
+	error_page 401 = @error401;
+
+	location / {
+		# This application is simply proxy-passed without any authentication
+		index  index.html index.htm;
+		
+	}
+	
+	include /etc/nginx/conf.d/apps-enabled/*.conf;
+	    
+}

apps/podcast/podcast.nginx.conf

@@ -15,43 +15,43 @@ location ~* /podcast/media/(?:.*)-(?<season_2>s02)?(?<episode_label>ep\d+)(\.mp3
 #	rewrite /podcast/(dir2cast.php) /dir2cast/$1;
 #}	
 
+location /podcast {
+	return 301 /podcast/;
+}
+
 
 location /podcast/ {
-			alias /var/www/dir2cast/;
+			alias /var/www/podcast/;
 			autoindex on;
 				
 			if ( $arg_name) { 
 				return 301 /podcast/media/$arg_name;
 			}
 			
-			location ~* /podcast/(?<dir>.*)/feed {
-#				return 501;
-				rewrite /podcast/ /dir2cast/dir2cast.php?dir=$dir;
+			location ~* (/podcast/)(?<dir>.*)/feed {
+
+				rewrite /podcast/ /dir2cast/dir2cast.php?dir=podcast/$dir;
 			}
 
-			location ~ (\.php|\.ini)$ {
+			location ~ (\.php|\.ini|\.conf)$ {
 				return 403;
 			}
 		}
 
 location /dir2cast/ {
-	root /var/www;
-	
-	
+	alias /var/www/dir2cast/;
 	
 	location ~ ^/dir2cast/dir2cast.php {
-#		return 501;
+	#		return 501;
 		include fastcgi_params;
 		fastcgi_pass php:9000;
 		add_header x-test "$args" always;
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param SCRIPT_FILENAME $request_filename;
 	}
-	
+
 	location ~ (\.php|\.ini)$ {
 		return 403;
 	}
 	
-	
-	
 	}
 

apps/vouch/vouch.nginx.conf

@@ -1,7 +1,7 @@
 # https://github.com/vouch/vouch-proxy#vouch-proxy-in-a-path
 
 location /vouch {
-      proxy_pass http://vouch; # must not! have a slash at the end
+      proxy_pass http://vouch:9090/vouch; # must not! have a slash at the end
       proxy_set_header Host $http_host;
       proxy_pass_request_body off;
       proxy_set_header Content-Length "";

docker-compose.yml

@@ -0,0 +1,140 @@
+version: "3"
+name: rpg-ascorrea-com
+services:
+    webserver:
+        container_name: web
+        build:
+            context: .
+        hostname: webserver
+        volumes:
+          - ./apps/podcast:/var/www/podcast
+          - ./apps/html:/var/www/html
+          - ./apps/rolladvantage/:/var/www/rolladvantage
+          - dir2cast:/var/www/dir2cast
+          - type: bind
+            source: ./apps/certbot/www
+            target: /var/www/certbot
+            read_only: true
+          - type: bind
+            source: ./apps/certbot/conf
+            target: /etc/nginx/ssl
+            read_only: true
+          - ./apps/rolladvantage/rolladvantage.nginx.conf:/etc/nginx/conf.d/apps-enabled/rolladvantage.conf
+          
+          - ./apps/podcast/podcast.nginx.conf:/etc/nginx/conf.d/apps-enabled/podcast.conf
+          - ./apps/filebrowser/filebrowser.nginx.conf:/etc/nginx/conf.d/apps-enabled/filebrowser.conf
+          - ./apps/foundry/foundry.nginx.conf:/etc/nginx/conf.d/apps-enabled/foundry.conf
+          - ./apps/nginx/conf.d/swrpg.ascorrea.com.conf:/etc/nginx/conf.d/swrpg.ascorrea.com.conf
+          - ./apps/vouch/vouch.nginx.conf:/etc/nginx/conf.d/apps-enabled/vouch.conf
+          - ./apps/metube/metube.nginx.conf:/etc/nginx/conf.d/apps-enabled/metube.conf
+          - ./apps/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
+        environment:
+          TZ: "America/Chicago"
+        ports:
+          - "80:80"
+          - "443:443"
+        networks:
+          - internal
+    certbot:
+      container_name: certbot
+      image: certbot/certbot:latest
+      volumes:
+        - type: bind
+          source: ./apps/certbot/www
+          target: /var/www/certbot
+        - type: bind
+          source: ./apps/certbot/conf
+          target: /etc/letsencrypt
+    php:
+        container_name: php
+        image: php:7.0-fpm  
+        hostname: php
+        volumes:        
+          - type: bind
+            source: ./apps/podcast
+            target: /var/www/podcast
+          - dir2cast:/var/www/dir2cast
+        environment:
+          TZ: "America/Chicago"
+          UID: 33
+          GID: 33
+        networks:
+          - internal       
+    filebrowser:
+        container_name: filebrowser
+        build: 
+            context: ./apps/filebrowser
+        hostname: filebrowser
+        volumes:
+          - filebrowser:/srv/filebrowser
+          - foundry:/srv/foundry
+          - metube:/srv/metube
+#           - ./apps/filebrowser/database.db:/database.db
+          - ./apps/filebrowser/filebrowser.json:/.filebrowser.json
+          - ./apps/filebrowser/docker-entrypoint.sh:/docker-entrypoint.sh
+          - ./apps/podcast:/srv/podcast
+        environment:
+          TZ: "America/Chicago"
+          UID: 33
+          GID: 33
+          AUTH_METHOD: proxy
+          AUTH_HEADER: X-Vouch-User
+        networks:
+          - internal
+    foundry:
+        container_name: foundry
+        build: 
+            context: ./apps/foundry
+        hostname: foundry
+        init: true
+        volumes:
+          - foundry:/data
+          - metube:/srv/metube
+          - ./apps/foundry/container_cache:/data/container_cache
+        environment:
+          TZ: "America/Chicago"
+          FOUNDRY_UID: 33
+          FOUNDRY_GID: 33
+          FOUNDRY_ROUTE_PREFIX: "foundry"
+        secrets:
+          - source: config_json_foundry
+            target: config.json
+        networks:
+          - internal
+    vouch:
+        container_name: vouch
+        image: quay.io/vouch/vouch-proxy
+        environment:
+          TZ: "America/Chicago"
+          UID: 33
+          GID: 33
+        volumes:
+            - ./apps/vouch/config.yml:/config/config.yml
+        networks:
+          - internal
+    metube:
+        container_name: metube
+        hostname: metube
+        image: ghcr.io/alexta69/metube
+#         restart: unless-stopped
+        environment:
+            URL_PREFIX: "/metube"
+        volumes:
+            - metube:/downloads
+        networks:
+          - internal
+networks:
+  internal:
+    driver: bridge
+
+
+secrets:
+  config_json_foundry:
+    file: apps/foundry/foundry_secrets.json
+    
+volumes:
+  filebrowser:
+  foundry:
+  podcast:
+  metube:
+  dir2cast:

home/dir2cast/00dnd

@@ -1 +0,0 @@
-/Users/asc/documents-local/rpg/Podcast/publish/00dnd

home/filebrowser/filebrowser.json

@@ -1,12 +0,0 @@
-{
-  "port": 80,
-  "baseURL": "/filebrowser",
-  "address": "",
-  "log": "stdout",
-  "database": "/database.db",
-  "root": "/srv",
-  "auth":{
-  	"method":"proxy",
-  	"header":"X-Vouch-User"
-  }
-}

home/filebrowser/srv/users/anthonyscorrea@gmail.com/foundry-data

@@ -1 +0,0 @@
-../../../../foundry/Data/

home/filebrowser/srv/users/bridgetcrase@gmail.com/bridgets-in-the-dark

@@ -1 +0,0 @@
-../../../../foundry/Data/worlds/bridgets-in-the-dark

home/foundry/Config/admin.txt

@@ -1 +0,0 @@
-8c78feb47ec9762b024341a0b439d8ddb6cc6cf1ff91c20d18fce9436d96c46fcdb815c7949028cb49d7d4a5e1ef36ee4e8a90a69429f9c590487bbe8365760c

home/foundry/Config/license.json

@@ -1,7 +0,0 @@
-{
-  "host": "foundry",
-  "license": "STVDFOY4IH23OK9DQGXNZ9QJ",
-  "version": "0.8.0",
-  "time": "2023-03-19T20:05:29.567Z",
-  "signature": "RxA8BNe7ayMF36Di2HUM7uqXfmRrx8WhRv/wm+lGfjlQJT4ZmJ5aiEEZHxr1x79LUlB1zEUEUejgE1yxxHQcDrR57gGnBAUiZlEUcBrTbJV8WPmObz2Zd7/HFa3V+tcAR4O3bf8GFP62e8YcYPXKCULz8o003lIqjP26k2a2iW5Oa74AuCV6gsVlHZre3Wa6PLtLVOXr35/9FqFBXTTT8MwqLIubsVaZnewL3+u2VFpqLOC55DrFkuvalcHK0r8byaq+BI1wZiOmR/20LET6vTpK+EoVgvnmWcgQ1kH1r4MriABoWHyq0FyrtMBIXDb06zXKyKAbN9SVhjptWigxcmW4yVmIG4gGDEljv4SCCUXQ0H7h0ZtbAR66hSflwd8XTvEmMx7bkF6/wHQoOFNNXLlLlpCylH1ly2/8hQGBQhmhi0uSOnjR4VCpE8uk7tcjCT4SZWdPh4zvN5UrI24Kol0SYTU5u0/vEU8d0ZjLceGNhP412fAtgA/U4nZ8VfNnlVZKPpTnL9ErYNVwYoiKn5a0fbuQZu3ht3TRlYwwS6QGjhno2JUerlir0D26DuyZemP0upXvk98ZEs9nT4dRP3rV9MuAyRpXO09yPUf5yJdZH/Ay9Ms5wZWvEdy0/TInLGezGnROshq+R3/DBEw/TlzmqTsK5SU2oyd6Kk9ZZ8E="
-}

home/foundry/Data/modules/asc/css/custom-css.css

@@ -1,32 +0,0 @@
-.customCssSettings {
-    display: flex;
-    flex-direction: column;
-    height: 100%;
-}
-.customCssSettings h2 {
-    margin: .2em 0 0 0;
-    font-size: 1.25em;
-}
-.customCssSettings .notes {
-    flex-basis: unset;
-    padding: 0;
-}
-.customCssSettings .stylesheet-editor {
-    display: flex;
-    flex-grow: 1;
-    flex-shrink: 0;
-    flex-basis: 250px;
-    overflow: hidden;
-}
-.customCssSettings .stylesheet-editor .CodeMirror {
-    height: 100%;
-    width: 100%;
-}
-.customCssSettings textarea {
-    font-family: 'Courier New', Courier, monospace;
-    height: 100%;
-    width: 100%;
-}
-.customCssSettings button {
-    margin-top: .5em;
-}