├── .gitignore ├── README.md ├── crater ├── Readme.md └── docker-compose.yml ├── docker-compose.tmpl.yml ├── docker.sh ├── duplicati ├── .env.tmpl ├── .gitignore ├── README.md ├── docker-compose.yml └── img │ ├── backup1.png │ ├── backup2.png │ ├── restore1.png │ ├── restore2.png │ ├── restore3.png │ ├── setup1.png │ ├── setup2.png │ ├── setup3.png │ ├── setup4.png │ ├── setup5.png │ ├── setup6.png │ ├── setup7.png │ ├── setup8.png │ └── setup9.png ├── firefly ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── gitlab ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── gotify ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── hedgedoc ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── heimdall ├── .env.tmpl ├── .gitignore ├── README.md ├── data.tmpl │ └── www │ │ └── .env ├── docker-compose.yml └── img │ └── heimdall.png ├── homarr ├── .env.tmpl ├── .gitignore ├── Readme.md └── docker-compose.yml ├── mailu ├── .env.tmpl ├── .gitignore ├── README.md ├── docker-compose.yml ├── img │ ├── setup1.png │ ├── setup10.png │ ├── setup11.png │ ├── setup12.png │ ├── setup13.png │ ├── setup14.png │ ├── setup15.png │ ├── setup16.png │ ├── setup17.png │ ├── setup18.png │ ├── setup19.png │ ├── setup2.png │ ├── setup20.png │ ├── setup21.png │ ├── setup22.png │ ├── setup23.png │ ├── setup3.png │ ├── setup4.png │ ├── setup5.png │ ├── setup6.png │ ├── setup7.png │ ├── setup8.png │ └── setup9.png └── mailu.env ├── minecraft ├── .env.tmpl ├── .gitignore ├── README.md ├── data.tmpl │ ├── filebrowser │ │ └── filebrowser.db │ └── minecraft │ │ ├── mc1 │ │ └── server.properties │ │ └── mc2 │ │ └── server.properties ├── docker-compose.yml └── img │ ├── img1.png │ ├── img2.png │ ├── img3.png │ ├── img4.png │ ├── img5.png │ └── img6.png ├── n8n ├── .gitignore ├── README.md └── docker-compose.yml ├── nextcloud ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── nginx ├── .gitignore ├── README.md └── docker-compose.yml ├── openproject ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── pastebin ├── .gitignore ├── README.md └── docker-compose.yml ├── plane ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── plantuml ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml ├── portainer ├── .env.tmpl ├── .gitignore ├── README.md ├── docker-compose.yml └── img │ ├── portainer-oauth1.png │ ├── portainer-oauth2.png │ ├── portainer-oauth3.png │ ├── setup1.png │ └── setup2.png ├── proxy ├── .env.tmpl ├── .gitignore ├── README.md ├── data.tmpl │ ├── authelia │ │ └── config │ │ │ ├── configuration.yml │ │ │ └── users_database.yml │ └── crowdsecurity │ │ ├── bouncer │ │ └── cloudflare │ │ │ ├── cfg.yaml │ │ │ └── cloudflare-cache.json │ │ ├── cs │ │ └── acquis.yaml │ │ └── metabase │ │ └── metabase.db │ │ ├── README.md │ │ └── metabase.db.mv.db ├── docker-compose.yml └── img │ ├── authelia1.png │ ├── authelia2.png │ ├── authelia3.png │ ├── authelia4.png │ ├── authelia5.png │ ├── cloudflare-create-token.png │ ├── cloudflare-global-cfc-token.png │ ├── cloudflare-global-traefik-token.png │ ├── cloudflare-zone-id-api-key.png │ ├── cloudflare_cs_api_key.png │ ├── cloudflare_cs_api_key2.png │ ├── crowdsec.png │ ├── traefik-pilot.png │ ├── traefik.png │ └── whoami.png ├── pterodactyl ├── .env.tmpl ├── .gitignore ├── README.md ├── docker-compose.yml └── img │ ├── 1.png │ ├── 10.png │ ├── 11.png │ ├── 12.png │ ├── 13.png │ ├── 14.png │ ├── 15.png │ ├── 2.png │ ├── 3.png │ ├── 4.png │ ├── 5.png │ ├── 6.png │ ├── 7.png │ ├── 8.png │ └── 9.png ├── sharelatex ├── .env.tmpl ├── .gitignore ├── README.md ├── build │ ├── latex │ │ └── dockerfile │ └── mongo │ │ ├── dockerfile │ │ ├── init-replica.sh │ │ └── mongo-init-replica.js └── docker-compose.yml ├── supabase ├── .env.tmpl ├── .gitignore ├── README.md ├── data.tmpl │ ├── api │ │ └── kong.yml │ └── db │ │ ├── init │ │ └── data.sql │ │ └── roles.sql └── docker-compose.yml ├── uptime-kuma ├── .gitignore ├── README.md └── docker-compose.yml ├── vaultwarden ├── .env.tmpl ├── .gitignore ├── README.md ├── docker-compose.yml └── img │ ├── vaultwarden-admin1.png │ ├── vaultwarden-admin2.png │ ├── vaultwarden-admin3.png │ ├── vaultwarden-setup1.png │ └── vaultwarden-setup2.png ├── watchtower ├── .env.tmpl ├── .gitignore ├── README.md └── docker-compose.yml └── wirehole ├── .env.tmpl ├── README.md └── docker-compose.yml /.gitignore: -------------------------------------------------------------------------------- 1 | /.stackignore 2 | /global.env 3 | /global.env.temp 4 | /docker-compose.dflt.yml -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker-Collection 2 | 3 | This is a summary of many Docker setups. In each folder, there is an instruction to setup this docker configuration. Be aware that most containers work with traefik as a reverse proxy in front of it. For an easy setup and to tell traefik where to route the traffic we use traefik labels on each container and one network named "proxy" for all containers. We know that this isn't the securest way, but the most flexible and easiest way to implement. 4 | 5 | # Setup 6 | ## Docker 7 | ### 1. Update and Upgrade 8 | - `sudo apt-get update && sudo apt-get upgrade -y` 9 | 10 | ### 2. Install Docker 11 | Docker provides a install script. Just run: 12 | 13 | - `curl -sSL https://get.docker.com | sh` 14 | 15 | ### 3. Add a Non-Root User to the Docker Group 16 | By default, only users who have administrative privileges (root users) can run containers. 17 | You could also add your non-root user to the Docker group which will allow it to execute docker commands. 18 | 19 | To add the current user to the Docker group run: 20 | - `sudo usermod -aG docker ${USER}` 21 | 22 | Reboot the server to let the changes take effect. 23 | 24 | ### 4. Enable Docker to start your containers on boot 25 | 26 | You can configure your server to automatically run the Docker system service, whenever it boots up. 27 | - `sudo systemctl enable docker` 28 | 29 | # Docker script 30 | For an easy start of the containers, there is a script with which you can start and stop all of them or only chosen stacks. A stack is a combination of multiple containers which are all in one folder/docker-compose.yml file.\ 31 | Example: 32 | ## Help 33 | `./docker.sh -h` 34 | ## List all stacks 35 | `./docker.sh -l` 36 | 37 | ## Create a new Stack 38 | `./docker.sh -c [StackName]` 39 | 40 | ## Run a specific stack 41 | `./docker.sh -S [StackName] -r` 42 | ## Stop a specific stack 43 | `./docker.sh -S [StackName] -s` 44 | 45 | ## Run all containers/stacks 46 | `./docker.sh -r` 47 | ## Stop all containers/stacks 48 | `./docker.sh -s` 49 | 50 | ## File structure 51 | ``` 52 | . 53 | ├── StackName1 54 | │ ├── build (optional) 55 | │ │ └── dockerfile (optional) 56 | │ ├── data (folder) 57 | │ ├── data.tmpl (folder) 58 | │ ├── docker-compose.yml (optional) 59 | │ ├── .env.tmpl (optional) 60 | │ ├── .env 61 | │ ├── .gitignore 62 | │ └── README.md 63 | │ 64 | ├── StackName2 65 | │ ├── ... 66 | │ ... 67 | │ 68 | ├── .gitignore 69 | ├── .stackignore 70 | ├── docker.sh 71 | ├── global.env 72 | ├── global.env.temp 73 | └── README.md 74 | ``` 75 | 76 | ## data.tmpl and .env.tmpl 77 | If there is no `data` folder, the `data.tmpl` folder will be copied (`data.tmpl`->`data`). The same will be done for the `.env.tmpl` file (`.env.tmpl`->`.env`). 78 | 79 | ## docker-compose.tmpl.yml 80 | Suppose you create a new stack with `docker.sh -c [StackName]` the `docker-compose.tmpl.yml` file from the root folder will be copied to the newly created stack. 81 | 82 | ## .stackignore 83 | If you run `./docker.sh -r` or `./docker.sh -s` the script will look into each folder in this directory and look for a file named `docker-composed.yml`. If it exists it will deploy this stack. If you want to ignore a folder you have to write the name of the folder in the `.stackignore` file. It works similarly to the .gitignore file.\ 84 | Example: 85 | ``` 86 | nextcloud 87 | onedrive 88 | #portainer 89 | #traefik 90 | webtop 91 | ``` 92 | When you now run `./docker.sh -r` or `./docker.sh -s` all the stacks will start/stop except `nextcloud`, `onedrive` and `webtop` 93 | 94 | ## global.env 95 | Every time you run `docker.sh` it will check that all the environment variables in the `global.env` file are present in each `.env` file in each folder in this directory. The `.stackignore` file doesn't have any impact on this function. This means it will update also the `.env` file even if this stack is in the `.stackignore` file. If you delete or update a variable from the `global.env` file, it will detect this and will remove it from each `.env` file. 96 | Example: 97 | ``` 98 | Domain='example.com' 99 | ServerIPv4='123.456.789.123' 100 | ServerIPv6='abcd:efgh:123:456:789:0000:0000:0001' 101 | TimeZone='Europe/Berlin' 102 | ``` 103 | 104 | # File structure and documentation rules 105 | 1. Pls use the `docker.sh` script to generate new stacks. It will automaticly create a new stack with the following structure (example): 106 | ``` 107 | . 108 | ├── example 109 | │ ├── build (optional) 110 | │ │ └── dockerfile (optional) 111 | │ ├── data (folder) 112 | │ ├── docker-compose.yml 113 | │ ├── .env 114 | │ ├── .gitignore 115 | │ └── README.md 116 | │ 117 | ... 118 | ``` 119 | - If you need a `Dockerfile` to build your own container pls manually add a folder named `build` with the `Dockerfile` inside (optional). 120 | 2. In each folder there should be a README with setup instructions about this stack. 121 | 3. For clean and nice emojis in the git commits pls have a look at [gitmoji.dev](https://gitmoji.dev/) 122 | 4. Feel free to extend the docker collection :D 123 | 124 | # Source 125 | - Docker: 126 | - [How To Install Docker and Docker-Compose On Raspberry Pi ](https://dev.to/elalemanyo/how-to-install-docker-and-docker-compose-on-raspberry-pi-1mo) 127 | - [Traefik v2.1.4: X-Forwarded-For header doet not pass visitor IP when using IPv6](https://community.traefik.io/t/traefik-v2-1-4-x-forwarded-for-header-doet-not-pass-visitor-ip-when-using-ipv6/4803/8) 128 | -------------------------------------------------------------------------------- /crater/Readme.md: -------------------------------------------------------------------------------- 1 | # Craterapp - Embedded Invoicing & Bill Pay for platforms. 2 | 3 | origin: https://crater.financial/ 4 | 5 | ## How to Install: 6 | 7 | Clone the repository by running this command: 8 | 9 | ```sh 10 | $ git clone https://github.com/crater-invoice/crater 11 | ``` 12 | 13 | Change your current working directory and run your app using below commands: 14 | 15 | ```sh 16 | $ cd crater 17 | $ cp .env.example .env 18 | ``` 19 | 20 | edit .env for your needs. 21 | 22 | ```sh 23 | code .env 24 | ``` 25 | 26 | continue with 27 | 28 | ```sh 29 | $ cp docker-compose.yml crater/docker-compose.yml 30 | $ docker-compose up -d 31 | $ ./docker-compose/setup.sh 32 | ``` 33 | 34 | Update Docker-Compose for your needs: 35 | 36 | ```yml 37 | nginx: 38 | container_name: crater-nginx 39 | image: nginx:1.17-alpine 40 | restart: unless-stopped 41 | #ports: 42 | #- 8083:80 43 | volumes: 44 | - ./:/var/www 45 | - ./docker-compose/nginx:/etc/nginx/conf.d/ 46 | networks: 47 | - crater 48 | - proxy 49 | labels: 50 | - "traefik.enable=true" #<== Enable traefik 51 | - "traefik.http.routers.crater-secured.rule=Host(`finance.${DOMAIN}`)" #<== Set domain 52 | - "traefik.http.routers.crater-secured.entrypoints=websecure" #<== Set entry point for HTTPS 53 | - "traefik.http.routers.crater-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 54 | #- "traefik.http.routers.crater-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 55 | - "traefik.http.routers.crater-secured.service=crater-service" #<== Set service 56 | - "traefik.http.services.crater-service.loadbalancer.server.port=80" #<== Set target port on container 57 | ``` 58 | 59 | watch out for 60 | 61 | ```yml 62 | - "traefik.http.routers.crater-secured.middlewares=authelia" 63 | ``` 64 | 65 | if you want to be protected by authelia and make sure, you've added DOMAIN to your .env and customized for your needs. 66 | 67 | ```yml 68 | - "traefik.http.routers.crater-secured.rule=Host(`finance.${DOMAIN}`)" 69 | ``` 70 | 71 | -------------------------------------------------------------------------------- /crater/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | app: 3 | container_name: crater-app 4 | build: 5 | args: 6 | user: crater-user 7 | uid: 1000 8 | context: ./ 9 | dockerfile: Dockerfile 10 | image: crater-php 11 | restart: unless-stopped 12 | working_dir: /var/www/ 13 | volumes: 14 | - ./:/var/www 15 | - ./docker-compose/php/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:rw,delegated 16 | networks: 17 | - crater 18 | 19 | db: 20 | container_name: crater-db 21 | image: mariadb 22 | restart: always 23 | volumes: 24 | # - db:/var/lib/mysql 25 | # If you want to persist data on the host, comment the line above this one... 26 | # and uncomment the line under this one. 27 | - ./docker-compose/db/data:/var/lib/mysql:rw,delegated 28 | environment: 29 | MYSQL_USER: ${DB_USERNAME} 30 | MYSQL_PASSWORD: ${DB_PASSWORD} 31 | MYSQL_DATABASE: ${DB_DATABASE} 32 | MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD} 33 | #ports: 34 | #- '33006:3306' 35 | networks: 36 | - crater 37 | 38 | nginx: 39 | container_name: crater-nginx 40 | image: nginx:1.17-alpine 41 | restart: unless-stopped 42 | #ports: 43 | #- 8083:80 44 | volumes: 45 | - ./:/var/www 46 | - ./docker-compose/nginx:/etc/nginx/conf.d/ 47 | networks: 48 | - crater 49 | - proxy 50 | labels: 51 | - "traefik.enable=true" #<== Enable traefik 52 | - "traefik.http.routers.crater-secured.rule=Host(`finance.${DOMAIN}`)" #<== Set domain 53 | - "traefik.http.routers.crater-secured.entrypoints=websecure" #<== Set entry point for HTTPS 54 | - "traefik.http.routers.crater-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 55 | #- "traefik.http.routers.crater-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 56 | - "traefik.http.routers.crater-secured.service=crater-service" #<== Set service 57 | - "traefik.http.services.crater-service.loadbalancer.server.port=80" #<== Set target port on container 58 | 59 | cron: 60 | container_name: crater-cron 61 | build: 62 | context: ./ 63 | dockerfile: ./docker-compose/cron.dockerfile 64 | volumes: 65 | - ./:/var/www 66 | networks: 67 | - crater 68 | 69 | volumes: 70 | db: 71 | 72 | networks: 73 | proxy: 74 | external: true 75 | crater: 76 | driver: bridge 77 | -------------------------------------------------------------------------------- /docker-compose.tmpl.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### EXAMPLE ##### 4 | ############################################### 5 | EXAMPLE: 6 | image: EXAMPLE/EXAMPLE 7 | container_name: EXAMPLE 8 | restart: unless-stopped 9 | networks: 10 | - proxy 11 | labels: 12 | - "traefik.enable=true" #<== Enable traefik 13 | - "traefik.http.routers.EXAMPLE-secured.rule=Host(`EXAMPLE.${DOMAIN}`)" #<== Set domain 14 | - "traefik.http.routers.EXAMPLE-secured.entrypoints=websecure" #<== Set entry point for HTTPS 15 | - "traefik.http.routers.EXAMPLE-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 16 | - "traefik.http.routers.EXAMPLE-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 17 | - "traefik.http.routers.EXAMPLE-secured.service=EXAMPLE-service" #<== Set service 18 | - "traefik.http.services.EXAMPLE-service.loadbalancer.server.port=80" #<== Set target port on container 19 | 20 | networks: 21 | proxy: 22 | external: true -------------------------------------------------------------------------------- /docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #-------------------------------------------------------------# 3 | # This file is for automatically start/stop/create container/stack instances in this folder. 4 | #-------------------------------------------------------------# 5 | # Help: ./docker -h 6 | #List all: ./docker -l 7 | #Start all: ./docker -r 8 | #Stop all: ./docker -s 9 | #Start stack: ./docker -S [StackName] -r 10 | #Stop stack: ./docker -S [StackName] -s 11 | #Create stack: ./docker -c [StackName] 12 | 13 | if [ ! -f ".gitignore" ]; then 14 | echo -e ".stackignore\nglobal.env\nglobal.env.temp" >> .gitignore 15 | fi; 16 | 17 | STACK=; 18 | StackIgnore=; 19 | if [ -f ".stackignore" ]; then 20 | readarray -t StackIgnore < .stackignore 21 | else 22 | touch .stackignore 23 | fi 24 | 25 | GlobalENV=; 26 | if [ -f "global.env" ]; then 27 | readarray -t GlobalENV < global.env 28 | else 29 | touch global.env 30 | fi 31 | 32 | # 33 | GlobalENVold=; 34 | # GlobalENVnew=; 35 | # GlobalENVdelete=; 36 | if [ -f "global.env.temp" ]; then 37 | #old 38 | GlobalENVold=($(grep -vxf global.env global.env.temp)) 39 | 40 | #new 41 | #GlobalENVnew=($(grep -vxf global.env.temp global.env)) 42 | #find deleted lines 43 | # for olditem in "${GlobalENVold[@]}" 44 | # do 45 | # if [[ ! " ${GlobalENVnew[@]} " =~ " ${olditem} " ]]; then 46 | # GlobalENVdelete+=${olditem} 47 | # #GlobalENVold=${GlobalENVold[@]/$olditem} 48 | # fi 49 | # done 50 | 51 | rm global.env.temp 52 | cp global.env global.env.temp 53 | else 54 | cp global.env global.env.temp 55 | fi 56 | 57 | #Add all global variables from global.env to each .env file 58 | for d in */ ; do 59 | if [ -f "${d}docker-compose.yml" ]; then 60 | if [ -f "${d}.env" ]; then 61 | #If GlobalENVold in .env -> delete line in .env 62 | readarray -t env_temp < ${d}.env 63 | for deleteitem in "${GlobalENVold[@]}" 64 | do 65 | if [[ " ${env_temp[@]} " =~ " ${deleteitem} " ]]; then 66 | deleteitem=$(sed -e s/\\//\\[\\/\\]/g <<<"$deleteitem") 67 | sed -i "/$deleteitem/d" ${d}.env 68 | fi 69 | done 70 | 71 | #Add empty line to file if there is none 72 | x=$(tail -c 1 ${d}.env) 73 | if [ "$x" != "" ]; then 74 | echo >> ${d}.env 75 | fi 76 | 77 | #If GlobalENV not in .env -> add to .env 78 | readarray -t env_temp < ${d}.env 79 | for item in "${GlobalENV[@]}" 80 | do 81 | if [[ ! " ${env_temp[@]} " =~ " ${item} " ]]; then 82 | echo -e "$item" >> ${d}.env 83 | fi 84 | done 85 | fi 86 | fi 87 | done 88 | 89 | helpFunction() 90 | { 91 | echo "Help:" 92 | echo "Usage: $0 [parameter]" 93 | echo -e "\t-h help" 94 | echo -e "\t-l list" 95 | echo -e "\t-r run" 96 | echo -e "\t-s stop" 97 | echo -e "\t-S [StackName] stack" 98 | echo -e "\t-c [StackName] create" 99 | echo "There is a '.stackignore' file. All stacks inside this file will be ignored when executing ./docker.sh -r or ./docker.sh -s" 100 | echo "There is a 'global.env' file. Evrything inside this file will be copyed into each '.env' file in each folder/stack in this directory" 101 | exit 0 # Exit script after printing help 102 | } 103 | 104 | List() 105 | { 106 | #All 107 | for d in */ ; do 108 | if [ -f "${d}docker-compose.yml" ]; then 109 | if [[ " ${StackIgnore[*]} " =~ " ${d} " ]]; then 110 | echo "[${d}]: Will be ignored"; 111 | else 112 | echo "[${d}]: Will not be ignored"; 113 | fi 114 | else 115 | echo "[${d}]: No docker-compose.yml file"; 116 | fi 117 | done 118 | } 119 | 120 | RunStack() 121 | { 122 | if [[ ! -z "$STACK" ]]; then 123 | if [ -f "${STACK}/docker-compose.yml" ]; then 124 | echo -n "[${STACK}]: "; 125 | cd ${STACK} 126 | 127 | # Copy template files 128 | if [ -d "data.tmpl" ] && [[ ! -d "data" ]]; then 129 | cp "data.tmpl" "data" -r 130 | fi 131 | if [ -f ".env.tmpl" ] && [[ ! -f ".env" ]]; then 132 | cp ".env.tmpl" ".env" 133 | fi 134 | 135 | docker compose up -d --remove-orphans 136 | cd .. 137 | else 138 | echo "ERROR: \"${STACK}/docker-compose.yml\" not found" 139 | fi 140 | else 141 | #All 142 | for d in */ ; do 143 | if [ -f "${d}docker-compose.yml" ]; then 144 | if [[ ! " ${StackIgnore[*]} " =~ " ${d} " ]]; then 145 | echo -n "[${d}]: "; 146 | cd ${d} 147 | 148 | # Copy template files 149 | if [ -d "data.tmpl" ] && [[ ! -d "data" ]]; then 150 | cp "data.tmpl" "data" -r 151 | fi 152 | if [ -f ".env.tmpl" ] && [[ ! -f ".env" ]]; then 153 | cp ".env.tmpl" ".env" 154 | fi 155 | 156 | docker compose up -d --remove-orphans --build 157 | cd .. 158 | fi 159 | fi 160 | done 161 | fi 162 | } 163 | 164 | StopStack() 165 | { 166 | if [[ ! -z "$STACK" ]]; then 167 | if [ -f "${STACK}/docker-compose.yml" ]; then 168 | echo -n "[${STACK}]: "; 169 | cd ${STACK} 170 | docker compose down --remove-orphans 171 | cd .. 172 | else 173 | echo "ERROR: \"${STACK}/docker-compose.yml\" not found" 174 | fi 175 | else 176 | #All 177 | for d in */ ; do 178 | if [ -f "${d}docker-compose.yml" ]; then 179 | if [[ ! " ${StackIgnore[*]} " =~ " ${d} " ]]; then 180 | echo -n "[${d}]: "; 181 | cd ${d} 182 | docker compose down --remove-orphans 183 | cd .. 184 | fi 185 | fi 186 | done 187 | fi 188 | } 189 | 190 | CreateStack() 191 | { 192 | if [ -d "$STACKNAME" ]; then 193 | echo "ERROR: Stack name already exists" 194 | else 195 | mkdir $STACKNAME 196 | mkdir $STACKNAME/data 197 | if [ -f "docker-compose.tmpl.yml" ]; then 198 | cp docker-compose.tmpl.yml $STACKNAME/docker-compose.yml 199 | else 200 | touch $STACKNAME/docker-compose.yml 201 | fi 202 | cp global.env $STACKNAME/.env 203 | echo -e "/.env\n/data\n/data/*" >> $STACKNAME/.gitignore 204 | echo -e "# $STACKNAME" >> $STACKNAME/README.md 205 | fi 206 | } 207 | 208 | 209 | 210 | while getopts "hlS:rsc:" opt 211 | do 212 | case "$opt" in 213 | h ) helpFunction ;; 214 | l ) List ;; 215 | S ) STACK="$OPTARG" ;; 216 | r ) RunStack ;; 217 | s ) StopStack ;; 218 | c ) STACKNAME="$OPTARG" && CreateStack ;; 219 | ? ) helpFunction ;; 220 | esac 221 | done 222 | 223 | if [ $# -eq 0 ]; then 224 | helpFunction 225 | fi -------------------------------------------------------------------------------- /duplicati/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TimeZone='Europe/Berlin' -------------------------------------------------------------------------------- /duplicati/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /duplicati/README.md: -------------------------------------------------------------------------------- 1 | # Duplicati 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | - traefik as a reverse proxy in front of it 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the domain and the time zone in the `.env`. 11 | ```yaml 12 | DOMAIN="example.com" 13 | TimeZone='Europe/Berlin' 14 | ``` 15 | ```sh 16 | $ cd duplicati 17 | $ docker-compose up -d 18 | ``` 19 | or 20 | ```sh 21 | ./docker.sh -S duplicati -r 22 | ``` 23 | 24 | Done. Now open https://backup.example.com\ 25 | Click no if you have a password infront of Duplicati. Like Authelia does. 26 | ![setup1](img/setup1.png) 27 | ![setup2](img/setup2.png) 28 | ![setup3](img/setup3.png) 29 | Chose your preferred backup destination type. There is a lot to choose from. I chose onedrive. Then cklick on the word `AuthID`. It will redirect you to a new page where you have to login into onedrive.\ 30 | ![setup4](img/setup4.png) 31 | ![setup5](img/setup5.png) 32 | ![setup6](img/setup6.png) 33 | ![setup7](img/setup7.png) 34 | ![setup8](img/setup8.png) 35 | ![setup9](img/setup9.png) 36 | 37 | ## Start a backup 38 | ![backup1](img/backup1.png) 39 | ![backup2](img/backup2.png) 40 | The backup will automaticly uploaded to the cloud. It will also be encrypted. 41 | 42 | ## Restore 43 | ![restore1](img/restore1.png) 44 | ![restore2](img/restore2.png) 45 | ![restore3](img/restore3.png) 46 | 47 | # Source 48 | - [linuxserver.io docs](https://docs.linuxserver.io/images/docker-heimdall) 49 |
50 | 51 | 52 | 53 |
-------------------------------------------------------------------------------- /duplicati/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### Duplicati ##### 4 | ############################################### 5 | duplicati: 6 | image: lscr.io/linuxserver/duplicati:latest 7 | container_name: duplicati 8 | restart: unless-stopped 9 | environment: 10 | - PUID=0 11 | - PGID=0 12 | - TZ=${TimeZone} 13 | volumes: 14 | - ./data/config:/config 15 | - ../:/source 16 | # ports: 17 | # - 8200:8200 18 | networks: 19 | - proxy 20 | labels: 21 | - "traefik.enable=true" #<== Enable traefik 22 | - "traefik.http.routers.duplicati-secured.rule=Host(`backup.${DOMAIN}`)" #<== Set domain 23 | - "traefik.http.routers.duplicati-secured.entrypoints=websecure" #<== Set entry point for HTTPS 24 | - "traefik.http.routers.duplicati-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 25 | - "traefik.http.routers.duplicati-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 26 | - "traefik.http.routers.duplicati-secured.service=duplicati-service" #<== Set service 27 | - "traefik.http.services.duplicati-service.loadbalancer.server.port=8200" #<== Set target port on container 28 | 29 | networks: 30 | proxy: 31 | external: true -------------------------------------------------------------------------------- /duplicati/img/backup1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/backup1.png -------------------------------------------------------------------------------- /duplicati/img/backup2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/backup2.png -------------------------------------------------------------------------------- /duplicati/img/restore1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/restore1.png -------------------------------------------------------------------------------- /duplicati/img/restore2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/restore2.png -------------------------------------------------------------------------------- /duplicati/img/restore3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/restore3.png -------------------------------------------------------------------------------- /duplicati/img/setup1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup1.png -------------------------------------------------------------------------------- /duplicati/img/setup2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup2.png -------------------------------------------------------------------------------- /duplicati/img/setup3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup3.png -------------------------------------------------------------------------------- /duplicati/img/setup4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup4.png -------------------------------------------------------------------------------- /duplicati/img/setup5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup5.png -------------------------------------------------------------------------------- /duplicati/img/setup6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup6.png -------------------------------------------------------------------------------- /duplicati/img/setup7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup7.png -------------------------------------------------------------------------------- /duplicati/img/setup8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup8.png -------------------------------------------------------------------------------- /duplicati/img/setup9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/duplicati/img/setup9.png -------------------------------------------------------------------------------- /firefly/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN=example.com 2 | 3 | # You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. 4 | # Never set it to "testing". 5 | APP_ENV=local 6 | 7 | # Set to true if you want to see debug information in error screens. 8 | APP_DEBUG=false 9 | 10 | # This should be your email address. 11 | # If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE 12 | SITE_OWNER=mail@example.com 13 | 14 | # The encryption key for your sessions. Keep this very secure. 15 | # Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it. 16 | # If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE 17 | # 18 | # Avoid the "#" character in your APP_KEY, it may break things. 19 | # 20 | APP_KEY="t3ggW92EqAxoSu!$Hrnk*ZUq*rNGPH*$" 21 | 22 | # Firefly III will launch using this language (for new users and unauthenticated visitors) 23 | # For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang 24 | # 25 | # If text is still in English, remember that not everything may have been translated. 26 | DEFAULT_LANGUAGE=en_US 27 | 28 | # The locale defines how numbers are formatted. 29 | # by default this value is the same as whatever the language is. 30 | DEFAULT_LOCALE=equal 31 | 32 | # Change this value to your preferred time zone. 33 | # Example: Europe/Amsterdam 34 | # For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones 35 | TZ=Europe/Berlin 36 | 37 | # TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. 38 | # Set it to ** and reverse proxies work just fine. 39 | TRUSTED_PROXIES=** 40 | 41 | # The log channel defines where your log entries go to. 42 | # Several other options exist. You can use 'single' for one big fat error log (not recommended). 43 | # Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. 44 | # A rotating log option is 'daily', creates 5 files that (surprise) rotate. 45 | # A cool option is 'papertrail' for cloud logging 46 | # Default setting 'stack' will log to 'daily' and to 'stdout' at the same time. 47 | LOG_CHANNEL=stack 48 | 49 | # 50 | # Used when logging to papertrail: 51 | # 52 | PAPERTRAIL_HOST= 53 | PAPERTRAIL_PORT= 54 | 55 | # Log level. You can set this from least severe to most severe: 56 | # debug, info, notice, warning, error, critical, alert, emergency 57 | # If you set it to debug your logs will grow large, and fast. If you set it to emergency probably 58 | # nothing will get logged, ever. 59 | APP_LOG_LEVEL=notice 60 | 61 | # Audit log level. 62 | # Set this to "emergency" if you dont want to store audit logs, leave on info otherwise. 63 | AUDIT_LOG_LEVEL=info 64 | 65 | # Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III 66 | # For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq 67 | # If you use Docker or similar, you can set these variables from a file by appending them with _FILE 68 | # Use "pgsql" for PostgreSQL 69 | # Use "mysql" for MySQL and MariaDB. 70 | # Use "sqlite" for SQLite. 71 | DB_CONNECTION=mysql 72 | DB_HOST=fireflyiii-db 73 | DB_PORT=3306 74 | DB_DATABASE=firefly 75 | DB_USERNAME=firefly 76 | DB_PASSWORD='2QtFN$RniYsfgniAq2^apFTd4QgMLHWQ&FHCvAH%yo*atTv9W@g2Yr7WrKNgs$nUR^YVzQvfnVkdfFTTN24*AdK9apfQGQ$&ha6m4^8Qs4GH7&Ai5poV!SzrXtCDUTmP' 77 | # leave empty or omit when not using a socket connection 78 | DB_SOCKET= 79 | 80 | # MySQL supports SSL. You can configure it here. 81 | # If you use Docker or similar, you can set these variables from a file by appending them with _FILE 82 | MYSQL_USE_SSL=false 83 | MYSQL_SSL_VERIFY_SERVER_CERT=true 84 | # You need to set at least of these options 85 | MYSQL_SSL_CAPATH=/etc/ssl/certs/ 86 | MYSQL_SSL_CA= 87 | MYSQL_SSL_CERT= 88 | MYSQL_SSL_KEY= 89 | MYSQL_SSL_CIPHER= 90 | 91 | # PostgreSQL supports SSL. You can configure it here. 92 | # If you use Docker or similar, you can set these variables from a file by appending them with _FILE 93 | PGSQL_SSL_MODE=prefer 94 | PGSQL_SSL_ROOT_CERT=null 95 | PGSQL_SSL_CERT=null 96 | PGSQL_SSL_KEY=null 97 | PGSQL_SSL_CRL_FILE=null 98 | 99 | # more PostgreSQL settings 100 | PGSQL_SCHEMA=public 101 | 102 | # If you're looking for performance improvements, you could install memcached or redis 103 | CACHE_DRIVER=file 104 | SESSION_DRIVER=file 105 | 106 | # If you set either of the options above to 'redis', you might want to update these settings too 107 | # If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or 108 | # REDIS_PORT_FILE to set the value from a file instead of from an environment variable 109 | 110 | # can be tcp, unix or http 111 | REDIS_SCHEME=tcp 112 | 113 | # use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise. 114 | REDIS_PATH= 115 | 116 | # use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise. 117 | REDIS_HOST=127.0.0.1 118 | REDIS_PORT=6379 119 | 120 | # Use only with Redis 6+ with proper ACL set. Leave empty otherwise. 121 | REDIS_USERNAME= 122 | REDIS_PASSWORD= 123 | 124 | # always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly. 125 | REDIS_DB="0" 126 | REDIS_CACHE_DB="1" 127 | 128 | # Cookie settings. Should not be necessary to change these. 129 | # If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set 130 | # the value from a file instead of from an environment variable 131 | # Setting samesite to "strict" may give you trouble logging in. 132 | COOKIE_PATH="/" 133 | COOKIE_DOMAIN= 134 | COOKIE_SECURE=false 135 | COOKIE_SAMESITE=lax 136 | 137 | # If you want Firefly III to email you, update these settings 138 | # For instructions, see: https://docs.firefly-iii.org/advanced-installation/email 139 | # If you use Docker or similar, you can set these variables from a file by appending them with _FILE 140 | MAIL_MAILER=log 141 | MAIL_HOST=null 142 | MAIL_PORT=2525 143 | MAIL_FROM=changeme@example.com 144 | MAIL_USERNAME=null 145 | MAIL_PASSWORD=null 146 | MAIL_ENCRYPTION=null 147 | 148 | # Other mail drivers: 149 | # If you use Docker or similar, you can set these variables from a file by appending them with _FILE 150 | MAILGUN_DOMAIN= 151 | MAILGUN_SECRET= 152 | 153 | # If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net 154 | # If you use Docker or similar, you can set this variable from a file by appending it with _FILE 155 | MAILGUN_ENDPOINT=api.mailgun.net 156 | 157 | # If you use Docker or similar, you can set these variables from a file by appending them with _FILE 158 | MANDRILL_SECRET='37yc9XRYB^XowqByAMDZRVHxDhu$pRPhzsAM6y7#%QU3NPd#K8CEn!zLjWUHt3SnuD3^gL!xp9oUdCVAzop&sgpH6dRkPKGEnf&ZqUG@VeVKH56HiHN^&DDcEhruHAHU' 159 | SPARKPOST_SECRET='t5zqAmi2gTpzA*y*eL*LBGKLq^$wDt$Gy8@2f4Cr!$6V^Hh4SE36@g%P347okcViUhn$8y2$$tDCTc^ngVCTxn^wSDsr9bMCJdGp*Vv4PdrGy8LaZCNibPfZAm$pdEhE' 160 | 161 | # Firefly III can send you the following messages. 162 | SEND_REGISTRATION_MAIL=true 163 | SEND_ERROR_MESSAGE=true 164 | SEND_LOGIN_NEW_IP_WARNING=true 165 | 166 | # These messages contain (sensitive) transaction information: 167 | SEND_REPORT_JOURNALS=true 168 | 169 | # Set this value to true if you want to set the location 170 | # of certain things, like transactions. Since this involves an external service, it's optional 171 | # and disabled by default. 172 | ENABLE_EXTERNAL_MAP=false 173 | 174 | # The map will default to this location: 175 | MAP_DEFAULT_LAT=51.983333 176 | MAP_DEFAULT_LONG=5.916667 177 | MAP_DEFAULT_ZOOM=6 178 | 179 | # 180 | # Firefly III authentication settings 181 | # 182 | 183 | # 184 | # Firefly III supports a few authentication methods: 185 | # - 'web' (default, uses built in DB) 186 | # - 'remote_user_guard' for Authelia etc 187 | # Read more about these settings in the documentation. 188 | # https://docs.firefly-iii.org/advanced-installation/authentication 189 | # 190 | # LDAP is no longer supported :( 191 | # 192 | AUTHENTICATION_GUARD=web 193 | 194 | # 195 | # Remote user guard settings 196 | # 197 | AUTHENTICATION_GUARD_HEADER=REMOTE_USER 198 | AUTHENTICATION_GUARD_EMAIL= 199 | 200 | # 201 | # Firefly III generates a basic keypair for your OAuth tokens. 202 | # If you want, you can overrule the key with your own (secure) value. 203 | # It's also possible to set PASSPORT_PUBLIC_KEY_FILE or PASSPORT_PRIVATE_KEY_FILE 204 | # if you're using Docker secrets or similar solutions for secret management 205 | # 206 | PASSPORT_PRIVATE_KEY= 207 | PASSPORT_PUBLIC_KEY= 208 | 209 | # 210 | # Extra authentication settings 211 | # 212 | CUSTOM_LOGOUT_URL= 213 | 214 | # You can disable the X-Frame-Options header if it interferes with tools like 215 | # Organizr. This is at your own risk. Applications running in frames run the risk 216 | # of leaking information to their parent frame. 217 | DISABLE_FRAME_HEADER=false 218 | 219 | # You can disable the Content Security Policy header when you're using an ancient browser 220 | # or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really) 221 | # This leaves you with the risk of not being able to stop XSS bugs should they ever surface. 222 | # This is at your own risk. 223 | DISABLE_CSP_HEADER=false 224 | 225 | # If you wish to track your own behavior over Firefly III, set valid analytics tracker information here. 226 | # Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to. 227 | # Do not prepend the TRACKER_URL with http:// or https:// 228 | # The only tracker supported is Matomo. 229 | # You can set the following variables from a file by appending them with _FILE: 230 | TRACKER_SITE_ID= 231 | TRACKER_URL= 232 | 233 | # 234 | # Firefly III supports webhooks. These are security sensitive and must be enabled manually first. 235 | # 236 | ALLOW_WEBHOOKS=false 237 | 238 | # 239 | # The static cron job token can be useful when you use Docker and wish to manage cron jobs. 240 | # 1. Set this token to any 32-character value (this is important!). 241 | # 2. Use this token in the cron URL instead of a user's command line token. 242 | # 243 | # For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/ 244 | # 245 | # You can set this variable from a file by appending it with _FILE 246 | # 247 | STATIC_CRON_TOKEN= 248 | 249 | # You can fine tune the start-up of a Docker container by editing these environment variables. 250 | # Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data. 251 | # However if you know what you're doing you can significantly speed up container start times. 252 | # Set each value to true to enable, or false to disable. 253 | 254 | # Set this to true to build all locales supported by Firefly III. 255 | # This may take quite some time (several minutes) and is generally not recommended. 256 | # If you wish to change or alter the list of locales, start your Docker container with 257 | # `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true` 258 | # and make sure your preferred locales are in your own locale.gen. 259 | DKR_BUILD_LOCALE=false 260 | 261 | # Check if the SQLite database exists. Can be skipped if you're not using SQLite. 262 | # Won't significantly speed up things. 263 | DKR_CHECK_SQLITE=true 264 | 265 | # Run database creation and migration commands. Disable this only if you're 100% sure the DB exists 266 | # and is up to date. 267 | DKR_RUN_MIGRATION=true 268 | 269 | # Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date 270 | # with the latest fixes (outside of migrations!) 271 | DKR_RUN_UPGRADE=true 272 | 273 | # Verify database integrity. Includes all data checks and verifications. 274 | # Disabling this makes Firefly III assume your DB is intact. 275 | DKR_RUN_VERIFY=true 276 | 277 | # Run database reporting commands. When disabled, Firefly III won't go over your data to report current state. 278 | # Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues. 279 | DKR_RUN_REPORT=true 280 | 281 | # Generate OAuth2 keys. 282 | # When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if) 283 | # you had previously generated keys already and they're stored in your database for restoration. 284 | DKR_RUN_PASSPORT_INSTALL=true 285 | 286 | # Leave the following configuration vars as is. 287 | # Unless you like to tinker and know what you're doing. 288 | APP_NAME=FireflyIII 289 | BROADCAST_DRIVER=log 290 | QUEUE_DRIVER=sync 291 | CACHE_PREFIX=firefly 292 | PUSHER_KEY= 293 | IPINFO_TOKEN= 294 | PUSHER_SECRET= 295 | PUSHER_ID= 296 | DEMO_USERNAME= 297 | DEMO_PASSWORD= 298 | IS_HEROKU=false 299 | FIREFLY_III_LAYOUT=v1 300 | 301 | # 302 | # If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable. 303 | # It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking. 304 | # This configuration value WILL NOT HELP. 305 | # 306 | # Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff. 307 | # 308 | # This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else. 309 | # So when configuring anything WEB related this variable doesn't do anything. Nothing 310 | # 311 | # If you're stuck I understand you get desperate but look SOMEWHERE ELSE. 312 | # 313 | APP_URL=http://localhost 314 | -------------------------------------------------------------------------------- /firefly/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /firefly/README.md: -------------------------------------------------------------------------------- 1 | # Firefly III 2 | -------------------------------------------------------------------------------- /firefly/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### fireflyiii ##### 4 | ############################################### 5 | fireflyiii: 6 | image: fireflyiii/core:latest 7 | container_name: fireflyiii 8 | restart: unless-stopped 9 | env_file: .env 10 | volumes: 11 | - ./data/upload:/var/www/html/storage/upload 12 | networks: 13 | - fireflyiii-backend 14 | - proxy 15 | labels: 16 | - "traefik.enable=true" #<== Enable traefik 17 | - "traefik.http.routers.fireflyiii-secured.rule=Host(`finance.${DOMAIN}`)" #<== Set domain 18 | - "traefik.http.routers.fireflyiii-secured.entrypoints=websecure" #<== Set entry point for HTTPS 19 | - "traefik.http.routers.fireflyiii-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 20 | - "traefik.http.routers.fireflyiii-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 21 | - "traefik.http.routers.fireflyiii-secured.service=fireflyiii-service" #<== Set service 22 | - "traefik.http.services.fireflyiii-service.loadbalancer.server.port=8080" #<== Set target port on container 23 | 24 | fireflyiii-db: 25 | image: mariadb 26 | container_name: fireflyiii-db 27 | hostname: ${DB_HOST} 28 | restart: always 29 | environment: 30 | - MYSQL_RANDOM_ROOT_PASSWORD=yes 31 | - MYSQL_USER=${DB_USERNAME} 32 | - MYSQL_PASSWORD=${DB_PASSWORD} 33 | - MYSQL_DATABASE=${DB_DATABASE} 34 | volumes: 35 | - ./data/db:/var/lib/mysql 36 | networks: 37 | - fireflyiii-backend 38 | 39 | networks: 40 | proxy: 41 | external: true 42 | fireflyiii-backend: 43 | name: proxy-backend -------------------------------------------------------------------------------- /gitlab/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" -------------------------------------------------------------------------------- /gitlab/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /gitlab/README.md: -------------------------------------------------------------------------------- 1 | # GitLab 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | - traefik as a reverse proxy in front of it 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the domain in the `.env` file. 11 | ```yaml 12 | DOMAIN="example.com" 13 | ``` 14 | 15 | ## Start 16 | ```sh 17 | $ cd gitlab 18 | $ docker-compose up -d 19 | ``` 20 | or 21 | ```sh 22 | ./docker.sh -S gitlab -r 23 | ``` 24 | 25 | Done. Now open https://git.example.com 26 | 27 | # Source 28 | - [linuxserver.io docs](https://docs.gitlab.com/ee/install/docker.html) -------------------------------------------------------------------------------- /gitlab/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### GitLab ##### 4 | ############################################### 5 | gitlab: 6 | image: gitlab/gitlab-ce:latest 7 | container_name: gitlab 8 | restart: unless-stopped 9 | #ports: 10 | #- '6000:80' 11 | #- '443:443' 12 | #- '22:22' 13 | environment: 14 | GITLAB_OMNIBUS_CONFIG: | 15 | external_url 'https://git.${DOMAIN}' 16 | volumes: 17 | - './data/config:/etc/gitlab' 18 | - './data/logs:/var/log/gitlab' 19 | - './data/data:/var/opt/gitlab' 20 | networks: 21 | - proxy 22 | labels: 23 | - "traefik.enable=true" #<== Enable traefik 24 | - "traefik.http.routers.gitlab-secured.rule=Host(`git.${DOMAIN}`)" #<== Set domain 25 | - "traefik.http.routers.gitlab-secured.entrypoints=websecure" #<== Set entry point for HTTPS 26 | - "traefik.http.routers.gitlab-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 27 | - "traefik.http.routers.gitlab-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 28 | - "traefik.http.routers.gitlab-secured.service=gitlab-service" #<== Set service 29 | - "traefik.http.services.gitlab-service.loadbalancer.server.port=80" #<== Set target port on container 30 | 31 | networks: 32 | proxy: 33 | external: true -------------------------------------------------------------------------------- /gotify/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" -------------------------------------------------------------------------------- /gotify/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /gotify/README.md: -------------------------------------------------------------------------------- 1 | # Gotify 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | - Traefik as a reverse proxy in front of it 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the domain in the `.env` file to your domain. 11 | ```yaml 12 | DOMAIN="example.com" 13 | ``` 14 | ```sh 15 | $ cd gotify 16 | $ docker-compose up -d 17 | ``` 18 | or use the script in the root directory of this repo 19 | ```sh 20 | ./docker.sh -S proxy -r 21 | ./docker.sh -S gotify -r 22 | ``` 23 | 24 | Done. Now open https://push.example.com. Default login: username: `admin` password: `admin` 25 | 26 | # Source 27 | - [Gotify docs](https://gotify.net/) -------------------------------------------------------------------------------- /gotify/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### Gotify ##### 4 | ############################################### 5 | gotify: 6 | image: gotify/server:latest 7 | container_name: gotify 8 | restart: unless-stopped 9 | security_opt: 10 | - no-new-privileges 11 | volumes: 12 | - ./data/gotify:/app/data 13 | networks: 14 | - proxy 15 | labels: 16 | - "traefik.enable=true" #<== Enable traefik 17 | - "traefik.http.routers.gotify-secured.rule=Host(`push.${DOMAIN}`)" #<== Set domain 18 | - "traefik.http.routers.gotify-secured.entrypoints=websecure" #<== Set entry point for HTTPS 19 | - "traefik.http.routers.gotify-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 20 | # - "traefik.http.routers.gotify-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 21 | - "traefik.http.routers.gotify-secured.service=gotify-service" #<== Set service 22 | - "traefik.http.services.gotify-service.loadbalancer.server.port=80" #<== Set target port on container 23 | 24 | networks: 25 | proxy: 26 | external: true -------------------------------------------------------------------------------- /hedgedoc/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TimeZone='Europe/Berlin' 3 | MYSQL_ROOT_PASSWORD='XXXXXXXXXXXXXXXXXXXXXXXX' 4 | MYSQL_DATABASE=hedgedoc 5 | MYSQL_USER=hedgedoc 6 | MYSQL_PASSWORD='XXXXXXXXXXXXXXXXXXXXXXXX' 7 | CMD_OAUTH2_CLIENT_SECRET='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' # Advanced (Add Authelia as OIDC) -------------------------------------------------------------------------------- /hedgedoc/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /hedgedoc/README.md: -------------------------------------------------------------------------------- 1 | # Hedgedoc 2 | # Requirements 3 | - Docker 4 | - Docker-compose 5 | - traefik as a reverse proxy in front of it 6 | - (Authelia for OIDC (Advanced)) 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the informations in the `.env` file. 11 | ```yaml 12 | DOMAIN="example.com" 13 | TimeZone='Europe/Berlin' 14 | MYSQL_ROOT_PASSWORD='XXXXXXXXXXXXXXXXXXXXXXXX' 15 | MYSQL_DATABASE=hedgedoc 16 | MYSQL_USER=hedgedoc 17 | MYSQL_PASSWORD='XXXXXXXXXXXXXXXXXXXXXXXX' 18 | #CMD_OAUTH2_CLIENT_SECRET='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' # Advanced (Add Authelia as OIDC) 19 | ``` 20 | ## Start 21 | ```sh 22 | $ cd heimdall 23 | $ docker-compose up -d 24 | ``` 25 | or 26 | ```sh 27 | ./docker.sh -S heimdall -r 28 | ``` 29 | 30 | Done. Now open https://docs.example.com 31 | 32 | # Advanced 33 | ## Add Authelia as OIDC 34 | To login through Authelia you have to add the following lines to the environment variables section at the hedgedoc container. 35 | ``` 36 | environment: 37 | #Authelia as OIDC 38 | - CMD_OAUTH2_CLIENT_ID=hedgedoc 39 | - CMD_OAUTH2_CLIENT_SECRET=${CMD_OAUTH2_CLIENT_SECRET} 40 | - CMD_OAUTH2_AUTHORIZATION_URL=https://auth.${DOMAIN}/api/oidc/authorization 41 | - CMD_OAUTH2_TOKEN_URL=https://auth.${DOMAIN}/api/oidc/token 42 | - CMD_OAUTH2_USER_PROFILE_URL=https://auth.${DOMAIN}/api/oidc/userinfo 43 | - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username 44 | - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name 45 | - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email 46 | - "CMD_OAUTH2_SCOPE=openid profile groups email" 47 | ``` 48 | In Authelia you have to add this to the identity_providers: and clients: section in the `configuration` file of Authelia: 49 | ```yaml 50 | identity_providers: 51 | ... 52 | clients: 53 | ... 54 | - id: hedgedoc 55 | description: Hedgedoc wants some information to log you in. 56 | secret: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 57 | public: false 58 | authorization_policy: one_factor 59 | audience: [] 60 | scopes: 61 | - openid 62 | - profile 63 | - groups 64 | - email 65 | redirect_uris: 66 | - https://docs.kropp.link/auth/oauth2/callback 67 | userinfo_signing_algorithm: none 68 | ... 69 | ``` -------------------------------------------------------------------------------- /hedgedoc/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### hedgedoc ##### 4 | ############################################### 5 | hedgedoc-db: 6 | image: lscr.io/linuxserver/mariadb:latest 7 | container_name: hedgedoc-db 8 | restart: unless-stopped 9 | volumes: 10 | - ./data/db:/db 11 | environment: 12 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 13 | - MYSQL_DATABASE=${MYSQL_DATABASE} 14 | - MYSQL_USER=${MYSQL_USER} 15 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 16 | - PGID=1000 17 | - PUID=1000 18 | - TZ=${TimeZone} 19 | networks: 20 | - hedgedoc-backend 21 | 22 | hedgedoc: 23 | image: lscr.io/linuxserver/hedgedoc:latest 24 | container_name: hedgedoc 25 | restart: unless-stopped 26 | depends_on: 27 | - hedgedoc-db 28 | volumes: 29 | - ./data/config:/config 30 | environment: 31 | - DB_HOST=hedgedoc-db 32 | - DB_USER=${MYSQL_USER} 33 | - DB_PASS=${MYSQL_PASSWORD} 34 | - DB_NAME=${MYSQL_DATABASE} 35 | - DB_PORT=3306 36 | - PGID=1000 37 | - PUID=1000 38 | - TZ=${TimeZone} 39 | - CMD_DOMAIN=docs.${DOMAIN} 40 | - CMD_URL_ADDPORT=false 41 | - CMD_PROTOCOL_USESSL=true 42 | - CMD_ALLOW_PDF_EXPORT=true 43 | #- "CMD_OPENID=true" 44 | #Authelia as OIDC 45 | - CMD_OAUTH2_CLIENT_ID=hedgedoc 46 | - CMD_OAUTH2_CLIENT_SECRET=${CMD_OAUTH2_CLIENT_SECRET} 47 | - CMD_OAUTH2_AUTHORIZATION_URL=https://auth.${DOMAIN}/api/oidc/authorization 48 | - CMD_OAUTH2_TOKEN_URL=https://auth.${DOMAIN}/api/oidc/token 49 | - CMD_OAUTH2_USER_PROFILE_URL=https://auth.${DOMAIN}/api/oidc/userinfo 50 | - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username 51 | - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name 52 | - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email 53 | - "CMD_OAUTH2_SCOPE=openid profile groups email" 54 | networks: 55 | - hedgedoc-backend 56 | - proxy 57 | labels: 58 | - "traefik.enable=true" #<== Enable traefik 59 | - "traefik.http.routers.hedgedoc-secured.rule=Host(`docs.${DOMAIN}`)" #<== Set domain 60 | - "traefik.http.routers.hedgedoc-secured.entrypoints=websecure" #<== Set entry point for HTTPS 61 | - "traefik.http.routers.hedgedoc-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 62 | - "traefik.http.routers.hedgedoc-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 63 | - "traefik.http.routers.hedgedoc-secured.service=hedgedoc-service" #<== Set service 64 | - "traefik.http.services.hedgedoc-service.loadbalancer.server.port=3000" #<== Set target port on container 65 | 66 | networks: 67 | proxy: 68 | external: true 69 | hedgedoc-backend: 70 | name: hedgedoc-backend 71 | driver: bridge 72 | ipam: 73 | driver: default 74 | config: 75 | - subnet: 172.2.0.0/16 76 | gateway: 172.2.0.1 -------------------------------------------------------------------------------- /heimdall/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TimeZone='Europe/Berlin' -------------------------------------------------------------------------------- /heimdall/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /heimdall/README.md: -------------------------------------------------------------------------------- 1 | # Heimdall 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | - traefik as a reverse proxy in front of it 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the domain and the time zone in the `.env`. 11 | ```yaml 12 | DOMAIN="example.com" 13 | TimeZone='Europe/Berlin' 14 | ``` 15 | ```sh 16 | $ cd heimdall 17 | $ docker-compose up -d 18 | ``` 19 | or 20 | ```sh 21 | ./docker.sh -S heimdall -r 22 | ``` 23 | 24 | Done. Now open https://example.com or https://www.example.com 25 | ![heimdall](img/heimdall.png) 26 | 27 | # Source 28 | - [linuxserver.io docs](https://docs.linuxserver.io/images/docker-heimdall) -------------------------------------------------------------------------------- /heimdall/data.tmpl/www/.env: -------------------------------------------------------------------------------- 1 | APP_NAME=Heimdall 2 | APP_ENV=local 3 | APP_KEY=base64:EOHQFrME/0RWUmBp6uRCDrf8D0+n0RvPUx6+CEIov0A= 4 | APP_DEBUG=false 5 | APP_URL=https:// 6 | 7 | LOG_CHANNEL=daily 8 | 9 | DB_CONNECTION=sqlite 10 | DB_DATABASE=app.sqlite 11 | 12 | BROADCAST_DRIVER=log 13 | CACHE_DRIVER=file 14 | QUEUE_CONNECTION=sync 15 | SESSION_DRIVER=file 16 | SESSION_LIFETIME=120 17 | QUEUE_DRIVER=database 18 | 19 | REDIS_HOST=127.0.0.1 20 | REDIS_PASSWORD=null 21 | REDIS_PORT=6379 22 | 23 | MAIL_MAILER=smtp 24 | MAIL_HOST=smtp.mailtrap.io 25 | MAIL_PORT=2525 26 | MAIL_USERNAME=null 27 | MAIL_PASSWORD=null 28 | MAIL_ENCRYPTION=null 29 | MAIL_FROM_ADDRESS=null 30 | MAIL_FROM_NAME="${APP_NAME}" 31 | 32 | AWS_ACCESS_KEY_ID= 33 | AWS_SECRET_ACCESS_KEY= 34 | AWS_DEFAULT_REGION=us-east-1 35 | AWS_BUCKET= 36 | 37 | PUSHER_APP_ID= 38 | PUSHER_APP_KEY= 39 | PUSHER_APP_SECRET= 40 | PUSHER_APP_CLUSTER=mt1 41 | 42 | MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" 43 | MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" 44 | -------------------------------------------------------------------------------- /heimdall/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### heimdall ##### 4 | ############################################### 5 | heimdall: 6 | image: lscr.io/linuxserver/heimdall 7 | container_name: heimdall 8 | restart: unless-stopped 9 | environment: 10 | - PUID=1000 11 | - PGID=1000 12 | - TZ=${TimeZone} 13 | volumes: 14 | - ./data:/config 15 | networks: 16 | - proxy 17 | labels: 18 | - "traefik.enable=true" #<== Enable traefik 19 | - "traefik.http.routers.heimdall-secured.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)" #<== Set domain 20 | - "traefik.http.routers.heimdall-secured.entrypoints=websecure" #<== Set entry point for HTTPS 21 | - "traefik.http.routers.heimdall-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 22 | - "traefik.http.routers.heimdall-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 23 | - "traefik.http.routers.heimdall-secured.service=heimdall-service" #<== Set service 24 | - "traefik.http.services.heimdall-service.loadbalancer.server.port=80" #<== Set target port on container 25 | 26 | networks: 27 | proxy: 28 | external: true -------------------------------------------------------------------------------- /heimdall/img/heimdall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/heimdall/img/heimdall.png -------------------------------------------------------------------------------- /homarr/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN='example.com' 2 | EDIT_MODE_PASSWORD='superawesomepassphrase!' -------------------------------------------------------------------------------- /homarr/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /homarr/Readme.md: -------------------------------------------------------------------------------- 1 | # Homarr - Dashboard made easy 2 | 3 | Origin: https://github.com/ajnart/homarr 4 | 5 | Install 6 | 7 | ```sh 8 | $ cp sample.env .env 9 | $ code .env 10 | ``` 11 | 12 | edit your stuff as needed 13 | 14 | ```sh 15 | $ docker-compose up -d 16 | ``` 17 | 18 | visit home.youreawesome.local 19 | 20 | Nice work dude! -------------------------------------------------------------------------------- /homarr/docker-compose.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------------------------------------------# 2 | # Homarr - A simple, yet powerful dashboard for your server. # 3 | #---------------------------------------------------------------------# 4 | services: 5 | homarr: 6 | container_name: homarr 7 | image: ghcr.io/ajnart/homarr:latest 8 | restart: unless-stopped 9 | volumes: 10 | - ./data/configs:/app/data/configs 11 | - ./data/icons:/app/public/icons 12 | - ./data/data:/data 13 | #ports: 14 | # - '7575:7575' 15 | networks: 16 | - proxy 17 | labels: 18 | - "traefik.enable=true" #<== Enable traefik 19 | - "traefik.http.routers.homarr-secured.rule=Host(`homarr.${DOMAIN}`)" #<== Set domain 20 | - "traefik.http.routers.homarr-secured.entrypoints=websecure" #<== Set entry point for HTTPS 21 | - "traefik.http.routers.homarr-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 22 | - "traefik.http.routers.homarr-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 23 | - "traefik.http.routers.homarr-secured.service=homarr-service" #<== Set service 24 | - "traefik.http.services.homarr-service.loadbalancer.server.port=7575" #<== Set target port on container 25 | 26 | networks: 27 | proxy: 28 | external: true -------------------------------------------------------------------------------- /mailu/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TraefikPath='../proxy/data/traefik/letsencrypt' -------------------------------------------------------------------------------- /mailu/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | mailu.env -------------------------------------------------------------------------------- /mailu/README.md: -------------------------------------------------------------------------------- 1 | # Mailu 1.8 with Traefik 2 | 3 | ## Old documentation: A new version was released: [Mailu 1.9](https://setup.mailu.io/1.9/) 4 | # Learn about SPF, DKIM, DMARC 5 | - [learndmarc](https://www.learndmarc.com/#) 6 | 7 | # Setup 8 | ### 1. Mailu configuration assistant 9 | Goto https://setup.mailu.io 10 | Do the Mailu configuration: 11 | ![](img/setup1.png) 12 | ![](img/setup2.png) 13 | ![](img/setup3.png) 14 | ![](img/setup4.png) 15 | ![](img/setup5.png) 16 | 17 | ### 2. mailu.env 18 | SSH on your server and executre this commands: 19 | - Replace this link (`https://setup.mailu.io/1.8/file/0000000000000000000000/mailu.env`) with the one from the Mailu configuration (picture below): 20 | -- ```mkdir /home/Docker/Mailu/``` 21 | -- ```cd /home/Docker/Mailu/``` 22 | -- ```wget https://setup.mailu.io/1.8/file/0000000000000000000000/mailu.env``` 23 | 24 | ![](img/setup6.png) 25 | 26 | - Change the key: 27 | -- ```sudo apt install pwgen``` 28 | -- ```pwgen 16``` 29 | ``` 30 | Bei4aebe0aexuvae egh4BooPhohpaiv0 veeR2ieYoRahngah rie2ieFah6Cosh5u 31 | Oxaa4eedo1oomohn quoh6aephoom5aeB gaixeeQua0Dae3na ahh7lai1Ai4Koox2 32 | xahzeX8iog1oocei ahF8xou2heeyoozi ieR1AhWei6ueghie idoophisai2ohS6a 33 | saiBai9chaephei9 Ahng7Dahqu0iegai loi8og2Aengahqu9 aixe0ahc6jooZaem 34 | quohph7eiZ5Ep8xi tahziePhuzeem1ni oodehiqueig0ahSh isoon1eiphaiSh3u 35 | Ahxai9fahchoo3Ae iehue9miehoHai6g phusee0eepieyoeJ oopaeng5EeHe9eeY 36 | igheiphoH6shuphi ekeesahpiufohPh3 boo3jaingieM2cik the1Phaiweiw9Ohp 37 | ... 38 | ``` 39 | -- Replace the `SECRET_KEY=` in the mailu.env with one of the random generated above 40 | ![](img/setup7.png) 41 | 42 | 43 | 44 | ### 3. Docker-compose 45 | Get the ``.env`` and `docker-compose.yml` file from this repo 46 | 47 | ``.env`` (Defining of variables) 48 | ```yml 49 | DOMAIN="example.com" 50 | TraefikPath='../proxy/data/traefik/letsencrypt' 51 | ``` 52 | 53 | Alternavly you can downloade the `docker-compose.yml` from Mailu configuration, like in the picte on step 2 shown. But than you have to configure the docker-compose file for traefik by your selfe. 54 | ```wget https://setup.mailu.io/1.8/file/0000000000000000000000/docker-compose.yml``` 55 | 56 | ### 4. Start Mailu 57 | - Start Docker-compose: `docker-compose -s` 58 | 59 | - Stop/Remove Container: `docker-compose down` 60 | 61 | ### 5. Add admin user 62 | Create admin user: 63 | ```docker-compose exec admin flask mailu admin USER example.com 'PASSWORD'``` 64 | 65 | ## Configure Mailu 66 | https://mail.example.com/admin 67 | ![](img/setup8.png) 68 | 69 | ![](img/setup9.png) 70 | 71 | ![](img/setup10.png) 72 | 73 | ![](img/setup11.png) 74 | 75 | 76 | 77 | 78 | 79 | ## Configue DNS-Records 80 | 81 | ![](img/setup12.png) 82 | 83 | ![](img/setup13.png) 84 | 85 | ![](img/setup14.png) 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | ![](img/setup15.png) 97 | ![](img/setup16.png) 98 | 99 | ![](img/setup17.png) 100 | 101 | ## Test Mail Server 102 | 103 | https://mxtoolbox.com/emailhealth/ 104 | ![](img/setup18.png) 105 | 106 | 107 | https://mail-tester.com 108 | ![](img/setup19.png) 109 | 110 | https://www.gmass.co/smtp-test 111 | ![](img/setup20.png) 112 | 113 | ``` 114 | Connected to smtp://**********:587/?starttls=when-available 115 | << 220 mail.://**********: ESMTP ready 116 | >> EHLO [172.31.10.74] 117 | << 250-mail.://**********: 118 | << 250-PIPELINING 119 | << 250-SIZE 120 | << 250-50000000 121 | << 250-ETRN 122 | << 250-ENHANCEDSTATUSCODES 123 | << 250-8BITMIME 124 | << 250-DSN 125 | << 250 STARTTLS 126 | >> STARTTLS 127 | << 220 2.0.0 Start TLS 128 | >> EHLO [172.31.10.74] 129 | << 250-mail.://**********: 130 | << 250-PIPELINING 131 | << 250-SIZE 132 | << 250-50000000 133 | << 250-ETRN 134 | << 250-ENHANCEDSTATUSCODES 135 | << 250-8BITMIME 136 | << 250-DSN 137 | << 250 AUTH PLAIN LOGIN 138 | >> AUTH PLAIN AHRlc3RAa3JvcHAubGluawAxMjM0NTY3ODk= 139 | << 235 2.0.0 OK 140 | >> MAIL FROM: SIZE=563 141 | >> RCPT TO: 142 | << 250 2.1.0 Ok 143 | << 250 2.1.5 Ok 144 | >> DATA 145 | << 354 End data with . 146 | >> From: test@://**********: 147 | >> Date: Fri, 08 Oct 2021 20:13:14 퍍 148 | >> Subject: SMTP test from ://**********: 149 | >> Message-Id: 150 | >> To: test-vknhjahff@srv1.mail-tester.com 151 | >> MIME-Version: 1.0 152 | >> Content-Type: multipart/alternative; boundary="=-E/J5P2H2106HKtH4EakxHA==" 153 | >> 154 | >> --=-E/J5P2H2106HKtH4EakxHA== 155 | >> Content-Type: text/plain; charset=utf-8 156 | >> 157 | >> Test message 158 | >> --=-E/J5P2H2106HKtH4EakxHA== 159 | >> Content-Type: text/html; charset=utf-8 160 | >> Content-Id: 161 | >> 162 | >> Test message 163 | >> --=-E/J5P2H2106HKtH4EakxHA==-- 164 | >> . 165 | << 250 2.0.0 Ok: queued as AFBF4A03D2C 166 | ``` 167 | ![](img/setup21.png) 168 | 169 | 170 | ![](img/setup22.png) 171 | 172 | ![](img/setup23.png) 173 | 174 | 175 | https://www.gmass.co/smtp-test 176 | 177 | 178 | 179 | ## Source 180 | 181 |
182 | 183 | 184 | 185 |
186 | 187 | - [Mailu configuration](https://setup.mailu.io/) 188 | - [Mailu docs](https://mailu.io/1.6/reverse.html) 189 | - [SMTP Test Tool](https://www.gmass.co/smtp-test) 190 | - [Test the Spammyness of your Emails](https://mail-tester.com) 191 | - [Mailu & Traefik](https://github.com/Mailu/Mailu/issues/1038) 192 | - [Traefik as reverse proxy](https://mailu.io/master/reverse.html#traefik-as-reverse-proxy) 193 | - [Mxtoolbox](https://mxtoolbox.com/emailhealth) 194 | - [SPF records for HELO/EHLO names](http://www.open-spf.org/action_browse_id_FAQ/Common_mistakes_revision_26/#helo) 195 | - [Spam Database Query](https://www.uceprotect.net/en/rblcheck.php) -------------------------------------------------------------------------------- /mailu/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### Mailu ##### 4 | ############################################### 5 | # External dependencies 6 | redis: 7 | container_name: mailu-redis 8 | image: redis:alpine 9 | restart: unless-stopped 10 | volumes: 11 | - "./data/redis:/data" 12 | 13 | front: 14 | image: mailu-front 15 | container_name: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8} 16 | restart: unless-stopped 17 | depends_on: 18 | - redis 19 | - certdumper 20 | - resolver 21 | - admin 22 | - webdav 23 | env_file: mailu.env 24 | logging: 25 | driver: json-file 26 | volumes: 27 | - "./data/certs:/certs" 28 | - "./data/overrides/nginx:/overrides:ro" 29 | #ports: 30 | #- "1000:80" 31 | #- "443:443" 32 | #- "25:25" 33 | #- "465:465" 34 | #- "587:587" 35 | #- "110:110" 36 | #- "995:995" 37 | #- "143:143" 38 | #- "993:993" 39 | networks: 40 | - proxy 41 | - mailu 42 | labels: 43 | - "traefik.enable=true" #<== Enable traefik 44 | - "traefik.http.routers.mailu-secured.rule=Host(`mail.${DOMAIN}`)" #<== Set domain 45 | - "traefik.http.routers.mailu-secured.entrypoints=websecure" #<== Set entry point for HTTPS 46 | - "traefik.http.routers.mailu-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 47 | - "traefik.http.routers.mailu-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 48 | - "traefik.http.routers.mailu-secured.service=mailu-service" #<== Set service 49 | - "traefik.http.services.mailu-service.loadbalancer.server.port=80" #<== Set target port on container 50 | 51 | - "traefik.tcp.routers.mailu-smtp-relay.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 52 | - "traefik.tcp.routers.mailu-smtp-relay.entrypoints=smtp-25" #<== Set entry point for smtp 25 53 | - "traefik.tcp.routers.mailu-smtp-relay.tls=false" #<== Disable encryption 54 | - "traefik.tcp.routers.mailu-smtp-relay.service=mailu-smtp-relay-service" #<== Set service 55 | - "traefik.tcp.services.mailu-smtp-relay-service.loadbalancer.server.port=25" #<== Set target port on container 56 | 57 | - "traefik.tcp.routers.mailu-smtp-ssl.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 58 | - "traefik.tcp.routers.mailu-smtp-ssl.entrypoints=smtp-465" #<== Set entry point for smtp 465 59 | - "traefik.tcp.routers.mailu-smtp-ssl.tls.passthrough=true" #<== TLS passthrough. Mailu will take care of the encryption 60 | - "traefik.tcp.routers.mailu-smtp-ssl.service=mailu-smtp-ssl-service" #<== Set service 61 | - "traefik.tcp.services.mailu-smtp-ssl-service.loadbalancer.server.port=465" #<== Set target port on container 62 | 63 | - "traefik.tcp.routers.mailu-smtp.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 64 | - "traefik.tcp.routers.mailu-smtp.entrypoints=smtp-587" #<== Set entry point for smtp 587 65 | - "traefik.tcp.routers.mailu-smtp.tls.passthrough=true" #<== TLS passthrough. Mailu will take care of the encryption 66 | - "traefik.tcp.routers.mailu-smtp.service=mailu-smtp-service" #<== Set service 67 | - "traefik.tcp.services.mailu-smtp-service.loadbalancer.server.port=587" #<== Set target port on container 68 | 69 | # - "traefik.tcp.routers.mailu-smtp-2525.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 70 | # - "traefik.tcp.routers.mailu-smtp-2525.entrypoints=smtp-2525" #<== Set entry point for smtp 2525 71 | # - "traefik.tcp.routers.mailu-smtp-2525.tls.passthrough=true" #<== TLS passthrough. Mailu will take care of the encryption 72 | # - "traefik.tcp.routers.mailu-smtp-2525.service=mailu-smtp-service" #<== Set service 73 | 74 | # - "traefik.tcp.routers.mailu-pop3.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 75 | # - "traefik.tcp.routers.mailu-pop3.entrypoints=pop-110" #<== Set entry point for pop3 110 76 | # - "traefik.tcp.routers.mailu-pop3.tls=false" #<== Disable encryption 77 | # - "traefik.tcp.routers.mailu-pop3.service=mailu-pop3-service" #<== Set service 78 | # - "traefik.tcp.services.mailu-pop3-service.loadbalancer.server.port=110" #<== Set target port on container 79 | 80 | - "traefik.tcp.routers.mailu-pop3-ssl.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 81 | - "traefik.tcp.routers.mailu-pop3-ssl.entrypoints=pop-995" #<== Set entry point for pop3 110 82 | - "traefik.tcp.routers.mailu-pop3-ssl.tls.passthrough=true" #<== TLS passthrough. Mailu will take care of the encryption 83 | - "traefik.tcp.routers.mailu-pop3-ssl.service=mailu-pop3-ssl-service" #<== Set service 84 | - "traefik.tcp.services.mailu-pop3-ssl-service.loadbalancer.server.port=995" #<== Set target port on container 85 | 86 | # - "traefik.tcp.routers.mailu-imap.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 87 | # - "traefik.tcp.routers.mailu-imap.entrypoints=imap-143" #<== Set entry point for pop3 110 88 | # - "traefik.tcp.routers.mailu-imap.tls=false" #<== Disable encryption 89 | # - "traefik.tcp.routers.mailu-imap.service=mailu-imap-service" #<== Set service 90 | # - "traefik.tcp.services.mailu-imap-service.loadbalancer.server.port=143" #<== Set target port on container 91 | 92 | - "traefik.tcp.routers.mailu-imap-ssl.rule=HostSNI(`mail.${DOMAIN}`)" #<== Set domain 93 | - "traefik.tcp.routers.mailu-imap-ssl.entrypoints=imap-993" #<== Set entry point for pop3 110 94 | - "traefik.tcp.routers.mailu-imap-ssl.tls.passthrough=true" #<== TLS passthrough. Mailu will take care of the encryption 95 | - "traefik.tcp.routers.mailu-imap-ssl.service=mailu-imap-ssl-service" #<== Set service 96 | - "traefik.tcp.services.mailu-imap-ssl-service.loadbalancer.server.port=993" #<== Set target port on container 97 | 98 | 99 | certdumper: 100 | container_name: mailu-certdumper 101 | restart: unless-stopped 102 | image: mailu/traefik-certdumper:${MAILU_VERSION:-1.8} 103 | environment: 104 | - TRAEFIK_VERSION=v2 105 | - DOMAIN=mail.${DOMAIN} 106 | volumes: 107 | - "${TraefikPath}:/traefik" 108 | - "./data/certs:/output" 109 | 110 | 111 | resolver: 112 | container_name: mailu-resolver 113 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-1.8} 114 | env_file: mailu.env 115 | restart: unless-stopped 116 | networks: 117 | mailu: 118 | ipv4_address: 192.168.203.254 119 | 120 | admin: 121 | container_name: mailu-admin 122 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-1.8} 123 | restart: unless-stopped 124 | env_file: mailu.env 125 | volumes: 126 | - "./data/data:/data" 127 | - "./data/dkim:/dkim" 128 | depends_on: 129 | - redis 130 | 131 | imap: 132 | container_name: mailu-imap 133 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8} 134 | restart: unless-stopped 135 | env_file: mailu.env 136 | volumes: 137 | - "./data/mail:/mail" 138 | - "./data/overrides/dovecot:/overrides:ro" 139 | depends_on: 140 | - front 141 | 142 | smtp: 143 | container_name: mailu-smtp 144 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8} 145 | restart: unless-stopped 146 | env_file: mailu.env 147 | volumes: 148 | - "./data/mailqueue:/queue" 149 | - "./data/overrides/postfix:/overrides:ro" 150 | depends_on: 151 | - front 152 | - resolver 153 | dns: 154 | - 192.168.203.254 155 | 156 | antispam: 157 | container_name: mailu-antispam 158 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8} 159 | hostname: antispam 160 | restart: unless-stopped 161 | env_file: mailu.env 162 | volumes: 163 | - "./data/filter:/var/lib/rspamd" 164 | - "./data/dkim:/dkim:ro" 165 | - "./data/overrides/rspamd:/etc/rspamd/override.d:ro" 166 | depends_on: 167 | - front 168 | - resolver 169 | dns: 170 | - 192.168.203.254 171 | 172 | # Optional services 173 | antivirus: 174 | container_name: mailu-antivirus 175 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-1.8} 176 | restart: unless-stopped 177 | env_file: mailu.env 178 | volumes: 179 | - "./data/filter:/data" 180 | depends_on: 181 | - resolver 182 | dns: 183 | - 192.168.203.254 184 | 185 | webdav: 186 | container_name: mailu-webdav 187 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8} 188 | restart: unless-stopped 189 | env_file: mailu.env 190 | volumes: 191 | - "./data/dav:/data" 192 | 193 | fetchmail: 194 | container_name: mailu-fetchmail 195 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} 196 | restart: unless-stopped 197 | env_file: mailu.env 198 | depends_on: 199 | - resolver 200 | dns: 201 | - 192.168.203.254 202 | 203 | # Webmail 204 | webmail: 205 | container_name: mailu-webmail 206 | image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}roundcube:${MAILU_VERSION:-1.8} 207 | restart: unless-stopped 208 | env_file: mailu.env 209 | volumes: 210 | - "./data/webmail:/data" 211 | depends_on: 212 | - imap 213 | 214 | 215 | networks: 216 | mailu: 217 | name: mailu-backend 218 | driver: bridge 219 | ipam: 220 | driver: mailu 221 | config: 222 | - subnet: 192.168.203.0/24 223 | gateway: 192.168.203.1 224 | proxy: 225 | external: true -------------------------------------------------------------------------------- /mailu/img/setup1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup1.png -------------------------------------------------------------------------------- /mailu/img/setup10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup10.png -------------------------------------------------------------------------------- /mailu/img/setup11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup11.png -------------------------------------------------------------------------------- /mailu/img/setup12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup12.png -------------------------------------------------------------------------------- /mailu/img/setup13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup13.png -------------------------------------------------------------------------------- /mailu/img/setup14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup14.png -------------------------------------------------------------------------------- /mailu/img/setup15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup15.png -------------------------------------------------------------------------------- /mailu/img/setup16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup16.png -------------------------------------------------------------------------------- /mailu/img/setup17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup17.png -------------------------------------------------------------------------------- /mailu/img/setup18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup18.png -------------------------------------------------------------------------------- /mailu/img/setup19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup19.png -------------------------------------------------------------------------------- /mailu/img/setup2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup2.png -------------------------------------------------------------------------------- /mailu/img/setup20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup20.png -------------------------------------------------------------------------------- /mailu/img/setup21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup21.png -------------------------------------------------------------------------------- /mailu/img/setup22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup22.png -------------------------------------------------------------------------------- /mailu/img/setup23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup23.png -------------------------------------------------------------------------------- /mailu/img/setup3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup3.png -------------------------------------------------------------------------------- /mailu/img/setup4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup4.png -------------------------------------------------------------------------------- /mailu/img/setup5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup5.png -------------------------------------------------------------------------------- /mailu/img/setup6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup6.png -------------------------------------------------------------------------------- /mailu/img/setup7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup7.png -------------------------------------------------------------------------------- /mailu/img/setup8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup8.png -------------------------------------------------------------------------------- /mailu/img/setup9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/mailu/img/setup9.png -------------------------------------------------------------------------------- /mailu/mailu.env: -------------------------------------------------------------------------------- 1 | # Mailu main configuration file 2 | # 3 | # This file is autogenerated by the configuration management wizard for compose flavor. 4 | # For a detailed list of configuration variables, see the documentation at 5 | # https://mailu.io 6 | 7 | ################################### 8 | # Common configuration variables 9 | ################################### 10 | 11 | # Set to a randomly generated 16 bytes string 12 | SECRET_KEY=isoon1eiphaiSh3u 13 | 14 | # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) 15 | SUBNET=192.168.203.0/24 16 | 17 | # Main mail domain 18 | DOMAIN=example.com 19 | 20 | # Hostnames for this server, separated with comas 21 | HOSTNAMES=mail.example.com 22 | 23 | # Postmaster local part (will append the main mail domain) 24 | POSTMASTER=postmaster 25 | 26 | # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) 27 | TLS_FLAVOR=mail 28 | 29 | # Authentication rate limit (per source IP address) 30 | AUTH_RATELIMIT=10000/minute 31 | 32 | # Opt-out of statistics, replace with "True" to opt out 33 | DISABLE_STATISTICS=False 34 | 35 | ################################### 36 | # Optional features 37 | ################################### 38 | 39 | # Expose the admin interface (value: true, false) 40 | ADMIN=true 41 | 42 | # Choose which webmail to run if any (values: roundcube, rainloop, none) 43 | WEBMAIL=roundcube 44 | 45 | # Dav server implementation (value: radicale, none) 46 | WEBDAV=radicale 47 | 48 | # Antivirus solution (value: clamav, none) 49 | ANTIVIRUS=clamav 50 | 51 | ################################### 52 | # Mail settings 53 | ################################### 54 | 55 | # Message size limit in bytes 56 | # Default: accept messages up to 50MB 57 | # Max attachment size will be 33% smaller 58 | MESSAGE_SIZE_LIMIT=50000000 59 | 60 | # Networks granted relay permissions 61 | # Use this with care, all hosts in this networks will be able to send mail without authentication! 62 | RELAYNETS= 63 | 64 | # Will relay all outgoing mails if configured 65 | RELAYHOST= 66 | 67 | # Fetchmail delay 68 | FETCHMAIL_DELAY=600 69 | 70 | # Recipient delimiter, character used to delimiter localpart from custom address part 71 | RECIPIENT_DELIMITER=+ 72 | 73 | # DMARC rua and ruf email 74 | DMARC_RUA=postmaster 75 | DMARC_RUF=postmaster 76 | 77 | # Welcome email, enable and set a topic and body if you wish to send welcome 78 | # emails to all users. 79 | WELCOME=false 80 | WELCOME_SUBJECT=Welcome to your new email account 81 | WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly! 82 | 83 | # Maildir Compression 84 | # choose compression-method, default: none (value: bz2, gz) 85 | COMPRESSION= 86 | # change compression-level, default: 6 (value: 1-9) 87 | COMPRESSION_LEVEL= 88 | 89 | # IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature. 90 | # FULL_TEXT_SEARCH=off 91 | 92 | ################################### 93 | # Web settings 94 | ################################### 95 | 96 | # Path to redirect / to 97 | WEBROOT_REDIRECT=/ 98 | 99 | # Path to the admin interface if enabled 100 | WEB_ADMIN=/admin 101 | 102 | # Path to the webmail if enabled 103 | WEB_WEBMAIL=/ 104 | 105 | # Website name 106 | SITENAME=Mailu 107 | 108 | # Linked Website URL 109 | WEBSITE=https://example.com 110 | 111 | WEB_IMPRINT=https://imprint.example.com 112 | 113 | 114 | 115 | ################################### 116 | # Advanced settings 117 | ################################### 118 | 119 | # Log driver for front service. Possible values: 120 | # json-file (default) 121 | # journald (On systemd platforms, useful for Fail2Ban integration) 122 | # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) 123 | # LOG_DRIVER=json-file 124 | 125 | # Docker-compose project name, this will prepended to containers names. 126 | COMPOSE_PROJECT_NAME=mailu 127 | 128 | # Default password scheme used for newly created accounts and changed passwords 129 | # (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT) 130 | PASSWORD_SCHEME=PBKDF2 131 | 132 | # Header to take the real ip from 133 | REAL_IP_HEADER= 134 | 135 | # IPs for nginx set_real_ip_from (CIDR list separated by commas) 136 | REAL_IP_FROM= 137 | 138 | # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) 139 | REJECT_UNLISTED_RECIPIENT= 140 | 141 | # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) 142 | LOG_LEVEL=WARNING 143 | 144 | ################################### 145 | # Database settings 146 | ################################### 147 | DB_FLAVOR=sqlite 148 | -------------------------------------------------------------------------------- /minecraft/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" -------------------------------------------------------------------------------- /minecraft/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /minecraft/README.md: -------------------------------------------------------------------------------- 1 | # Minecraft 2 | 3 | This will setup 2 Minecraft servers with a `Velocity` proxy and `Geyser-Velocity` and `floodgate-velocity` plugin in front of it. In the end, you will be able to play with all Minecraft versions. This includes Minecraft java edition and Minecraft bedrock edition. 4 | 5 | # Requirements 6 | - Docker 7 | - Docker-compose 8 | - traefik as a reverse proxy in front of it 9 | 10 | 11 | # Setup 12 | ## `.env` file 13 | Change the domain in the `.env` file. 14 | ```yaml 15 | DOMAIN="example.com" 16 | ``` 17 | ## Create necessary files 18 | ```sh 19 | mkdir minecraft/data/filebrowser 20 | touch minecraft/data/filebrowser/filebrowser.db 21 | docker-compose up -d 22 | sleep 100 23 | docker-compose down 24 | sudo chown 1000:1000 minecraft/data -R 25 | cd minecraft/data/minecraft/proxy/plugins/ 26 | wget https://ci.opencollab.dev//job/GeyserMC/job/Geyser/job/master/lastSuccessfulBuild/artifact/bootstrap/velocity/build/libs/Geyser-Velocity.jar 27 | wget https://ci.opencollab.dev/job/GeyserMC/job/Floodgate/job/master/lastSuccessfulBuild/artifact/velocity/build/libs/floodgate-velocity.jar 28 | cd ../../../../../ 29 | ``` 30 | 31 | ## Edit velocity.toml 32 | 33 | `nano minecraft/data/minecraft/proxy/velocity.toml`\ 34 | old: 35 | ```yaml 36 | 37 | # Should we authenticate players with Mojang? By default, this is on. 38 | online-mode = true 39 | 40 | # Should the proxy enforce the new public key security standard? By default, this is on. 41 | force-key-authentication = true 42 | 43 | ... 44 | 45 | [servers] 46 | # Configure your servers here. Each key represents the server's name, and the value 47 | # represents the IP address of the server to connect to. 48 | lobby = "127.0.0.1:30066" 49 | factions = "127.0.0.1:30067" 50 | minigames = "127.0.0.1:30068" 51 | 52 | # In what order we should try servers when a player logs in or is kicked from a server. 53 | try = [ 54 | "lobby" 55 | ] 56 | ``` 57 | 58 | new: 59 | ```yaml 60 | 61 | # Should we authenticate players with Mojang? By default, this is on. 62 | online-mode = false 63 | 64 | # Should the proxy enforce the new public key security standard? By default, this is on. 65 | force-key-authentication = false 66 | 67 | ... 68 | 69 | [servers] 70 | # Configure your servers here. Each key represents the server's name, and the value 71 | # represents the IP address of the server to connect to. 72 | lobby = "mc1:25565" 73 | factions = "mc1:25565" 74 | minigames = "mc2:25565" 75 | 76 | # In what order we should try servers when a player logs in or is kicked from a server. 77 | try = [ 78 | "lobby" 79 | ] 80 | ``` 81 | 82 | 83 | ## Edit server.properties 84 | `minecraft/data/minecraft/mc1/server.properties` and `minecraft/data/minecraft/mc2/server.properties` 85 | `nano minecraft/data/minecraft/mc1/server.properties` 86 | `nano minecraft/data/minecraft/mc2/server.properties`\ 87 | old: 88 | ```yaml 89 | online-mode=true 90 | enforce-secure-profile=true 91 | ``` 92 | 93 | new: 94 | ```yaml 95 | online-mode=false 96 | enforce-secure-profile=false 97 | ``` 98 | 99 | ## Edit config.yml 100 | `nano minecraft/data/minecraft/proxy/plugins/Geyser-Velocity/config.yml`\ 101 | old: 102 | ```yaml 103 | remote: 104 | # The IP address of the remote (Java Edition) server 105 | # If it is "auto", for standalone version the remote address will be set to 127.0.0.1, 106 | # for plugin versions, it is recommended to keep this as "auto" so Geyser will automatically configure address, port, and auth-type. 107 | # Leave as "auto" if floodgate is installed. 108 | address: auto 109 | # The port of the remote (Java Edition) server 110 | # For plugin versions, if address has been set to "auto", the port will also follow the server's listening port. 111 | port: 25565 112 | # Authentication type. Can be offline, online, or floodgate (see https://github.com/GeyserMC/Geyser/wiki/Floodgate). 113 | # For plugin versions, it's recommended to keep the `address` field to "auto" so Floodgate support is automatically configured. 114 | # If Floodgate is installed and `address:` is set to "auto", then "auth-type: floodgate" will automatically be used. 115 | auth-type: online 116 | ``` 117 | 118 | new: 119 | ```yaml 120 | remote: 121 | # The IP address of the remote (Java Edition) server 122 | # If it is "auto", for standalone version the remote address will be set to 127.0.0.1, 123 | # for plugin versions, it is recommended to keep this as "auto" so Geyser will automatically configure address, port, and auth-type. 124 | # Leave as "auto" if floodgate is installed. 125 | address: mc 126 | # The port of the remote (Java Edition) server 127 | # For plugin versions, if address has been set to "auto", the port will also follow the server's listening port. 128 | port: 25565 129 | # Authentication type. Can be offline, online, or floodgate (see https://github.com/GeyserMC/Geyser/wiki/Floodgate). 130 | # For plugin versions, it's recommended to keep the `address` field to "auto" so Floodgate support is automatically configured. 131 | # If Floodgate is installed and `address:` is set to "auto", then "auth-type: floodgate" will automatically be used. 132 | auth-type: floodgate 133 | ``` 134 | 135 | ## Start the containers 136 | ```sh 137 | $ cd minecraft 138 | $ docker-compose up -d 139 | ``` 140 | or use the shell script in the root directory of this repo 141 | ```sh 142 | ./docker.sh -S minecraft -r 143 | ``` 144 | 145 | Done. Now open https://mc-files.example.com and have fun playing on your minecraft server 146 | 147 | ### One your mobile device: 148 | ![](img/img1.png) 149 | ![](img/img2.png) 150 | 151 | ### One your pc: 152 | ![](img/img3.png) 153 | ![](img/img4.png) 154 | 155 | ### Web interface for files 156 | ![](img/img5.png) 157 | ![](img/img6.png) -------------------------------------------------------------------------------- /minecraft/data.tmpl/filebrowser/filebrowser.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/minecraft/data.tmpl/filebrowser/filebrowser.db -------------------------------------------------------------------------------- /minecraft/data.tmpl/minecraft/mc1/server.properties: -------------------------------------------------------------------------------- 1 | #Minecraft server properties 2 | #Wed Oct 05 13:01:21 CEST 2022 3 | enable-jmx-monitoring=false 4 | rcon.port=25575 5 | level-seed= 6 | gamemode=survival 7 | enable-command-block=false 8 | enable-query=false 9 | generator-settings={} 10 | enforce-secure-profile=false 11 | level-name=world 12 | motd=A Vanilla Minecraft Server powered by Docker 13 | query.port=25565 14 | pvp=true 15 | generate-structures=true 16 | max-chained-neighbor-updates=1000000 17 | difficulty=easy 18 | network-compression-threshold=256 19 | max-tick-time=60000 20 | require-resource-pack=false 21 | use-native-transport=true 22 | max-players=20 23 | online-mode=false 24 | enable-status=true 25 | allow-flight=false 26 | broadcast-rcon-to-ops=true 27 | view-distance=10 28 | server-ip= 29 | resource-pack-prompt= 30 | allow-nether=true 31 | server-port=25565 32 | enable-rcon=true 33 | sync-chunk-writes=true 34 | op-permission-level=4 35 | prevent-proxy-connections=false 36 | hide-online-players=false 37 | resource-pack= 38 | entity-broadcast-range-percentage=100 39 | simulation-distance=10 40 | rcon.password=minecraft 41 | player-idle-timeout=0 42 | force-gamemode=false 43 | rate-limit=0 44 | hardcore=false 45 | white-list=false 46 | broadcast-console-to-ops=true 47 | spawn-npcs=true 48 | previews-chat=false 49 | spawn-animals=true 50 | function-permission-level=2 51 | level-type=minecraft\:normal 52 | text-filtering-config= 53 | spawn-monsters=true 54 | enforce-whitelist=false 55 | spawn-protection=16 56 | resource-pack-sha1= 57 | max-world-size=29999984 58 | -------------------------------------------------------------------------------- /minecraft/data.tmpl/minecraft/mc2/server.properties: -------------------------------------------------------------------------------- 1 | #Minecraft server properties 2 | #Wed Oct 05 13:01:21 CEST 2022 3 | enable-jmx-monitoring=false 4 | rcon.port=25575 5 | level-seed= 6 | gamemode=survival 7 | enable-command-block=false 8 | enable-query=false 9 | generator-settings={} 10 | enforce-secure-profile=false 11 | level-name=world 12 | motd=A Vanilla Minecraft Server powered by Docker 13 | query.port=25565 14 | pvp=true 15 | generate-structures=true 16 | max-chained-neighbor-updates=1000000 17 | difficulty=easy 18 | network-compression-threshold=256 19 | max-tick-time=60000 20 | require-resource-pack=false 21 | use-native-transport=true 22 | max-players=20 23 | online-mode=false 24 | enable-status=true 25 | allow-flight=false 26 | broadcast-rcon-to-ops=true 27 | view-distance=10 28 | server-ip= 29 | resource-pack-prompt= 30 | allow-nether=true 31 | server-port=25565 32 | enable-rcon=true 33 | sync-chunk-writes=true 34 | op-permission-level=4 35 | prevent-proxy-connections=false 36 | hide-online-players=false 37 | resource-pack= 38 | entity-broadcast-range-percentage=100 39 | simulation-distance=10 40 | rcon.password=minecraft 41 | player-idle-timeout=0 42 | force-gamemode=false 43 | rate-limit=0 44 | hardcore=false 45 | white-list=false 46 | broadcast-console-to-ops=true 47 | spawn-npcs=true 48 | previews-chat=false 49 | spawn-animals=true 50 | function-permission-level=2 51 | level-type=minecraft\:normal 52 | text-filtering-config= 53 | spawn-monsters=true 54 | enforce-whitelist=false 55 | spawn-protection=16 56 | resource-pack-sha1= 57 | max-world-size=29999984 58 | -------------------------------------------------------------------------------- /minecraft/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### Minecraft ##### 4 | ############################################### 5 | mc-proxy: 6 | image: itzg/bungeecord:latest 7 | container_name: mc-proxy 8 | restart: unless-stopped 9 | ports: 10 | - "25565:25577" 11 | - "19132:19132" 12 | - "25565:25577/udp" 13 | - "19132:19132/udp" 14 | networks: 15 | - mc-backend 16 | volumes: 17 | - "./data/minecraft/proxy:/server" 18 | environment: 19 | - TYPE=VELOCITY 20 | - MEMORY=1G 21 | - MAX_MEMORY=2G 22 | 23 | 24 | mc1: 25 | image: itzg/minecraft-server:java17 26 | container_name: mc1 27 | #ports: 28 | # - 25565:25565 29 | # - 25565:25565/udp 30 | environment: 31 | - EULA=TRUE 32 | - VERSION=1.19.2 33 | - TZ=Europe/Berlin 34 | - MEMORY=5G 35 | tty: true 36 | stdin_open: true 37 | restart: unless-stopped 38 | volumes: 39 | - ./data/minecraft/mc1:/data 40 | - /etc/timezone:/etc/timezone:ro 41 | networks: 42 | - mc-backend 43 | 44 | mc2: 45 | image: itzg/minecraft-server:java17 46 | container_name: mc2 47 | #ports: 48 | # - 25565:25565 49 | # - 25565:25565/udp 50 | environment: 51 | - EULA=TRUE 52 | - VERSION=1.19.2 53 | - TZ=Europe/Berlin 54 | - MEMORY=5G 55 | tty: true 56 | stdin_open: true 57 | restart: unless-stopped 58 | volumes: 59 | - ./data/minecraft/mc2:/data 60 | - /etc/timezone:/etc/timezone:ro 61 | networks: 62 | - mc-backend 63 | 64 | 65 | ############################################### 66 | #### Filebrowser ##### 67 | ############################################### 68 | filebrowser: 69 | image: filebrowser/filebrowser:latest 70 | container_name: mc-filebrowser 71 | restart: unless-stopped 72 | security_opt: 73 | - no-new-privileges:true 74 | user: 1000:1000 75 | command: "--noauth" 76 | volumes: 77 | - ./data/minecraft:/srv 78 | - ./data/filebrowser/filebrowser.db:/database.db 79 | networks: 80 | - proxy 81 | labels: 82 | - "traefik.enable=true" #<== Enable traefik 83 | - "traefik.http.routers.filebrowser-secured.rule=Host(`mc-files.${DOMAIN}`)" #<== Set domain 84 | - "traefik.http.routers.filebrowser-secured.entrypoints=websecure" #<== Set entry point for HTTPS 85 | - "traefik.http.routers.filebrowser-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 86 | - "traefik.http.routers.filebrowser-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 87 | - "traefik.http.routers.filebrowser-secured.service=filebrowser-service" #<== Set service 88 | - "traefik.http.services.filebrowser-service.loadbalancer.server.port=80" #<== Set target port on container 89 | 90 | 91 | 92 | networks: 93 | mc-backend: 94 | name: mc-backend 95 | driver: bridge 96 | proxy: 97 | external: true -------------------------------------------------------------------------------- /minecraft/img/img1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/minecraft/img/img1.png -------------------------------------------------------------------------------- /minecraft/img/img2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/minecraft/img/img2.png -------------------------------------------------------------------------------- /minecraft/img/img3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/minecraft/img/img3.png -------------------------------------------------------------------------------- /minecraft/img/img4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/minecraft/img/img4.png -------------------------------------------------------------------------------- /minecraft/img/img5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/minecraft/img/img5.png -------------------------------------------------------------------------------- /minecraft/img/img6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/minecraft/img/img6.png -------------------------------------------------------------------------------- /n8n/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /n8n/README.md: -------------------------------------------------------------------------------- 1 | # n8n 2 | 3 | https://github.com/n8n-io/n8n -------------------------------------------------------------------------------- /n8n/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### n8n ##### 4 | ############################################### 5 | n8n: 6 | image: docker.n8n.io/n8nio/n8n 7 | container_name: n8n 8 | restart: unless-stopped 9 | volumes: 10 | - ./data:/home/node/.n8n 11 | networks: 12 | - proxy 13 | labels: 14 | - "traefik.enable=true" #<== Enable traefik 15 | - "traefik.http.routers.n8n-secured.rule=Host(`n8n.${DOMAIN}`)" #<== Set domain 16 | - "traefik.http.routers.n8n-secured.entrypoints=websecure" #<== Set entry point for HTTPS 17 | - "traefik.http.routers.n8n-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 18 | - "traefik.http.routers.n8n-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 19 | - "traefik.http.routers.n8n-secured.service=n8n-service" #<== Set service 20 | - "traefik.http.services.n8n-service.loadbalancer.server.port=5678" #<== Set target port on container 21 | 22 | networks: 23 | proxy: 24 | external: true -------------------------------------------------------------------------------- /nextcloud/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN='EXAMPLE.com' 2 | TimeZone='Europe/Berlin' 3 | Password='XXXXXXXXXXXXXXXXXXXXXXXXXXXXX' -------------------------------------------------------------------------------- /nextcloud/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /nextcloud/README.md: -------------------------------------------------------------------------------- 1 | # Nextcloud 2 | ## .env add variable 3 | You need in your `.env` this 3 varaible. 4 | ```.env 5 | DOMAIN='EXAMPLE.com' 6 | TimeZone='EXAMPLE/EXAMPLE' 7 | Password='XXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 8 | ``` 9 | ## Start the containers 10 | ```sh 11 | $ cd nextcloud 12 | $ docker-compose up -d 13 | ``` 14 | or use the shell script in the root directory of this repo 15 | ```sh 16 | ./docker.sh -S nextcloud -r 17 | ``` 18 | Done. Now open https://cloud.example.com and use your cloud -------------------------------------------------------------------------------- /nextcloud/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | nextcloud: 3 | image: nextcloud:apache 4 | container_name: nextcloud 5 | links: 6 | - nextcloud-mariadb 7 | depends_on: 8 | - nextcloud-mariadb 9 | environment: 10 | - MYSQL_PASSWORD=${Password} 11 | - MYSQL_DATABASE=nextcloud 12 | - MYSQL_USER=nextcloud 13 | - MYSQL_HOST=nextcloud-mariadb 14 | - TIMEZONE=${TimeZone} 15 | - OVERWRITECLIURL=cloud.${DOMAIN} 16 | - OVERWRITEPROTOCOL=https 17 | volumes: 18 | - ./data/cloud:/var/www/html 19 | restart: unless-stopped 20 | networks: 21 | - proxy 22 | - nextcloud 23 | labels: 24 | - "traefik.enable=true" #<== Enable traefik for this container, **ref: "--providers.docker.exposedbydefault=false" 25 | - "traefik.http.routers.nextcloud-secured.rule=Host(`cloud.${DOMAIN}`)" #<== Set domain 26 | - "traefik.http.routers.nextcloud-secured.entrypoints=websecure" #<== Defining entrypoint for https, **ref: "--entrypoints.websecure.address=:443" 27 | - "traefik.http.routers.nextcloud-secured.tls.certresolver=mytlschallenge" #<== Defining certsresolvers for https, **ref: "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" 28 | - "traefik.http.services.nextcloud-secured.loadbalancer.server.port=80" #<== Set destination port on this container 29 | - traefik.http.routers.nextcloud-secured.middlewares=nextcloud,nextcloud_redirect 30 | - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://${DOMAIN} 31 | - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' ${DOMAIN} *.${DOMAIN} 32 | - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 33 | - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true 34 | - traefik.http.middlewares.nextcloud.headers.stsPreload=true 35 | - traefik.http.middlewares.nextcloud.headers.customresponseheaders.X-Frame-Options=SAMEORIGIN 36 | - traefik.http.middlewares.nextcloud_redirect.redirectregex.permanent=true 37 | - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav 38 | - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=https://$${1}/remote.php/dav/ 39 | 40 | 41 | nextcloud-mariadb: 42 | image: mariadb:10.8.2 43 | container_name: nextcloud-mariadb 44 | restart: unless-stopped 45 | networks: 46 | - nextcloud 47 | command: 48 | --transaction-isolation=READ-COMMITTED 49 | --binlog-format=ROW 50 | volumes: 51 | - ./data/db:/var/lib/mysql 52 | environment: 53 | - MYSQL_ROOT_PASSWORD=${Password} 54 | - MYSQL_PASSWORD=${Password} 55 | - MYSQL_DATABASE=nextcloud 56 | - MYSQL_USER=nextcloud 57 | - TIMEZONE=${TimeZone} 58 | 59 | networks: 60 | nextcloud: 61 | name: nextcloud 62 | driver: bridge 63 | proxy: 64 | external: true -------------------------------------------------------------------------------- /nginx/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /nginx/README.md: -------------------------------------------------------------------------------- 1 | # Nginx 2 | 3 | This container is for creating a static web page. -------------------------------------------------------------------------------- /nginx/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### Nginx ##### 4 | ############################################### 5 | nginx: 6 | image: nginx 7 | container_name: nginx 8 | restart: unless-stopped 9 | volumes: 10 | - ./data/:/usr/share/nginx/html:ro 11 | networks: 12 | - proxy 13 | labels: 14 | - "traefik.enable=true" #<== Enable traefik 15 | - "traefik.http.routers.nginx-secured.rule=Host(`nginx.${DOMAIN}`)" #<== Set domain 16 | - "traefik.http.routers.nginx-secured.entrypoints=websecure" #<== Set entry point for HTTPS 17 | - "traefik.http.routers.nginx-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 18 | - "traefik.http.routers.nginx-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 19 | - "traefik.http.routers.nginx-secured.service=nginx-service" #<== Set service 20 | - "traefik.http.services.nginx-service.loadbalancer.server.port=80" #<== Set target port on container 21 | 22 | networks: 23 | proxy: 24 | external: true -------------------------------------------------------------------------------- /openproject/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | 3 | TAG=13 4 | OPENPROJECT_HTTPS=true 5 | OPENPROJECT_HSTS=true 6 | OPENPROJECT_RAILS__RELATIVE__URL__ROOT= 7 | RAILS_MIN_THREADS=4 8 | RAILS_MAX_THREADS=16 9 | IMAP_ENABLED=false 10 | POSTGRES_PASSWORD=p4ssw0rd 11 | 12 | -------------------------------------------------------------------------------- /openproject/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /openproject/README.md: -------------------------------------------------------------------------------- 1 | # Openproject 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | - traefik as a reverse proxy in front of it 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the domain in the `.env` file to your domain and the password of the database. 11 | ```yaml 12 | DOMAIN="example.com" 13 | 14 | TAG=13 15 | OPENPROJECT_HTTPS=true 16 | OPENPROJECT_HSTS=true 17 | OPENPROJECT_RAILS__RELATIVE__URL__ROOT= 18 | RAILS_MIN_THREADS=4 19 | RAILS_MAX_THREADS=16 20 | IMAP_ENABLED=false 21 | POSTGRES_PASSWORD=p4ssw0rd 22 | ``` 23 | ```sh 24 | $ cd openproject 25 | $ docker-compose up -d 26 | ``` 27 | or 28 | ```sh 29 | ./docker.sh -S proxy -r 30 | ./docker.sh -S openproject -r 31 | ``` 32 | 33 | ## Login 34 | It will take some time until the server is up and running. Open https://openproject.example.com and login with user `admin` and password `admin` -------------------------------------------------------------------------------- /openproject/docker-compose.yml: -------------------------------------------------------------------------------- 1 | x-op-restart-policy: &restart_policy 2 | restart: unless-stopped 3 | x-op-image: &image 4 | image: openproject/community:${TAG:-13} 5 | x-op-app: &app 6 | <<: [*image, *restart_policy] 7 | environment: 8 | OPENPROJECT_HTTPS: "true" 9 | OPENPROJECT_HOST__NAME: "openproject.${DOMAIN}" 10 | OPENPROJECT_HSTS: "${OPENPROJECT_HSTS:-true}" 11 | RAILS_CACHE_STORE: "memcache" 12 | OPENPROJECT_CACHE__MEMCACHE__SERVER: "openproject-cache:11211" 13 | OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}" 14 | DATABASE_URL: "postgres://postgres:${POSTGRES_PASSWORD:-p4ssw0rd}@db/openproject?pool=20&encoding=unicode&reconnect=true" 15 | RAILS_MIN_THREADS: ${RAILS_MIN_THREADS:-4} 16 | RAILS_MAX_THREADS: ${RAILS_MAX_THREADS:-16} 17 | # set to true to enable the email receiving feature. See ./docker/cron for more options 18 | IMAP_ENABLED: "${IMAP_ENABLED:-false}" 19 | volumes: 20 | - "./data/opdata:/var/openproject/assets" 21 | 22 | services: 23 | openproject-db: 24 | container_name: openproject-db 25 | hostname: db 26 | image: postgres:13 27 | <<: *restart_policy 28 | stop_grace_period: "3s" 29 | volumes: 30 | - "./data/pgdata:/var/lib/postgresql/data" 31 | environment: 32 | POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-p4ssw0rd} 33 | POSTGRES_DB: openproject 34 | networks: 35 | - backend 36 | 37 | openproject-cache: 38 | container_name: openproject-cache 39 | image: memcached 40 | <<: *restart_policy 41 | networks: 42 | - backend 43 | 44 | openproject-proxy: 45 | container_name: openproject-proxy 46 | <<: [*image, *restart_policy] 47 | command: "./docker/prod/proxy" 48 | # ports: 49 | # - "${PORT:-443}:80" 50 | environment: 51 | APP_HOST: openproject-web 52 | OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}" 53 | depends_on: 54 | - openproject-web 55 | networks: 56 | - frontend 57 | - proxy 58 | labels: 59 | - "traefik.enable=true" #<== Enable traefik 60 | - "traefik.http.routers.openproject-secured.rule=Host(`openproject.${DOMAIN}`)" #<== Set domain 61 | - "traefik.http.routers.openproject-secured.entrypoints=websecure" #<== Set entry point for HTTPS 62 | - "traefik.http.routers.openproject-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 63 | - "traefik.http.routers.openproject-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 64 | - "traefik.http.routers.openproject-secured.service=openproject-service" #<== Set service 65 | - "traefik.http.services.openproject-service.loadbalancer.server.port=80" #<== Set target port on container 66 | 67 | openproject-web: 68 | container_name: openproject-web 69 | <<: *app 70 | command: "./docker/prod/web" 71 | networks: 72 | - frontend 73 | - backend 74 | depends_on: 75 | - openproject-db 76 | - openproject-cache 77 | - openproject-seeder 78 | labels: 79 | - autoheal=true 80 | healthcheck: 81 | test: ["CMD", "curl", "-f", "https://openproject.${DOMAIN}${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}/health_checks/default"] 82 | interval: 10s 83 | timeout: 3s 84 | retries: 3 85 | start_period: 30s 86 | 87 | # openproject-autoheal: 88 | # container_name: openproject-autoheal 89 | # image: willfarrell/autoheal:1.2.0 90 | # volumes: 91 | # - "/var/run/docker.sock:/var/run/docker.sock" 92 | # environment: 93 | # AUTOHEAL_CONTAINER_LABEL: autoheal 94 | # AUTOHEAL_START_PERIOD: 600 95 | # AUTOHEAL_INTERVAL: 30 96 | 97 | openproject-worker: 98 | container_name: openproject-worker 99 | <<: *app 100 | command: "./docker/prod/worker" 101 | networks: 102 | - backend 103 | depends_on: 104 | - openproject-db 105 | - openproject-cache 106 | - openproject-seeder 107 | 108 | openproject-cron: 109 | container_name: openproject-cron 110 | <<: *app 111 | command: "./docker/prod/cron" 112 | networks: 113 | - backend 114 | depends_on: 115 | - openproject-db 116 | - openproject-cache 117 | - openproject-seeder 118 | 119 | openproject-seeder: 120 | container_name: openproject-seeder 121 | <<: *app 122 | command: "./docker/prod/seeder" 123 | restart: on-failure 124 | networks: 125 | - backend 126 | 127 | networks: 128 | frontend: 129 | backend: 130 | proxy: 131 | external: true -------------------------------------------------------------------------------- /pastebin/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | -------------------------------------------------------------------------------- /pastebin/README.md: -------------------------------------------------------------------------------- 1 | # Pastebin 2 | -------------------------------------------------------------------------------- /pastebin/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### pastebin ##### 4 | ############################################### 5 | pastebin: 6 | image: mkodockx/docker-pastebin 7 | container_name: pastebin 8 | restart: unless-stopped 9 | networks: 10 | - proxy 11 | labels: 12 | - "traefik.enable=true" #<== Enable traefik 13 | - "traefik.http.routers.pastebin-secured.rule=Host(`code.${DOMAIN}`)" #<== Set domain 14 | - "traefik.http.routers.pastebin-secured.entrypoints=websecure" #<== Set entry point for HTTPS 15 | - "traefik.http.routers.pastebin-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 16 | - "traefik.http.routers.pastebin-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 17 | - "traefik.http.routers.pastebin-secured.service=pastebin-service" #<== Set service 18 | - "traefik.http.services.pastebin-service.loadbalancer.server.port=80" #<== Set target port on container 19 | 20 | networks: 21 | proxy: 22 | external: true -------------------------------------------------------------------------------- /plane/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN=example.com 2 | 3 | APP_DOMAIN=plane.${DOMAIN} 4 | APP_RELEASE=v0.26.0 5 | 6 | WEB_REPLICAS=1 7 | SPACE_REPLICAS=1 8 | ADMIN_REPLICAS=1 9 | API_REPLICAS=1 10 | WORKER_REPLICAS=1 11 | BEAT_WORKER_REPLICAS=1 12 | LIVE_REPLICAS=1 13 | 14 | NGINX_PORT=80 15 | WEB_URL=http://${APP_DOMAIN} 16 | DEBUG=0 17 | CORS_ALLOWED_ORIGINS=http://${APP_DOMAIN} 18 | API_BASE_URL=http://api:8000 19 | 20 | #DB SETTINGS 21 | PGHOST=plane-db 22 | PGDATABASE=plane 23 | POSTGRES_USER=plane 24 | POSTGRES_PASSWORD=plane 25 | POSTGRES_DB=plane 26 | POSTGRES_PORT=5432 27 | PGDATA=/var/lib/postgresql/data 28 | DATABASE_URL= 29 | 30 | # REDIS SETTINGS 31 | REDIS_HOST=plane-redis 32 | REDIS_PORT=6379 33 | REDIS_URL= 34 | 35 | # RabbitMQ Settings 36 | RABBITMQ_HOST=plane-mq 37 | RABBITMQ_PORT=5672 38 | RABBITMQ_USER=plane 39 | RABBITMQ_PASSWORD=plane 40 | RABBITMQ_VHOST=plane 41 | AMQP_URL= 42 | 43 | # Secret Key 44 | SECRET_KEY=df945grt56mzj4as4db35t4z.ct4zh35ae4e1rt54e6kl5rtd4 45 | 46 | # DATA STORE SETTINGS 47 | USE_MINIO=1 48 | AWS_REGION= 49 | AWS_ACCESS_KEY_ID=access-key 50 | AWS_SECRET_ACCESS_KEY=secret-key 51 | AWS_S3_ENDPOINT_URL=http://plane-minio:9000 52 | AWS_S3_BUCKET_NAME=uploads 53 | FILE_SIZE_LIMIT=5242880 54 | 55 | # Gunicorn Workers 56 | GUNICORN_WORKERS=1 57 | 58 | # UNCOMMENT `DOCKER_PLATFORM` IF YOU ARE ON `ARM64` AND DOCKER IMAGE IS NOT AVAILABLE FOR RESPECTIVE `APP_RELEASE` 59 | # DOCKER_PLATFORM=linux/amd64 60 | 61 | # Force HTTPS for handling SSL Termination 62 | MINIO_ENDPOINT_SSL=0 63 | 64 | # API key rate limit 65 | API_KEY_RATE_LIMIT=60/minute 66 | DOCKERHUB_USER=artifacts.plane.so/makeplane 67 | PULL_POLICY=if_not_present 68 | CUSTOM_BUILD=false 69 | -------------------------------------------------------------------------------- /plane/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /plane/README.md: -------------------------------------------------------------------------------- 1 | # plane 2 | -------------------------------------------------------------------------------- /plane/docker-compose.yml: -------------------------------------------------------------------------------- 1 | x-db-env: &db-env 2 | PGHOST: ${PGHOST:-plane-db} 3 | PGDATABASE: ${PGDATABASE:-plane} 4 | POSTGRES_USER: ${POSTGRES_USER:-plane} 5 | POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-plane} 6 | POSTGRES_DB: ${POSTGRES_DB:-plane} 7 | POSTGRES_PORT: ${POSTGRES_PORT:-5432} 8 | PGDATA: ${PGDATA:-/var/lib/postgresql/data} 9 | 10 | x-redis-env: &redis-env 11 | REDIS_HOST: ${REDIS_HOST:-plane-redis} 12 | REDIS_PORT: ${REDIS_PORT:-6379} 13 | REDIS_URL: ${REDIS_URL:-redis://plane-redis:6379/} 14 | 15 | x-minio-env: &minio-env 16 | MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID:-access-key} 17 | MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY:-secret-key} 18 | 19 | x-aws-s3-env: &aws-s3-env 20 | AWS_REGION: ${AWS_REGION:-} 21 | AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-access-key} 22 | AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-secret-key} 23 | AWS_S3_ENDPOINT_URL: ${AWS_S3_ENDPOINT_URL:-http://plane-minio:9000} 24 | AWS_S3_BUCKET_NAME: ${AWS_S3_BUCKET_NAME:-uploads} 25 | 26 | x-proxy-env: &proxy-env 27 | NGINX_PORT: ${NGINX_PORT:-80} 28 | BUCKET_NAME: ${AWS_S3_BUCKET_NAME:-uploads} 29 | FILE_SIZE_LIMIT: ${FILE_SIZE_LIMIT:-5242880} 30 | 31 | x-mq-env: &mq-env # RabbitMQ Settings 32 | RABBITMQ_HOST: ${RABBITMQ_HOST:-plane-mq} 33 | RABBITMQ_PORT: ${RABBITMQ_PORT:-5672} 34 | RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER:-plane} 35 | RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-plane} 36 | RABBITMQ_DEFAULT_VHOST: ${RABBITMQ_VHOST:-plane} 37 | RABBITMQ_VHOST: ${RABBITMQ_VHOST:-plane} 38 | 39 | x-live-env: &live-env 40 | API_BASE_URL: ${API_BASE_URL:-http://api:8000} 41 | 42 | x-app-env: &app-env 43 | WEB_URL: ${WEB_URL:-http://localhost} 44 | DEBUG: ${DEBUG:-0} 45 | CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS} 46 | GUNICORN_WORKERS: 1 47 | USE_MINIO: ${USE_MINIO:-1} 48 | DATABASE_URL: ${DATABASE_URL:-postgresql://plane:plane@plane-db/plane} 49 | SECRET_KEY: ${SECRET_KEY:-60gp0byfz2dvffa45cxl20p1scy9xbpf6d8c5y0geejgkyp1b5} 50 | AMQP_URL: ${AMQP_URL:-amqp://plane:plane@plane-mq:5672/plane} 51 | API_KEY_RATE_LIMIT: ${API_KEY_RATE_LIMIT:-60/minute} 52 | MINIO_ENDPOINT_SSL: ${MINIO_ENDPOINT_SSL:-0} 53 | 54 | services: 55 | web: 56 | image: artifacts.plane.so/makeplane/plane-frontend:${APP_RELEASE:-stable} 57 | command: node web/server.js web 58 | deploy: 59 | replicas: ${WEB_REPLICAS:-1} 60 | restart_policy: 61 | condition: on-failure 62 | depends_on: 63 | - api 64 | - worker 65 | networks: 66 | - plane_net 67 | 68 | space: 69 | image: artifacts.plane.so/makeplane/plane-space:${APP_RELEASE:-stable} 70 | command: node space/server.js space 71 | deploy: 72 | replicas: ${SPACE_REPLICAS:-1} 73 | restart_policy: 74 | condition: on-failure 75 | depends_on: 76 | - api 77 | - worker 78 | - web 79 | networks: 80 | - plane_net 81 | 82 | admin: 83 | image: artifacts.plane.so/makeplane/plane-admin:${APP_RELEASE:-stable} 84 | command: node admin/server.js admin 85 | deploy: 86 | replicas: ${ADMIN_REPLICAS:-1} 87 | restart_policy: 88 | condition: on-failure 89 | depends_on: 90 | - api 91 | - web 92 | networks: 93 | - plane_net 94 | 95 | live: 96 | image: artifacts.plane.so/makeplane/plane-live:${APP_RELEASE:-stable} 97 | command: node live/dist/server.js live 98 | environment: 99 | <<: [*live-env] 100 | deploy: 101 | replicas: ${LIVE_REPLICAS:-1} 102 | restart_policy: 103 | condition: on-failure 104 | depends_on: 105 | - api 106 | - web 107 | networks: 108 | - plane_net 109 | 110 | api: 111 | image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-stable} 112 | command: ./bin/docker-entrypoint-api.sh 113 | deploy: 114 | replicas: ${API_REPLICAS:-1} 115 | restart_policy: 116 | condition: on-failure 117 | volumes: 118 | - ./data/logs_api:/code/plane/logs 119 | environment: 120 | <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] 121 | depends_on: 122 | - plane-db 123 | - plane-redis 124 | - plane-mq 125 | networks: 126 | - plane_net 127 | 128 | worker: 129 | image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-stable} 130 | command: ./bin/docker-entrypoint-worker.sh 131 | deploy: 132 | replicas: ${WORKER_REPLICAS:-1} 133 | restart_policy: 134 | condition: on-failure 135 | volumes: 136 | - ./data/logs_worker:/code/plane/logs 137 | environment: 138 | <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] 139 | depends_on: 140 | - api 141 | - plane-db 142 | - plane-redis 143 | - plane-mq 144 | networks: 145 | - plane_net 146 | 147 | beat-worker: 148 | image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-stable} 149 | command: ./bin/docker-entrypoint-beat.sh 150 | deploy: 151 | replicas: ${BEAT_WORKER_REPLICAS:-1} 152 | restart_policy: 153 | condition: on-failure 154 | volumes: 155 | - ./data/logs_beat-worker:/code/plane/logs 156 | environment: 157 | <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] 158 | depends_on: 159 | - api 160 | - plane-db 161 | - plane-redis 162 | - plane-mq 163 | networks: 164 | - plane_net 165 | 166 | migrator: 167 | image: artifacts.plane.so/makeplane/plane-backend:${APP_RELEASE:-stable} 168 | command: ./bin/docker-entrypoint-migrator.sh 169 | deploy: 170 | replicas: 1 171 | restart_policy: 172 | condition: on-failure 173 | volumes: 174 | - ./data/logs_migrator:/code/plane/logs 175 | environment: 176 | <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] 177 | depends_on: 178 | - plane-db 179 | - plane-redis 180 | networks: 181 | - plane_net 182 | 183 | # Comment this if you already have a database running 184 | plane-db: 185 | image: postgres:15.7-alpine 186 | command: postgres -c 'max_connections=1000' 187 | deploy: 188 | replicas: 1 189 | restart_policy: 190 | condition: on-failure 191 | environment: 192 | <<: *db-env 193 | volumes: 194 | - ./data/pgdata:/var/lib/postgresql/data 195 | networks: 196 | - plane_net 197 | 198 | plane-redis: 199 | image: valkey/valkey:7.2.5-alpine 200 | deploy: 201 | replicas: 1 202 | restart_policy: 203 | condition: on-failure 204 | volumes: 205 | - ./data/redisdata:/data 206 | networks: 207 | - plane_net 208 | 209 | plane-mq: 210 | image: rabbitmq:3.13.6-management-alpine 211 | deploy: 212 | replicas: 1 213 | restart_policy: 214 | condition: on-failure 215 | environment: 216 | <<: *mq-env 217 | volumes: 218 | - ./data/rabbitmq_data:/var/lib/rabbitmq 219 | networks: 220 | - plane_net 221 | 222 | # Comment this if you using any external s3 compatible storage 223 | plane-minio: 224 | image: minio/minio:latest 225 | command: server /export --console-address ":9090" 226 | deploy: 227 | replicas: 1 228 | restart_policy: 229 | condition: on-failure 230 | environment: 231 | <<: *minio-env 232 | volumes: 233 | - ./data/uploads:/export 234 | networks: 235 | - plane_net 236 | 237 | # Comment this if you already have a reverse proxy running 238 | proxy: 239 | image: artifacts.plane.so/makeplane/plane-proxy:${APP_RELEASE:-stable} 240 | # ports: 241 | # - target: 80 242 | # published: ${NGINX_PORT:-80} 243 | # protocol: tcp 244 | # mode: host 245 | environment: 246 | <<: *proxy-env 247 | deploy: 248 | replicas: 1 249 | restart_policy: 250 | condition: on-failure 251 | depends_on: 252 | - web 253 | - api 254 | - space 255 | networks: 256 | - plane_net 257 | - proxy 258 | labels: 259 | - "traefik.enable=true" #<== Enable traefik 260 | - "traefik.http.routers.plane-secured.rule=Host(`plane.${DOMAIN}`)" #<== Set domain 261 | - "traefik.http.routers.plane-secured.entrypoints=websecure" #<== Set entry point for HTTPS 262 | - "traefik.http.routers.plane-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 263 | - "traefik.http.routers.plane-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 264 | - "traefik.http.routers.plane-secured.service=plane-service" #<== Set service 265 | - "traefik.http.services.plane-service.loadbalancer.server.port=80" #<== Set target port on container 266 | 267 | networks: 268 | proxy: 269 | external: true 270 | plane_net: 271 | name: plane_net 272 | -------------------------------------------------------------------------------- /plantuml/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" -------------------------------------------------------------------------------- /plantuml/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /plantuml/README.md: -------------------------------------------------------------------------------- 1 | # plantuml 2 | 3 | https://plantuml.com/starting -------------------------------------------------------------------------------- /plantuml/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### plantuml ##### 4 | ############################################### 5 | plantuml: 6 | image: plantuml/plantuml-server:tomcat # Or plantuml/plantuml-server:jetty 7 | container_name: plantuml 8 | restart: unless-stopped 9 | networks: 10 | - proxy 11 | labels: 12 | - "traefik.enable=true" #<== Enable traefik 13 | - "traefik.http.routers.plantuml-secured.rule=Host(`plantuml.${DOMAIN}`)" #<== Set domain 14 | - "traefik.http.routers.plantuml-secured.entrypoints=websecure" #<== Set entry point for HTTPS 15 | - "traefik.http.routers.plantuml-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 16 | - "traefik.http.routers.plantuml-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 17 | - "traefik.http.routers.plantuml-secured.service=plantuml-service" #<== Set service 18 | - "traefik.http.services.plantuml-service.loadbalancer.server.port=8080" #<== Set target port on container 19 | 20 | networks: 21 | proxy: 22 | external: true -------------------------------------------------------------------------------- /portainer/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" -------------------------------------------------------------------------------- /portainer/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /portainer/README.md: -------------------------------------------------------------------------------- 1 | # Portainer 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | - traefik as a reverse proxy in front of it 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the domain in the `.env` file to your domain. 11 | ```yaml 12 | DOMAIN="example.com" 13 | ``` 14 | ```sh 15 | $ cd portainer 16 | $ docker-compose up -d 17 | ``` 18 | or 19 | ```sh 20 | ./docker.sh -S proxy -r 21 | ./docker.sh -S portainer -r 22 | ``` 23 | 24 | Done. Now open https://portainer.example.com 25 | ![setup1](img/setup1.png) 26 | ![setup2](img/setup2.png) 27 | 28 | # Advanced 29 | ## Add Authelia as OIDC 30 | To log in with Authelia, you first have to log in to Portainer and open the authentication settings. Scroll down and fill out the following information: 31 | 32 | ![portainer-oauth1](img/portainer-oauth1.png) 33 | 34 | `Client ID`: `portainer`\ 35 | `Client secret`: `XXXXXXXXXXXXXXXXXXXXXXXX`\ 36 | `Authorization URL`: `https://auth.example.com/api/oidc/authorization`\ 37 | `Access token URL`: `https://auth.example.com/api/oidc/token`\ 38 | `Resource URL`: `https://auth.example.com/api/oidc/userinfo`\ 39 | `Redirect URL`: `https://portainer.example.com`\ 40 | `Logout URL`: ` `\ 41 | `User identifier`: `preferred_username`\ 42 | `Scopes`: `openid profile groups email` 43 | 44 | In Authelia you have to add this to the identity_providers: and clients: section in the `configuration` file of Authelia: 45 | ```yaml 46 | identity_providers: 47 | ... 48 | clients: 49 | ... 50 | - id: portainer 51 | description: Portainer wants some information to log you in. 52 | secret: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 53 | public: false 54 | authorization_policy: two_factor 55 | audience: [] 56 | scopes: 57 | - openid 58 | - profile 59 | - groups 60 | - email 61 | redirect_uris: 62 | - https://portainer.example.com 63 | userinfo_signing_algorithm: none 64 | ... 65 | ``` 66 | 67 | After that the login should look like this: 68 | ![portainer-oauth2](img/portainer-oauth2.png) 69 | ![portainer-oauth3](img/portainer-oauth3.png) 70 | 71 | # Source 72 | - [Portainer docs](https://docs.portainer.io/start/install/server/docker/linux) 73 | - [Authelia docs](https://www.authelia.com/configuration/identity-providers/open-id-connect/) -------------------------------------------------------------------------------- /portainer/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### portainer ##### 4 | ############################################### 5 | portainer: 6 | image: portainer/portainer-ce:latest 7 | container_name: portainer 8 | restart: unless-stopped 9 | volumes: 10 | - /etc/localtime:/etc/localtime:ro 11 | - /var/run/docker.sock:/var/run/docker.sock 12 | - ./data/Portainer/data:/data 13 | #ports: 14 | # - "9000:9000" 15 | networks: 16 | - proxy 17 | labels: 18 | - "traefik.enable=true" #<== Enable traefik 19 | - "traefik.http.routers.portainer-secured.rule=Host(`portainer.${DOMAIN}`)" #<== Set domain 20 | - "traefik.http.routers.portainer-secured.entrypoints=websecure" #<== Set entry point for HTTPS 21 | - "traefik.http.routers.portainer-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 22 | - "traefik.http.routers.portainer-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 23 | - "traefik.http.routers.portainer-secured.service=portainer-service" #<== Set service 24 | - "traefik.http.services.portainer-service.loadbalancer.server.port=9000" #<== Set target port on container 25 | 26 | networks: 27 | proxy: 28 | external: true -------------------------------------------------------------------------------- /portainer/img/portainer-oauth1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/portainer/img/portainer-oauth1.png -------------------------------------------------------------------------------- /portainer/img/portainer-oauth2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/portainer/img/portainer-oauth2.png -------------------------------------------------------------------------------- /portainer/img/portainer-oauth3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/portainer/img/portainer-oauth3.png -------------------------------------------------------------------------------- /portainer/img/setup1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/portainer/img/setup1.png -------------------------------------------------------------------------------- /portainer/img/setup2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/portainer/img/setup2.png -------------------------------------------------------------------------------- /proxy/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TimeZone='Europe/Berlin' 3 | Email='example@example.com' 4 | 5 | # Traefik 6 | Traefik_Auth='user:xxxxxxxxxxxxxx-hash-xxxxxxxxxxxxxx' #<== HASH Value "echo $(htpasswd -nb USER PASSWORT) | sed -e s/\\$/\\$\\$/g" 7 | Cloudflare_Email='example@example.com' #<== Email from Cloudflair 8 | Cloudflare_API_Traefik_Token='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== API Token (Zone/Zone/Read and Zone/DNS/Edit) https://dash.cloudflare.com/profile/api-tokens 9 | 10 | # Cloudflare-Companion - Automatic CNAME DNS Creation 11 | Cloudflare_Zonen_ID='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== Zone-id 12 | Cloudflare_API_CfC_Token='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== API Token (Zone/DNS/Edit) https://dash.cloudflare.com/profile/api-tokens 13 | 14 | # Crowdsec Bouncer Key 15 | Crowdsec_Bouncer_Traefik_API='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== API Key Crowdsec Bouncer -------------------------------------------------------------------------------- /proxy/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /proxy/README.md: -------------------------------------------------------------------------------- 1 | # Proxy 2 | 3 | ## Requirements 4 | - You need a public domain 5 | - Your domain has to be registered at Cloudflare. 6 | - You need a server that is reachable from the internet. If you are running this on your home server you have to open ports 80 and 443 in your router. Otherwise traefik maybe isn't able to get the certificates from LetsEncrypt or Cloudflare. 7 | 8 | # Setup 9 | ## Create necessary files 10 | If you don't clone this Project you have to create some folders and files. 11 | ```sh 12 | mkdir proxy/data/authelia 13 | mkdir proxy/data/authelia/config 14 | touch proxy/data/authelia/config/configuration.yml 15 | mkdir proxy/data/crowdsecurity 16 | mkdir proxy/data/crowdsecurity/cs 17 | touch proxy/data/crowdsecurity/cs/acquis.yaml 18 | mkdir proxy/data/crowdsecurity/bouncer 19 | mkdir proxy/data/crowdsecurity/bouncer/cloudflare 20 | touch proxy/data/crowdsecurity/bouncer/cloudflare/cloudflare-cache.json 21 | touch proxy/data/crowdsecurity/bouncer/cloudflare/cfg.yaml 22 | mkdir proxy/data/crowdsecurity/metabase 23 | cd proxy/data/crowdsecurity/metabase 24 | wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip 25 | unzip metabase_sqlite.zip 26 | rm metabase_sqlite.zip 27 | cd ../../../../ 28 | ``` 29 | Now run it. It won't work but we need to execute some commands on the running container. 30 | ```sh 31 | docker-compose up -d 32 | ``` 33 | ## Secrets in `.env` 34 | Edit the `.env` file to configure the environment variables 35 | ```yaml 36 | # ... 37 | # Traefik 38 | Cloudflare_Email='example@example.com' #<== Email from Cloudflair 39 | Cloudflare_API_Traefik_Token='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== API Token (Zone/Zone/Read and Zone/DNS/Edit) https://dash.cloudflare.com/profile/api-tokens 40 | 41 | # Cloudflare-Companion - Automatic CNAME DNS Creation 42 | Cloudflare_Zonen_ID='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== Zone-id 43 | Cloudflare_API_CfC_Token='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== API Token (Zone/DNS/Edit) https://dash.cloudflare.com/profile/api-tokens 44 | 45 | # Crowdsec Bouncer Key 46 | Crowdsec_Bouncer_Traefik_API='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' #<== API Key Crowdsec Bouncer 47 | # ... 48 | ``` 49 | The next steps will show you where you can get the missing pieces of information above: 50 | ### Cloudflare_Zonen_ID: 51 | Get the zone id of your domain from https://dash.cloudflare.com/ 52 | ![cloudflare zone-id and api-key](img/cloudflare-zone-id-api-key.png) 53 | 54 | ### Cloudflare_API_Traefik_Token 55 | Get the API key from https://dash.cloudflare.com/profile/api-tokens 56 | ![cloudflare create-token](img/cloudflare-create-token.png) 57 | ![cloudflare traefik-token](img/cloudflare-global-traefik-token.png) 58 | ![cloudflare api-key](img/cloudflare_cs_api_key2.png) 59 | 60 | ### Cloudflare_API_CfC_Token 61 | Get the API key from https://dash.cloudflare.com/profile/api-tokens 62 | ![cloudflare create-token](img/cloudflare-create-token.png) 63 | ![cloudflare traefik-token](img/cloudflare-global-cfc-token.png) 64 | ![cloudflare api-key](img/cloudflare_cs_api_key2.png) 65 | 66 | ### Traefik_Pilot_Token 67 | Register the traefik instance at https://pilot.traefik.io/ and get the key. 68 | ![traefik pilot-key](img/traefik-pilot.png) 69 | 70 | ### Traefik_Auth 71 | This step is only necessary if you don't use Authelia. So you still have a password in front of a website. 72 | ```sh 73 | $ sudo apt-get install apache2-utils 74 | $ echo $(htpasswd -nb USER PASSWORT) | sed -e s/\\$/\\$\\$/g 75 | USER:$$apr1$$oG7U7xPg$$eq79AxEsQ0Q.YG9h1KxdI0 76 | ``` 77 | 78 | ### Crowdsec_Bouncer_Traefik_API 79 | Register the traefik bouncer at the Crowdsec container. 80 | ```sh 81 | $ docker exec proxy-crowdsec cscli bouncers add bouncer-traefik 82 | API key for 'bouncer-traefik': 83 | 84 | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 85 | 86 | Please keep this key since you will not be able to retrieve it! 87 | ``` 88 | 89 | # Crowdsec 90 | ## setup proxy-crowdsec 91 | ```sh 92 | $ nano proxy/data/crowdsecurity/cs/acquis.yaml 93 | ``` 94 | ```yaml 95 | #Generated acquisition file - wizard.sh (service: sshd) / files : /var/log/auth.log 96 | filenames: 97 | - /var/log/auth.log 98 | labels: 99 | type: syslog 100 | --- 101 | 102 | --- 103 | #Generated acquisition file - wizard.sh (service: mysql) / files : /var/log/mysql/error.log 104 | filenames: 105 | - /var/log/mysql/error.log 106 | labels: 107 | type: mysql 108 | --- 109 | 110 | --- 111 | #Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log /var/log/messages 112 | filenames: 113 | - /var/log/syslog 114 | - /var/log/kern.log 115 | - /var/log/messages 116 | labels: 117 | type: syslog 118 | --- 119 | 120 | --- 121 | filenames: 122 | - /var/log/traefik/* 123 | labels: 124 | type: traefik 125 | 126 | # source: docker 127 | # container_name: 128 | # - proxy-traefik 129 | # labels: 130 | # type: traefik 131 | 132 | --- 133 | source: docker 134 | container_name: 135 | - proxy-authelia 136 | labels: 137 | type: authelia 138 | ``` 139 | ## setup proxy-bouncer-cloudflare 140 | This step can be skipped if you dont have a cloudflare paid plan. For the free plan there seems to be a limit of entries in the firewall of cloudflare. The following error will be thrown if you only have the free plan: 141 | ``` 142 | time="02-08-2023 08:18:59" level=error msg="error This account is at the maximum number of lists (10019) in creating IP List" account_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 143 | time="02-08-2023 08:18:59" level=error msg="This account is at the maximum number of lists (10019)" account_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 144 | time="02-08-2023 08:18:59" level=fatal msg="This account is at the maximum number of lists (10019)" 145 | ``` 146 | 147 | If you have a cloudflare paid plan. Continue here: 148 | First generate the config file with the following command: 149 | ```sh 150 | docker run crowdsecurity/cloudflare-bouncer \ 151 | -g > cfg.yaml 152 | $ nano proxy/data/crowdsecurity/bouncer/cloudflare/cfg.yaml 153 | ``` 154 | The config should look like this: 155 | ```yaml 156 | # Config generated by using /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml as base 157 | crowdsec_lapi_url: http://proxy-crowdsec:8080/ 158 | crowdsec_lapi_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 159 | crowdsec_update_frequency: 10s 160 | include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word 161 | exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word 162 | only_include_decisions_from: [] # only include IPs banned due to decisions orginating from provided sources. eg value ["cscli", "crowdsec"] 163 | cloudflare_config: 164 | accounts: 165 | - id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX #Kropp.julian@gmail.com's Account 166 | zones: 167 | - zone_id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX #kropp.link 168 | actions: 169 | - managed_challenge 170 | token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 171 | ip_list_prefix: crowdsec 172 | default_action: managed_challenge 173 | total_ip_list_capacity: 10000 # only this many latest IP decisions would be kept 174 | update_frequency: 10s 175 | daemon: false 176 | log_mode: stdout 177 | log_dir: /var/log/ 178 | log_level: info 179 | log_max_size: 0 180 | log_max_age: 0 181 | log_max_backups: 0 182 | compress_logs: null 183 | prometheus: 184 | enabled: true 185 | listen_addr: 127.0.0.1 186 | listen_port: "2112" 187 | key_path: "" 188 | cert_path: "" 189 | ca_cert_path: "" 190 | 191 | ``` 192 | The next steps will show you where you can get the missing pieces of information above: 193 | ### crowdsec_lapi_key 194 | ```sh 195 | $ docker exec proxy-crowdsec cscli -oraw bouncers add cloudflarebouncer 196 | API key for 'cloudflarebouncer': 197 | 198 | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 199 | 200 | Please keep this key since you will not be able to retrieve it! 201 | ``` 202 | 203 | ### token 204 | Go to https://dash.cloudflare.com/profile/api-tokens and click on `Create Token` and then `Create Custom Token` 205 | ![cloudflare crowdsec api-key](img/cloudflare_cs_api_key.png) 206 | ![cloudflare crowdsec api-key](img/cloudflare_cs_api_key2.png) 207 | 208 | ### zone_id and id (Account ID) 209 | ![cloudflare zone-id and api-key](img/cloudflare-zone-id-api-key.png) 210 | 211 | 212 | # Authelia 213 | ```sh 214 | $ nano proxy/data/authelia/config/configuration.yml 215 | ``` 216 | ```yaml 217 | ############################################################### 218 | # Authelia configuration # 219 | ############################################################### 220 | 221 | server.host: 0.0.0.0 222 | server.port: 9091 223 | log.level: debug 224 | # log: 225 | # level: debug 226 | # format: text 227 | # file_path: "/logs/Authelia.log" 228 | # keep_stdout: false 229 | theme: dark 230 | # This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE 231 | jwt_secret: ---->PUT HERE A SECRET WICH IS 64 CHARACTERS LONG<---- 232 | default_redirection_url: https://auth.---->PUT YOUR DOMAIN HERE<---- 233 | totp: 234 | issuer: authelia.com 235 | 236 | ntp: 237 | address: "time.cloudflare.com:123" 238 | version: 4 239 | max_desync: 3s 240 | disable_startup_check: false 241 | disable_failure: false 242 | 243 | # duo_api: 244 | # hostname: api-123456789.---->PUT YOUR DOMAIN HERE<---- 245 | # integration_key: ABCDEF 246 | # # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE 247 | # secret_key: 1234567890abcdefghifjkl 248 | 249 | authentication_backend: 250 | file: 251 | path: /config/users_database.yml 252 | password: 253 | algorithm: argon2id 254 | iterations: 1 255 | salt_length: 16 256 | parallelism: 8 257 | memory: 64 258 | 259 | access_control: 260 | default_policy: two_factor 261 | networks: 262 | - name: internal 263 | networks: 264 | - '10.0.0.0/8' 265 | - '172.16.0.0/12' 266 | - '192.168.0.0/18' 267 | - '192.168.179.0/24' 268 | - '172.0.0.1' 269 | rules: 270 | - domain: # Rules applied to everyone 271 | - "proxy.---->PUT YOUR DOMAIN HERE<----" 272 | - "sec.---->PUT YOUR DOMAIN HERE<----" 273 | policy: two_factor 274 | subject: 275 | - "group:admin" 276 | 277 | - domain: 278 | - "whoami.---->PUT YOUR DOMAIN HERE<----" 279 | policy: bypass 280 | 281 | - domain: 282 | - "---->PUT YOUR DOMAIN HERE<----" 283 | - "www.---->PUT YOUR DOMAIN HERE<----" 284 | policy: one_factor 285 | subject: 286 | - "group:admin" 287 | - "group:user" 288 | 289 | session: 290 | name: authelia_session 291 | # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE 292 | secret: ---->PUT HERE A SECRET WICH IS 128 CHARACTERS LONG<---- 293 | expiration: 3600 # 1 hour 294 | #inactivity: 3600 # 1 hour 295 | remember_me_duration: 604800 # 7 days 296 | domain: ---->PUT YOUR DOMAIN HERE<---- # Should match whatever your root protected domain is 297 | 298 | regulation: 299 | max_retries: 3 300 | find_time: 120 301 | ban_time: 300 302 | 303 | storage: 304 | encryption_key: '---->PUT HERE A SECRET WICH IS 128 CHARACTERS LONG<----' 305 | local: 306 | path: /config/db.sqlite3 307 | 308 | notifier: 309 | filesystem: 310 | filename: /config/notification.txt 311 | # disable_startup_check: true 312 | # smtp: 313 | # host: ---->PUT MAIL SERVER HERE<---- 314 | # port: 465 #you maybe have to change this port 315 | # timeout: 60s 316 | # username: ---->PUT YOUR MAIL HERE<---- 317 | # password: '---->PUT YOUR MAIL PASSWORT HERE<----' 318 | # sender: ---->PUT YOUR MAIL HERE<---- 319 | # identifier: ---->PUT MAIL SERVER HERE<---- 320 | # subject: "[Authelia] {title}" 321 | # startup_check_address: ---->PUT YOUR MAIL HERE<---- 322 | # disable_require_tls: false 323 | # disable_html_emails: false 324 | # tls: 325 | # server_name: ---->PUT MAIL SERVER HERE<---- 326 | # skip_verify: false 327 | # minimum_version: TLS1.2 328 | ``` 329 | - Replace all arrows in the `configuration.yml` with your information (---->PUT YOUR DOMAIN HERE<----) 330 | 331 | ```sh 332 | $ nano proxy/data/authelia/config/users_database.yml 333 | ``` 334 | ```yaml 335 | #docker run authelia/authelia:latest authelia hash-password -- 'password' 336 | users: 337 | user@example.com: 338 | password: $argon2id$v=19$m=65536,t=3,p=4$R2dqcnNrOFJMN2F4UElDZw$3wLhazMUu39DaT44gVlc3d/0PPZABwQFXN4ecU/ucM4 339 | displayname: "test user" 340 | email: user@example.com 341 | groups: 342 | - admin 343 | - dev 344 | ``` 345 | You can generate a hash value for the password with the following command. Replace the above one with your own: 346 | ```sh 347 | $ docker run authelia/authelia:latest authelia hash-password -- 'password' 348 | Password hash: $argon2id$v=19$m=65536,t=3,p=4$R2dqcnNrOFJMN2F4UElDZw$3wLhazMUu39DaT44gVlc3d/0PPZABwQFXN4ecU/ucM4 349 | ``` 350 | After this step, everything should be working. Now restart the containers. 351 | ```sh 352 | #Restart 353 | ./docker.sh -S proxy -s 354 | ./docker.sh -S proxy -r 355 | ``` 356 | ### The last step: Register a device for totp 357 | Now open https://auth.example.com and login\ 358 | ![authelia login](img/authelia1.png) 359 | 360 | Next press `Register device`\ 361 | ![authelia login](img/authelia2.png) 362 | 363 | It will say:\ 364 | ![authelia login](img/authelia3.png)\ 365 | but in reality, there is no mail. The link to register a new device was written in a file called `notification.txt` 366 | ``` 367 | cat proxy/data/authelia/config/notification.txt 368 | ``` 369 | Example output: 370 | ``` 371 | Date: 2022-09-28 15:59:45.79465267 +0200 CEST m=+27.414134998 372 | Recipient: { user@example.com} 373 | Subject: Register your mobile 374 | Body: This email has been sent to you in order to validate your identity. 375 | 376 | If you did not initiate the process your credentials might have been compromised and you should reset your password and contact an administrator. 377 | 378 | To setup your 2FA please visit the following URL: https://auth.example.com/one-time-password/register?token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.... 379 | 380 | This email was generated by a user with the IP 123.45.678.90. 381 | 382 | Please contact an administrator if you did not initiate this process. 383 | ``` 384 | Now open the link and scan the QR code with a 2-factor app.\ 385 | ![authelia login](img/authelia4.png) 386 | 387 | After that, you can now log in with your username, password, and 2fa.\ 388 | ![authelia login](img/authelia5.png) 389 | 390 | # Done Try it yourself 391 | Open: 392 | - Traefik: https://proxy.Traexample.com/ 393 | - Crowdsec: https://sec.Traexample.com/ 394 | - default login for metabase: crowdsec@crowdsec.net and !!Cr0wdS3c_M3t4b4s3?? 395 | - Whoami: https://whoami.Traexample.com/ 396 | 397 | ![traefik](img/traefik.png)\ 398 | ![crowdsec](img/crowdsec.png)\ 399 | ![whoami](img/whoami.png)\ 400 | 401 | # Add new container with traefik, crowdsec and authelia 402 | From now on it's pretty simple to add a new web container with traefik as a reverse proxy in front of it and authelia and crowdsec to protect it. You just have to add those lines to the container in the `docker-compose.yml` file: 403 | ```yaml 404 | networks: 405 | - proxy 406 | labels: 407 | - "traefik.enable=true" #<== Enable traefik 408 | - "traefik.http.routers.EXAMPLE-secured.rule=Host(`EXAMPLE.${DOMAIN}`)" #<== Set domain 409 | - "traefik.http.routers.EXAMPLE-secured.entrypoints=websecure" #<== Set entry point for HTTPS 410 | - "traefik.http.routers.EXAMPLE-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 411 | - "traefik.http.routers.EXAMPLE-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 412 | - "traefik.http.routers.EXAMPLE-secured.service=EXAMPLE-service" #<== Set service 413 | - "traefik.http.services.EXAMPLE-service.loadbalancer.server.port=80" #<== Set target port on container 414 | ``` 415 | Now replace the word `EXAMPLE` with the name of the container and replace the destination port in the last line. Example with `whoami`: 416 | ```yaml 417 | whoami: 418 | image: traefik/whoami 419 | container_name: whoami 420 | restart: unless-stopped 421 | networks: 422 | - proxy 423 | labels: 424 | - "traefik.enable=true" #<== Enable traefik 425 | - "traefik.http.routers.whoami-secured.rule=Host(`whoami.${DOMAIN}`)" #<== Set domain 426 | - "traefik.http.routers.whoami-secured.entrypoints=websecure" #<== Set entry point for HTTPS 427 | - "traefik.http.routers.whoami-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 428 | - "traefik.http.routers.whoami-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 429 | - "traefik.http.routers.whoami-secured.service=whoami-service" #<== Set service 430 | - "traefik.http.services.whoami-service.loadbalancer.server.port=80" #<== Set target port on container 431 | ``` 432 | Now you can reach this container over HTTPS with the domain `whoami.example.com`. 433 | 434 | # Source 435 | Traefik: 436 | - [Mau5Machine/docker-compose.yml](https://gist.github.com/Mau5Machine/00401feb19433cf0387cc66c8e90c26c) 437 | - [Traefik documantation](https://doc.traefik.io/traefik/) 438 |
439 | 440 | 441 | 442 |
443 | 444 | Crowdsec: 445 | - [crowdsecurity/example-docker-compose](https://github.com/crowdsecurity/example-docker-compose) 446 | - [Crowdsec documantation](https://docs.crowdsec.net/docs/intro) 447 |
448 | 449 | 450 | 451 |
452 | 453 | Authelia: 454 | - [Authelia documantation](https://www.authelia.com/integration/prologue/get-started/) 455 |
456 | 457 | 458 | 459 |
-------------------------------------------------------------------------------- /proxy/data.tmpl/authelia/config/configuration.yml: -------------------------------------------------------------------------------- 1 | ############################################################### 2 | # Authelia configuration # 3 | ############################################################### 4 | 5 | server.host: 0.0.0.0 6 | server.port: 9091 7 | log.level: debug 8 | # log: 9 | # level: debug 10 | # format: text 11 | # file_path: "/logs/Authelia.log" 12 | # keep_stdout: false 13 | theme: dark 14 | # This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE 15 | jwt_secret: ---->PUT HERE A SECRET WICH IS 64 CHARACTERS LONG<---- 16 | default_redirection_url: https://auth.---->PUT YOUR DOMAIN HERE<---- 17 | totp: 18 | issuer: authelia.com 19 | 20 | ntp: 21 | address: "time.cloudflare.com:123" 22 | version: 4 23 | max_desync: 3s 24 | disable_startup_check: false 25 | disable_failure: false 26 | 27 | # duo_api: 28 | # hostname: api-123456789.---->PUT YOUR DOMAIN HERE<---- 29 | # integration_key: ABCDEF 30 | # # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE 31 | # secret_key: 1234567890abcdefghifjkl 32 | 33 | authentication_backend: 34 | file: 35 | path: /config/users_database.yml 36 | password: 37 | algorithm: argon2id 38 | iterations: 1 39 | salt_length: 16 40 | parallelism: 8 41 | memory: 64 42 | 43 | access_control: 44 | default_policy: two_factor 45 | networks: 46 | - name: internal 47 | networks: 48 | - '10.0.0.0/8' 49 | - '172.16.0.0/12' 50 | - '192.168.0.0/18' 51 | - '192.168.179.0/24' 52 | - '172.0.0.1' 53 | rules: 54 | - domain: # Rules applied to everyone 55 | - "proxy.---->PUT YOUR DOMAIN HERE<----" 56 | - "sec.---->PUT YOUR DOMAIN HERE<----" 57 | policy: two_factor 58 | subject: 59 | - "group:admin" 60 | 61 | - domain: 62 | - "whoami.---->PUT YOUR DOMAIN HERE<----" 63 | policy: bypass 64 | 65 | - domain: 66 | - "---->PUT YOUR DOMAIN HERE<----" 67 | - "www.---->PUT YOUR DOMAIN HERE<----" 68 | policy: one_factor 69 | subject: 70 | - "group:admin" 71 | - "group:user" 72 | 73 | session: 74 | name: authelia_session 75 | # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE 76 | secret: ---->PUT HERE A SECRET WICH IS 128 CHARACTERS LONG<---- 77 | expiration: 3600 # 1 hour 78 | #inactivity: 3600 # 1 hour 79 | remember_me_duration: 604800 # 7 days 80 | domain: ---->PUT YOUR DOMAIN HERE<---- # Should match whatever your root protected domain is 81 | 82 | regulation: 83 | max_retries: 3 84 | find_time: 120 85 | ban_time: 300 86 | 87 | storage: 88 | encryption_key: '---->PUT HERE A SECRET WICH IS 128 CHARACTERS LONG<----' 89 | local: 90 | path: /config/db.sqlite3 91 | 92 | notifier: 93 | filesystem: 94 | filename: /config/notification.txt 95 | # disable_startup_check: true 96 | # smtp: 97 | # host: ---->PUT MAIL SERVER HERE<---- 98 | # port: 465 #you maybe have to change this port 99 | # timeout: 60s 100 | # username: ---->PUT YOUR MAIL HERE<---- 101 | # password: '---->PUT YOUR MAIL PASSWORT HERE<----' 102 | # sender: ---->PUT YOUR MAIL HERE<---- 103 | # identifier: ---->PUT MAIL SERVER HERE<---- 104 | # subject: "[Authelia] {title}" 105 | # startup_check_address: ---->PUT YOUR MAIL HERE<---- 106 | # disable_require_tls: false 107 | # disable_html_emails: false 108 | # tls: 109 | # server_name: ---->PUT MAIL SERVER HERE<---- 110 | # skip_verify: false 111 | # minimum_version: TLS1.2 -------------------------------------------------------------------------------- /proxy/data.tmpl/authelia/config/users_database.yml: -------------------------------------------------------------------------------- 1 | #docker run authelia/authelia:latest authelia hash-password -- 'password' 2 | users: 3 | user@example.com: 4 | password: $argon2id$v=19$m=65536,t=3,p=4$R2dqcnNrOFJMN2F4UElDZw$3wLhazMUu39DaT44gVlc3d/0PPZABwQFXN4ecU/ucM4 5 | displayname: "test user" 6 | email: user@example.com 7 | groups: 8 | - admin 9 | - dev 10 | -------------------------------------------------------------------------------- /proxy/data.tmpl/crowdsecurity/bouncer/cloudflare/cfg.yaml: -------------------------------------------------------------------------------- 1 | # Config generated by using /etc/crowdsec/bouncers/crowdsec-cloudflare-bouncer.yaml as base 2 | crowdsec_lapi_url: http://proxy-crowdsec:8080/ 3 | crowdsec_lapi_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 4 | crowdsec_update_frequency: 10s 5 | include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word 6 | exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word 7 | only_include_decisions_from: [] # only include IPs banned due to decisions orginating from provided sources. eg value ["cscli", "crowdsec"] 8 | cloudflare_config: 9 | accounts: 10 | - id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX #Kropp.julian@gmail.com's Account 11 | zones: 12 | - zone_id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX #kropp.link 13 | actions: 14 | - managed_challenge 15 | token: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 16 | ip_list_prefix: crowdsec 17 | default_action: managed_challenge 18 | total_ip_list_capacity: 10000 # only this many latest IP decisions would be kept 19 | update_frequency: 10s 20 | daemon: false 21 | log_mode: stdout 22 | log_dir: /var/log/ 23 | log_level: info 24 | log_max_size: 0 25 | log_max_age: 0 26 | log_max_backups: 0 27 | compress_logs: null 28 | prometheus: 29 | enabled: true 30 | listen_addr: 127.0.0.1 31 | listen_port: "2112" 32 | key_path: "" 33 | cert_path: "" 34 | ca_cert_path: "" -------------------------------------------------------------------------------- /proxy/data.tmpl/crowdsecurity/bouncer/cloudflare/cloudflare-cache.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/data.tmpl/crowdsecurity/bouncer/cloudflare/cloudflare-cache.json -------------------------------------------------------------------------------- /proxy/data.tmpl/crowdsecurity/cs/acquis.yaml: -------------------------------------------------------------------------------- 1 | #Generated acquisition file - wizard.sh (service: sshd) / files : /var/log/auth.log 2 | filenames: 3 | - /var/log/auth.log 4 | labels: 5 | type: syslog 6 | --- 7 | 8 | --- 9 | #Generated acquisition file - wizard.sh (service: mysql) / files : /var/log/mysql/error.log 10 | filenames: 11 | - /var/log/mysql/error.log 12 | labels: 13 | type: mysql 14 | --- 15 | 16 | --- 17 | #Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log /var/log/messages 18 | filenames: 19 | - /var/log/syslog 20 | - /var/log/kern.log 21 | - /var/log/messages 22 | labels: 23 | type: syslog 24 | --- 25 | 26 | --- 27 | filenames: 28 | - /var/log/traefik/* 29 | labels: 30 | type: traefik 31 | 32 | # source: docker 33 | # container_name: 34 | # - proxy-traefik 35 | # labels: 36 | # type: traefik 37 | 38 | --- 39 | source: docker 40 | container_name: 41 | - proxy-authelia 42 | labels: 43 | type: authelia -------------------------------------------------------------------------------- /proxy/data.tmpl/crowdsecurity/metabase/metabase.db/README.md: -------------------------------------------------------------------------------- 1 | # Source of 'metabase.db.mv.db' 2 | This file was downloaded from: 3 | - https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip -------------------------------------------------------------------------------- /proxy/data.tmpl/crowdsecurity/metabase/metabase.db/metabase.db.mv.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/data.tmpl/crowdsecurity/metabase/metabase.db/metabase.db.mv.db -------------------------------------------------------------------------------- /proxy/img/authelia1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/authelia1.png -------------------------------------------------------------------------------- /proxy/img/authelia2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/authelia2.png -------------------------------------------------------------------------------- /proxy/img/authelia3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/authelia3.png -------------------------------------------------------------------------------- /proxy/img/authelia4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/authelia4.png -------------------------------------------------------------------------------- /proxy/img/authelia5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/authelia5.png -------------------------------------------------------------------------------- /proxy/img/cloudflare-create-token.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/cloudflare-create-token.png -------------------------------------------------------------------------------- /proxy/img/cloudflare-global-cfc-token.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/cloudflare-global-cfc-token.png -------------------------------------------------------------------------------- /proxy/img/cloudflare-global-traefik-token.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/cloudflare-global-traefik-token.png -------------------------------------------------------------------------------- /proxy/img/cloudflare-zone-id-api-key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/cloudflare-zone-id-api-key.png -------------------------------------------------------------------------------- /proxy/img/cloudflare_cs_api_key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/cloudflare_cs_api_key.png -------------------------------------------------------------------------------- /proxy/img/cloudflare_cs_api_key2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/cloudflare_cs_api_key2.png -------------------------------------------------------------------------------- /proxy/img/crowdsec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/crowdsec.png -------------------------------------------------------------------------------- /proxy/img/traefik-pilot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/traefik-pilot.png -------------------------------------------------------------------------------- /proxy/img/traefik.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/traefik.png -------------------------------------------------------------------------------- /proxy/img/whoami.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/proxy/img/whoami.png -------------------------------------------------------------------------------- /pterodactyl/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TimeZone='Europe/Berlin' 3 | Email='no-reply@example.com' 4 | EmailPassword='XXXXXXXXXXXXXXXXXXXXXXXX' 5 | Password='Jb4Zos7P^8y3orL$xG*PaMRFYUnTnLEP#opg&e&4S7eUT@yJFAuVJqo54oAAQ%iVSjzu2f4aX9LD5XjwFUxWbgY^47*Z#oEv3r9ny3aiJxfJc%6TPYFgTYSE2&UNcpWc' -------------------------------------------------------------------------------- /pterodactyl/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /pterodactyl/README.md: -------------------------------------------------------------------------------- 1 | # Pterodactyl Game Server Management 2 | 3 | Pterodactyl is a robust game server management system that simplifies running game servers. This README provides instructions on setting up and managing servers using Docker. 4 | 5 | ## Requirements 6 | - Docker 7 | - Docker-compose 8 | 9 | ## Initial Setup 10 | 11 | ### `.env` file 12 | Change the `.env` file to your needs. 13 | ```yaml 14 | DOMAIN="example.com" 15 | TimeZone='Europe/Berlin' 16 | Email='no-reply@example.com' 17 | EmailPassword='XXXXXXXXXXXXXXXXXXXXXXXX' 18 | Password='Jb4Zos7P^8y3orL$xG*PaMRFYUnTnLEP#opg&e&4S7eUT@yJFAuVJqo54oAAQ%iVSjzu2f4aX9LD5XjwFUxWbgY^47*Z#oEv3r9ny3aiJxfJc%6TPYFgTYSE2&UNcpWc' 19 | ``` 20 | 21 | ### Start pterodactyl 22 | ```sh 23 | $ cd pterodactyl 24 | $ docker-compose up -d 25 | ``` 26 | or use the script in the root directory of this repo 27 | ```sh 28 | ./docker.sh -S proxy -r 29 | ./docker.sh -S pterodactyl -r 30 | ``` 31 | 32 | ### 1. Creating a User 33 | To start, create a user for the Pterodactyl panel. Run the following commands in your terminal: 34 | 35 | ```bash 36 | USER@server:/home/Docker-Collection/pterodactyl$ docker-compose run --rm pterodactyl-panel php artisan p:user:mak 37 | Creating pterodactyl_pterodactyl-panel_run ... done 38 | ln: /var/log/panel/logs: File exists 39 | external vars exist. 40 | Checking if https is required. 41 | Using nginx config already in place. 42 | No letsencrypt email is set 43 | Checking database status. 44 | pterodactyl-database (172.26.0.2:3306) open 45 | Migrating and Seeding D.B 46 | 47 | INFO Nothing to migrate. 48 | 49 | INFO Seeding database. 50 | 51 | Database\Seeders\NestSeeder .............................................................................................................. RUNNING 52 | Database\Seeders\NestSeeder ......................................................................................................... 9.22 ms DONE 53 | 54 | Database\Seeders\EggSeeder ............................................................................................................... RUNNING 55 | ********************************************* 56 | * Updating Eggs for Nest: Minecraft * 57 | ********************************************* 58 | 59 | Updated Paper 60 | Updated Bungeecord 61 | Updated Forge Minecraft 62 | Updated Sponge (SpongeVanilla) 63 | Updated Vanilla Minecraft 64 | 65 | ************************************************* 66 | * Updating Eggs for Nest: Source Engine * 67 | ************************************************* 68 | 69 | Updated Insurgency 70 | Updated Team Fortress 2 71 | Updated Garrys Mod 72 | Updated Ark: Survival Evolved 73 | Updated Counter-Strike: Global Offensive 74 | Updated Custom Source Engine Game 75 | 76 | ************************************************* 77 | * Updating Eggs for Nest: Voice Servers * 78 | ************************************************* 79 | 80 | Updated Mumble Server 81 | Updated Teamspeak3 Server 82 | 83 | **************************************** 84 | * Updating Eggs for Nest: Rust * 85 | **************************************** 86 | 87 | Updated Rust 88 | 89 | Database\Seeders\EggSeeder ........................................................................................................ 829.16 ms DONE 90 | 91 | Starting cron jobs. 92 | Starting supervisord. 93 | 94 | Is this user an administrator? (yes/no) [no]: 95 | > yes 96 | 97 | Email Address: 98 | > USER@example.com 99 | 100 | Username: 101 | > USER 102 | 103 | First Name: 104 | > USER 105 | 106 | Last Name: 107 | > NAME 108 | 109 | Passwords must be at least 8 characters in length and contain at least one capital letter and number. 110 | If you would like to create an account with a random password emailed to the user, re-run this command (CTRL+C) and pass the `--no-password` flag. 111 | 112 | Password: 113 | > 114 | 115 | +----------+--------------------------------------+ 116 | | Field | Value | 117 | +----------+--------------------------------------+ 118 | | UUID | 5ef005ec-c5c8-4402-a608-0cccd2dca121 | 119 | | Email | USER@example.com | 120 | | Username | USER | 121 | | Name | USER NAME | 122 | | Admin | Yes | 123 | +----------+--------------------------------------+ 124 | ``` 125 | 126 | Follow the on-screen instructions to complete the user creation process, ensuring you have administrative privileges. 127 | 128 | ### 2. Access the Admin Panel 129 | 130 | Now, navigate to your admin panel at https://game.example.com/admin. Here you can manage your servers and configurations. 131 | 132 | ![Alt text](img/1.png) 133 | 134 | ### 3. Configure the Server 135 | Follow these steps for server configuration: 136 | 137 | ![Alt text](img/2.png) 138 | 139 | Create a Node: 140 | 141 | ![Alt text](img/3.png) 142 | 143 | ![Alt text](img/4.png) 144 | 145 | Assign New Allocations: 146 | 147 | ![Alt text](img/5.png) 148 | 149 | ![Alt text](img/6.png) 150 | 151 | Node Configuration: Copy the Configuration File from Nodes/Configuration. 152 | 153 | ![Alt text](img/7.png) 154 | 155 | Create a new file in pterodactyl/data/wings/config.yml and paste the Configuration File you just copied: 156 | ```bash 157 | USER@server:/home/Docker-Collection/pterodactyl$ sudo chown 1000:1000 data/wings -R 158 | [sudo] password for USER: 159 | USER@server:/home/Docker-Collection/pterodactyl$ nano data/wings/config.yml 160 | ``` 161 | ```yaml 162 | debug: false 163 | uuid: 0c39efaa-c9b3-45d9-914a-f3cbdc17d42e 164 | token_id: P0DpA0yO046Xdbdf 165 | token: plCK4IE6RT6vxgQbH4pvMItrbkQk9q2AqrSruOF2JWpB3baZiSQp84JeJDZkylA7 166 | api: 167 | host: 0.0.0.0 168 | port: 443 169 | ssl: 170 | enabled: false 171 | cert: /etc/letsencrypt/live/wing.game.example.com/fullchain.pem 172 | key: /etc/letsencrypt/live/wing.game.example.com/privkey.pem 173 | upload_limit: 100 174 | system: 175 | data: /var/lib/docker/volumes 176 | sftp: 177 | bind_port: 2022 178 | allowed_mounts: [] 179 | remote: 'https://game.example.com' 180 | ``` 181 | 182 | Now go to https://game.example.com/admin/nodes and you should see a green hart: 183 | ![Alt text](img/8.png) 184 | 185 | ### Creating Your First Game Server 186 | Go to Servers and create a new server: 187 | ![Alt text](img/9.png) 188 | ![Alt text](img/10.png) 189 | ![Alt text](img/11.png) 190 | ![Alt text](img/12.png) 191 | ![Alt text](img/13.png) 192 | 193 | Now go to Servers and click on the spanner of the server you just created: 194 | ![Alt text](img/14.png) 195 | ![Alt text](img/15.png) 196 | 197 | Thats it. Start the Server and connect to it with the IP or the domain with the port 35000. IMPORTEND. Dont use cloudflare tunnel for this. It wont work. Use a normal A record. -------------------------------------------------------------------------------- /pterodactyl/docker-compose.yml: -------------------------------------------------------------------------------- 1 | #Create User: docker-compose run --rm pterodactyl-panel php artisan p:user:mak 2 | x-common: 3 | database: 4 | &db-environment 5 | # Do not remove the "&db-password" from the end of the line below, it is important 6 | # for Panel functionality. 7 | MYSQL_PASSWORD: &db-password ${Password} 8 | MYSQL_ROOT_PASSWORD: ${Password} 9 | panel: 10 | &panel-environment 11 | APP_URL: "https://game.${DOMAIN}" 12 | # A list of valid timezones can be found here: http://php.net/manual/en/timezones.php 13 | APP_TIMEZONE: ${TimeZone} 14 | APP_SERVICE_AUTHOR: "${Email}" 15 | TRUSTED_PROXIES: "*" #add from TechnoTim for Proxy 16 | # Uncomment the line below and set to a non-empty value if you want to use Let's Encrypt 17 | # to generate an SSL certificate for the Panel. 18 | # LE_EMAIL: "" 19 | mail: 20 | &mail-environment 21 | MAIL_FROM: "${Email}" 22 | MAIL_DRIVER: "smtp" 23 | MAIL_HOST: "mail.${DOMAIN}" 24 | MAIL_PORT: "465" 25 | MAIL_USERNAME: "${Email}" 26 | MAIL_PASSWORD: "${EmailPassword}" 27 | MAIL_ENCRYPTION: "true" 28 | 29 | # 30 | # ------------------------------------------------------------------------------------------ 31 | # DANGER ZONE BELOW 32 | # 33 | # The remainder of this file likely does not need to be changed. Please only make modifications 34 | # below if you understand what you are doing. 35 | # 36 | services: 37 | pterodactyl-database: 38 | image: mariadb:10.5 39 | container_name: pterodactyl-database 40 | restart: unless-stopped 41 | command: --default-authentication-plugin=mysql_native_password 42 | volumes: 43 | - "./data/database:/var/lib/mysql" 44 | environment: 45 | <<: *db-environment 46 | MYSQL_DATABASE: "panel" 47 | MYSQL_USER: "pterodactyl" 48 | networks: 49 | - pterodactyl 50 | 51 | pterodactyl-cache: 52 | image: redis:alpine 53 | container_name: pterodactyl-cache 54 | restart: unless-stopped 55 | networks: 56 | - pterodactyl 57 | 58 | 59 | pterodactyl-panel: 60 | image: ghcr.io/pterodactyl/panel:latest 61 | container_name: pterodactyl-panel 62 | restart: unless-stopped 63 | # ports: 64 | # - "80:80" 65 | # - "443:443" 66 | links: 67 | - pterodactyl-database 68 | - pterodactyl-cache 69 | networks: 70 | - pterodactyl 71 | - proxy 72 | volumes: 73 | - "./data/panel/var/:/app/var/" 74 | - "./data/panel/nginx/:/etc/nginx/http.d/" 75 | - "./data/panel/certs/:/etc/letsencrypt/" 76 | - "./data/panel/logs/:/app/storage/logs" 77 | environment: 78 | <<: [*panel-environment, *mail-environment] 79 | DB_PASSWORD: *db-password 80 | APP_ENV: "production" 81 | APP_ENVIRONMENT_ONLY: "false" 82 | CACHE_DRIVER: "redis" 83 | SESSION_DRIVER: "redis" 84 | QUEUE_DRIVER: "redis" 85 | REDIS_HOST: "pterodactyl-cache" 86 | DB_HOST: "pterodactyl-database" 87 | DB_PORT: "3306" 88 | TRUSTED_PROXIES: "*" 89 | labels: 90 | - "traefik.enable=true" #<== Enable traefik 91 | - "traefik.http.routers.pterodactyl-secured.rule=Host(`game.${DOMAIN}`)" #<== Set domain 92 | - "traefik.http.routers.pterodactyl-secured.entrypoints=websecure" #<== Set entry point for HTTPS 93 | - "traefik.http.routers.pterodactyl-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 94 | # - "traefik.http.routers.pterodactyl-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 95 | - "traefik.http.routers.pterodactyl-secured.service=pterodactyl-service" #<== Set service 96 | - "traefik.http.services.pterodactyl-service.loadbalancer.server.port=80" #<== Set target port on container 97 | 98 | 99 | 100 | pterodactyl-wings: 101 | image: ghcr.io/pterodactyl/wings:latest 102 | container_name: pterodactyl-wings 103 | restart: unless-stopped 104 | networks: 105 | - pterodactyl 106 | - wings0 107 | - proxy 108 | ports: 109 | - "127.0.0.1:2022:2022" 110 | # - "8080:8080" 111 | # - "2022:2022" 112 | tty: true 113 | environment: 114 | TZ: ${TimeZone} 115 | WINGS_UID: 988 116 | WINGS_GID: 988 117 | WINGS_USERNAME: pterodactyl 118 | volumes: 119 | - "/var/run/docker.sock:/var/run/docker.sock" 120 | # - "/var/lib/docker/containers/:/var/lib/docker/containers/" 121 | - "/var/lib/docker/:/var/lib/docker" 122 | - "./data/wings/:/etc/pterodactyl/" 123 | - "/var/lib/pterodactyl/:/var/lib/pterodactyl/" 124 | - "/var/log/pterodactyl/:/var/log/pterodactyl/" 125 | - "/tmp/pterodactyl/:/tmp/pterodactyl/" 126 | - "/etc/ssl/certs:/etc/ssl/certs:ro" 127 | # you may need /srv/daemon-data if you are upgrading from an old daemon 128 | #- "/srv/daemon-data/:/srv/daemon-data/" 129 | # Required for ssl if you use let's encrypt. uncomment to use. 130 | #- "/etc/letsencrypt/:/etc/letsencrypt/" 131 | labels: 132 | - "traefik.enable=true" #<== Enable traefik 133 | - "traefik.http.routers.wings-secured.rule=Host(`wing.game.${DOMAIN}`)" #<== Set domain 134 | - "traefik.http.routers.wings-secured.entrypoints=websecure" #<== Set entry point for HTTPS 135 | - "traefik.http.routers.wings-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 136 | # - "traefik.http.routers.wings-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 137 | - "traefik.http.routers.wings-secured.service=wings-service" #<== Set service 138 | - "traefik.http.services.wings-service.loadbalancer.server.port=443" #<== Set target port on container 139 | 140 | 141 | 142 | 143 | networks: 144 | proxy: 145 | external: true 146 | pterodactyl: 147 | name: pterodactyl 148 | driver: bridge 149 | # ipam: 150 | # config: 151 | # - subnet: 172.20.0.0/16 152 | wings0: 153 | name: wings0 154 | driver: bridge 155 | ipam: 156 | config: 157 | - subnet: "172.21.0.0/16" 158 | driver_opts: 159 | com.docker.network.bridge.name: wings0 -------------------------------------------------------------------------------- /pterodactyl/img/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/1.png -------------------------------------------------------------------------------- /pterodactyl/img/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/10.png -------------------------------------------------------------------------------- /pterodactyl/img/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/11.png -------------------------------------------------------------------------------- /pterodactyl/img/12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/12.png -------------------------------------------------------------------------------- /pterodactyl/img/13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/13.png -------------------------------------------------------------------------------- /pterodactyl/img/14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/14.png -------------------------------------------------------------------------------- /pterodactyl/img/15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/15.png -------------------------------------------------------------------------------- /pterodactyl/img/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/2.png -------------------------------------------------------------------------------- /pterodactyl/img/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/3.png -------------------------------------------------------------------------------- /pterodactyl/img/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/4.png -------------------------------------------------------------------------------- /pterodactyl/img/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/5.png -------------------------------------------------------------------------------- /pterodactyl/img/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/6.png -------------------------------------------------------------------------------- /pterodactyl/img/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/7.png -------------------------------------------------------------------------------- /pterodactyl/img/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/8.png -------------------------------------------------------------------------------- /pterodactyl/img/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/pterodactyl/img/9.png -------------------------------------------------------------------------------- /sharelatex/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN='example.com' 2 | EMAIL_SMTP_HOST='mail.example.com' 3 | EMAIL_SMTP_PORT='465' 4 | EMAIL_SMTP_USER='no-reply@example.com' 5 | EMAIL_SMTP_PASS='XXXXXXXXXXXXXXXXXXXXXXX' -------------------------------------------------------------------------------- /sharelatex/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | /data-backup 5 | /data-backup/* 6 | -------------------------------------------------------------------------------- /sharelatex/README.md: -------------------------------------------------------------------------------- 1 | # sharelatex 2 | 3 | ## Quick Start Guide 4 | - https://github.com/overleaf/overleaf/wiki/Quick-Start-Guide 5 | - https://github.com/overleaf/overleaf/blob/old-master/docker-compose.yml 6 | 7 | ## Create Admin user 8 | ``` 9 | docker exec sharelatex /bin/bash -c "cd /var/www/sharelatex; grunt user:create-admin --email=joe@example.com" 10 | ``` 11 | OR Goto https://example.com/launchpad 12 | 13 | 14 | -------------------------------------------------------------------------------- /sharelatex/build/latex/dockerfile: -------------------------------------------------------------------------------- 1 | FROM sharelatex/sharelatex:latest 2 | RUN wget https://mirror.physik.tu-berlin.de/pub/CTAN/systems/texlive/tlnet/update-tlmgr-latest.sh && chmod +x update-tlmgr-latest.sh && ./update-tlmgr-latest.sh 3 | RUN tlmgr update --self --all 4 | RUN luaotfload-tool -fu 5 | RUN tlmgr install scheme-full -------------------------------------------------------------------------------- /sharelatex/build/mongo/dockerfile: -------------------------------------------------------------------------------- 1 | FROM mongo:5.0 2 | 3 | # Copy the JavaScript and shell scripts to the image 4 | COPY mongo-init-replica.js /docker-entrypoint-initdb.d/mongo-init-replica.js 5 | COPY init-replica.sh /docker-entrypoint-initdb.d/init-replica.sh 6 | 7 | # Make the shell script executable 8 | RUN chmod +x /docker-entrypoint-initdb.d/init-replica.sh 9 | 10 | # Use the shell script as the entrypoint 11 | ENTRYPOINT ["/docker-entrypoint-initdb.d/init-replica.sh"] 12 | -------------------------------------------------------------------------------- /sharelatex/build/mongo/init-replica.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Start MongoDB in the background for initialization purposes 5 | mongod --replSet rs0 --bind_ip_all & 6 | mongo_pid=$! 7 | 8 | # Wait for MongoDB to fully start 9 | until mongo --eval "print('waiting for mongo to start')" &>/dev/null; do 10 | sleep 1 11 | done 12 | 13 | # Execute the replica set initiation script 14 | mongo < /docker-entrypoint-initdb.d/mongo-init-replica.js 15 | 16 | # Shut down the background MongoDB process 17 | kill -SIGTERM "$mongo_pid" 18 | wait "$mongo_pid" 19 | 20 | # Now, restart MongoDB in the foreground for normal operations 21 | exec mongod --replSet rs0 --bind_ip_all 22 | -------------------------------------------------------------------------------- /sharelatex/build/mongo/mongo-init-replica.js: -------------------------------------------------------------------------------- 1 | rs.status().ok || rs.initiate({ 2 | _id: "rs0", 3 | members: [{ _id: 0, host: "mongo:27017" }] 4 | }); 5 | -------------------------------------------------------------------------------- /sharelatex/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | sharelatex: 3 | restart: always 4 | # Server Pro users: 5 | # image: quay.io/sharelatex/sharelatex-pro 6 | # image: sharelatex/sharelatex 7 | build: ./build/latex 8 | container_name: sharelatex 9 | depends_on: 10 | mongo: 11 | condition: service_healthy 12 | redis: 13 | condition: service_started 14 | links: 15 | - mongo 16 | - redis 17 | # ports: 18 | # - 4555:80 19 | expose: 20 | - 80 21 | volumes: 22 | - ./data/sharelatex:/var/lib/overleaf 23 | ######################################################################## 24 | #### Server Pro: Un-comment the following line to mount the docker #### 25 | #### socket, required for Sibling Containers to work #### 26 | ######################################################################## 27 | # - /var/run/docker.sock:/var/run/docker.sock 28 | environment: 29 | OVERLEAF_APP_NAME: Overleaf Workspace # change to custom name 30 | 31 | OVERLEAF_MONGO_URL: mongodb://mongo/sharelatex?replicaSet=rs0 32 | 33 | # Same property, unfortunately with different names in 34 | # different locations 35 | OVERLEAF_REDIS_HOST: redis 36 | REDIS_HOST: redis 37 | 38 | ENABLED_LINKED_FILE_TYPES: "url,project_file" 39 | 40 | # Enables Thumbnail generation using ImageMagick 41 | ENABLE_CONVERSIONS: "true" 42 | 43 | # Disables email confirmation requirement 44 | EMAIL_CONFIRMATION_DISABLED: "true" 45 | 46 | # temporary fix for LuaLaTex compiles 47 | # see https://github.com/overleaf/overleaf/issues/695 48 | TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var 49 | 50 | OVERLEAF_EMAIL_FROM_ADDRESS: "postmaster@test.com" # change email 51 | 52 | networks: 53 | - proxy 54 | - sharelatex-backend 55 | labels: 56 | - "traefik.enable=true" #<== Enable traefik 57 | - "traefik.http.routers.sharelatex-secured.rule=Host(`latex.${DOMAIN}`)" #<== Set domain 58 | - "traefik.http.routers.sharelatex-secured.entrypoints=websecure" #<== Set entry point for HTTPS 59 | - "traefik.http.routers.sharelatex-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 60 | - "traefik.http.routers.sharelatex-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 61 | - "traefik.http.routers.sharelatex-secured.service=sharelatex-service" #<== Set service 62 | - "traefik.http.services.sharelatex-service.loadbalancer.server.port=80" #<== Set target port on container 63 | 64 | mongo: 65 | restart: always 66 | # image: mongo:5.0 67 | build: ./build/mongo 68 | container_name: mongo 69 | command: --replSet rs0 70 | expose: 71 | - 27017 72 | volumes: 73 | - ./data/mongo:/data/db 74 | healthcheck: 75 | test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet 76 | interval: 10s 77 | timeout: 10s 78 | retries: 5 79 | networks: 80 | - sharelatex-backend 81 | 82 | 83 | redis: 84 | restart: always 85 | image: redis:6.2 86 | container_name: redis 87 | expose: 88 | - 6379 89 | volumes: 90 | - ./data/redis:/data 91 | networks: 92 | - sharelatex-backend 93 | 94 | networks: 95 | proxy: 96 | external: true 97 | sharelatex-backend: 98 | name: sharelatex-backend 99 | driver: bridge 100 | -------------------------------------------------------------------------------- /supabase/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | 3 | ############ 4 | # Secrets 5 | # YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION 6 | ############ 7 | 8 | # To generate JWT,ANON and SERVICE KEYs: https://supabase.com/docs/guides/hosting/overview#api-keys 9 | POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password 10 | JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long 11 | ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE 12 | SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q 13 | 14 | 15 | ############ 16 | # Database - You can change these to any PostgreSQL database that has logical replication enabled. 17 | ############ 18 | 19 | # POSTGRES_HOST=db 20 | POSTGRES_DB=postgres 21 | POSTGRES_USER=postgres 22 | # POSTGRES_PORT=5432 23 | 24 | 25 | ############ 26 | # API Proxy - Configuration for the Kong Reverse proxy. 27 | ############ 28 | 29 | # KONG_HTTP_PORT=8000 30 | # KONG_HTTPS_PORT=8443 31 | 32 | 33 | ############ 34 | # API - Configuration for PostgREST. 35 | ############ 36 | 37 | PGRST_DB_SCHEMAS=public,storage,graphql_public 38 | 39 | 40 | ############ 41 | # Auth - Configuration for the GoTrue authentication server. 42 | ############ 43 | 44 | ## General 45 | # SITE_URL=http://localhost:3000 46 | ADDITIONAL_REDIRECT_URLS= 47 | JWT_EXPIRY=3600 48 | DISABLE_SIGNUP=false 49 | # API_EXTERNAL_URL=http://localhost:8000 50 | 51 | ## Mailer Config 52 | MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify" 53 | MAILER_URLPATHS_INVITE="/auth/v1/verify" 54 | MAILER_URLPATHS_RECOVERY="/auth/v1/verify" 55 | MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify" 56 | 57 | ## Email auth 58 | ENABLE_EMAIL_SIGNUP=true 59 | ENABLE_EMAIL_AUTOCONFIRM=false 60 | SMTP_ADMIN_EMAIL=admin@example.com 61 | SMTP_HOST=supabase-mail 62 | SMTP_PORT=2500 63 | SMTP_USER=fake_mail_user 64 | SMTP_PASS=fake_mail_password 65 | SMTP_SENDER_NAME=fake_sender 66 | 67 | ## Phone auth 68 | ENABLE_PHONE_SIGNUP=true 69 | ENABLE_PHONE_AUTOCONFIRM=true 70 | 71 | 72 | ############ 73 | # Studio - Configuration for the Dashboard 74 | ############ 75 | 76 | STUDIO_DEFAULT_ORGANIZATION=Default Organization 77 | STUDIO_DEFAULT_PROJECT=Default Project 78 | 79 | # STUDIO_PORT=3000 80 | # SUPABASE_PUBLIC_URL=https://localhost:8443 # replace if you intend to use Studio outside of localhost 81 | -------------------------------------------------------------------------------- /supabase/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /supabase/README.md: -------------------------------------------------------------------------------- 1 | # Supabase 2 | -------------------------------------------------------------------------------- /supabase/data.tmpl/api/kong.yml: -------------------------------------------------------------------------------- 1 | _format_version: "1.1" 2 | 3 | ### 4 | ### Consumers / Users 5 | ### 6 | consumers: 7 | - username: anon 8 | keyauth_credentials: 9 | - key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE 10 | - username: service_role 11 | keyauth_credentials: 12 | - key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q 13 | 14 | ### 15 | ### Access Control List 16 | ### 17 | acls: 18 | - consumer: anon 19 | group: anon 20 | - consumer: service_role 21 | group: admin 22 | 23 | ### 24 | ### API Routes 25 | ### 26 | services: 27 | ## Open Auth routes 28 | - name: auth-v1-open 29 | url: http://auth:9999/verify 30 | routes: 31 | - name: auth-v1-open 32 | strip_path: true 33 | paths: 34 | - /auth/v1/verify 35 | plugins: 36 | - name: cors 37 | - name: auth-v1-open-callback 38 | url: http://auth:9999/callback 39 | routes: 40 | - name: auth-v1-open-callback 41 | strip_path: true 42 | paths: 43 | - /auth/v1/callback 44 | plugins: 45 | - name: cors 46 | - name: auth-v1-open-authorize 47 | url: http://auth:9999/authorize 48 | routes: 49 | - name: auth-v1-open-authorize 50 | strip_path: true 51 | paths: 52 | - /auth/v1/authorize 53 | plugins: 54 | - name: cors 55 | 56 | ## Secure Auth routes 57 | - name: auth-v1 58 | _comment: "GoTrue: /auth/v1/* -> http://auth:9999/*" 59 | url: http://auth:9999/ 60 | routes: 61 | - name: auth-v1-all 62 | strip_path: true 63 | paths: 64 | - /auth/v1/ 65 | plugins: 66 | - name: cors 67 | - name: key-auth 68 | config: 69 | hide_credentials: false 70 | - name: acl 71 | config: 72 | hide_groups_header: true 73 | allow: 74 | - admin 75 | - anon 76 | 77 | ## Secure REST routes 78 | - name: rest-v1 79 | _comment: "PostgREST: /rest/v1/* -> http://rest:3000/*" 80 | url: http://rest:3000/ 81 | routes: 82 | - name: rest-v1-all 83 | strip_path: true 84 | paths: 85 | - /rest/v1/ 86 | plugins: 87 | - name: cors 88 | - name: key-auth 89 | config: 90 | hide_credentials: true 91 | - name: acl 92 | config: 93 | hide_groups_header: true 94 | allow: 95 | - admin 96 | - anon 97 | 98 | ## Secure GraphQL routes 99 | - name: graphql-v1 100 | _comment: "PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql" 101 | url: http://rest:3000/rpc/graphql 102 | routes: 103 | - name: graphql-v1-all 104 | strip_path: true 105 | paths: 106 | - /graphql/v1 107 | plugins: 108 | - name: cors 109 | - name: key-auth 110 | config: 111 | hide_credentials: true 112 | - name: request-transformer 113 | config: 114 | add: 115 | headers: 116 | - Content-Profile:graphql_public 117 | - name: acl 118 | config: 119 | hide_groups_header: true 120 | allow: 121 | - admin 122 | - anon 123 | 124 | ## Secure Realtime routes 125 | - name: realtime-v1 126 | _comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*" 127 | url: http://realtime:4000/socket/ 128 | routes: 129 | - name: realtime-v1-all 130 | strip_path: true 131 | paths: 132 | - /realtime/v1/ 133 | plugins: 134 | - name: cors 135 | - name: key-auth 136 | config: 137 | hide_credentials: false 138 | - name: acl 139 | config: 140 | hide_groups_header: true 141 | allow: 142 | - admin 143 | - anon 144 | 145 | ## Storage routes: the storage server manages its own auth 146 | - name: storage-v1 147 | _comment: "Storage: /storage/v1/* -> http://storage:5000/*" 148 | url: http://storage:5000/ 149 | routes: 150 | - name: storage-v1-all 151 | strip_path: true 152 | paths: 153 | - /storage/v1/ 154 | plugins: 155 | - name: cors 156 | 157 | ## Secure Database routes 158 | - name: meta 159 | _comment: "pg-meta: /pg/* -> http://pg-meta:8080/*" 160 | url: http://meta:8080/ 161 | routes: 162 | - name: meta-all 163 | strip_path: true 164 | paths: 165 | - /pg/ 166 | plugins: 167 | - name: key-auth 168 | config: 169 | hide_credentials: false 170 | - name: acl 171 | config: 172 | hide_groups_header: true 173 | allow: 174 | - admin 175 | -------------------------------------------------------------------------------- /supabase/data.tmpl/db/init/data.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/supabase/data.tmpl/db/init/data.sql -------------------------------------------------------------------------------- /supabase/data.tmpl/db/roles.sql: -------------------------------------------------------------------------------- 1 | -- NOTE: change to your own passwords for production environments 2 | \set pgpass `echo "$PGPASSWORD"` 3 | 4 | ALTER USER authenticator WITH PASSWORD :'pgpass'; 5 | ALTER USER pgbouncer WITH PASSWORD :'pgpass'; 6 | ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass'; 7 | ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass'; 8 | -------------------------------------------------------------------------------- /supabase/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### supabase ##### 4 | ############################################### 5 | studio: 6 | container_name: supabase-studio 7 | image: supabase/studio:0.22.08 8 | restart: unless-stopped 9 | # ports: 10 | # - ${STUDIO_PORT}:3000/tcp 11 | environment: 12 | STUDIO_PG_META_URL: http://meta:8080 13 | POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 14 | 15 | DEFAULT_ORGANIZATION: ${STUDIO_DEFAULT_ORGANIZATION} 16 | DEFAULT_PROJECT: ${STUDIO_DEFAULT_PROJECT} 17 | 18 | SUPABASE_URL: http://kong:8000 19 | SUPABASE_PUBLIC_URL: https://supabase-api.${DOMAIN} 20 | # Kept for backwards compatibility with studio:0.22.08 21 | SUPABASE_REST_URL: https://supabase-api.${DOMAIN}/rest/v1/ 22 | SUPABASE_ANON_KEY: ${ANON_KEY} 23 | SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY} 24 | networks: 25 | - proxy 26 | - supabase 27 | labels: 28 | - "traefik.enable=true" #<== Enable traefik 29 | - "traefik.http.routers.supabase-secured.rule=Host(`supabase.${DOMAIN}`)" #<== Set domain 30 | - "traefik.http.routers.supabase-secured.entrypoints=websecure" #<== Set entry point for HTTPS 31 | - "traefik.http.routers.supabase-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 32 | - "traefik.http.routers.supabase-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 33 | - "traefik.http.routers.supabase-secured.service=supabase-service" #<== Set service 34 | - "traefik.http.services.supabase-service.loadbalancer.server.port=3000" #<== Set target port on container 35 | 36 | kong: 37 | container_name: supabase-kong 38 | image: kong:2.8.1 39 | restart: unless-stopped 40 | # ports: 41 | # - ${KONG_HTTP_PORT}:8000/tcp 42 | # - ${KONG_HTTPS_PORT}:8443/tcp 43 | environment: 44 | KONG_DATABASE: "off" 45 | KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml 46 | # https://github.com/supabase/cli/issues/14 47 | KONG_DNS_ORDER: LAST,A,CNAME 48 | KONG_PLUGINS: request-transformer,cors,key-auth,acl 49 | KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k 50 | KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k 51 | volumes: 52 | - ./data/api:/var/lib/kong:ro 53 | networks: 54 | - proxy 55 | - supabase 56 | labels: 57 | - "traefik.enable=true" #<== Enable traefik 58 | - "traefik.http.routers.supabase-api-secured.rule=Host(`supabase-api.${DOMAIN}`)" #<== Set domain 59 | - "traefik.http.routers.supabase-api-secured.entrypoints=websecure" #<== Set entry point for HTTPS 60 | - "traefik.http.routers.supabase-api-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 61 | # - "traefik.http.routers.supabase-api-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 62 | - "traefik.http.routers.supabase-api-secured.service=supabase-api-service" #<== Set service 63 | - "traefik.http.services.supabase-api-service.loadbalancer.server.port=8000" #<== Set target port on container 64 | 65 | auth: 66 | container_name: supabase-auth 67 | image: supabase/gotrue:v2.31.0 68 | depends_on: 69 | db: # Disable this if you are using an external Postgres database 70 | condition: service_healthy 71 | restart: unless-stopped 72 | environment: 73 | GOTRUE_API_HOST: 0.0.0.0 74 | GOTRUE_API_PORT: 9999 75 | API_EXTERNAL_URL: https://supabase-api.${DOMAIN} 76 | 77 | GOTRUE_DB_DRIVER: postgres 78 | GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} 79 | 80 | GOTRUE_SITE_URL: https://supabase.${DOMAIN} 81 | GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS} 82 | GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP} 83 | 84 | GOTRUE_JWT_ADMIN_ROLES: service_role 85 | GOTRUE_JWT_AUD: authenticated 86 | GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated 87 | GOTRUE_JWT_EXP: ${JWT_EXPIRY} 88 | GOTRUE_JWT_SECRET: ${JWT_SECRET} 89 | 90 | GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP} 91 | GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM} 92 | # GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true 93 | # GOTRUE_SMTP_MAX_FREQUENCY: 1s 94 | GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL} 95 | GOTRUE_SMTP_HOST: ${SMTP_HOST} 96 | GOTRUE_SMTP_PORT: ${SMTP_PORT} 97 | GOTRUE_SMTP_USER: ${SMTP_USER} 98 | GOTRUE_SMTP_PASS: ${SMTP_PASS} 99 | GOTRUE_SMTP_SENDER_NAME: ${SMTP_SENDER_NAME} 100 | GOTRUE_MAILER_URLPATHS_INVITE: ${MAILER_URLPATHS_INVITE} 101 | GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${MAILER_URLPATHS_CONFIRMATION} 102 | GOTRUE_MAILER_URLPATHS_RECOVERY: ${MAILER_URLPATHS_RECOVERY} 103 | GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${MAILER_URLPATHS_EMAIL_CHANGE} 104 | 105 | GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP} 106 | GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM} 107 | MFA_ENABLED: ${MFA_ENABLED} 108 | networks: 109 | - supabase 110 | 111 | rest: 112 | container_name: supabase-rest 113 | image: postgrest/postgrest:v9.0.1.20220717 114 | depends_on: 115 | db: # Disable this if you are using an external Postgres database 116 | condition: service_healthy 117 | restart: unless-stopped 118 | environment: 119 | PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} 120 | PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS} 121 | PGRST_DB_ANON_ROLE: anon 122 | PGRST_JWT_SECRET: ${JWT_SECRET} 123 | PGRST_DB_USE_LEGACY_GUCS: "false" 124 | networks: 125 | - supabase 126 | 127 | realtime: 128 | container_name: supabase-realtime 129 | image: supabase/realtime:v0.25.1 130 | depends_on: 131 | db: # Disable this if you are using an external Postgres database 132 | condition: service_healthy 133 | restart: unless-stopped 134 | environment: 135 | DB_HOST: db 136 | DB_PORT: 5432 137 | DB_NAME: ${POSTGRES_DB} 138 | DB_USER: supabase_admin 139 | DB_PASSWORD: ${POSTGRES_PASSWORD} 140 | DB_SSL: "false" 141 | PORT: 4000 142 | JWT_SECRET: ${JWT_SECRET} 143 | REPLICATION_MODE: RLS 144 | REPLICATION_POLL_INTERVAL: 100 145 | SECURE_CHANNELS: "true" 146 | SLOT_NAME: supabase_realtime_rls 147 | TEMPORARY_SLOT: "true" 148 | command: > 149 | bash -c "./prod/rel/realtime/bin/realtime eval Realtime.Release.migrate 150 | && ./prod/rel/realtime/bin/realtime start" 151 | networks: 152 | - supabase 153 | 154 | storage: 155 | container_name: supabase-storage 156 | image: supabase/storage-api:v0.21.4 157 | depends_on: 158 | db: # Disable this if you are using an external Postgres database 159 | condition: service_healthy 160 | rest: 161 | condition: service_started 162 | restart: unless-stopped 163 | environment: 164 | ANON_KEY: ${ANON_KEY} 165 | SERVICE_KEY: ${SERVICE_ROLE_KEY} 166 | POSTGREST_URL: http://rest:3000 167 | PGRST_JWT_SECRET: ${JWT_SECRET} 168 | DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} 169 | FILE_SIZE_LIMIT: 52428800 170 | STORAGE_BACKEND: file 171 | FILE_STORAGE_BACKEND_PATH: /var/lib/storage 172 | TENANT_ID: stub 173 | # TODO: https://github.com/supabase/storage-api/issues/55 174 | REGION: stub 175 | GLOBAL_S3_BUCKET: stub 176 | volumes: 177 | - ./data/storage:/var/lib/storage 178 | networks: 179 | - supabase 180 | 181 | meta: 182 | container_name: supabase-meta 183 | image: supabase/postgres-meta:v0.52.1 184 | depends_on: 185 | db: # Disable this if you are using an external Postgres database 186 | condition: service_healthy 187 | restart: unless-stopped 188 | environment: 189 | PG_META_PORT: 8080 190 | PG_META_DB_HOST: db 191 | PG_META_DB_PORT: 5432 192 | PG_META_DB_NAME: ${POSTGRES_DB} 193 | PG_META_DB_USER: supabase_admin 194 | PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD} 195 | networks: 196 | - supabase 197 | 198 | # Comment out everything below this point if you are using an external Postgres database 199 | db: 200 | container_name: supabase-db 201 | image: supabase/postgres:14.1.0.89 202 | healthcheck: 203 | test: pg_isready -U postgres -h localhost 204 | interval: 5s 205 | timeout: 5s 206 | retries: 10 207 | command: 208 | - postgres 209 | - -c 210 | - config_file=/etc/postgresql/postgresql.conf 211 | - -c 212 | - log_min_messages=fatal # prevents Realtime polling queries from appearing in logs 213 | restart: unless-stopped 214 | # ports: 215 | # - 5432:5432 216 | environment: 217 | POSTGRES_HOST: /var/run/postgresql 218 | POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 219 | volumes: 220 | - ./data/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql 221 | networks: 222 | - supabase 223 | 224 | networks: 225 | proxy: 226 | external: true 227 | supabase: 228 | name: "supabase" -------------------------------------------------------------------------------- /uptime-kuma/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /uptime-kuma/README.md: -------------------------------------------------------------------------------- 1 | # uptime-kuma 2 | -------------------------------------------------------------------------------- /uptime-kuma/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### uptime-kuma ##### 4 | ############################################### 5 | uptime-kuma: 6 | image: louislam/uptime-kuma:latest 7 | container_name: uptime-kuma 8 | restart: unless-stopped 9 | volumes: 10 | - ./data/:/app/data 11 | security_opt: 12 | - no-new-privileges 13 | networks: 14 | - proxy 15 | labels: 16 | - "traefik.enable=true" #<== Enable traefik 17 | - "traefik.http.routers.uptime-kuma-secured.rule=Host(`status.${DOMAIN}`)" #<== Set domain 18 | - "traefik.http.routers.uptime-kuma-secured.entrypoints=websecure" #<== Set entry point for HTTPS 19 | - "traefik.http.routers.uptime-kuma-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 20 | - "traefik.http.routers.uptime-kuma-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 21 | - "traefik.http.routers.uptime-kuma-secured.service=uptime-kuma-service" #<== Set service 22 | - "traefik.http.services.uptime-kuma-service.loadbalancer.server.port=3001" #<== Set target port on container 23 | 24 | networks: 25 | proxy: 26 | external: true -------------------------------------------------------------------------------- /vaultwarden/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TimeZone='Europe/Berlin' 3 | BW_ADMIN_TOKEN='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' -------------------------------------------------------------------------------- /vaultwarden/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* 4 | -------------------------------------------------------------------------------- /vaultwarden/README.md: -------------------------------------------------------------------------------- 1 | # Vaultwarden 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | - traefik as a reverse proxy in front of it 7 | 8 | # Setup 9 | ## `.env` file 10 | Change the variables in the `.env` file to your need. 11 | ```yaml 12 | DOMAIN="example.com" 13 | TimeZone='Europe/Berlin' 14 | BW_ADMIN_TOKEN='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 15 | ``` 16 | ```sh 17 | $ cd vaultwarden 18 | $ docker-compose up -d 19 | ``` 20 | or 21 | ```sh 22 | ./docker.sh -S proxy -r 23 | ./docker.sh -S vaultwarden -r 24 | ``` 25 | 26 | Done. Now open https://vault.example.com 27 | ![setup1](img/vaultwarden-setup1.png) 28 | ![setup2](img/vaultwarden-setup2.png) 29 | - https://bitwarden.com/help/getting-started-webvault/ 30 | 31 | ## Admin panel 32 | Open https://vault.example.com/admin 33 | ![setup1](img/vaultwarden-admin1.png) 34 | ![setup2](img/vaultwarden-admin2.png) 35 | ![setup1](img/vaultwarden-admin3.png) 36 | 37 | ## Addons 38 | - https://bitwarden.com/help/getting-started-browserext/ 39 | ## Desktop App 40 | - https://bitwarden.com/help/getting-started-desktop/ 41 | ## App 42 | - https://bitwarden.com/help/getting-started-mobile/ 43 | # Source 44 | - [Vaultwarden GitHub](https://github.com/dani-garcia/vaultwarden) -------------------------------------------------------------------------------- /vaultwarden/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### Vaultwarden ##### 4 | ############################################### 5 | vaultwarden: 6 | image: vaultwarden/server:latest 7 | container_name: vaultwarden 8 | restart: unless-stopped 9 | environment: 10 | - "ADMIN_TOKEN=${BW_ADMIN_TOKEN}" 11 | - TZ=${TimeZone} 12 | # - SMTP_DEBUG=true 13 | volumes: 14 | - ./data:/data 15 | networks: 16 | - proxy 17 | labels: 18 | - "traefik.enable=true" #<== Enable traefik 19 | - "traefik.http.routers.vaultwarden-secured.rule=Host(`vault.${DOMAIN}`)" #<== Set domain 20 | - "traefik.http.routers.vaultwarden-secured.entrypoints=websecure" #<== Set entry point for HTTPS 21 | - "traefik.http.routers.vaultwarden-secured.tls.certresolver=mytlschallenge" #<== Set certsresolvers for https 22 | - "traefik.http.routers.vaultwarden-secured.middlewares=authelia" #<== Add Authelia middlewares to protect login 23 | - "traefik.http.routers.vaultwarden-secured.service=vaultwarden-service" #<== Set service 24 | - "traefik.http.services.vaultwarden-service.loadbalancer.server.port=80" #<== Set target port on container 25 | 26 | networks: 27 | proxy: 28 | external: true -------------------------------------------------------------------------------- /vaultwarden/img/vaultwarden-admin1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/vaultwarden/img/vaultwarden-admin1.png -------------------------------------------------------------------------------- /vaultwarden/img/vaultwarden-admin2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/vaultwarden/img/vaultwarden-admin2.png -------------------------------------------------------------------------------- /vaultwarden/img/vaultwarden-admin3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/vaultwarden/img/vaultwarden-admin3.png -------------------------------------------------------------------------------- /vaultwarden/img/vaultwarden-setup1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/vaultwarden/img/vaultwarden-setup1.png -------------------------------------------------------------------------------- /vaultwarden/img/vaultwarden-setup2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ITLab-CC/Docker-Collection/b2eee27bf4e134cc953be477f3c3b8fe65f1d1ae/vaultwarden/img/vaultwarden-setup2.png -------------------------------------------------------------------------------- /watchtower/.env.tmpl: -------------------------------------------------------------------------------- 1 | TimeZone='Europe/Berlin' -------------------------------------------------------------------------------- /watchtower/.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | /data 3 | /data/* -------------------------------------------------------------------------------- /watchtower/README.md: -------------------------------------------------------------------------------- 1 | # Watchtower 2 | 3 | # Requirements 4 | - Docker 5 | - Docker-compose 6 | 7 | # Setup 8 | ## `.env` file 9 | Change the time zone in the `.env` file. 10 | ```yaml 11 | TimeZone='Europe/Berlin' 12 | ``` 13 | 14 | ## Start 15 | ```sh 16 | $ cd watchtower 17 | $ docker-compose up -d 18 | ``` 19 | or 20 | ```sh 21 | ./docker.sh -S watchtower -r 22 | ``` 23 | 24 | Done. It will now start updating your containers every day. 25 | 26 | ## Change intervall 27 | You can change the intervall by edeting this line: `command: --interval 86400`. Write here your new time in seconds. 28 | 29 | # Gotify notification 30 | Everytime a container gets updated you can send a push message to your phone. This is works with the push service `Gotify`. You just have to add those lines to your environment variables. 31 | ```yaml 32 | - notifications-level=trace 33 | - WATCHTOWER_NOTIFICATIONS=gotify 34 | - WATCHTOWER_NOTIFICATION_GOTIFY_URL=http://gotify 35 | - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=XXXXXXXXXXXXXXX 36 | - WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true 37 | ``` 38 | Replace the `WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN` with a generated one from `Gotify`.\ 39 | Also Replace `WATCHTOWER_NOTIFICATION_GOTIFY_URL` with the name of your gotify container.\ 40 | Both containers must be in the same network!!! 41 | 42 | # Source 43 | - [Watchtower docs](https://containrrr.dev/watchtower/) 44 | - [Watchtower Gotify docs](https://containrrr.dev/watchtower/notifications/#gotify) -------------------------------------------------------------------------------- /watchtower/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ############################################### 3 | #### Watchtower ##### 4 | ############################################### 5 | watchtower: 6 | image: containrrr/watchtower:latest 7 | container_name: watchtower 8 | restart: unless-stopped 9 | command: --interval 86400 #Ckeck every day: 24*60*60=86400s 10 | volumes: 11 | - /var/run/docker.sock:/var/run/docker.sock 12 | environment: 13 | - TZ=${TimeZone} 14 | # - WATCHTOWER_DEBUG=true 15 | # - WATCHTOWER_TRACE=true 16 | - WATCHTOWER_CLEANUP=true 17 | dns: 18 | - 1.1.1.1 19 | - 8.8.8.8 20 | networks: 21 | - proxy 22 | 23 | networks: 24 | proxy: 25 | external: true -------------------------------------------------------------------------------- /wirehole/.env.tmpl: -------------------------------------------------------------------------------- 1 | DOMAIN="example.com" 2 | TimeZone='Europe/Berlin' 3 | WIREGUARD_PEERS=peer1,peer2,peer3 # Alternatively just a number: WIREGUARD_PEERS=3 4 | PIHOLE_WEBPASSWORD="" # Optional -------------------------------------------------------------------------------- /wirehole/README.md: -------------------------------------------------------------------------------- 1 | # WireHole 2 | 3 | [From Wirehole](https://github.com/IAmStoxe/wirehole) 4 | 5 | ## Features 6 | 7 | - Wireguard VPN 8 | - PiHole (DNS Sinkhole) 9 | - Unbound (DNS Resolver) 10 | - [Restic Backup Server](https://github.com/restic/restic) (Additional) 11 | - [Docker Registry](https://hub.docker.com/_/registry) (Additional) 12 | 13 | ## Usage 14 | 15 | 1. Clone this repository 16 | 2. Copy `env.tmpl` to `.env` and fill in the variables 17 | 18 | 1. `WIREGUARD_SERVER_URL` should be the public IP address of your server (or the domain name if you have one) 19 | 2. `WIREGUARD_PEERS` comma separated list of peer names or just a number of peers to generate 20 | 3. `PIHOLE_WEBPASSWORD` is the password for the PiHole web interface (Optional - can be generated with `openssl rand -base64 32`) 21 | 4. `TIMEZONE` is the timezone for the server (Europe/Berlin) 22 | 23 | 3. Run `docker-compose up -d` 24 | 4. Configure Wireguard client: 25 | 26 | 1. Phone: 27 | 1. Run `docker-compose logs` to see the qr code for your Wireguard client 28 | 2. Use the qr code to add the Wireguard client to your phone 29 | 2. Computer: 30 | 1. Use the config in `./wireguard/peer_/peer_.conf` 31 | 2. Import the config into your Wireguard client 32 | 33 | 5. Run `docker-compose exec wireguard wg` to see the current status of your Wireguard server 34 | -------------------------------------------------------------------------------- /wirehole/docker-compose.yml: -------------------------------------------------------------------------------- 1 | networks: 2 | private_network: 3 | ipam: 4 | driver: default 5 | config: 6 | - subnet: 10.2.0.0/24 7 | 8 | services: 9 | unbound: # DNS Server 10 | image: 'mvance/unbound:latest' 11 | container_name: unbound 12 | restart: unless-stopped 13 | hostname: 'unbound' 14 | volumes: 15 | - './unbound:/opt/unbound/etc/unbound/' 16 | networks: 17 | private_network: 18 | ipv4_address: 10.2.0.200 19 | 20 | wireguard: # Wireguard VPN 21 | depends_on: [unbound, pihole] 22 | image: linuxserver/wireguard 23 | container_name: wireguard 24 | cap_add: 25 | - NET_ADMIN 26 | - SYS_MODULE 27 | environment: 28 | - PUID=1000 29 | - PGID=1000 30 | - TZ=${TimeZone} 31 | - SERVERPORT=51820 32 | - SERVERURL=${DOMAIN} # Change to your domain 33 | - PEERS=${WIREGUARD_PEERS} # Change to your peers 34 | - PEERDNS=10.2.0.100 # Set it to point to pihole 35 | - INTERNAL_SUBNET=10.6.0.0 36 | - LOG_CONFS=true 37 | volumes: 38 | - ./wireguard:/config 39 | - /lib/modules:/lib/modules 40 | ports: 41 | - '51820:51820/udp' 42 | dns: 43 | - 10.2.0.100 # Points to pihole 44 | - 10.2.0.200 # Points to unbound 45 | sysctls: 46 | - net.ipv4.conf.all.src_valid_mark=1 47 | 48 | restart: unless-stopped 49 | networks: 50 | private_network: 51 | ipv4_address: 10.2.0.3 52 | 53 | pihole: # DNS Blocker 54 | depends_on: [unbound] 55 | container_name: pihole 56 | image: pihole/pihole:latest 57 | restart: unless-stopped 58 | hostname: pihole 59 | dns: 60 | - 127.0.0.1 61 | - 10.2.0.200 # Points to unbound 62 | environment: 63 | TZ: ${TimeZone} 64 | WEBPASSWORD: ${PIHOLE_WEBPASSWORD} 65 | ServerIP: 10.2.0.100 # Internal IP of pihole 66 | DNS1: 10.2.0.200 # Unbound IP 67 | DNS2: 10.2.0.200 # If we don't specify two, it will auto pick google. 68 | # Volumes store your data between container upgrades 69 | volumes: 70 | - './etc-pihole/:/etc/pihole/' 71 | - './etc-dnsmasq.d/:/etc/dnsmasq.d/' 72 | # Recommended but not required (DHCP needs NET_ADMIN) 73 | # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities 74 | cap_add: 75 | - NET_ADMIN 76 | networks: 77 | private_network: 78 | ipv4_address: 10.2.0.100 79 | --------------------------------------------------------------------------------