├── .gitattributes ├── AList └── docker-compose.yaml ├── Cloudreve ├── README.md ├── conf.ini └── docker-compose.yaml ├── Github ├── README.MD ├── docker-compose.yaml └── web │ ├── Dockerfile │ └── nginx.conf ├── Grafana ├── Dashboard │ ├── 1 Node Exporter for Prometheus Dashboard CN v20201010-1615284123311.json │ └── Traefik 2.2 Copy-1615284143326.json ├── README.MD ├── docker-compose.yaml └── images │ ├── 1-Node-Exporter-for-Prometheus-Dashboard-CN-v20201010-Grafana.png │ └── Traefik-2-2-Copy-Grafana.png ├── LICENSE ├── Netmaker ├── README.MD └── docker-compose.yaml ├── Nextcloud ├── README.MD ├── db.env ├── docker-compose.yaml └── nextcloud.env ├── README.md ├── Transmission ├── README.MD ├── docker-compose.yaml └── web │ ├── Dockerfile │ └── nginx.conf ├── aliyun-ddns ├── .env ├── README.MD └── docker-compose.yaml ├── bolo-traefik ├── README.MD ├── bolo-env.env └── docker-compose.yaml ├── ctf ├── README.MD ├── docker-dvwa │ └── docker-compose.yaml ├── images │ └── https-ctf-expoli-tech.webm ├── sqli-labs │ └── docker-compose.yaml ├── upload-labs │ └── docker-compose.yaml └── web_index │ ├── docker-compose.yaml │ └── web │ ├── dvwa_loading.html │ ├── index.html │ ├── sqli_loading.html │ └── upload_loading.html ├── dnscrypt-proxy ├── README.MD ├── conf │ ├── allowed-ips.txt │ ├── allowed-names.txt │ ├── blocked-ips.txt │ ├── blocked-names.txt │ ├── captive-portals.txt │ ├── chinalist.txt │ ├── cloaking-rules.txt │ ├── dnscrypt-proxy.toml │ └── forwarding-rules.txt └── docker-compose.yaml ├── gitea ├── README.MD └── docker-compose.yaml ├── kodbox ├── README.MD ├── docker-compose.yml ├── mysql-init-files │ └── import.sql ├── mysql_db.txt ├── mysql_password.txt └── mysql_user.txt ├── nginx_proxy ├── docker-compose.yml └── proxy │ ├── Dockerfile │ └── uploadsize.conf ├── prometheus ├── README.MD ├── docker-compose.yaml └── prometheus.yml ├── qbittorrent ├── README.MD ├── docker-compose.yaml ├── images │ ├── qBittorrent-Web-UI.png │ └── qBittorrent-v4-3-6-Web-UI.png └── web │ ├── Dockerfile │ └── nginx.conf ├── renovate.json ├── tailscale-derper ├── .env ├── README.MD └── docker-compose.yaml ├── traefik ├── README.MD ├── docker-compose.yaml └── images │ ├── dashboard.png │ └── traefik-architecture.png ├── ttnode ├── README.MD └── docker-compose.yaml └── v2raya ├── README.MD └── docker-compose.yaml /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /AList/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.3' 2 | services: 3 | alist: 4 | restart: always 5 | volumes: 6 | - '/etc/alist:/opt/alist/data' 7 | - /data/1tb:/data/1tb 8 | #ports: 9 | # - '5244:5244' 10 | expose: 11 | - 5244 12 | environment: 13 | - PUID=1000 14 | - PGID=1000 15 | - UMASK=022 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.http.routers.alist.rule=Host(`home.example.org`) && Path(`/alist`) || Host(`alist.example.org`)" 19 | - "traefik.http.routers.alist.entrypoints=websecure" 20 | - "traefik.http.routers.alist.tls.certresolver=myresolver" 21 | - "traefik.http.services.alist.loadbalancer.server.port=5244" 22 | 23 | container_name: alist 24 | image: 'xhofe/alist:latest' 25 | -------------------------------------------------------------------------------- /Cloudreve/README.md: -------------------------------------------------------------------------------- 1 | # traefik + cloudreve + mysql + redis 2 | ## 使用方法: 3 | 4 | 1. 首先使用 `docker-compose` 启动 [traefik](https://github.com/expoli/docker-compose-files/tree/master/traefik) 5 | 6 | ```shell 7 | cd traefik 8 | sudo docker-compose up -d 9 | ``` 10 | 11 | 2. 选择需要的应用、修改必要的配置文件、然后使用 `docker-compose` 启动相应的服务。 12 | 13 | ## 例如 Cloudreve 14 | ### 1.修改 docker-compose.yaml 15 | ```shell 16 | nano docker-compose.yaml 17 | ### 18 | aria2: 19 | image: p3terx/aria2-pro 20 | ... 21 | environment: 22 | - PUID=1000 23 | - PGID=1000 24 | - RPC_SECRET= 25 | - UPDATE_TRACKERS=true 26 | - DISK_CACHE=64M 27 | - IPV6_MODE=true 28 | volumes: 29 | - /data/Cloudreve/aria2/config:/config 30 | - /data/Cloudreve/aria2/downloads:/downloads 31 | network_mode: host 32 | 33 | cloudreve: 34 | ... 35 | labels: 36 | - "traefik.enable=true" 37 | - "traefik.port=5212" 38 | - "traefik.http.routers.cloudreve.rule=Host(`cloudreve.exampl.org`)" # 修改为自己的域名 39 | - "traefik.http.routers.cloudreve.entrypoints=websecure" 40 | - "traefik.http.routers.cloudreve.tls.certresolver=myresolver" 41 | volumes: 42 | - /data/Cloudreve/uploads:/cloudreve/uploads 43 | - /data/Cloudreve/aria2/downloads:/downloads 44 | - /data/Cloudreve/conf.ini:/cloudreve/conf.ini 45 | #- /data/Cloudreve/cloudreve.db:/cloudreve/cloudreve.db 46 | - /data/Cloudreve/avatar/:/cloudreve/avatar/ 47 | # - /data/Transmission/downloads/complete/:/Transmission # 其他的宿主机目录 48 | 49 | db: 50 | image: mariadb 51 | command: --max_allowed_packet=32505856 --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --transaction-isolation=READ-COMMITTED --binlog-format=ROW 52 | container_name: cloudreve_db 53 | restart: always 54 | volumes: 55 | - /data/Cloudreve/mysql:/var/lib/mysql 56 | environment: 57 | - MYSQL_ROOT_PASSWORD= 58 | - MYSQL_PASSWORD= 59 | - MYSQL_DATABASE=cloudreve 60 | - MYSQL_USER=cloudreve 61 | 62 | ``` 63 | ### 2. 修改 conf.ini 64 | ```ini 65 | [System] 66 | Mode = master 67 | Listen = :5212 68 | Debug = false 69 | ; Session 密钥, 一般在首次启动时自动生成 70 | SessionSecret = 23333 71 | ; Hash 加盐, 一般在首次启动时自动生成 72 | HashIDSalt = something really hard to guss 73 | 74 | ; 数据库相关,如果你只想使用内置的 SQLite数据库,这一部分直接删去即可 75 | [Database] 76 | ; 数据库类型,目前支持 sqlite | mysql 77 | Type = mysql 78 | ; MySQL 端口 79 | Port = 3306 80 | ; 用户名 81 | User = cloudreve 82 | ; 密码 83 | Password = 84 | ; 数据库地址 85 | Host = cloudreve_db 86 | ; 数据库名称 87 | Name = cloudreve 88 | ; 数据表前缀 89 | TablePrefix = cd_ 90 | ; SQLite 数据库文件路径 91 | ; DBFile = cloudreve.db 92 | 93 | ; Redis 相关 94 | [Redis] 95 | Server = redis:6379 96 | Password = 97 | DB = 0 98 | ``` 99 | -------------------------------------------------------------------------------- /Cloudreve/conf.ini: -------------------------------------------------------------------------------- 1 | [System] 2 | Mode = master 3 | Listen = :5212 4 | Debug = false 5 | ; Session 密钥, 一般在首次启动时自动生成 6 | SessionSecret = 23333 7 | ; Hash 加盐, 一般在首次启动时自动生成 8 | HashIDSalt = something really hard to guss 9 | 10 | ; 数据库相关,如果你只想使用内置的 SQLite数据库,这一部分直接删去即可 11 | [Database] 12 | ; 数据库类型,目前支持 sqlite | mysql 13 | Type = mysql 14 | ; MySQL 端口 15 | Port = 3306 16 | ; 用户名 17 | User = cloudreve 18 | ; 密码 19 | Password = 20 | ; 数据库地址 21 | Host = cloudreve_db 22 | ; 数据库名称 23 | Name = cloudreve 24 | ; 数据表前缀 25 | TablePrefix = cd_ 26 | ; SQLite 数据库文件路径 27 | ; DBFile = cloudreve.db 28 | 29 | ; Redis 相关 30 | [Redis] 31 | Server = redis:6379 32 | Password = 33 | DB = 0 34 | -------------------------------------------------------------------------------- /Cloudreve/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | aria2: 5 | image: p3terx/aria2-pro 6 | restart: always 7 | logging: 8 | options: 9 | max-size: 1m 10 | #ports: 11 | # - 6800:6800 12 | # - 6888:6888 13 | # - 6888:6888/udp 14 | environment: 15 | - PUID=1000 16 | - PGID=1000 17 | - RPC_SECRET= 18 | - UPDATE_TRACKERS=true 19 | - DISK_CACHE=64M 20 | - IPV6_MODE=true 21 | volumes: 22 | - /data/Cloudreve/aria2/config:/config 23 | - /data/Cloudreve/aria2/downloads:/downloads 24 | network_mode: host 25 | # networks: 26 | #- default 27 | 28 | cloudreve: 29 | image: xavierniu/cloudreve:arm64v8 30 | restart: always 31 | labels: 32 | - "traefik.enable=true" 33 | - "traefik.http.routers.cloudreve.rule=Host(`cloudreve.exampl.org`)" 34 | - "traefik.http.routers.cloudreve.entrypoints=websecure" 35 | - "traefik.http.routers.cloudreve.tls.certresolver=myresolver" 36 | - "traefik.http.services.cloudreve.loadbalancer.server.port=5212" 37 | environment: 38 | - PUID=1000 39 | - PGID=1000 40 | - TZ="Asia/Shanghai" 41 | volumes: 42 | - /data/Cloudreve/uploads:/cloudreve/uploads 43 | - /data/Cloudreve/aria2/downloads:/downloads 44 | - /data/Cloudreve/conf.ini:/cloudreve/conf.ini 45 | #- /data/Cloudreve/cloudreve.db:/cloudreve/cloudreve.db 46 | - /data/Cloudreve/avatar/:/cloudreve/avatar/ 47 | # - /data/Transmission/downloads/complete/:/Transmission # 其他的宿主机目录 48 | ports: 49 | - 5212:5212 50 | networks: 51 | - default 52 | - proxy-tier 53 | 54 | db: 55 | image: mariadb 56 | command: --max_allowed_packet=32505856 --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --transaction-isolation=READ-COMMITTED --binlog-format=ROW 57 | container_name: cloudreve_db 58 | restart: always 59 | volumes: 60 | - /data/Cloudreve/mysql:/var/lib/mysql 61 | environment: 62 | - MYSQL_ROOT_PASSWORD= 63 | - MYSQL_PASSWORD= 64 | - MYSQL_DATABASE=cloudreve 65 | - MYSQL_USER=cloudreve 66 | networks: 67 | - default 68 | 69 | redis: 70 | image: redis:alpine 71 | restart: always 72 | networks: 73 | - default 74 | 75 | 76 | networks: 77 | proxy-tier: 78 | external: 79 | name: traefik 80 | 81 | -------------------------------------------------------------------------------- /Github/README.MD: -------------------------------------------------------------------------------- 1 | # Github 2 | 3 | 使用 nginx 实现的GitHub反向代理网站、可以突破某些地区的限制 4 | -------------------------------------------------------------------------------- /Github/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "2.1" 2 | services: 3 | github: 4 | build: ./web 5 | restart: always 6 | labels: 7 | - "traefik.enable=true" 8 | - "traefik.http.services.github.loadbalancer.server.port=80" 9 | - "traefik.http.routers.github.rule=Host(`github.example.org`)" 10 | - "traefik.http.routers.github.entrypoints=websecure" 11 | - "traefik.http.routers.github.tls.certresolver=myresolver" 12 | networks: 13 | - proxy-tier 14 | 15 | networks: 16 | proxy-tier: 17 | external: 18 | name: traefik 19 | -------------------------------------------------------------------------------- /Github/web/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:alpine 2 | 3 | COPY nginx.conf /etc/nginx/nginx.conf 4 | #COPY nginx.conf /etc/nginx/default.conf 5 | -------------------------------------------------------------------------------- /Github/web/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | 12 | http { 13 | include /etc/nginx/mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log /var/log/nginx/access.log main; 21 | 22 | sendfile on; 23 | #tcp_nopush on; 24 | 25 | keepalive_timeout 65; 26 | 27 | set_real_ip_from 10.0.0.0/8; 28 | set_real_ip_from 172.16.0.0/12; 29 | set_real_ip_from 192.168.0.0/16; 30 | real_ip_header X-Real-IP; 31 | 32 | #gzip on; 33 | 34 | upstream backend { 35 | server github.com:443; 36 | } 37 | 38 | server { 39 | listen 80; 40 | 41 | # Add headers to serve security related headers 42 | # Before enabling Strict-Transport-Security headers please read into this 43 | # topic first. 44 | #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; 45 | # 46 | # WARNING: Only add the preload option once you read about 47 | # the consequences in https://hstspreload.org/. This option 48 | # will add the domain to a hardcoded list that is shipped 49 | # in all major browsers and getting removed from this list 50 | # could take several months. 51 | add_header Referrer-Policy "no-referrer" always; 52 | add_header X-Content-Type-Options "nosniff" always; 53 | add_header X-Download-Options "noopen" always; 54 | add_header X-Frame-Options "SAMEORIGIN" always; 55 | add_header X-Permitted-Cross-Domain-Policies "none" always; 56 | add_header X-Robots-Tag "none" always; 57 | add_header X-XSS-Protection "1; mode=block" always; 58 | 59 | location / { 60 | #proxy_set_header X-Real-IP $remote_addr; 61 | #proxy_set_header X-Real-Port $remote_port; 62 | #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 63 | # 在多级代理的情况下,记录每次代理之前的客户端真实ip 64 | #proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; 65 | #proxy_set_header X-Forwarded-Proto $scheme; 66 | #proxy_set_header Host $host; 67 | #proxy_set_header X-NginX-Proxy true; 68 | proxy_set_header Host github.com; 69 | 70 | #proxy_set_header Early-Data $ssl_early_data; 71 | 72 | proxy_pass https://backend; 73 | proxy_redirect default; 74 | 75 | # Socket.IO Support 76 | proxy_http_version 1.1; 77 | proxy_set_header Upgrade $http_upgrade; 78 | proxy_set_header Connection "upgrade"; 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /Grafana/Dashboard/Traefik 2.2 Copy-1615284143326.json: -------------------------------------------------------------------------------- 1 | { 2 | "__inputs": [ 3 | { 4 | "name": "DS_PROMETHEUS", 5 | "label": "Prometheus", 6 | "description": "", 7 | "type": "datasource", 8 | "pluginId": "prometheus", 9 | "pluginName": "Prometheus" 10 | } 11 | ], 12 | "__requires": [ 13 | { 14 | "type": "grafana", 15 | "id": "grafana", 16 | "name": "Grafana", 17 | "version": "7.3.7" 18 | }, 19 | { 20 | "type": "panel", 21 | "id": "grafana-piechart-panel", 22 | "name": "Pie Chart", 23 | "version": "1.6.1" 24 | }, 25 | { 26 | "type": "panel", 27 | "id": "graph", 28 | "name": "Graph", 29 | "version": "" 30 | }, 31 | { 32 | "type": "datasource", 33 | "id": "prometheus", 34 | "name": "Prometheus", 35 | "version": "1.0.0" 36 | }, 37 | { 38 | "type": "panel", 39 | "id": "singlestat", 40 | "name": "Singlestat", 41 | "version": "" 42 | } 43 | ], 44 | "annotations": { 45 | "list": [ 46 | { 47 | "builtIn": 1, 48 | "datasource": "${DS_PROMETHEUS}", 49 | "enable": true, 50 | "hide": true, 51 | "iconColor": "rgba(0, 211, 255, 1)", 52 | "limit": 100, 53 | "name": "Annotations & Alerts", 54 | "showIn": 0, 55 | "type": "dashboard" 56 | } 57 | ] 58 | }, 59 | "description": "Traefik dashboard (data from prometheus on k8s) (based on Traefik by Thomas Cheronneau https://grafana.com/grafana/dashboards/4475)", 60 | "editable": true, 61 | "gnetId": 12541, 62 | "graphTooltip": 0, 63 | "id": null, 64 | "iteration": 1615284134010, 65 | "links": [], 66 | "panels": [ 67 | { 68 | "collapsed": false, 69 | "datasource": "${DS_PROMETHEUS}", 70 | "gridPos": { 71 | "h": 1, 72 | "w": 24, 73 | "x": 0, 74 | "y": 0 75 | }, 76 | "id": 16, 77 | "panels": [], 78 | "title": "Global stats", 79 | "type": "row" 80 | }, 81 | { 82 | "aliasColors": {}, 83 | "bars": false, 84 | "dashLength": 10, 85 | "dashes": false, 86 | "datasource": "${DS_PROMETHEUS}", 87 | "fieldConfig": { 88 | "defaults": { 89 | "custom": {}, 90 | "links": [] 91 | }, 92 | "overrides": [] 93 | }, 94 | "fill": 1, 95 | "fillGradient": 0, 96 | "gridPos": { 97 | "h": 7, 98 | "w": 24, 99 | "x": 0, 100 | "y": 1 101 | }, 102 | "hiddenSeries": false, 103 | "id": 14, 104 | "legend": { 105 | "alignAsTable": false, 106 | "avg": false, 107 | "current": false, 108 | "max": false, 109 | "min": false, 110 | "rightSide": true, 111 | "show": true, 112 | "total": false, 113 | "values": false 114 | }, 115 | "lines": true, 116 | "linewidth": 1, 117 | "links": [], 118 | "nullPointMode": "null", 119 | "options": { 120 | "alertThreshold": true 121 | }, 122 | "percentage": false, 123 | "pluginVersion": "7.3.7", 124 | "pointradius": 5, 125 | "points": false, 126 | "renderer": "flot", 127 | "seriesOverrides": [], 128 | "spaceLength": 10, 129 | "stack": false, 130 | "steppedLine": false, 131 | "targets": [ 132 | { 133 | "expr": "label_replace(sum(traefik_service_request_duration_seconds_sum{}) by (exported_service) / sum(traefik_service_request_duration_seconds_count{}) by (exported_service), \"short_label\", \"$1\", \"exported_service\", \"(.*)-.*\")", 134 | "format": "time_series", 135 | "interval": "", 136 | "intervalFactor": 2, 137 | "legendFormat": " {{ short_label }}", 138 | "refId": "A", 139 | "step": 240 140 | } 141 | ], 142 | "thresholds": [], 143 | "timeFrom": null, 144 | "timeRegions": [], 145 | "timeShift": null, 146 | "title": "Average response time by service", 147 | "tooltip": { 148 | "shared": true, 149 | "sort": 0, 150 | "value_type": "individual" 151 | }, 152 | "type": "graph", 153 | "xaxis": { 154 | "buckets": null, 155 | "mode": "time", 156 | "name": null, 157 | "show": true, 158 | "values": [] 159 | }, 160 | "yaxes": [ 161 | { 162 | "$$hashKey": "object:2737", 163 | "format": "s", 164 | "label": null, 165 | "logBase": 1, 166 | "max": null, 167 | "min": "0", 168 | "show": true 169 | }, 170 | { 171 | "$$hashKey": "object:2738", 172 | "format": "short", 173 | "label": null, 174 | "logBase": 1, 175 | "max": null, 176 | "min": null, 177 | "show": true 178 | } 179 | ], 180 | "yaxis": { 181 | "align": false, 182 | "alignLevel": null 183 | } 184 | }, 185 | { 186 | "aliasColors": {}, 187 | "breakPoint": "50%", 188 | "cacheTimeout": null, 189 | "combine": { 190 | "label": "Others", 191 | "threshold": 0 192 | }, 193 | "datasource": "${DS_PROMETHEUS}", 194 | "fieldConfig": { 195 | "defaults": { 196 | "custom": {} 197 | }, 198 | "overrides": [] 199 | }, 200 | "fontSize": "80%", 201 | "format": "short", 202 | "gridPos": { 203 | "h": 7, 204 | "w": 12, 205 | "x": 0, 206 | "y": 8 207 | }, 208 | "id": 8, 209 | "interval": null, 210 | "legend": { 211 | "show": true, 212 | "values": true 213 | }, 214 | "legendType": "Right side", 215 | "links": [], 216 | "maxDataPoints": 3, 217 | "nullPointMode": "connected", 218 | "pieType": "pie", 219 | "strokeWidth": 1, 220 | "targets": [ 221 | { 222 | "expr": "sum(rate(traefik_entrypoint_requests_total{entrypoint =~ \"$entrypoint\"}[5m])) by (entrypoint)", 223 | "format": "time_series", 224 | "instant": false, 225 | "interval": "", 226 | "intervalFactor": 2, 227 | "legendFormat": "{{ entrypoint }}", 228 | "refId": "A" 229 | } 230 | ], 231 | "title": "Requests by protocol for 5 min", 232 | "type": "grafana-piechart-panel", 233 | "valueName": "total" 234 | }, 235 | { 236 | "aliasColors": {}, 237 | "breakPoint": "50%", 238 | "cacheTimeout": null, 239 | "combine": { 240 | "label": "Others", 241 | "threshold": 0 242 | }, 243 | "datasource": "${DS_PROMETHEUS}", 244 | "description": "", 245 | "fieldConfig": { 246 | "defaults": { 247 | "custom": {} 248 | }, 249 | "overrides": [] 250 | }, 251 | "fontSize": "80%", 252 | "format": "short", 253 | "gridPos": { 254 | "h": 7, 255 | "w": 12, 256 | "x": 12, 257 | "y": 8 258 | }, 259 | "id": 7, 260 | "interval": null, 261 | "legend": { 262 | "show": true, 263 | "sort": "total", 264 | "sortDesc": false, 265 | "values": true 266 | }, 267 | "legendType": "Right side", 268 | "links": [], 269 | "maxDataPoints": 3, 270 | "nullPointMode": "connected", 271 | "pieType": "pie", 272 | "strokeWidth": 1, 273 | "targets": [ 274 | { 275 | "expr": "label_replace(sum(rate(traefik_service_requests_total[5m])) by (service), \"short_label\", \"$1\", \"service\", \"(.*)-.*\")", 276 | "format": "time_series", 277 | "interval": "", 278 | "intervalFactor": 2, 279 | "legendFormat": "{{ short_label }}", 280 | "refId": "A" 281 | } 282 | ], 283 | "title": "Request rate by service for 5min", 284 | "type": "grafana-piechart-panel", 285 | "valueName": "total" 286 | }, 287 | { 288 | "aliasColors": {}, 289 | "bars": true, 290 | "dashLength": 10, 291 | "dashes": false, 292 | "datasource": "${DS_PROMETHEUS}", 293 | "description": "", 294 | "fieldConfig": { 295 | "defaults": { 296 | "custom": {}, 297 | "links": [] 298 | }, 299 | "overrides": [] 300 | }, 301 | "fill": 1, 302 | "fillGradient": 0, 303 | "gridPos": { 304 | "h": 7, 305 | "w": 12, 306 | "x": 0, 307 | "y": 15 308 | }, 309 | "hiddenSeries": false, 310 | "id": 5, 311 | "legend": { 312 | "alignAsTable": true, 313 | "avg": false, 314 | "current": true, 315 | "max": true, 316 | "min": true, 317 | "rightSide": true, 318 | "show": true, 319 | "total": false, 320 | "values": true 321 | }, 322 | "lines": false, 323 | "linewidth": 1, 324 | "links": [], 325 | "nullPointMode": "null", 326 | "options": { 327 | "alertThreshold": true 328 | }, 329 | "percentage": false, 330 | "pluginVersion": "7.3.7", 331 | "pointradius": 5, 332 | "points": false, 333 | "renderer": "flot", 334 | "seriesOverrides": [], 335 | "spaceLength": 10, 336 | "stack": true, 337 | "steppedLine": false, 338 | "targets": [ 339 | { 340 | "expr": "sum(rate(traefik_entrypoint_requests_total{entrypoint=~\"$entrypoint\",code=\"200\"}[1m])) by (method) ", 341 | "format": "time_series", 342 | "interval": "", 343 | "intervalFactor": 2, 344 | "legendFormat": "{{method}} : {{code}}", 345 | "refId": "A" 346 | } 347 | ], 348 | "thresholds": [], 349 | "timeFrom": null, 350 | "timeRegions": [], 351 | "timeShift": null, 352 | "title": "Status code 200", 353 | "tooltip": { 354 | "shared": true, 355 | "sort": 0, 356 | "value_type": "individual" 357 | }, 358 | "type": "graph", 359 | "xaxis": { 360 | "buckets": null, 361 | "mode": "time", 362 | "name": null, 363 | "show": true, 364 | "values": [] 365 | }, 366 | "yaxes": [ 367 | { 368 | "$$hashKey": "object:2885", 369 | "format": "short", 370 | "label": null, 371 | "logBase": 1, 372 | "max": null, 373 | "min": null, 374 | "show": true 375 | }, 376 | { 377 | "$$hashKey": "object:2886", 378 | "format": "short", 379 | "label": null, 380 | "logBase": 1, 381 | "max": null, 382 | "min": null, 383 | "show": true 384 | } 385 | ], 386 | "yaxis": { 387 | "align": false, 388 | "alignLevel": null 389 | } 390 | }, 391 | { 392 | "aliasColors": {}, 393 | "bars": true, 394 | "dashLength": 10, 395 | "dashes": false, 396 | "datasource": "${DS_PROMETHEUS}", 397 | "fieldConfig": { 398 | "defaults": { 399 | "custom": {}, 400 | "links": [] 401 | }, 402 | "overrides": [] 403 | }, 404 | "fill": 1, 405 | "fillGradient": 0, 406 | "gridPos": { 407 | "h": 7, 408 | "w": 12, 409 | "x": 12, 410 | "y": 15 411 | }, 412 | "hiddenSeries": false, 413 | "id": 6, 414 | "legend": { 415 | "alignAsTable": true, 416 | "avg": false, 417 | "current": true, 418 | "max": true, 419 | "min": true, 420 | "rightSide": true, 421 | "show": true, 422 | "total": false, 423 | "values": true 424 | }, 425 | "lines": false, 426 | "linewidth": 1, 427 | "links": [], 428 | "nullPointMode": "null", 429 | "options": { 430 | "alertThreshold": true 431 | }, 432 | "percentage": false, 433 | "pluginVersion": "7.3.7", 434 | "pointradius": 5, 435 | "points": false, 436 | "renderer": "flot", 437 | "seriesOverrides": [], 438 | "spaceLength": 10, 439 | "stack": true, 440 | "steppedLine": false, 441 | "targets": [ 442 | { 443 | "expr": "rate(traefik_entrypoint_requests_total{entrypoint!=\"metrics\",code!=\"200\"}[1m])", 444 | "format": "time_series", 445 | "interval": "", 446 | "intervalFactor": 2, 447 | "legendFormat": "{{entrypoint}} : {{ method }} : {{code}}", 448 | "refId": "A" 449 | } 450 | ], 451 | "thresholds": [], 452 | "timeFrom": null, 453 | "timeRegions": [], 454 | "timeShift": null, 455 | "title": "Others status code", 456 | "tooltip": { 457 | "shared": true, 458 | "sort": 0, 459 | "value_type": "individual" 460 | }, 461 | "type": "graph", 462 | "xaxis": { 463 | "buckets": null, 464 | "mode": "time", 465 | "name": null, 466 | "show": true, 467 | "values": [] 468 | }, 469 | "yaxes": [ 470 | { 471 | "$$hashKey": "object:2979", 472 | "format": "short", 473 | "label": null, 474 | "logBase": 1, 475 | "max": null, 476 | "min": null, 477 | "show": true 478 | }, 479 | { 480 | "$$hashKey": "object:2980", 481 | "format": "short", 482 | "label": null, 483 | "logBase": 1, 484 | "max": null, 485 | "min": null, 486 | "show": true 487 | } 488 | ], 489 | "yaxis": { 490 | "align": false, 491 | "alignLevel": null 492 | } 493 | }, 494 | { 495 | "collapsed": false, 496 | "datasource": "${DS_PROMETHEUS}", 497 | "gridPos": { 498 | "h": 1, 499 | "w": 24, 500 | "x": 0, 501 | "y": 22 502 | }, 503 | "id": 10, 504 | "panels": [], 505 | "repeat": "service", 506 | "title": "$service stats", 507 | "type": "row" 508 | }, 509 | { 510 | "cacheTimeout": null, 511 | "colorBackground": false, 512 | "colorValue": false, 513 | "colors": [ 514 | "#299c46", 515 | "rgba(237, 129, 40, 0.89)", 516 | "#d44a3a" 517 | ], 518 | "datasource": "${DS_PROMETHEUS}", 519 | "fieldConfig": { 520 | "defaults": { 521 | "custom": {} 522 | }, 523 | "overrides": [] 524 | }, 525 | "format": "ms", 526 | "gauge": { 527 | "maxValue": 100, 528 | "minValue": 0, 529 | "show": false, 530 | "thresholdLabels": false, 531 | "thresholdMarkers": true 532 | }, 533 | "gridPos": { 534 | "h": 7, 535 | "w": 8, 536 | "x": 0, 537 | "y": 23 538 | }, 539 | "id": 4, 540 | "interval": null, 541 | "links": [], 542 | "mappingType": 1, 543 | "mappingTypes": [ 544 | { 545 | "name": "value to text", 546 | "value": 1 547 | }, 548 | { 549 | "name": "range to text", 550 | "value": 2 551 | } 552 | ], 553 | "maxDataPoints": 100, 554 | "nullPointMode": "connected", 555 | "nullText": null, 556 | "postfix": "", 557 | "postfixFontSize": "50%", 558 | "prefix": "", 559 | "prefixFontSize": "50%", 560 | "rangeMaps": [ 561 | { 562 | "from": "null", 563 | "text": "N/A", 564 | "to": "null" 565 | } 566 | ], 567 | "sparkline": { 568 | "fillColor": "rgba(31, 118, 189, 0.18)", 569 | "full": false, 570 | "lineColor": "rgb(31, 120, 193)", 571 | "show": true 572 | }, 573 | "tableColumn": "", 574 | "targets": [ 575 | { 576 | "expr": "sum(traefik_service_request_duration_seconds_sum{service=\"$service\"} ) / sum(traefik_service_requests_total{service=\"$service\"} ) * 1000", 577 | "format": "time_series", 578 | "interval": "", 579 | "intervalFactor": 2, 580 | "legendFormat": "", 581 | "refId": "A" 582 | } 583 | ], 584 | "thresholds": "", 585 | "title": "$service response time", 586 | "type": "singlestat", 587 | "valueFontSize": "80%", 588 | "valueMaps": [ 589 | { 590 | "op": "=", 591 | "text": "N/A", 592 | "value": "null" 593 | } 594 | ], 595 | "valueName": "avg" 596 | }, 597 | { 598 | "aliasColors": {}, 599 | "breakPoint": "50%", 600 | "cacheTimeout": null, 601 | "combine": { 602 | "label": "Others", 603 | "threshold": 0 604 | }, 605 | "datasource": "${DS_PROMETHEUS}", 606 | "fieldConfig": { 607 | "defaults": { 608 | "custom": {} 609 | }, 610 | "overrides": [] 611 | }, 612 | "fontSize": "80%", 613 | "format": "short", 614 | "gridPos": { 615 | "h": 7, 616 | "w": 8, 617 | "x": 8, 618 | "y": 23 619 | }, 620 | "id": 2, 621 | "interval": null, 622 | "legend": { 623 | "percentage": true, 624 | "show": true, 625 | "values": true 626 | }, 627 | "legendType": "Right side", 628 | "links": [], 629 | "maxDataPoints": 3, 630 | "nullPointMode": "connected", 631 | "pieType": "pie", 632 | "strokeWidth": 1, 633 | "targets": [ 634 | { 635 | "expr": "traefik_service_requests_total{service=\"$service\"}", 636 | "format": "time_series", 637 | "instant": false, 638 | "interval": "", 639 | "intervalFactor": 2, 640 | "legendFormat": "{{method}} : {{code}}", 641 | "refId": "A" 642 | } 643 | ], 644 | "title": "$service return code", 645 | "type": "grafana-piechart-panel", 646 | "valueName": "current" 647 | }, 648 | { 649 | "aliasColors": {}, 650 | "bars": true, 651 | "dashLength": 10, 652 | "dashes": false, 653 | "datasource": "${DS_PROMETHEUS}", 654 | "fieldConfig": { 655 | "defaults": { 656 | "custom": {}, 657 | "links": [] 658 | }, 659 | "overrides": [] 660 | }, 661 | "fill": 1, 662 | "fillGradient": 0, 663 | "gridPos": { 664 | "h": 7, 665 | "w": 8, 666 | "x": 16, 667 | "y": 23 668 | }, 669 | "hiddenSeries": false, 670 | "id": 3, 671 | "legend": { 672 | "alignAsTable": true, 673 | "avg": true, 674 | "current": false, 675 | "max": true, 676 | "min": true, 677 | "rightSide": false, 678 | "show": true, 679 | "total": false, 680 | "values": true 681 | }, 682 | "lines": false, 683 | "linewidth": 1, 684 | "links": [], 685 | "nullPointMode": "null", 686 | "options": { 687 | "alertThreshold": true 688 | }, 689 | "percentage": false, 690 | "pluginVersion": "7.3.7", 691 | "pointradius": 5, 692 | "points": false, 693 | "renderer": "flot", 694 | "seriesOverrides": [], 695 | "spaceLength": 10, 696 | "stack": false, 697 | "steppedLine": false, 698 | "targets": [ 699 | { 700 | "expr": "sum(rate(traefik_service_requests_total{service=\"$service\"}[5m]))", 701 | "format": "time_series", 702 | "interval": "", 703 | "intervalFactor": 2, 704 | "legendFormat": "Total requests $service", 705 | "refId": "A" 706 | } 707 | ], 708 | "thresholds": [], 709 | "timeFrom": null, 710 | "timeRegions": [], 711 | "timeShift": null, 712 | "title": "Total requests over 5min $service", 713 | "tooltip": { 714 | "shared": true, 715 | "sort": 0, 716 | "value_type": "individual" 717 | }, 718 | "type": "graph", 719 | "xaxis": { 720 | "buckets": null, 721 | "mode": "time", 722 | "name": null, 723 | "show": true, 724 | "values": [] 725 | }, 726 | "yaxes": [ 727 | { 728 | "$$hashKey": "object:1361", 729 | "format": "short", 730 | "label": null, 731 | "logBase": 1, 732 | "max": null, 733 | "min": null, 734 | "show": true 735 | }, 736 | { 737 | "$$hashKey": "object:1362", 738 | "format": "short", 739 | "label": null, 740 | "logBase": 1, 741 | "max": null, 742 | "min": null, 743 | "show": true 744 | } 745 | ], 746 | "yaxis": { 747 | "align": false, 748 | "alignLevel": null 749 | } 750 | } 751 | ], 752 | "refresh": "10s", 753 | "schemaVersion": 26, 754 | "style": "dark", 755 | "tags": [ 756 | "prometheus", 757 | "traefik", 758 | "kubernetes" 759 | ], 760 | "templating": { 761 | "list": [ 762 | { 763 | "allValue": null, 764 | "current": {}, 765 | "datasource": "${DS_PROMETHEUS}", 766 | "definition": "label_values(traefik_service_request_duration_seconds_sum, service)", 767 | "error": null, 768 | "hide": 0, 769 | "includeAll": false, 770 | "label": null, 771 | "multi": false, 772 | "name": "service", 773 | "options": [], 774 | "query": "label_values(traefik_service_request_duration_seconds_sum, service)", 775 | "refresh": 1, 776 | "regex": "", 777 | "skipUrlSync": false, 778 | "sort": 1, 779 | "tagValuesQuery": "", 780 | "tags": [], 781 | "tagsQuery": "", 782 | "type": "query", 783 | "useTags": false 784 | }, 785 | { 786 | "allValue": null, 787 | "current": {}, 788 | "datasource": "${DS_PROMETHEUS}", 789 | "definition": "label_values(traefik_entrypoint_requests_total,entrypoint)", 790 | "error": null, 791 | "hide": 0, 792 | "includeAll": true, 793 | "label": null, 794 | "multi": true, 795 | "name": "entrypoint", 796 | "options": [], 797 | "query": "label_values(traefik_entrypoint_requests_total,entrypoint)", 798 | "refresh": 1, 799 | "regex": "", 800 | "skipUrlSync": false, 801 | "sort": 0, 802 | "tagValuesQuery": "", 803 | "tags": [], 804 | "tagsQuery": "", 805 | "type": "query", 806 | "useTags": false 807 | } 808 | ] 809 | }, 810 | "time": { 811 | "from": "now-30m", 812 | "to": "now" 813 | }, 814 | "timepicker": { 815 | "refresh_intervals": [ 816 | "10s", 817 | "30s", 818 | "1m", 819 | "5m", 820 | "15m", 821 | "30m", 822 | "1h", 823 | "2h", 824 | "1d" 825 | ], 826 | "time_options": [ 827 | "5m", 828 | "15m", 829 | "1h", 830 | "6h", 831 | "12h", 832 | "24h", 833 | "2d", 834 | "7d", 835 | "30d" 836 | ] 837 | }, 838 | "timezone": "", 839 | "title": "Traefik 2.2 Copy", 840 | "uid": "duDvV2LMz", 841 | "version": 9 842 | } -------------------------------------------------------------------------------- /Grafana/README.MD: -------------------------------------------------------------------------------- 1 | # Grafana 2 | 3 | ## 本项目特点 4 | 5 | 1. 需要与 prometheus 配合使用、添加 prometheus 数据源之后即可导入相应的监控模板 6 | 2. 持久化数据存储 7 | 3. 使用 traefik 进行反代自动化配置 8 | 9 | ```bash 10 | docker-compose up -d 11 | ``` 12 | 13 | ## 图标演示 14 | 15 | 1. traefik 16 | 17 | ![](images/Traefik-2-2-Copy-Grafana.png) 18 | 19 | 2. node-status 20 | 21 | ![](images/1-Node-Exporter-for-Prometheus-Dashboard-CN-v20201010-Grafana.png) -------------------------------------------------------------------------------- /Grafana/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | services: 4 | grafana: 5 | image: grafana/grafana 6 | #ports: 7 | # - 3000:3000 8 | expose: 9 | - 3000 10 | user: "472" 11 | restart: always 12 | logging: 13 | options: 14 | max-size: 1m 15 | environment: 16 | - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel 17 | - TZ="Asia/Shanghai" 18 | labels: 19 | - "traefik.enable=true" 20 | - "traefik.http.routers.grafana.rule=Host(`grafana.example.org`)" 21 | - "traefik.http.routers.grafana.entrypoints=websecure" 22 | - "traefik.http.routers.grafana.tls.certresolver=myresolver" 23 | - "traefik.http.services.grafana.loadbalancer.server.port=3000" 24 | volumes: 25 | # 数据持久化存储 26 | - ./grafana_data:/var/lib/grafana 27 | - ./grafana/provisioning/:/etc/grafana/provisioning/ 28 | # 配置文件存放 29 | # - ./grafana.ini:/etc/grafana/grafana.ini 30 | networks: 31 | - proxy-tier 32 | 33 | networks: 34 | proxy-tier: 35 | external: 36 | name: traefik 37 | 38 | -------------------------------------------------------------------------------- /Grafana/images/1-Node-Exporter-for-Prometheus-Dashboard-CN-v20201010-Grafana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/expoli/docker-compose-files/fcd62148147542b6941938b9c951fe1a5b718721/Grafana/images/1-Node-Exporter-for-Prometheus-Dashboard-CN-v20201010-Grafana.png -------------------------------------------------------------------------------- /Grafana/images/Traefik-2-2-Copy-Grafana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/expoli/docker-compose-files/fcd62148147542b6941938b9c951fe1a5b718721/Grafana/images/Traefik-2-2-Copy-Grafana.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 expoli 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Netmaker/README.MD: -------------------------------------------------------------------------------- 1 | # Wireguard 2 | 3 | 信息来源:[https://fuckcloudnative.io/posts/configure-a-mesh-network-with-netmaker/](https://fuckcloudnative.io/posts/configure-a-mesh-network-with-netmaker/) 4 | -------------------------------------------------------------------------------- /Netmaker/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.4" 2 | 3 | services: 4 | netmaker: 5 | container_name: netmaker 6 | image: gravitl/netmaker:v0.9.4 7 | volumes: 8 | - dnsconfig:/root/config/dnsconfig 9 | - /usr/bin/wg:/usr/bin/wg 10 | - sqldata:/root/data 11 | cap_add: 12 | - NET_ADMIN 13 | restart: always 14 | privileged: true 15 | environment: 16 | SERVER_HOST: "1.1.1.1" 17 | SERVER_API_CONN_STRING: "api.netmaker.example.org:443" 18 | SERVER_GRPC_CONN_STRING: "grpc.netmaker.example.org:50051" 19 | COREDNS_ADDR: "1.1.1.1" 20 | GRPC_SSL: "off" 21 | DNS_MODE: "on" 22 | SERVER_HTTP_HOST: "api.netmaker.example.org" 23 | SERVER_GRPC_HOST: "grpc.netmaker.example.org" 24 | API_PORT: "8081" 25 | GRPC_PORT: "50051" 26 | CLIENT_MODE: "on" 27 | MASTER_KEY: "REPLACE_MASTER_KEY_MY" 28 | SERVER_GRPC_WIREGUARD: "off" 29 | CORS_ALLOWED_ORIGIN: "*" 30 | DISPLAY_KEYS: "on" 31 | DATABASE: "sqlite" 32 | NODE_ID: "netmaker-server-1" 33 | ports: 34 | - "51821-51830:51821-51830/udp" 35 | - "8081:8081" 36 | - "50051:50051" 37 | labels: 38 | - "traefik.enable=true" 39 | # - "traefik.port=3000" 40 | - "traefik.http.routers.netmaker-api.rule=Host(`api.netmaker.example.org`)" 41 | - "traefik.http.routers.netmaker-api.entrypoints=websecure" 42 | - "traefik.http.routers.netmaker-api.tls.certresolver=myresolver" 43 | - "traefik.http.routers.netmaker-api.service=svc_api" 44 | - "traefik.http.services.svc_api.loadbalancer.server.port=8081" 45 | 46 | - "traefik.http.routers.netmaker-grpc.rule=Host(`grpc.netmaker.example.org`)" 47 | - "traefik.http.routers.netmaker-grpc.entrypoints=web" 48 | - "traefik.http.routers.netmaker-grpc.tls.certresolver=myresolver" 49 | - "traefik.http.routers.netmaker-grpc.service=svc_grpc" 50 | - "traefik.http.services.svc_grpc.loadbalancer.server.port=50051" 51 | 52 | netmaker-ui: 53 | container_name: netmaker-ui 54 | depends_on: 55 | - netmaker 56 | image: gravitl/netmaker-ui:v0.9.3 57 | links: 58 | - "netmaker:api" 59 | ports: 60 | - "8082:80" 61 | environment: 62 | BACKEND_URL: "https://api.netmaker.example.org" 63 | restart: always 64 | labels: 65 | - "traefik.enable=true" 66 | - "traefik.http.services.netmakerui.loadbalancer.server.port=80" 67 | - "traefik.http.routers.netmakerui.rule=Host(`netmaker.example.org`)" 68 | - "traefik.http.routers.netmakerui.entrypoints=websecure" 69 | - "traefik.http.routers.netmakerui.tls.certresolver=myresolver" 70 | 71 | coredns: 72 | depends_on: 73 | - netmaker 74 | image: coredns/coredns 75 | command: -conf /root/dnsconfig/Corefile 76 | container_name: coredns 77 | restart: always 78 | #ports: 79 | # - "COREDNS_IP:53:53/udp" 80 | # - "COREDNS_IP:53:53/tcp" 81 | network_mode: host 82 | volumes: 83 | - dnsconfig:/root/dnsconfig 84 | # caddy: 85 | # image: caddy:latest 86 | # container_name: caddy 87 | # restart: unless-stopped 88 | # network_mode: host # Wants ports 80 and 443! 89 | # volumes: 90 | # - ./Caddyfile:/etc/caddy/Caddyfile 91 | # - $PWD/site:/srv # you could also serve a static site in site folder 92 | # - caddy_data:/data 93 | # - caddy_conf:/config 94 | volumes: 95 | caddy_data: {} 96 | caddy_conf: {} 97 | sqldata: {} 98 | dnsconfig: {} 99 | 100 | -------------------------------------------------------------------------------- /Nextcloud/README.MD: -------------------------------------------------------------------------------- 1 | # Nextcloud 2 | 3 | Nextcloud docker-compose 配置 4 | 5 | ## 本项目特点 6 | 7 | 1. 使用 mariadb 作为数据库、支持arm架构 8 | 2. 启用 redis 支持 9 | 3. 启用定时任务 10 | 4. 使用环境变量完成自动化配置 11 | 12 | ## 注意 13 | 14 | 1. 使用前请相应配置好 `docker-compose.yaml` 文件中的 label 标签,保证 `treafik` web服务器的正常工作。 15 | 2. 试用前请配置好数据库的密码与用户的连接操作 16 | 17 | ## 环境变量 18 | 19 | - nextcloud.env 20 | 自动化配置环境变量,注意同步修改 21 | ```env 22 | NEXTCLOUD_ADMIN_USER= 23 | NEXTCLOUD_ADMIN_PASSWORD= 24 | NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.example.org 25 | SMTP_HOST=smtp.163.com 26 | SMTP_SECURE=ssl 27 | SMTP_NAME= 28 | SMTP_PASSWORD= 29 | MAIL_FROM_ADDRESS= 30 | MAIL_DOMAIN=163.com 31 | ``` 32 | 33 | - db.env 34 | 35 | ```env 36 | MYSQL_PASSWORD= 37 | MYSQL_DATABASE=nextcloud 38 | MYSQL_USER=nextcloud 39 | ``` -------------------------------------------------------------------------------- /Nextcloud/db.env: -------------------------------------------------------------------------------- 1 | MYSQL_PASSWORD= 2 | MYSQL_DATABASE=nextcloud 3 | MYSQL_USER=nextcloud 4 | -------------------------------------------------------------------------------- /Nextcloud/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | db: 5 | image: mariadb 6 | command: --max_allowed_packet=32505856 --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --transaction-isolation=READ-COMMITTED --binlog-format=ROW 7 | # cpus: 4 8 | restart: always 9 | volumes: 10 | - /data/hdd/Nextcloud/db:/var/lib/mysql 11 | environment: 12 | - MYSQL_ROOT_PASSWORD= 13 | env_file: 14 | - db.env 15 | networks: 16 | - default 17 | 18 | redis: 19 | image: redis:alpine 20 | # cpus: 4 21 | networks: 22 | - default 23 | restart: always 24 | 25 | nextcloud: 26 | image: nextcloud:apache 27 | # cpus: 4 28 | restart: always 29 | expose: 30 | - 80 31 | # ports: 32 | # - 10080:80 33 | volumes: 34 | - /data/hdd/Nextcloud/nextcloud:/var/www/html 35 | - /data/hdd/Transmission/downloads:/downloads/Transmission 36 | - /data/hdd/Cloudreve/aria2/downloads:/downloads/aria2 37 | environment: 38 | - MYSQL_HOST=db 39 | - REDIS_HOST=redis 40 | - PUID=33 41 | - PGID=33 42 | - TZ="Asia/Shanghai" 43 | env_file: 44 | - db.env 45 | - nextcloud.env 46 | labels: 47 | - "traefik.enable=true" 48 | - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.org`)" 49 | - "traefik.http.routers.nextcloud.entrypoints=websecure" 50 | - "traefik.http.routers.nextcloud.tls.certresolver=myresolver" 51 | - "traefik.http.services.nextcloud.loadbalancer.server.port=80" 52 | networks: 53 | - default 54 | - proxy-tier 55 | depends_on: 56 | - db 57 | - redis 58 | 59 | cron: 60 | image: nextcloud:apache 61 | restart: always 62 | # cpus: 4 63 | volumes: 64 | - /data/hdd/Nextcloud/nextcloud:/var/www/html 65 | entrypoint: /cron.sh 66 | depends_on: 67 | - db 68 | - redis 69 | networks: 70 | - default 71 | 72 | networks: 73 | proxy-tier: 74 | external: 75 | name: traefik 76 | -------------------------------------------------------------------------------- /Nextcloud/nextcloud.env: -------------------------------------------------------------------------------- 1 | NEXTCLOUD_ADMIN_USER= 2 | NEXTCLOUD_ADMIN_PASSWORD= 3 | NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.example.org 4 | SMTP_HOST=smtp.163.com 5 | SMTP_SECURE=ssl 6 | SMTP_NAME= 7 | SMTP_PASSWORD= 8 | MAIL_FROM_ADDRESS= 9 | MAIL_DOMAIN=163.com 10 | 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # docker-compose-files 2 | 3 | 此项目将 traefik 与后台服务进行了分离,在启动 traefik 之后、对后端服务的操作(启动、停止)不影响 Web 服务器的运行,不需要重启 traefik,保证了其他服务的运行稳定性。 4 | 5 | ## 使用方法: 6 | 7 | 1. 首先使用 `docker-compose` 启动 `traefik` 8 | 9 | ```shell 10 | cd traefik 11 | sudo docker-compose up -d 12 | ``` 13 | 14 | 2. 选择需要的应用、修改必要的配置文件、然后使用 `docker-compose` 启动相应的服务。 15 | 16 | ## 例如 Cloudreve 17 | ### 1.修改 docker-compose.yaml 18 | ```shell 19 | nano docker-compose.yaml 20 | ### 21 | aria2: 22 | image: p3terx/aria2-pro 23 | ... 24 | environment: 25 | - PUID=1000 26 | - PGID=1000 27 | - RPC_SECRET= 28 | - UPDATE_TRACKERS=true 29 | - DISK_CACHE=64M 30 | - IPV6_MODE=true 31 | volumes: 32 | - /data/Cloudreve/aria2/config:/config 33 | - /data/Cloudreve/aria2/downloads:/downloads 34 | network_mode: host 35 | 36 | cloudreve: 37 | ... 38 | labels: 39 | - "traefik.enable=true" 40 | - "traefik.port=5212" 41 | - "traefik.http.routers.cloudreve.rule=Host(`cloudreve.exampl.org`)" # 修改为自己的域名 42 | - "traefik.http.routers.cloudreve.entrypoints=websecure" 43 | - "traefik.http.routers.cloudreve.tls.certresolver=myresolver" 44 | volumes: 45 | - /data/Cloudreve/uploads:/cloudreve/uploads 46 | - /data/Cloudreve/aria2/downloads:/downloads 47 | - /data/Cloudreve/conf.ini:/cloudreve/conf.ini 48 | #- /data/Cloudreve/cloudreve.db:/cloudreve/cloudreve.db 49 | - /data/Cloudreve/avatar/:/cloudreve/avatar/ 50 | # - /data/Transmission/downloads/complete/:/Transmission # 其他的宿主机目录 51 | 52 | db: 53 | image: mariadb 54 | command: --max_allowed_packet=32505856 --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --transaction-isolation=READ-COMMITTED --binlog-format=ROW 55 | container_name: cloudreve_db 56 | restart: always 57 | volumes: 58 | - /data/Cloudreve/mysql:/var/lib/mysql 59 | environment: 60 | - MYSQL_ROOT_PASSWORD= 61 | - MYSQL_PASSWORD= 62 | - MYSQL_DATABASE=cloudreve 63 | - MYSQL_USER=cloudreve 64 | 65 | ``` 66 | ### 2. 修改 conf.ini 67 | ```ini 68 | [System] 69 | Mode = master 70 | Listen = :5212 71 | Debug = false 72 | ; Session 密钥, 一般在首次启动时自动生成 73 | SessionSecret = 23333 74 | ; Hash 加盐, 一般在首次启动时自动生成 75 | HashIDSalt = something really hard to guss 76 | 77 | ; 数据库相关,如果你只想使用内置的 SQLite数据库,这一部分直接删去即可 78 | [Database] 79 | ; 数据库类型,目前支持 sqlite | mysql 80 | Type = mysql 81 | ; MySQL 端口 82 | Port = 3306 83 | ; 用户名 84 | User = cloudreve 85 | ; 密码 86 | Password = 87 | ; 数据库地址 88 | Host = cloudreve_db 89 | ; 数据库名称 90 | Name = cloudreve 91 | ; 数据表前缀 92 | TablePrefix = cd_ 93 | ; SQLite 数据库文件路径 94 | ; DBFile = cloudreve.db 95 | 96 | ; Redis 相关 97 | [Redis] 98 | Server = redis:6379 99 | Password = 100 | DB = 0 101 | ``` 102 | -------------------------------------------------------------------------------- /Transmission/README.MD: -------------------------------------------------------------------------------- 1 | # Transmission 2 | 3 | ## 本项目特点 4 | 5 | 1. 支持 web-ui 6 | 2. 支持 ipv6 (host模式) 7 | 3. 支持 PT 8 | 4. 使用 traefik 实现自动服务发现 9 | 10 | ## 注意 11 | 12 | 1. 使用前请配置好 `docker-compose.yaml` 中的 label 项目 13 | 2. 测试时发现改容器存在性能限制、无法多核同时工作 14 | -------------------------------------------------------------------------------- /Transmission/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "2.1" 2 | services: 3 | app: 4 | image: linuxserver/transmission:arm64v8-latest 5 | # cpus: 4 6 | container_name: transmission 7 | environment: 8 | - PUID=1000 9 | - PGID=1000 10 | - TRANSMISSION_WEB_HOME=/combustion-release/ #optional 11 | - USER= #optional 12 | - PASS= #optional 13 | - TZ="Asia/Shanghai" 14 | 15 | volumes: 16 | - /data/hdd/Transmission/config:/config 17 | - /data/hdd/Transmission/downloads:/downloads 18 | - /data/hdd/Transmission/watch:/watch 19 | network_mode: host 20 | # labels: 21 | # - "traefik.enable=true" 22 | # - "traefik.port=9091" 23 | # - "traefik.http.services.transmission.loadbalancer.server.port=9091" 24 | # - "traefik.http.routers.transmission.rule=Host(`transmission.example.org`)" 25 | # - "traefik.http.routers.transmission.entrypoints=websecure" 26 | # - "traefik.http.routers.transmission.service=api@internal" 27 | # - "traefik.http.routers.transmission.tls.certresolver=myresolver" 28 | #ports: 29 | # - 9091:9091 30 | # - 51413:51413 31 | # - 51413:51413/udp 32 | restart: always 33 | 34 | transmission: 35 | build: ./web 36 | restart: always 37 | labels: 38 | - "traefik.enable=true" 39 | - "traefik.http.routers.transmission.rule=Host(`transmission.example.org`)" 40 | - "traefik.http.routers.transmission.entrypoints=websecure" 41 | - "traefik.http.routers.transmission.tls.certresolver=myresolver" 42 | - "traefik.http.services.transmission.loadbalancer.server.port=80" 43 | depends_on: 44 | - app 45 | networks: 46 | - proxy-tier 47 | 48 | networks: 49 | proxy-tier: 50 | external: 51 | name: traefik 52 | -------------------------------------------------------------------------------- /Transmission/web/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:alpine 2 | 3 | COPY nginx.conf /etc/nginx/nginx.conf 4 | #COPY nginx.conf /etc/nginx/default.conf 5 | -------------------------------------------------------------------------------- /Transmission/web/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | 12 | http { 13 | include /etc/nginx/mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log /var/log/nginx/access.log main; 21 | 22 | sendfile on; 23 | #tcp_nopush on; 24 | 25 | keepalive_timeout 65; 26 | 27 | set_real_ip_from 10.0.0.0/8; 28 | set_real_ip_from 172.16.0.0/12; 29 | set_real_ip_from 192.168.0.0/16; 30 | real_ip_header X-Real-IP; 31 | 32 | #gzip on; 33 | 34 | upstream backend { 35 | server 192.168.1.106:9091; 36 | } 37 | 38 | server { 39 | listen 80; 40 | 41 | # Add headers to serve security related headers 42 | # Before enabling Strict-Transport-Security headers please read into this 43 | # topic first. 44 | #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; 45 | # 46 | # WARNING: Only add the preload option once you read about 47 | # the consequences in https://hstspreload.org/. This option 48 | # will add the domain to a hardcoded list that is shipped 49 | # in all major browsers and getting removed from this list 50 | # could take several months. 51 | add_header Referrer-Policy "no-referrer" always; 52 | add_header X-Content-Type-Options "nosniff" always; 53 | add_header X-Download-Options "noopen" always; 54 | add_header X-Frame-Options "SAMEORIGIN" always; 55 | add_header X-Permitted-Cross-Domain-Policies "none" always; 56 | add_header X-Robots-Tag "none" always; 57 | add_header X-XSS-Protection "1; mode=block" always; 58 | 59 | location / { 60 | proxy_set_header X-Real-IP $remote_addr; 61 | proxy_set_header X-Real-Port $remote_port; 62 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 63 | # 在多级代理的情况下,记录每次代理之前的客户端真实ip 64 | proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; 65 | proxy_set_header X-Forwarded-Proto $scheme; 66 | proxy_set_header Host $host; 67 | proxy_set_header X-NginX-Proxy true; 68 | 69 | proxy_set_header Early-Data $ssl_early_data; 70 | 71 | proxy_pass http://backend; 72 | proxy_redirect default; 73 | 74 | # Socket.IO Support 75 | proxy_http_version 1.1; 76 | proxy_set_header Upgrade $http_upgrade; 77 | proxy_set_header Connection "upgrade"; 78 | } 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /aliyun-ddns/.env: -------------------------------------------------------------------------------- 1 | AKID=[ALIYUN's AccessKey-ID] 2 | AKSCT=[ALIYUN's AccessKey-Secret] 3 | DOMAIN=ddns.aliyun.win 4 | REDO=300 5 | TTL=600 6 | TIMEZONE=8.0 7 | TYPE=A,AAAA -------------------------------------------------------------------------------- /aliyun-ddns/README.MD: -------------------------------------------------------------------------------- 1 | # 项目地址 2 | 3 | https://github.com/sanjusss/aliyun-ddns 4 | 5 | # 参数介绍 6 | 7 | | 参数名称 | 注释 | 默认值 | 8 | | :---- | :----- | :--- | 9 | |u|阿里云的Access Key ID。[获取阿里云AccessToken](https://usercenter.console.aliyun.com/)|access key id| 10 | |p|阿里云的Access Key Secret。|access key secret| 11 | |d|需要更新的域名,可以用“,”隔开。
可以指定线路,用“:”分隔线路和域名([线路名说明](https://help.aliyun.com/document_detail/29807.html?spm=a2c4g.11186623.2.14.42405eb4boCsnd))。
例如:“baidu.com,telecom:dianxin.baidu.com”。|my.domain.com| 12 | |i|更新间隔,单位秒。建议大于等于TTL/2。|300| 13 | |t|服务器缓存解析记录的时长,单位秒,普通用户最小为600。|600| 14 | |timezone|输出日志时的时区,单位小时。|8| 15 | |type|需要更改的记录类型,可以用“,”隔开,只能是“A”、“AAAA”或“A,AAAA”。|A,AAAA| 16 | |cnipv4|检查IPv4地址时,仅使用中国服务器。|false| 17 | |webhook|WEBHOOK推送地址。|无| 18 | |checklocal|是否检查本地网卡IP。此选项将禁用在线API的IP检查。|false| 19 | |ipv4nets|本地网卡的IPv4网段。格式示例:“192.168.1.0/24”。多个网段用“,”隔开。|无| 20 | |ipv6nets|本地网卡的IPv6网段。格式示例:“240e::/16”。多个网段用“,”隔开。|无| -------------------------------------------------------------------------------- /aliyun-ddns/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | services: 4 | aliyun-ddns: 5 | image: sanjusss/aliyun-ddns 6 | container_name: aliyun-ddns 7 | env_file: 8 | - .env 9 | network_mode: host 10 | networks: 11 | default: -------------------------------------------------------------------------------- /bolo-traefik/README.MD: -------------------------------------------------------------------------------- 1 | # bolo 2 | 3 | bolo 博客的 `traefik` 后端配置 4 | 5 | 只需要修改 env 文件与 `docker-compose` 中相应的 label 即可 6 | 7 | 本项目专注于使用 docker-compose 进行容器的编排,实现 Bolo 博客的一键启动,以避免广大人民群众在进行 bolo 部署时走不必要的弯路;降低了使用门槛,同时也大大增加了维护与迁移的便利性,同时也增加了 Let's Encrypt SSL证书的自动配置与续签。 8 | 9 | 一键部署脚本传送门(傻瓜式、欢迎试用) https://github.com/expoli/start-bolo 10 | 11 | 详细请参阅:https://github.com/expoli/start-bolo-with-docker-compose 12 | -------------------------------------------------------------------------------- /bolo-traefik/bolo-env.env: -------------------------------------------------------------------------------- 1 | MYSQL_ROOT_PASSWORD=passwd 2 | MYSQL_USER=bolo 3 | MYSQL_DATABASE=volo 4 | MYSQL_PASSWORD=bolo_passward 5 | 6 | RUNTIME_DB=MYSQL 7 | JDBC_USERNAME=bolo 8 | JDBC_PASSWORD=bolo_passward 9 | JDBC_DRIVER=com.mysql.cj.jdbc.Driver 10 | JDBC_URL=jdbc:mysql://db:3306/bolo?useUnicode=yes&characterEncoding=UTF-8&useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC 11 | 12 | -------------------------------------------------------------------------------- /bolo-traefik/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | db: 5 | image: mysql:8.0 6 | command: --max_allowed_packet=32505856 --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --transaction-isolation=READ-COMMITTED --binlog-format=ROW 7 | restart: always 8 | volumes: 9 | - ./mysql/data:/var/lib/mysql 10 | # environment: 11 | # - MYSQL_ROOT_PASSWORD=tangcuyu 12 | # - MYSQL_PASSWORD=tangcuyu 13 | # - MYSQL_DATABASE=bolo 14 | # - MYSQL_USER=bolo 15 | env_file: 16 | - bolo-env.env 17 | networks: 18 | - default 19 | 20 | 21 | bolo: 22 | image: tangcuyu/bolo-solo:latest 23 | restart: always 24 | container_name: "bolo" 25 | expose: 26 | - "8080" 27 | # 主题与文章挂载目录 28 | volumes: 29 | - /etc/localtime:/etc/localtime:ro 30 | # - ./web/markdowns:/opt/solo/markdowns:rw 31 | # - ./theme/solo-nexmoe:/opt/solo/skins/nexmoe 32 | env_file: 33 | - bolo-env.env 34 | command: --listen_port=8080 --server_scheme=https --server_host=blog.example.org --server_port=443 --lute_http=http://lute:8249 35 | dns: 8.8.8.8 36 | labels: 37 | - traefik.enable=true 38 | - traefik.http.routers.bolo.rule=Host(`blog.example.org`) 39 | - traefik.http.routers.bolo.tls=true 40 | - traefik.http.routers.bolo.entrypoints=websecure 41 | - traefik.http.routers.bolo.tls.certresolver=myresolver 42 | - traefik.http.services.bolo.loadbalancer.server.port=8080 43 | depends_on: 44 | - db 45 | networks: 46 | - proxy-tier 47 | - default 48 | 49 | lute: 50 | image: b3log/lute-http 51 | restart: always 52 | expose: 53 | - "8249" 54 | networks: 55 | - default 56 | 57 | networks: 58 | proxy-tier: 59 | external: 60 | name: traefik 61 | default: 62 | -------------------------------------------------------------------------------- /ctf/README.MD: -------------------------------------------------------------------------------- 1 | # CTF 2 | 3 | CTF 导航页以及各靶场工具 4 | 5 | ## 靶机 6 | 7 | 修改相应的 label 为自己需要的域名即可 8 | 9 | ## 导航页 10 | 11 | 需将需要跳转的域名进行同步修改、拥有黑客帝国既视感 12 | 13 | [https-ctf-expoli-tech.webm](images/https-ctf-expoli-tech.webm) 14 | -------------------------------------------------------------------------------- /ctf/docker-dvwa/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '2.3' 2 | 3 | services: 4 | 5 | dvwa_web: 6 | image: cytopia/dvwa:php-${PHP_VERSION:-7.2} 7 | restart: unless-stopped 8 | # ports: 9 | # - "${LISTEN_PORT:-8000}:80" 10 | networks: 11 | - dvwa-net 12 | cpus: 0.2 13 | environment: 14 | - RECAPTCHA_PRIV_KEY=${RECAPTCHA_PRIV_KEY:-} 15 | - RECAPTCHA_PUB_KEY=${RECAPTCHA_PUB_KEY:-} 16 | - SECURITY_LEVEL=${SECURITY_LEVEL:-medium} 17 | - PHPIDS_ENABLED=${PHPIDS_ENABLED:-0} 18 | - PHPIDS_VERBOSE=${PHPIDS_VERBOSE:-0} 19 | - PHP_DISPLAY_ERRORS=${PHP_DISPLAY_ERRORS:-0} 20 | - MYSQL_HOSTNAME=dvwa_db 21 | - MYSQL_DATABASE=dvwa 22 | - MYSQL_USERNAME=dvwa 23 | - MYSQL_PASSWORD=p@ssw0rd 24 | expose: 25 | - "80" 26 | dns: 8.8.8.8 27 | labels: 28 | - traefik.enable=true 29 | - traefik.port=80 30 | - traefik.http.routers.dvwa.rule=Host(`dvwa.example.org`) 31 | - traefik.http.routers.dvwa.tls=true 32 | - traefik.http.routers.dvwa.entrypoints=websecure 33 | - traefik.http.routers.dvwa.tls.certresolver=myresolver 34 | 35 | dvwa_db: 36 | image: mysql:8.0 37 | hostname: dvwa_db 38 | cpus: 0.2 39 | environment: 40 | MYSQL_ROOT_PASSWORD: rootpass 41 | MYSQL_DATABASE: dvwa 42 | MYSQL_USER: dvwa 43 | MYSQL_PASSWORD: p@ssw0rd 44 | restart: unless-stopped 45 | networks: 46 | - dvwa-net 47 | 48 | networks: 49 | dvwa-net: 50 | driver: bridge 51 | 52 | 53 | -------------------------------------------------------------------------------- /ctf/images/https-ctf-expoli-tech.webm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/expoli/docker-compose-files/fcd62148147542b6941938b9c951fe1a5b718721/ctf/images/https-ctf-expoli-tech.webm -------------------------------------------------------------------------------- /ctf/sqli-labs/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | sqli-labs: 6 | image: "c0ny1/sqli-labs:0.1" 7 | container_name: "ctf_sqli_labs" 8 | restart: always 9 | cpus: 0.2 10 | expose: 11 | - "80" 12 | dns: 8.8.8.8 13 | labels: 14 | - traefik.enable=true 15 | - traefik.port=80 16 | - traefik.http.routers.sqli-labs.rule=Host(`sqli_labs.example.org`) 17 | - traefik.http.routers.sqli-labs.tls=true 18 | - traefik.http.routers.sqli-labs.entrypoints=websecure 19 | - traefik.http.routers.sqli-labs.tls.certresolver=myresolver 20 | 21 | networks: 22 | - default 23 | 24 | networks: 25 | default: 26 | -------------------------------------------------------------------------------- /ctf/upload-labs/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | upload-labs: 6 | image: "c0ny1/upload-labs" 7 | container_name: "ctf_upload_labs" 8 | restart: always 9 | expose: 10 | - "80" 11 | dns: 8.8.8.8 12 | cpus: 0.2 13 | labels: 14 | - traefik.enable=true 15 | - traefik.port=80 16 | - traefik.http.routers.upload-labs.rule=Host(`upload_labs.example.org`) 17 | - traefik.http.routers.upload-labs.tls=true 18 | - traefik.http.routers.upload-labs.entrypoints=websecure 19 | - traefik.http.routers.upload-labs.tls.certresolver=myresolver 20 | networks: 21 | - default 22 | 23 | networks: 24 | default: 25 | -------------------------------------------------------------------------------- /ctf/web_index/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | nginx: 5 | image: nginx 6 | restart: always 7 | labels: 8 | - "traefik.enable=true" 9 | - "traefik.port=80" 10 | - "traefik.http.routers.ctf_loader.rule=Host(`ctf_index.example.org`)" 11 | - "traefik.http.routers.ctf_loader.entrypoints=websecure" 12 | - "traefik.http.routers.crf_loader.tls.certresolver=myresolver" 13 | volumes: 14 | - ./web:/usr/share/nginx/html:ro 15 | 16 | networks: 17 | - default 18 | 19 | networks: 20 | default: 21 | -------------------------------------------------------------------------------- /ctf/web_index/web/dvwa_loading.html: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 加载中 9 | 10 | 13 | 14 | 15 |
16 |
L
17 |
O
18 |
A
19 |
D
20 |
I
21 |
N
22 |
G
23 |
24 |
25 |
26 |
27 | 28 | -------------------------------------------------------------------------------- /ctf/web_index/web/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 12 | 13 | 14 | 15 | 16 | 110 | 111 | -------------------------------------------------------------------------------- /ctf/web_index/web/sqli_loading.html: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 加载中 9 | 10 | 13 | 14 | 15 |
16 |
L
17 |
O
18 |
A
19 |
D
20 |
I
21 |
N
22 |
G
23 |
24 |
25 |
26 |
27 | 28 | -------------------------------------------------------------------------------- /ctf/web_index/web/upload_loading.html: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 加载中 9 | 10 | 13 | 14 | 15 |
16 |
L
17 |
O
18 |
A
19 |
D
20 |
I
21 |
N
22 |
G
23 |
24 |
25 |
26 |
27 | 28 | -------------------------------------------------------------------------------- /dnscrypt-proxy/README.MD: -------------------------------------------------------------------------------- 1 | # dnscrypt-proxy 2 | 3 | ## 主项目地址 4 | 5 | https://github.com/DNSCrypt/dnscrypt-proxy 6 | https://github.com/melchor629/docker-dnscrypt-proxy 7 | 8 | ## 软件介绍 9 | 10 | 灵活的 DNS 代理,支持现代加密 DNS 协议,例如 DNSCrypt v2、DNS-over-HTTPS、匿名 DNSCrypt 和 ODoH(Oblivious DoH)。 11 | > A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). 12 | 13 | ## 本项目特点 14 | 15 | 1. 使用 docker-compose 进行配置、开箱即用 16 | 2. 支持自定义配置 17 | 3. 默认启用 chinalist 18 | 4. 提供多种配置模板 19 | 20 | ## docker-compose 文件 21 | 22 | ```yaml 23 | version: '3.6' 24 | 25 | services: 26 | server: 27 | image: melchor9000/dnscrypt-proxy 28 | ports: 29 | - target: 5353 30 | published: 53 31 | protocol: udp 32 | mode: host 33 | - target: 5353 34 | published: 53 35 | protocol: tcp 36 | mode: host 37 | restart: always 38 | volumes: 39 | #Here I have the toml and txt files 40 | #The cache is stored in another folder, but is not persisted 41 | - "./conf/dnscrypt-proxy.toml:/etc/dnscrypt-proxy/dnscrypt-proxy.toml" 42 | - "./conf/chinalist.txt:/etc/dnscrypt-proxy/chinalist.txt" 43 | - "./conf/cloaking-rules.txt:/etc/dnscrypt-proxy/cloaking-rules.txt" 44 | - "./conf/resolvers:/etc/dnscrypt-proxy/resolvers" 45 | # deploy: 46 | # mode: replicated 47 | # replicas: 2 48 | ``` 49 | 50 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/allowed-ips.txt: -------------------------------------------------------------------------------- 1 | ############################## 2 | # Allowed IPs List # 3 | ############################## 4 | 5 | #192.168.0.* 6 | #fe80:53:* # IPv6 prefix example 7 | #81.169.145.105 8 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/allowed-names.txt: -------------------------------------------------------------------------------- 1 | 2 | ########################### 3 | # Allowlist # 4 | ########################### 5 | 6 | ## Rules for allowing queries based on name, one per line 7 | ## 8 | ## Example of valid patterns: 9 | ## 10 | ## ads.* | matches anything with an "ads." prefix 11 | ## *.example.com | matches example.com and all names within that zone such as www.example.com 12 | ## example.com | identical to the above 13 | ## =example.com | allows example.com but not *.example.com 14 | ## *sex* | matches any name containing that substring 15 | ## ads[0-9]* | matches "ads" followed by one or more digits 16 | ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster 17 | 18 | 19 | # That one may be blocked due to 'tracker' being in the name. 20 | tracker.debian.org 21 | 22 | # That one may be blocked due to 'ads' being in the name. 23 | # However, blocking it prevents all sponsored links from the Google 24 | # search engine from being opened. 25 | googleadservices.com 26 | 27 | 28 | ## Time-based rules 29 | 30 | # *.youtube.* @time-to-play 31 | # facebook.com @play 32 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/blocked-ips.txt: -------------------------------------------------------------------------------- 1 | ############################## 2 | # IP blocklist # 3 | ############################## 4 | 5 | ## Rules for IP-based response blocking 6 | ## 7 | ## Sample feeds of suspect IP addresses: 8 | ## - https://github.com/stamparm/ipsum 9 | ## - https://github.com/tg12/bad_packets_blocklist 10 | ## - https://isc.sans.edu/block.txt 11 | ## - https://block.energized.pro/extensions/ips/formats/list.txt 12 | 13 | 163.5.1.4 14 | 94.46.118.* 15 | fe80:53:* # IPv6 prefix example 16 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/blocked-names.txt: -------------------------------------------------------------------------------- 1 | 2 | ########################### 3 | # Blocklist # 4 | ########################### 5 | 6 | ## Rules for name-based query blocking, one per line 7 | ## 8 | ## Example of valid patterns: 9 | ## 10 | ## ads.* | matches anything with an "ads." prefix 11 | ## *.example.com | matches example.com and all names within that zone such as www.example.com 12 | ## example.com | identical to the above 13 | ## =example.com | block example.com but not *.example.com 14 | ## *sex* | matches any name containing that substring 15 | ## ads[0-9]* | matches "ads" followed by one or more digits 16 | ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster 17 | 18 | ad.* 19 | ads.* 20 | banner.* 21 | banners.* 22 | creatives.* 23 | oas.* 24 | oascentral.* # inline comments are allowed after a pound sign 25 | stats.* 26 | tag.* 27 | telemetry.* 28 | tracker.* 29 | *.local 30 | eth0.me 31 | *.workgroup 32 | 33 | 34 | 35 | ## Time-based rules 36 | 37 | # *.youtube.* @time-to-sleep 38 | # facebook.com @work 39 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/captive-portals.txt: -------------------------------------------------------------------------------- 1 | ########################################### 2 | # Captive portal test names # 3 | ########################################### 4 | 5 | ## Some operating systems send queries to these names after a network change, 6 | ## in order to check if connectivity beyond the router is possible without 7 | ## going through a captive portal. 8 | ## 9 | ## This is a list of hard-coded IP addresses that will be returned when queries 10 | ## for these names are received, even before the operating system an interface 11 | ## as usable for reaching the Internet. 12 | ## 13 | ## Note that IPv6 addresses don't need to be specified within brackets, 14 | ## as there are no port numbers. 15 | 16 | captive.apple.com 17.253.109.201, 17.253.113.202 17 | connectivitycheck.gstatic.com 64.233.162.94, 64.233.164.94, 64.233.165.94, 64.233.177.94, 64.233.185.94, 74.125.132.94, 74.125.136.94, 74.125.20.94, 74.125.21.94, 74.125.28.94 18 | connectivitycheck.android.com 64.233.162.100, 64.233.162.101, 64.233.162.102, 64.233.162.113, 64.233.162.138, 64.233.162.139 19 | www.msftncsi.com 95.100.252.49, 95.100.252.8, 2.19.98.8, 2.19.98.59, 88.221.113.88, 88.221.113.43, 88.221.113.49, 88.221.113.75 20 | dns.msftncsi.com 131.107.255.255, fd3e:4f5a:5b81::1 21 | www.msftconnecttest.com 13.107.4.52 22 | ipv4only.arpa 192.0.0.170, 192.0.0.171 23 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/cloaking-rules.txt: -------------------------------------------------------------------------------- 1 | ################################ 2 | # Cloaking rules # 3 | ################################ 4 | 5 | # The following example rules force "safe" (without adult content) search 6 | # results from Google, Bing and YouTube. 7 | # 8 | # This has to be enabled with the `cloaking_rules` parameter in the main 9 | # configuration file 10 | 11 | 12 | www.google.* forcesafesearch.google.com 13 | 14 | www.bing.com strict.bing.com 15 | 16 | yandex.ru familysearch.yandex.ru # inline comments are allowed after a pound sign 17 | 18 | =duckduckgo.com safe.duckduckgo.com 19 | 20 | www.youtube.com restrictmoderate.youtube.com 21 | m.youtube.com restrictmoderate.youtube.com 22 | youtubei.googleapis.com restrictmoderate.youtube.com 23 | youtube.googleapis.com restrictmoderate.youtube.com 24 | www.youtube-nocookie.com restrictmoderate.youtube.com 25 | 26 | # Multiple IP entries for the same name are supported. 27 | # In the following example, the same name maps both to IPv4 and IPv6 addresses: 28 | 29 | localhost 127.0.0.1 30 | localhost ::1 31 | 32 | # For load-balancing, multiple IP addresses of the same class can also be 33 | # provided using the same format, one pair per line. 34 | 35 | # ads.* 192.168.100.1 36 | # ads.* 192.168.100.2 37 | # ads.* ::1 38 | 39 | # local 40 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/dnscrypt-proxy.toml: -------------------------------------------------------------------------------- 1 | 2 | ############################################## 3 | # # 4 | # dnscrypt-proxy configuration # 5 | # # 6 | ############################################## 7 | 8 | ## This is an example configuration file. 9 | ## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml" 10 | ## 11 | ## Online documentation is available here: https://dnscrypt.info/doc 12 | 13 | 14 | 15 | ################################## 16 | # Global settings # 17 | ################################## 18 | 19 | ## List of servers to use 20 | ## 21 | ## Servers from the "public-resolvers" source (see down below) can 22 | ## be viewed here: https://dnscrypt.info/public-servers 23 | ## 24 | ## The proxy will automatically pick working servers from this list. 25 | ## Note that the require_* filters do NOT apply when using this setting. 26 | ## 27 | ## By default, this list is empty and all registered servers matching the 28 | ## require_* filters will be used instead. 29 | ## 30 | ## Remove the leading # first to enable this; lines starting with # are ignored. 31 | 32 | # server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare'] 33 | 34 | 35 | ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. 36 | ## Example with both IPv4 and IPv6: 37 | ## listen_addresses = ['127.0.0.1:53', '[::1]:53'] 38 | 39 | listen_addresses = ['0.0.0.0:5353'] 40 | 41 | 42 | ## Maximum number of simultaneous client connections to accept 43 | 44 | max_clients = 2500 45 | 46 | 47 | ## Switch to a different system user after listening sockets have been created. 48 | ## Note (1): this feature is currently unsupported on Windows. 49 | ## Note (2): this feature is not compatible with systemd socket activation. 50 | ## Note (3): when using -pidfile, the PID file directory must be writable by the new user 51 | 52 | 53 | 54 | 55 | ## Require servers (from static + remote sources) to satisfy specific properties 56 | 57 | # Use servers reachable over IPv4 58 | ipv4_servers = true 59 | 60 | # Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity 61 | ipv6_servers = false 62 | 63 | # Use servers implementing the DNSCrypt protocol 64 | dnscrypt_servers = true 65 | 66 | # Use servers implementing the DNS-over-HTTPS protocol 67 | doh_servers = true 68 | 69 | 70 | ## Require servers defined by remote sources to satisfy specific properties 71 | 72 | # Server must support DNS security extensions (DNSSEC) 73 | require_dnssec = true 74 | 75 | # Server must not log user queries (declarative) 76 | require_nolog = true 77 | 78 | # Server must not enforce its own blocklist (for parental control, ads blocking...) 79 | require_nofilter = false 80 | 81 | # Server names to avoid even if they match all criteria 82 | disabled_server_names = [] 83 | 84 | 85 | ## Always use TCP to connect to upstream servers. 86 | ## This can be useful if you need to route everything through Tor. 87 | ## Otherwise, leave this to `false`, as it doesn't improve security 88 | ## (dnscrypt-proxy will always encrypt everything even using UDP), and can 89 | ## only increase latency. 90 | 91 | force_tcp = false 92 | 93 | 94 | ## SOCKS proxy 95 | ## Uncomment the following line to route all TCP connections to a local Tor node 96 | ## Tor doesn't support UDP, so set `force_tcp` to `true` as well. 97 | 98 | # proxy = 'socks5://127.0.0.1:9050' 99 | 100 | 101 | ## HTTP/HTTPS proxy 102 | ## Only for DoH servers 103 | 104 | # http_proxy = 'http://127.0.0.1:8888' 105 | 106 | 107 | ## How long a DNS query will wait for a response, in milliseconds. 108 | ## If you have a network with *a lot* of latency, you may need to 109 | ## increase this. Startup may be slower if you do so. 110 | ## Don't increase it too much. 10000 is the highest reasonable value. 111 | 112 | timeout = 5000 113 | 114 | 115 | ## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds 116 | 117 | keepalive = 30 118 | 119 | 120 | ## Add EDNS-client-subnet information to outgoing queries 121 | ## 122 | ## Multiple networks can be listed; they will be randomly chosen. 123 | ## These networks don't have to match your actual networks. 124 | 125 | # edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"] 126 | 127 | 128 | ## Response for blocked queries. Options are `refused`, `hinfo` (default) or 129 | ## an IP response. To give an IP response, use the format `a:,aaaa:`. 130 | ## Using the `hinfo` option means that some responses will be lies. 131 | ## Unfortunately, the `hinfo` option appears to be required for Android 8+ 132 | 133 | blocked_query_response = 'refused' 134 | 135 | 136 | ## Load-balancing strategy: 'p2' (default), 'ph', 'p', 'first' or 'random' 137 | ## Randomly choose 1 of the fastest 2, half, n, 1 or all live servers by latency. 138 | ## The response quality still depends on the server itself. 139 | 140 | # lb_strategy = 'p2' 141 | 142 | ## Set to `true` to constantly try to estimate the latency of all the resolvers 143 | ## and adjust the load-balancing parameters accordingly, or to `false` to disable. 144 | ## Default is `true` that makes 'p2' `lb_strategy` work well. 145 | 146 | # lb_estimator = true 147 | 148 | 149 | ## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors) 150 | 151 | # log_level = 2 152 | 153 | 154 | ## Log file for the application, as an alternative to sending logs to 155 | ## the standard system logging service (syslog/Windows event log). 156 | ## 157 | ## This file is different from other log files, and will not be 158 | ## automatically rotated by the application. 159 | 160 | # log_file = 'DONT' 161 | 162 | 163 | ## When using a log file, only keep logs from the most recent launch. 164 | 165 | # log_file_latest = true 166 | 167 | 168 | ## Use the system logger (syslog on Unix, Event Log on Windows) 169 | 170 | # use_syslog = true 171 | 172 | 173 | ## Delay, in minutes, after which certificates are reloaded 174 | 175 | cert_refresh_delay = 240 176 | 177 | 178 | ## DNSCrypt: Create a new, unique key for every single DNS query 179 | ## This may improve privacy but can also have a significant impact on CPU usage 180 | ## Only enable if you don't have a lot of network load 181 | 182 | # dnscrypt_ephemeral_keys = false 183 | 184 | 185 | ## DoH: Disable TLS session tickets - increases privacy but also latency 186 | 187 | # tls_disable_session_tickets = false 188 | 189 | 190 | ## DoH: Use a specific cipher suite instead of the server preference 191 | ## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 192 | ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 193 | ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 194 | ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 195 | ## 4865 = TLS_AES_128_GCM_SHA256 196 | ## 4867 = TLS_CHACHA20_POLY1305_SHA256 197 | ## 198 | ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...), 199 | ## the following suite improves performance. 200 | ## This may also help on Intel CPUs running 32-bit operating systems. 201 | ## 202 | ## Keep tls_cipher_suite empty if you have issues fetching sources or 203 | ## connecting to some DoH servers. Google and Cloudflare are fine with it. 204 | 205 | # tls_cipher_suite = [52392, 49199] 206 | 207 | 208 | ## Fallback resolvers 209 | ## These are normal, non-encrypted DNS resolvers, that will be only used 210 | ## for one-shot queries when retrieving the initial resolvers list, and 211 | ## only if the system DNS configuration doesn't work. 212 | ## 213 | ## No user application queries will ever be leaked through these resolvers, 214 | ## and they will not be used after IP addresses of resolvers URLs have been found. 215 | ## They will never be used if lists have already been cached, and if stamps 216 | ## don't include host names without IP addresses. 217 | ## 218 | ## They will not be used if the configured system DNS works. 219 | ## Resolvers supporting DNSSEC are recommended, and, if you are using 220 | ## DoH, fallback resolvers should ideally be operated by a different entity than 221 | ## the DoH servers you will be using, especially if you have IPv6 enabled. 222 | ## 223 | ## People in China may need to use 114.114.114.114:53 here. 224 | ## Other popular options include 8.8.8.8 and 1.1.1.1. 225 | ## 226 | ## If more than one resolver is specified, they will be tried in sequence. 227 | 228 | fallback_resolvers = ['9.9.9.9:53', '8.8.8.8:53'] 229 | 230 | 231 | ## Always use the fallback resolver before the system DNS settings. 232 | 233 | ignore_system_dns = true 234 | 235 | 236 | ## Maximum time (in seconds) to wait for network connectivity before 237 | ## initializing the proxy. 238 | ## Useful if the proxy is automatically started at boot, and network 239 | ## connectivity is not guaranteed to be immediately available. 240 | ## Use 0 to not test for connectivity at all (not recommended), 241 | ## and -1 to wait as much as possible. 242 | 243 | netprobe_timeout = 60 244 | 245 | ## Address and port to try initializing a connection to, just to check 246 | ## if the network is up. It can be any address and any port, even if 247 | ## there is nothing answering these on the other side. Just don't use 248 | ## a local address, as the goal is to check for Internet connectivity. 249 | ## On Windows, a datagram with a single, nul byte will be sent, only 250 | ## when the system starts. 251 | ## On other operating systems, the connection will be initialized 252 | ## but nothing will be sent at all. 253 | 254 | netprobe_address = '9.9.9.9:53' 255 | 256 | 257 | ## Offline mode - Do not use any remote encrypted servers. 258 | ## The proxy will remain fully functional to respond to queries that 259 | ## plugins can handle directly (forwarding, cloaking, ...) 260 | 261 | # offline_mode = false 262 | 263 | 264 | ## Additional data to attach to outgoing queries. 265 | ## These strings will be added as TXT records to queries. 266 | ## Do not use, except on servers explicitly asking for extra data 267 | ## to be present. 268 | ## encrypted-dns-server can be configured to use this for access control 269 | ## in the [access_control] section 270 | 271 | # query_meta = ['key1:value1', 'key2:value2', 'token:MySecretToken'] 272 | 273 | 274 | ## Automatic log files rotation 275 | 276 | # Maximum log files size in MB - Set to 0 for unlimited. 277 | log_files_max_size = 10 278 | 279 | # How long to keep backup files, in days 280 | log_files_max_age = 7 281 | 282 | # Maximum log files backups to keep (or 0 to keep all backups) 283 | log_files_max_backups = 1 284 | 285 | 286 | 287 | ######################### 288 | # Filters # 289 | ######################### 290 | 291 | ## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you 292 | ## configure dnscrypt-proxy to do any kind of filtering (including the filters 293 | ## below and blocklists). 294 | ## You can still choose resolvers that do DNSSEC validation. 295 | 296 | 297 | ## Immediately respond to IPv6-related queries with an empty response 298 | ## This makes things faster when there is no IPv6 connectivity, but can 299 | ## also cause reliability issues with some stub resolvers. 300 | 301 | block_ipv6 = false 302 | 303 | 304 | ## Immediately respond to A and AAAA queries for host names without a domain name 305 | 306 | block_unqualified = true 307 | 308 | 309 | ## Immediately respond to queries for local zones instead of leaking them to 310 | ## upstream resolvers (always causing errors or timeouts). 311 | 312 | block_undelegated = true 313 | 314 | 315 | ## TTL for synthetic responses sent when a request has been blocked (due to 316 | ## IPv6 or blocklists). 317 | 318 | reject_ttl = 600 319 | 320 | 321 | 322 | ################################################################################## 323 | # Route queries for specific domains to a dedicated set of servers # 324 | ################################################################################## 325 | 326 | ## See the `example-forwarding-rules.txt` file for an example 327 | 328 | # forwarding_rules = 'forwarding-rules.txt' 329 | forwarding_rules = '/etc/dnscrypt-proxy/chinalist.txt' 330 | 331 | 332 | ############################### 333 | # Cloaking rules # 334 | ############################### 335 | 336 | ## Cloaking returns a predefined address for a specific name. 337 | ## In addition to acting as a HOSTS file, it can also return the IP address 338 | ## of a different name. It will also do CNAME flattening. 339 | ## 340 | ## See the `example-cloaking-rules.txt` file for an example 341 | 342 | cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' 343 | 344 | # cloaking_rules = 'cloaking-rules.txt' 345 | 346 | ## TTL used when serving entries in cloaking-rules.txt 347 | 348 | cloak_ttl = 600 349 | 350 | 351 | 352 | ########################### 353 | # DNS cache # 354 | ########################### 355 | 356 | ## Enable a DNS cache to reduce latency and outgoing traffic 357 | 358 | cache = true 359 | 360 | 361 | ## Cache size 362 | 363 | cache_size = 4096 364 | 365 | 366 | ## Minimum TTL for cached entries 367 | 368 | cache_min_ttl = 2400 369 | 370 | 371 | ## Maximum TTL for cached entries 372 | 373 | cache_max_ttl = 86400 374 | 375 | 376 | ## Minimum TTL for negatively cached entries 377 | 378 | cache_neg_min_ttl = 60 379 | 380 | 381 | ## Maximum TTL for negatively cached entries 382 | 383 | cache_neg_max_ttl = 600 384 | 385 | 386 | 387 | ######################################## 388 | # Captive portal handling # 389 | ######################################## 390 | 391 | [captive_portals] 392 | 393 | ## A file that contains a set of names used by operating systems to 394 | ## check for connectivity and captive portals, along with hard-coded 395 | ## IP addresses to return. 396 | 397 | # map_file = 'example-captive-portals.txt' 398 | 399 | 400 | 401 | ################################## 402 | # Local DoH server # 403 | ################################## 404 | 405 | [local_doh] 406 | 407 | ## dnscrypt-proxy can act as a local DoH server. By doing so, web browsers 408 | ## requiring a direct connection to a DoH server in order to enable some 409 | ## features will enable these, without bypassing your DNS proxy. 410 | 411 | ## Addresses that the local DoH server should listen to 412 | 413 | # listen_addresses = ['127.0.0.1:3000'] 414 | 415 | 416 | ## Path of the DoH URL. This is not a file, but the part after the hostname 417 | ## in the URL. By convention, `/dns-query` is frequently chosen. 418 | ## For each `listen_address` the complete URL to access the server will be: 419 | ## `https://` (ex: `https://127.0.0.1/dns-query`) 420 | 421 | # path = '/dns-query' 422 | 423 | 424 | ## Certificate file and key - Note that the certificate has to be trusted. 425 | ## See the documentation (wiki) for more information. 426 | 427 | # cert_file = 'localhost.pem' 428 | # cert_key_file = 'localhost.pem' 429 | 430 | 431 | 432 | ############################### 433 | # Query logging # 434 | ############################### 435 | 436 | ## Log client queries to a file 437 | 438 | [query_log] 439 | 440 | ## Path to the query log file (absolute, or relative to the same directory as the config file) 441 | ## Can be set to /dev/stdout in order to log to the standard output. 442 | 443 | # file = 'query.log' 444 | 445 | 446 | ## Query log format (currently supported: tsv and ltsv) 447 | 448 | format = 'tsv' 449 | 450 | 451 | ## Do not log these query types, to reduce verbosity. Keep empty to log everything. 452 | 453 | # ignored_qtypes = ['DNSKEY', 'NS'] 454 | 455 | 456 | 457 | ############################################ 458 | # Suspicious queries logging # 459 | ############################################ 460 | 461 | ## Log queries for nonexistent zones 462 | ## These queries can reveal the presence of malware, broken/obsolete applications, 463 | ## and devices signaling their presence to 3rd parties. 464 | 465 | [nx_log] 466 | 467 | ## Path to the query log file (absolute, or relative to the same directory as the config file) 468 | 469 | # file = 'nx.log' 470 | 471 | 472 | ## Query log format (currently supported: tsv and ltsv) 473 | 474 | format = 'tsv' 475 | 476 | 477 | 478 | ###################################################### 479 | # Pattern-based blocking (blocklists) # 480 | ###################################################### 481 | 482 | ## Blocklists are made of one pattern per line. Example of valid patterns: 483 | ## 484 | ## example.com 485 | ## =example.com 486 | ## *sex* 487 | ## ads.* 488 | ## ads*.example.* 489 | ## ads*.example[0-9]*.com 490 | ## 491 | ## Example blocklist files can be found at https://download.dnscrypt.info/blocklists/ 492 | ## A script to build blocklists from public feeds can be found in the 493 | ## `utils/generate-domains-blocklists` directory of the dnscrypt-proxy source code. 494 | 495 | [blocked_names] 496 | 497 | ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) 498 | 499 | # blocked_names_file = 'blocked-names.txt' 500 | 501 | 502 | ## Optional path to a file logging blocked queries 503 | 504 | # log_file = 'blocked-names.log' 505 | 506 | 507 | ## Optional log format: tsv or ltsv (default: tsv) 508 | 509 | # log_format = 'tsv' 510 | 511 | 512 | 513 | ########################################################### 514 | # Pattern-based IP blocking (IP blocklists) # 515 | ########################################################### 516 | 517 | ## IP blocklists are made of one pattern per line. Example of valid patterns: 518 | ## 519 | ## 127.* 520 | ## fe80:abcd:* 521 | ## 192.168.1.4 522 | 523 | [blocked_ips] 524 | 525 | ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) 526 | 527 | # blocked_ips_file = 'blocked-ips.txt' 528 | 529 | 530 | ## Optional path to a file logging blocked queries 531 | 532 | # log_file = 'blocked-ips.log' 533 | 534 | 535 | ## Optional log format: tsv or ltsv (default: tsv) 536 | 537 | # log_format = 'tsv' 538 | 539 | 540 | 541 | ###################################################### 542 | # Pattern-based allow lists (blocklists bypass) # 543 | ###################################################### 544 | 545 | ## Allowlists support the same patterns as blocklists 546 | ## If a name matches an allowlist entry, the corresponding session 547 | ## will bypass names and IP filters. 548 | ## 549 | ## Time-based rules are also supported to make some websites only accessible at specific times of the day. 550 | 551 | [allowed_names] 552 | 553 | ## Path to the file of allow list rules (absolute, or relative to the same directory as the config file) 554 | 555 | # allowed_names_file = 'allowed-names.txt' 556 | 557 | 558 | ## Optional path to a file logging allowed queries 559 | 560 | # log_file = 'allowed-names.log' 561 | 562 | 563 | ## Optional log format: tsv or ltsv (default: tsv) 564 | 565 | # log_format = 'tsv' 566 | 567 | 568 | 569 | ######################################################### 570 | # Pattern-based allowed IPs lists (blocklists bypass) # 571 | ######################################################### 572 | 573 | ## Allowed IP lists support the same patterns as IP blocklists 574 | ## If an IP response matches an allow ip entry, the corresponding session 575 | ## will bypass IP filters. 576 | ## 577 | ## Time-based rules are also supported to make some websites only accessible at specific times of the day. 578 | 579 | [allowed_ips] 580 | 581 | ## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file) 582 | 583 | # allowed_ips_file = 'allowed-ips.txt' 584 | 585 | 586 | ## Optional path to a file logging allowed queries 587 | 588 | # log_file = 'allowed-ips.log' 589 | 590 | ## Optional log format: tsv or ltsv (default: tsv) 591 | 592 | # log_format = 'tsv' 593 | 594 | 595 | 596 | ########################################## 597 | # Time access restrictions # 598 | ########################################## 599 | 600 | ## One or more weekly schedules can be defined here. 601 | ## Patterns in the name-based blocked_names file can optionally be followed with @schedule_name 602 | ## to apply the pattern 'schedule_name' only when it matches a time range of that schedule. 603 | ## 604 | ## For example, the following rule in a blocklist file: 605 | ## *.youtube.* @time-to-sleep 606 | ## would block access to YouTube during the times defined by the 'time-to-sleep' schedule. 607 | ## 608 | ## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00 609 | ## {after= '9:00', before='18:00'} matches 9:00-18:00 610 | 611 | [schedules] 612 | 613 | # [schedules.'time-to-sleep'] 614 | # mon = [{after='21:00', before='7:00'}] 615 | # tue = [{after='21:00', before='7:00'}] 616 | # wed = [{after='21:00', before='7:00'}] 617 | # thu = [{after='21:00', before='7:00'}] 618 | # fri = [{after='23:00', before='7:00'}] 619 | # sat = [{after='23:00', before='7:00'}] 620 | # sun = [{after='21:00', before='7:00'}] 621 | 622 | # [schedules.'work'] 623 | # mon = [{after='9:00', before='18:00'}] 624 | # tue = [{after='9:00', before='18:00'}] 625 | # wed = [{after='9:00', before='18:00'}] 626 | # thu = [{after='9:00', before='18:00'}] 627 | # fri = [{after='9:00', before='17:00'}] 628 | 629 | 630 | 631 | ######################### 632 | # Servers # 633 | ######################### 634 | 635 | ## Remote lists of available servers 636 | ## Multiple sources can be used simultaneously, but every source 637 | ## requires a dedicated cache file. 638 | ## 639 | ## Refer to the documentation for URLs of public sources. 640 | ## 641 | ## A prefix can be prepended to server names in order to 642 | ## avoid collisions if different sources share the same for 643 | ## different servers. In that case, names listed in `server_names` 644 | ## must include the prefixes. 645 | ## 646 | ## If the `urls` property is missing, cache files and valid signatures 647 | ## must already be present. This doesn't prevent these cache files from 648 | ## expiring after `refresh_delay` hours. 649 | ## Cache freshness is checked every 24 hours, so values for 'refresh_delay' 650 | ## of less than 24 hours will have no effect. 651 | ## A maximum delay of 168 hours (1 week) is imposed to ensure cache freshness. 652 | 653 | [sources] 654 | 655 | ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers 656 | 657 | [sources.'public-resolvers'] 658 | urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://download.dnscrypt.net/resolvers-list/v3/public-resolvers.md'] 659 | cache_file = 'resolvers/public-resolvers.md' 660 | minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 661 | refresh_delay = 72 662 | prefix = '' 663 | 664 | ## Anonymized DNS relays 665 | 666 | [sources.'relays'] 667 | urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md'] 668 | cache_file = 'resolvers/relays.md' 669 | minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 670 | refresh_delay = 72 671 | prefix = '' 672 | 673 | ## Quad9 over DNSCrypt - https://quad9.net/ 674 | 675 | # [sources.quad9-resolvers] 676 | # urls = ['https://www.quad9.net/quad9-resolvers.md'] 677 | # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' 678 | # cache_file = 'resolvers/quad9-resolvers.md' 679 | # prefix = 'quad9-' 680 | 681 | ## Another example source, with resolvers censoring some websites not appropriate for children 682 | ## This is a subset of the `public-resolvers` list, so enabling both is useless 683 | 684 | # [sources.'parental-control'] 685 | # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://download.dnscrypt.net/resolvers-list/v3/parental-control.md'] 686 | # cache_file = 'resolvers/parental-control.md' 687 | # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 688 | 689 | 690 | 691 | ######################################### 692 | # Servers with known bugs # 693 | ######################################### 694 | 695 | [broken_implementations] 696 | 697 | # Cisco servers currently cannot handle queries larger than 1472 bytes, and don't 698 | # truncate reponses larger than questions as expected by the DNSCrypt protocol. 699 | # This prevents large responses from being received over UDP and over relays. 700 | # 701 | # Older versions of the `dnsdist` server software had a bug with queries larger 702 | # than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but 703 | # some server may still run an outdated version. 704 | # 705 | # The list below enables workarounds to make non-relayed usage more reliable 706 | # until the servers are fixed. 707 | 708 | fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6'] 709 | 710 | 711 | 712 | ################################################################# 713 | # Certificate-based client authentication for DoH # 714 | ################################################################# 715 | 716 | # Use a X509 certificate to authenticate yourself when connecting to DoH servers. 717 | # This is only useful if you are operating your own, private DoH server(s). 718 | # 'creds' maps servers to certificates, and supports multiple entries. 719 | # If you are not using the standard root CA, an optional "root_ca" 720 | # property set to the path to a root CRT file can be added to a server entry. 721 | 722 | [doh_client_x509_auth] 723 | 724 | # 725 | # creds = [ 726 | # { server_name='myserver', client_cert='client.crt', client_key='client.key' } 727 | # ] 728 | 729 | 730 | 731 | ################################ 732 | # Anonymized DNS # 733 | ################################ 734 | 735 | [anonymized_dns] 736 | 737 | ## Routes are indirect ways to reach DNSCrypt servers. 738 | ## 739 | ## A route maps a server name ("server_name") to one or more relays that will be 740 | ## used to connect to that server. 741 | ## 742 | ## A relay can be specified as a DNS Stamp (either a relay stamp, or a 743 | ## DNSCrypt stamp) or a server name. 744 | ## 745 | ## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`, 746 | ## and "example-server-2" via the relay whose relay DNS stamp is 747 | ## "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM". 748 | ## 749 | ## !!! THESE ARE JUST EXAMPLES !!! 750 | ## 751 | ## Review the list of available relays from the "relays.md" file, and, for each 752 | ## server you want to use, define the relays you want connections to go through. 753 | ## 754 | ## Carefully choose relays and servers so that they are run by different entities. 755 | ## 756 | ## "server_name" can also be set to "*" to define a default route, for all servers: 757 | ## { server_name='*', via=['anon-example-1', 'anon-example-2'] } 758 | ## 759 | ## If a route is ["*"], the proxy automatically picks a relay on a distinct network. 760 | ## { server_name='*', via=['*'] } is also an option, but is likely to be suboptimal. 761 | ## 762 | ## Manual selection is always recommended over automatic selection, so that you can 763 | ## select (relay,server) pairs that work well and fit your own criteria (close by or 764 | ## in different countries, operated by different entities, on distinct ISPs...) 765 | 766 | # routes = [ 767 | # { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] }, 768 | # { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] } 769 | # ] 770 | 771 | 772 | # Skip resolvers incompatible with anonymization instead of using them directly 773 | 774 | skip_incompatible = false 775 | 776 | 777 | # If public server certificates for a non-conformant server cannot be 778 | # retrieved via a relay, try getting them directly. Actual queries 779 | # will then always go through relays. 780 | 781 | # direct_cert_fallback = false 782 | 783 | 784 | 785 | ############################### 786 | # DNS64 # 787 | ############################### 788 | 789 | ## DNS64 is a mechanism for synthesizing AAAA records from A records. 790 | ## It is used with an IPv6/IPv4 translator to enable client-server 791 | ## communication between an IPv6-only client and an IPv4-only server, 792 | ## without requiring any changes to either the IPv6 or the IPv4 node, 793 | ## for the class of applications that work through NATs. 794 | ## 795 | ## There are two options to synthesize such records: 796 | ## Option 1: Using a set of static IPv6 prefixes; 797 | ## Option 2: By discovering the IPv6 prefix from DNS64-enabled resolver. 798 | ## 799 | ## If both options are configured - only static prefixes are used. 800 | ## (Ref. RFC6147, RFC6052, RFC7050) 801 | ## 802 | ## Do not enable unless you know what DNS64 is and why you need it, or else 803 | ## you won't be able to connect to anything at all. 804 | 805 | [dns64] 806 | 807 | ## (Option 1) Static prefix(es) as Pref64::/n CIDRs. 808 | # prefix = ['64:ff9b::/96'] 809 | 810 | ## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs. 811 | ## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only. 812 | ## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96). 813 | ## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only. 814 | # resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53'] 815 | 816 | 817 | 818 | ######################################## 819 | # Static entries # 820 | ######################################## 821 | 822 | ## Optional, local, static list of additional servers 823 | ## Mostly useful for testing your own servers. 824 | 825 | [static] 826 | 827 | # [static.'myserver'] 828 | # stamp = 'sdns://AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg' 829 | -------------------------------------------------------------------------------- /dnscrypt-proxy/conf/forwarding-rules.txt: -------------------------------------------------------------------------------- 1 | ################################## 2 | # Forwarding rules # 3 | ################################## 4 | 5 | ## This is used to route specific domain names to specific servers. 6 | ## The general format is: 7 | ## [:port] [, [:port]...] 8 | ## IPv6 addresses can be specified by enclosing the address in square brackets. 9 | 10 | ## In order to enable this feature, the "forwarding_rules" property needs to 11 | ## be set to this file name inside the main configuration file. 12 | 13 | ## Blocking IPv6 may prevent local devices from being discovered. 14 | ## If this happens, set `block_ipv6` to `false` in the main config file. 15 | 16 | ## Forward *.lan, *.local, *.home, *.home.arpa, *.internal and *.localdomain to 192.168.1.1 17 | # lan 192.168.1.1 18 | # local 192.168.1.1 19 | # home 192.168.1.1 20 | # home.arpa 192.168.1.1 21 | # internal 192.168.1.1 22 | # localdomain 192.168.1.1 23 | 24 | ## Forward queries for example.com and *.example.com to 9.9.9.9 and 8.8.8.8 25 | # example.com 9.9.9.9,8.8.8.8 26 | -------------------------------------------------------------------------------- /dnscrypt-proxy/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.6' 2 | 3 | services: 4 | server: 5 | image: melchor9000/dnscrypt-proxy 6 | ports: 7 | - target: 5353 8 | published: 53 9 | protocol: udp 10 | mode: host 11 | - target: 5353 12 | published: 53 13 | protocol: tcp 14 | mode: host 15 | restart: always 16 | volumes: 17 | #Here I have the toml and txt files 18 | #The cache is stored in another folder, but is not persisted 19 | - "./conf/dnscrypt-proxy.toml:/etc/dnscrypt-proxy/dnscrypt-proxy.toml" 20 | - "./conf/chinalist.txt:/etc/dnscrypt-proxy/chinalist.txt" 21 | - "./conf/cloaking-rules.txt:/etc/dnscrypt-proxy/cloaking-rules.txt" 22 | - "./conf/resolvers:/etc/dnscrypt-proxy/resolvers" 23 | # deploy: 24 | # mode: replicated 25 | # replicas: 2 26 | -------------------------------------------------------------------------------- /gitea/README.MD: -------------------------------------------------------------------------------- 1 | # Gitea 2 | 3 | ## 环境变量 4 | 您可以通过环境变量配置 Gitea 的一些设置: 5 | 6 | (默认值以粗体显示) 7 | 8 | - APP_NAME:**“Gitea: Git with a cup of tea”**:应用程序名称,在页面标题中使用。 9 | - RUN_MODE:**prod**:应用程序运行模式,会影响性能和调试。“dev”,“prod"或"test”。 10 | - DOMAIN:**localhost**:此服务器的域名,用于 Gitea UI 中显示的 http 克隆 URL。 11 | - SSH_DOMAIN:**localhost**:该服务器的域名,用于 Gitea UI 中显示的 ssh 克隆 URL。如果启用了安装页面,则 SSH 域服务器将采用以下形式的 DOMAIN 值(保存时将覆盖此设置)。 12 | - SSH_PORT:**22**:克隆 URL 中显示的 SSH 端口。 13 | - SSH_LISTEN_PORT:**%(SSH_PORT)s**:内置 SSH 服务器的端口。 14 | - DISABLE_SSH:**false**:如果不可用,请禁用 SSH 功能。如果要禁用 SSH 功能,则在安装 Gitea 时应将 SSH 端口设置为 0。 15 | - HTTP_PORT:**3000**:HTTP 监听端口。 16 | - ROOT_URL:"":覆盖自动生成的公共 URL。如果内部 URL 和外部 URL 不匹配(例如在 Docker 中),这很有用。 17 | - LFS_START_SERVER:**false**:启用 git-lfs 支持。 18 | - DB_TYPE:**sqlite3**:正在使用的数据库类型[mysql,postgres,mssql,sqlite3]。 19 | - DB_HOST:**localhost:3306**:数据库主机地址和端口。 20 | - DB_NAME:**gitea**:数据库名称。 21 | - DB_USER:**root**:数据库用户名。 22 | - DB_PASSWD:**"”** :数据库用户密码。如果您在密码中使用特殊字符,请使用“您的密码”进行引用。 23 | - INSTALL_LOCK:**false**:禁止访问安装页面。 24 | - SECRET_KEY:**""** :全局密钥。这应该更改。如果它具有一个值并且 INSTALL_LOCK 为空,则 INSTALL_LOCK 将自动设置为 true。 25 | - DISABLE_REGISTRATION:**false**:禁用注册,之后只有管理员才能为用户创建帐户。 26 | - REQUIRE_SIGNIN_VIEW:**false**:启用此选项可强制用户登录以查看任何页面。 27 | - USER_UID:**1000**:在容器内运行 Gitea 的用户的 UID(Unix 用户 ID)。如果使用主机卷,则将其与 /data 卷的所有者的 UID 匹配(对于命名卷,则不需要这样做)。 28 | - USER_GID:**1000**:在容器内运行 Gitea 的用户的 GID(Unix 组 ID)。如果使用主机卷,则将其与 /data 卷的所有者的 GID 匹配(对于命名卷,则不需要这样做)。 29 | 30 | ## 完整配置文件链接 31 | 32 | [https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini) -------------------------------------------------------------------------------- /gitea/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | gitea: 5 | external: false 6 | 7 | services: 8 | server: 9 | image: gitea/gitea:1.16.0 10 | container_name: gitea 11 | environment: 12 | - USER_UID=1000 13 | - USER_GID=1000 14 | - DB_TYPE=mysql 15 | - DB_HOST=db:3306 16 | - DB_NAME=gitea 17 | - DB_USER=gitea 18 | - DB_PASSWD=gitea 19 | - DOMAIN=git.example.org 20 | - SSH_DOMAIN=git.example.org 21 | - SSH_PORT=2222 22 | restart: always 23 | networks: 24 | - gitea 25 | volumes: 26 | - ./gitea:/data 27 | - /etc/timezone:/etc/timezone:ro 28 | - /etc/localtime:/etc/localtime:ro 29 | ports: 30 | - "3000:3000" 31 | - "2222:2222" 32 | depends_on: 33 | - db 34 | labels: 35 | - traefik.enable=true 36 | - traefik.http.routers.gitea.rule=Host(`git.example.org`) 37 | - traefik.http.routers.gitea.tls=true 38 | - traefik.http.routers.gitea.entrypoints=websecure 39 | - traefik.http.routers.gitea.tls.certresolver=myresolver 40 | - traefik.http.services.gitea.loadbalancer.server.port=3000 41 | 42 | db: 43 | image: mysql:8 44 | restart: always 45 | environment: 46 | - MYSQL_ROOT_PASSWORD=gitea 47 | - MYSQL_USER=gitea 48 | - MYSQL_PASSWORD=gitea 49 | - MYSQL_DATABASE=gitea 50 | networks: 51 | - gitea 52 | volumes: 53 | - ./mysql:/var/lib/mysql -------------------------------------------------------------------------------- /kodbox/README.MD: -------------------------------------------------------------------------------- 1 | # kodbox 2 | 3 | ## 项目地址 4 | 5 | https://github.com/KodCloud-dev/docker 6 | 7 | ## 本项目特点 8 | 9 | 1. 容器版本更新 10 | 2. 使用环境变量自动配置 11 | 3. 通过相应 secret 文件简化配置 12 | 13 | ## docker-compose 14 | 15 | ```yaml 16 | version: "3.5" 17 | 18 | services: 19 | db: 20 | image: mariadb:10.6.1 21 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 22 | volumes: 23 | - "./db:/var/lib/mysql" 24 | - "./mysql-init-files:/docker-entrypoint-initdb.d" 25 | environment: 26 | - "TZ=Asia/Shanghai" 27 | - "MYSQL_ALLOW_EMPTY_PASSWORD=yes" 28 | - "MYSQL_DATABASE_FILE=/run/secrets/mysql_db" 29 | - "MYSQL_USER_FILE=/run/secrets/mysql_user" 30 | - "MYSQL_PASSWORD_FILE=/run/secrets/mysql_password" 31 | restart: always 32 | secrets: 33 | - mysql_db 34 | - mysql_password 35 | - mysql_user 36 | 37 | app: 38 | image: kodcloud/kodbox:v1.20 39 | # ports: 40 | # - 80:80 41 | links: 42 | - db 43 | - redis 44 | volumes: 45 | - "/data/1TB/kodbox:/var/www/html" 46 | - "/data/1TB/Transmission/downloads/complete:/downloads" 47 | environment: 48 | - "MYSQL_SERVER=db" 49 | - "MYSQL_DATABASE_FILE=/run/secrets/mysql_db" 50 | - "MYSQL_USER_FILE=/run/secrets/mysql_user" 51 | - "MYSQL_PASSWORD_FILE=/run/secrets/mysql_password" 52 | - "SESSION_HOST=redis" 53 | restart: always 54 | secrets: 55 | - mysql_db 56 | - mysql_password 57 | - mysql_user 58 | labels: 59 | - "traefik.enable=true" 60 | - "traefik.port=80" 61 | - "traefik.http.routers.kodbox.rule=Host(`kodbox.example.org`)" 62 | - "traefik.http.routers.kodbox.entrypoints=websecure" 63 | - "traefik.http.routers.kodbox.tls.certresolver=myresolver" 64 | 65 | redis: 66 | image: redis:alpine3.12 67 | environment: 68 | - "TZ=Asia/Shanghai" 69 | restart: always 70 | 71 | secrets: 72 | mysql_db: 73 | file: "./mysql_db.txt" 74 | mysql_password: 75 | file: "./mysql_password.txt" 76 | mysql_user: 77 | file: "./mysql_user.txt" 78 | 79 | ``` 80 | -------------------------------------------------------------------------------- /kodbox/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | services: 4 | db: 5 | image: mariadb:10.7.1 6 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 7 | volumes: 8 | - "./db:/var/lib/mysql" 9 | - "./mysql-init-files:/docker-entrypoint-initdb.d" 10 | environment: 11 | - "TZ=Asia/Shanghai" 12 | - "MYSQL_ALLOW_EMPTY_PASSWORD=yes" 13 | - "MYSQL_DATABASE_FILE=/run/secrets/mysql_db" 14 | - "MYSQL_USER_FILE=/run/secrets/mysql_user" 15 | - "MYSQL_PASSWORD_FILE=/run/secrets/mysql_password" 16 | restart: always 17 | secrets: 18 | - mysql_db 19 | - mysql_password 20 | - mysql_user 21 | 22 | app: 23 | image: kodcloud/kodbox:v1.25 24 | # ports: 25 | # - 80:80 26 | links: 27 | - db 28 | - redis 29 | volumes: 30 | - "/data/1TB/kodbox:/var/www/html" 31 | - "/data/1TB/Transmission/downloads/complete:/downloads" 32 | environment: 33 | - "MYSQL_SERVER=db" 34 | - "MYSQL_DATABASE_FILE=/run/secrets/mysql_db" 35 | - "MYSQL_USER_FILE=/run/secrets/mysql_user" 36 | - "MYSQL_PASSWORD_FILE=/run/secrets/mysql_password" 37 | - "SESSION_HOST=redis" 38 | restart: always 39 | secrets: 40 | - mysql_db 41 | - mysql_password 42 | - mysql_user 43 | labels: 44 | - "traefik.enable=true" 45 | - "traefik.http.routers.kodbox.rule=Host(`kodbox.example.org`)" 46 | - "traefik.http.routers.kodbox.entrypoints=websecure" 47 | - "traefik.http.routers.kodbox.tls.certresolver=myresolver" 48 | - "traefik.http.services.kodbox.loadbalancer.server.port=80" 49 | 50 | redis: 51 | image: redis:alpine3.12 52 | environment: 53 | - "TZ=Asia/Shanghai" 54 | restart: always 55 | 56 | secrets: 57 | mysql_db: 58 | file: "./mysql_db.txt" 59 | mysql_password: 60 | file: "./mysql_password.txt" 61 | mysql_user: 62 | file: "./mysql_user.txt" 63 | -------------------------------------------------------------------------------- /kodbox/mysql-init-files/import.sql: -------------------------------------------------------------------------------- 1 | -- dump by kodbox 2 | SET NAMES utf8; 3 | use kod_box; 4 | 5 | DROP TABLE IF EXISTS `comment`; 6 | CREATE TABLE `comment` ( 7 | `commentID` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '评论id', 8 | `pid` bigint(20) unsigned NOT NULL COMMENT '该评论上级ID', 9 | `userID` bigint(20) unsigned NOT NULL COMMENT '评论用户id', 10 | `targetType` smallint(5) unsigned NOT NULL COMMENT '评论对象类型1分享2文件3文章4......', 11 | `targetID` bigint(20) unsigned NOT NULL COMMENT '评论对象id', 12 | `content` text NOT NULL COMMENT '评论内容', 13 | `praiseCount` int(11) unsigned NOT NULL COMMENT '点赞统计', 14 | `commentCount` int(11) unsigned NOT NULL COMMENT '评论统计', 15 | `status` tinyint(3) unsigned NOT NULL COMMENT '状态 1正常 2异常 3其他', 16 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 17 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 18 | PRIMARY KEY (`commentID`), 19 | KEY `pid` (`pid`), 20 | KEY `userID` (`userID`), 21 | KEY `targetType` (`targetType`), 22 | KEY `targetID` (`targetID`), 23 | KEY `praiseCount` (`praiseCount`), 24 | KEY `commentCount` (`commentCount`), 25 | KEY `modifyTime` (`modifyTime`), 26 | KEY `createTime` (`createTime`) 27 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='通用评论表'; 28 | 29 | DROP TABLE IF EXISTS `comment_meta`; 30 | CREATE TABLE `comment_meta` ( 31 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 32 | `commentID` bigint(20) unsigned NOT NULL COMMENT '评论id', 33 | `key` varchar(255) NOT NULL COMMENT '字段key', 34 | `value` text NOT NULL COMMENT '字段值', 35 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 36 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改', 37 | PRIMARY KEY (`id`), 38 | UNIQUE KEY `commentID_key` (`commentID`,`key`), 39 | KEY `commentID` (`commentID`), 40 | KEY `key` (`key`) 41 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='评论表扩展字段'; 42 | 43 | DROP TABLE IF EXISTS `comment_praise`; 44 | CREATE TABLE `comment_praise` ( 45 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID', 46 | `commentID` bigint(20) unsigned NOT NULL COMMENT '评论ID', 47 | `userID` int(11) unsigned NOT NULL COMMENT '用户ID', 48 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 49 | `modifyTime` int(11) unsigned NOT NULL COMMENT '修改时间', 50 | PRIMARY KEY (`id`), 51 | UNIQUE KEY `commentID_userID` (`commentID`,`userID`), 52 | KEY `commentID` (`commentID`), 53 | KEY `userID` (`userID`), 54 | KEY `modifyTime` (`modifyTime`), 55 | KEY `createTime` (`createTime`) 56 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='评论点赞表'; 57 | 58 | DROP TABLE IF EXISTS `group`; 59 | CREATE TABLE `group` ( 60 | `groupID` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '群组id', 61 | `name` varchar(255) NOT NULL COMMENT '群组名', 62 | `parentID` bigint(20) unsigned NOT NULL COMMENT '父群组id', 63 | `parentLevel` varchar(1000) NOT NULL COMMENT '父路径id; 例如: ,2,5,10,', 64 | `extraField` varchar(100) DEFAULT NULL COMMENT '扩展字段', 65 | `sort` int(11) unsigned NOT NULL COMMENT '排序', 66 | `sizeMax` double unsigned NOT NULL COMMENT '群组存储空间大小(GB) 0-不限制', 67 | `sizeUse` bigint(20) unsigned NOT NULL COMMENT '已使用大小(byte)', 68 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 69 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 70 | PRIMARY KEY (`groupID`), 71 | KEY `name` (`name`), 72 | KEY `parentID` (`parentID`), 73 | KEY `createTime` (`createTime`), 74 | KEY `modifyTime` (`modifyTime`), 75 | KEY `order` (`sort`), 76 | KEY `parentLevel` (`parentLevel`(333)) 77 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='群组表'; 78 | 79 | DROP TABLE IF EXISTS `group_meta`; 80 | CREATE TABLE `group_meta` ( 81 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 82 | `groupID` bigint(20) unsigned NOT NULL COMMENT '部门id', 83 | `key` varchar(255) NOT NULL COMMENT '存储key', 84 | `value` text NOT NULL COMMENT '对应值', 85 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 86 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 87 | PRIMARY KEY (`id`), 88 | UNIQUE KEY `groupID_key` (`groupID`,`key`), 89 | KEY `groupID` (`groupID`), 90 | KEY `key` (`key`) 91 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='用户数据扩展表'; 92 | 93 | DROP TABLE IF EXISTS `io_file`; 94 | CREATE TABLE `io_file` ( 95 | `fileID` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 96 | `name` varchar(255) NOT NULL COMMENT '文件名', 97 | `size` bigint(20) unsigned NOT NULL COMMENT '文件大小', 98 | `ioType` int(10) unsigned NOT NULL COMMENT 'io的id', 99 | `path` varchar(255) NOT NULL COMMENT '文件路径', 100 | `hashSimple` varchar(100) NOT NULL COMMENT '文件简易hash(不全覆盖);hashSimple', 101 | `hashMd5` varchar(100) NOT NULL COMMENT '文件hash, md5', 102 | `linkCount` int(11) unsigned NOT NULL COMMENT '引用次数;0则定期删除', 103 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 104 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 105 | PRIMARY KEY (`fileID`), 106 | KEY `size` (`size`), 107 | KEY `path` (`path`), 108 | KEY `hash` (`hashSimple`), 109 | KEY `linkCount` (`linkCount`), 110 | KEY `createTime` (`createTime`), 111 | KEY `ioType` (`ioType`), 112 | KEY `hashMd5` (`hashMd5`) 113 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文档存储表'; 114 | 115 | DROP TABLE IF EXISTS `io_file_contents`; 116 | CREATE TABLE `io_file_contents` ( 117 | `fileID` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '文件ID', 118 | `content` mediumtext NOT NULL COMMENT '文本文件内容', 119 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 120 | PRIMARY KEY (`fileID`), 121 | KEY `createTime` (`createTime`) 122 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文件id'; 123 | 124 | DROP TABLE IF EXISTS `io_file_meta`; 125 | CREATE TABLE `io_file_meta` ( 126 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 127 | `fileID` bigint(20) unsigned NOT NULL COMMENT '文件id', 128 | `key` varchar(255) NOT NULL COMMENT '存储key', 129 | `value` text NOT NULL COMMENT '对应值', 130 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 131 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 132 | PRIMARY KEY (`id`), 133 | UNIQUE KEY `fileID_key` (`fileID`,`key`), 134 | KEY `fileID` (`fileID`), 135 | KEY `key` (`key`) 136 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文件扩展表'; 137 | 138 | DROP TABLE IF EXISTS `io_source`; 139 | CREATE TABLE `io_source` ( 140 | `sourceID` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 141 | `sourceHash` varchar(20) NOT NULL COMMENT ' id的hash', 142 | `targetType` tinyint(3) unsigned NOT NULL COMMENT '文档所属类型 (0-sys,1-user,2-group)', 143 | `targetID` bigint(20) unsigned NOT NULL COMMENT '拥有者对象id', 144 | `createUser` bigint(20) unsigned NOT NULL COMMENT '创建者id', 145 | `modifyUser` bigint(20) unsigned NOT NULL COMMENT '最后修改者', 146 | `isFolder` tinyint(4) unsigned NOT NULL COMMENT '是否为文件夹(0否,1是)', 147 | `name` varchar(255) NOT NULL COMMENT '文件名', 148 | `fileType` varchar(10) NOT NULL COMMENT '文件扩展名,文件夹则为空', 149 | `parentID` bigint(20) unsigned NOT NULL COMMENT '父级资源id,为0则为部门或用户根文件夹,添加用户部门时自动新建', 150 | `parentLevel` varchar(1000) NOT NULL COMMENT '父路径id; 例如: ,2,5,10,', 151 | `fileID` bigint(20) unsigned NOT NULL COMMENT '对应存储资源id,文件夹则该处为0', 152 | `isDelete` tinyint(4) unsigned NOT NULL COMMENT '是否删除(0-正常 1-已删除)', 153 | `size` bigint(20) unsigned NOT NULL COMMENT '占用空间大小', 154 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 155 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 156 | `viewTime` int(11) unsigned NOT NULL COMMENT '最后访问时间', 157 | PRIMARY KEY (`sourceID`), 158 | KEY `targetType` (`targetType`), 159 | KEY `targetID` (`targetID`), 160 | KEY `createUser` (`createUser`), 161 | KEY `isFolder` (`isFolder`), 162 | KEY `fileType` (`fileType`), 163 | KEY `parentID` (`parentID`), 164 | KEY `parentLevel` (`parentLevel`(333)), 165 | KEY `fileID` (`fileID`), 166 | KEY `isDelete` (`isDelete`), 167 | KEY `size` (`size`), 168 | KEY `modifyTime` (`modifyTime`), 169 | KEY `createTime` (`createTime`), 170 | KEY `viewTime` (`viewTime`), 171 | KEY `modifyUser` (`modifyUser`) 172 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文档数据表'; 173 | 174 | DROP TABLE IF EXISTS `io_source_auth`; 175 | CREATE TABLE `io_source_auth` ( 176 | `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 177 | `sourceID` bigint(20) unsigned NOT NULL COMMENT '文档资源id', 178 | `targetType` tinyint(4) unsigned NOT NULL COMMENT '分享给的对象,1用户,2部门', 179 | `targetID` bigint(20) unsigned NOT NULL COMMENT '所属对象id', 180 | `authID` int(11) unsigned NOT NULL COMMENT '权限组id;自定义权限则为0', 181 | `authDefine` int(11) NOT NULL COMMENT '自定义权限,4字节占位', 182 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 183 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 184 | PRIMARY KEY (`id`), 185 | KEY `sourceID` (`sourceID`), 186 | KEY `userID` (`targetType`), 187 | KEY `groupID` (`targetID`), 188 | KEY `auth` (`authID`), 189 | KEY `authDefine` (`authDefine`) 190 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文档权限表'; 191 | 192 | DROP TABLE IF EXISTS `io_source_event`; 193 | CREATE TABLE `io_source_event` ( 194 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 195 | `sourceID` bigint(20) unsigned NOT NULL COMMENT '文档id', 196 | `sourceParent` bigint(20) unsigned NOT NULL COMMENT '文档父文件夹id', 197 | `userID` bigint(20) unsigned NOT NULL COMMENT '操作者id', 198 | `type` varchar(255) NOT NULL COMMENT '事件类型', 199 | `desc` text NOT NULL COMMENT '数据详情,根据type内容意义不同', 200 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 201 | PRIMARY KEY (`id`), 202 | KEY `sourceID` (`sourceID`), 203 | KEY `sourceParent` (`sourceParent`), 204 | KEY `userID` (`userID`), 205 | KEY `eventType` (`type`), 206 | KEY `createTime` (`createTime`) 207 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文档事件表'; 208 | 209 | DROP TABLE IF EXISTS `io_source_history`; 210 | CREATE TABLE `io_source_history` ( 211 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 212 | `sourceID` bigint(20) unsigned NOT NULL COMMENT '文档资源id', 213 | `userID` bigint(20) unsigned NOT NULL COMMENT '用户id, 对部门时此id为0', 214 | `fileID` bigint(20) unsigned NOT NULL COMMENT '当前版本对应存储资源id', 215 | `size` bigint(20) NOT NULL COMMENT '文件大小', 216 | `detail` varchar(1024) NOT NULL COMMENT '版本描述', 217 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 218 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 219 | PRIMARY KEY (`id`), 220 | KEY `sourceID` (`sourceID`), 221 | KEY `userID` (`userID`), 222 | KEY `fileID` (`fileID`), 223 | KEY `createTime` (`createTime`) 224 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文档历史记录表'; 225 | 226 | DROP TABLE IF EXISTS `io_source_meta`; 227 | CREATE TABLE `io_source_meta` ( 228 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 229 | `sourceID` bigint(20) unsigned NOT NULL COMMENT '文档id', 230 | `key` varchar(255) NOT NULL COMMENT '存储key', 231 | `value` text NOT NULL COMMENT '对应值', 232 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 233 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 234 | PRIMARY KEY (`id`), 235 | UNIQUE KEY `sourceID_key` (`sourceID`,`key`), 236 | KEY `sourceID` (`sourceID`), 237 | KEY `key` (`key`) 238 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文档扩展表'; 239 | 240 | DROP TABLE IF EXISTS `io_source_recycle`; 241 | CREATE TABLE `io_source_recycle` ( 242 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 243 | `targetType` tinyint(3) unsigned NOT NULL COMMENT '文档所属类型 (0-sys,1-user,2-group)', 244 | `targetID` bigint(20) unsigned NOT NULL COMMENT '拥有者对象id', 245 | `sourceID` bigint(20) unsigned NOT NULL COMMENT '文档id', 246 | `userID` bigint(20) unsigned NOT NULL COMMENT '操作者id', 247 | `parentLevel` varchar(1000) NOT NULL COMMENT '文档上层关系;冗余字段,便于统计回收站信息', 248 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 249 | PRIMARY KEY (`id`), 250 | KEY `sourceID` (`sourceID`), 251 | KEY `userID` (`userID`), 252 | KEY `createTime` (`createTime`), 253 | KEY `parentLevel` (`parentLevel`(333)), 254 | KEY `targetType` (`targetType`), 255 | KEY `targetID` (`targetID`) 256 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='文档回收站'; 257 | 258 | DROP TABLE IF EXISTS `share`; 259 | CREATE TABLE `share` ( 260 | `shareID` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 261 | `title` varchar(255) NOT NULL COMMENT '分享标题', 262 | `shareHash` varchar(50) NOT NULL COMMENT 'shareid', 263 | `userID` bigint(20) unsigned NOT NULL COMMENT '分享用户id', 264 | `sourceID` bigint(20) NOT NULL COMMENT '用户数据id', 265 | `sourcePath` varchar(1024) NOT NULL COMMENT '分享文档路径', 266 | `url` varchar(255) NOT NULL COMMENT '分享别名,替代shareHash', 267 | `isLink` tinyint(4) unsigned NOT NULL COMMENT '是否外链分享;默认为0', 268 | `isShareTo` tinyint(4) unsigned NOT NULL COMMENT '是否为内部分享;默认为0', 269 | `password` varchar(255) NOT NULL COMMENT '访问密码,为空则无密码', 270 | `timeTo` int(11) unsigned NOT NULL COMMENT '到期时间,0-永久生效', 271 | `numView` int(11) unsigned NOT NULL COMMENT '预览次数', 272 | `numDownload` int(11) unsigned NOT NULL COMMENT '下载次数', 273 | `options` varchar(1000) NOT NULL COMMENT 'json 配置信息;是否可以下载,是否可以上传等', 274 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 275 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 276 | PRIMARY KEY (`shareID`), 277 | KEY `userID` (`userID`), 278 | KEY `createTime` (`createTime`), 279 | KEY `modifyTime` (`modifyTime`), 280 | KEY `path` (`sourceID`), 281 | KEY `sid` (`shareHash`), 282 | KEY `public` (`isLink`), 283 | KEY `timeTo` (`timeTo`), 284 | KEY `numView` (`numView`), 285 | KEY `numDownload` (`numDownload`), 286 | KEY `isShareTo` (`isShareTo`), 287 | KEY `url` (`url`) 288 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='分享数据表'; 289 | 290 | DROP TABLE IF EXISTS `share_report`; 291 | CREATE TABLE `share_report` ( 292 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 293 | `shareID` bigint(20) unsigned NOT NULL COMMENT '分享id', 294 | `title` varchar(255) NOT NULL COMMENT '分享标题', 295 | `sourceID` bigint(20) unsigned NOT NULL COMMENT '举报资源id', 296 | `fileID` bigint(20) unsigned NOT NULL COMMENT '举报文件id,文件夹则该处为0', 297 | `userID` bigint(20) unsigned NOT NULL COMMENT '举报用户id', 298 | `type` tinyint(3) unsigned NOT NULL COMMENT '举报类型 (1-侵权,2-色情,3-暴力,4-政治,5-其他)', 299 | `desc` text NOT NULL COMMENT '举报原因(其他)描述', 300 | `status` tinyint(3) unsigned NOT NULL COMMENT '处理状态(0-未处理,1-已处理,2-禁止分享)', 301 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 302 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 303 | PRIMARY KEY (`id`), 304 | KEY `shareID` (`shareID`), 305 | KEY `sourceID` (`sourceID`), 306 | KEY `fileID` (`fileID`), 307 | KEY `userID` (`userID`), 308 | KEY `type` (`type`), 309 | KEY `modifyTime` (`modifyTime`), 310 | KEY `createTime` (`createTime`) 311 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='分享举报表'; 312 | 313 | DROP TABLE IF EXISTS `share_to`; 314 | CREATE TABLE `share_to` ( 315 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 316 | `shareID` bigint(20) unsigned NOT NULL COMMENT '分享id', 317 | `targetType` tinyint(4) unsigned NOT NULL COMMENT '分享给的对象,1用户,2部门', 318 | `targetID` bigint(20) unsigned NOT NULL COMMENT '所属对象id', 319 | `authID` int(11) unsigned NOT NULL COMMENT '权限组id;自定义权限则为0', 320 | `authDefine` int(11) NOT NULL COMMENT '自定义权限,4字节占位', 321 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 322 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 323 | PRIMARY KEY (`id`), 324 | KEY `shareID` (`shareID`), 325 | KEY `userID` (`targetType`), 326 | KEY `targetID` (`targetID`), 327 | KEY `authDefine` (`authDefine`), 328 | KEY `authID` (`authID`) 329 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='分享给指定用户(协作)'; 330 | 331 | DROP TABLE IF EXISTS `system_log`; 332 | CREATE TABLE `system_log` ( 333 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 334 | `sessionID` varchar(128) NOT NULL COMMENT 'session识别码,用于登陆时记录ip,UA等信息', 335 | `userID` bigint(20) unsigned NOT NULL COMMENT '用户id', 336 | `type` varchar(255) NOT NULL COMMENT '日志类型', 337 | `desc` text NOT NULL COMMENT '详情', 338 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 339 | PRIMARY KEY (`id`), 340 | KEY `userID` (`userID`), 341 | KEY `type` (`type`), 342 | KEY `createTime` (`createTime`), 343 | KEY `sessionID` (`sessionID`) 344 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='系统日志表'; 345 | 346 | DROP TABLE IF EXISTS `system_option`; 347 | CREATE TABLE `system_option` ( 348 | `id` int(11) unsigned NOT NULL AUTO_INCREMENT, 349 | `type` varchar(50) NOT NULL COMMENT '配置类型', 350 | `key` varchar(255) NOT NULL, 351 | `value` text NOT NULL, 352 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 353 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后更新时间', 354 | PRIMARY KEY (`id`), 355 | UNIQUE KEY `key_type` (`key`,`type`), 356 | KEY `createTime` (`createTime`), 357 | KEY `modifyTime` (`modifyTime`) 358 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='系统配置表'; 359 | 360 | DROP TABLE IF EXISTS `system_session`; 361 | CREATE TABLE `system_session` ( 362 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 363 | `sign` varchar(128) NOT NULL COMMENT 'session标识', 364 | `userID` bigint(20) unsigned NOT NULL COMMENT '用户id', 365 | `content` text NOT NULL COMMENT 'value', 366 | `expires` int(10) unsigned NOT NULL COMMENT '过期时间', 367 | `modifyTime` int(10) unsigned NOT NULL COMMENT '修改时间', 368 | `createTime` int(10) unsigned NOT NULL COMMENT '创建时间', 369 | PRIMARY KEY (`id`), 370 | UNIQUE KEY `sign` (`sign`), 371 | KEY `userID` (`userID`), 372 | KEY `expires` (`expires`), 373 | KEY `modifyTime` (`modifyTime`) 374 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='session'; 375 | 376 | DROP TABLE IF EXISTS `user`; 377 | CREATE TABLE `user` ( 378 | `userID` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 379 | `name` varchar(255) NOT NULL COMMENT '登陆用户名', 380 | `roleID` int(11) unsigned NOT NULL COMMENT '用户角色', 381 | `email` varchar(255) NOT NULL COMMENT '邮箱', 382 | `phone` varchar(20) NOT NULL COMMENT '手机', 383 | `nickName` varchar(255) NOT NULL COMMENT '昵称', 384 | `avatar` varchar(255) NOT NULL COMMENT '头像', 385 | `sex` tinyint(4) unsigned NOT NULL COMMENT '性别 (0女1男)', 386 | `password` varchar(100) NOT NULL COMMENT '密码', 387 | `sizeMax` double unsigned NOT NULL COMMENT '群组存储空间大小(GB) 0-不限制', 388 | `sizeUse` bigint(20) unsigned NOT NULL COMMENT '已使用大小(byte)', 389 | `status` tinyint(3) unsigned NOT NULL COMMENT '用户启用状态 0-未启用 1-启用', 390 | `lastLogin` int(11) unsigned NOT NULL COMMENT '最后登陆时间', 391 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 392 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 393 | PRIMARY KEY (`userID`), 394 | KEY `name` (`name`), 395 | KEY `email` (`email`), 396 | KEY `status` (`status`), 397 | KEY `modifyTime` (`modifyTime`), 398 | KEY `lastLogin` (`lastLogin`), 399 | KEY `createTime` (`createTime`), 400 | KEY `nickName` (`nickName`), 401 | KEY `phone` (`phone`), 402 | KEY `sizeUse` (`sizeUse`) 403 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='用户表'; 404 | 405 | DROP TABLE IF EXISTS `user_fav`; 406 | CREATE TABLE `user_fav` ( 407 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 408 | `userID` bigint(20) unsigned NOT NULL COMMENT '用户id', 409 | `tagID` int(11) unsigned NOT NULL COMMENT '标签id,收藏则为0', 410 | `name` varchar(255) NOT NULL COMMENT '收藏名称', 411 | `path` varchar(2048) NOT NULL COMMENT '收藏路径,tag时则为sourceID', 412 | `type` varchar(20) NOT NULL COMMENT 'source/path', 413 | `sort` int(11) unsigned NOT NULL COMMENT '排序', 414 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 415 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 416 | PRIMARY KEY (`id`), 417 | KEY `createTime` (`createTime`), 418 | KEY `userID` (`userID`), 419 | KEY `name` (`name`), 420 | KEY `sort` (`sort`), 421 | KEY `tagID` (`tagID`), 422 | KEY `path` (`path`(333)), 423 | KEY `type` (`type`) 424 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='用户文档标签表'; 425 | 426 | DROP TABLE IF EXISTS `user_group`; 427 | CREATE TABLE `user_group` ( 428 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 429 | `userID` bigint(20) unsigned NOT NULL COMMENT '用户id', 430 | `groupID` bigint(20) unsigned NOT NULL COMMENT '群组id', 431 | `authID` int(11) unsigned NOT NULL COMMENT '在群组内的权限', 432 | `sort` int(11) unsigned NOT NULL COMMENT '在该群组的排序', 433 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 434 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 435 | PRIMARY KEY (`id`), 436 | UNIQUE KEY `userID_groupID` (`userID`,`groupID`), 437 | KEY `userID` (`userID`), 438 | KEY `groupID` (`groupID`), 439 | KEY `groupRole` (`authID`), 440 | KEY `sort` (`sort`) 441 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='用户群组关联表(一对多)'; 442 | 443 | DROP TABLE IF EXISTS `user_meta`; 444 | CREATE TABLE `user_meta` ( 445 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 446 | `userID` bigint(20) unsigned NOT NULL COMMENT '用户id', 447 | `key` varchar(255) NOT NULL COMMENT '存储key', 448 | `value` text NOT NULL COMMENT '对应值', 449 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 450 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 451 | PRIMARY KEY (`id`), 452 | UNIQUE KEY `userID_metaKey` (`userID`,`key`), 453 | KEY `userID` (`userID`), 454 | KEY `metaKey` (`key`) 455 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='用户数据扩展表'; 456 | 457 | DROP TABLE IF EXISTS `user_option`; 458 | CREATE TABLE `user_option` ( 459 | `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增id', 460 | `userID` bigint(20) unsigned NOT NULL COMMENT '用户id', 461 | `type` varchar(50) NOT NULL COMMENT '配置类型,全局配置类型为空,编辑器配置type=editor', 462 | `key` varchar(255) NOT NULL COMMENT '配置key', 463 | `value` text NOT NULL COMMENT '配置值', 464 | `createTime` int(11) unsigned NOT NULL COMMENT '创建时间', 465 | `modifyTime` int(11) unsigned NOT NULL COMMENT '最后修改时间', 466 | PRIMARY KEY (`id`), 467 | UNIQUE KEY `userID_key_type` (`userID`,`key`,`type`), 468 | KEY `userID` (`userID`), 469 | KEY `key` (`key`), 470 | KEY `type` (`type`) 471 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='用户数据配置表'; 472 | 473 | -------------------------------------------------------------------------------- /kodbox/mysql_db.txt: -------------------------------------------------------------------------------- 1 | kod_box -------------------------------------------------------------------------------- /kodbox/mysql_password.txt: -------------------------------------------------------------------------------- 1 | kod_box 2 | -------------------------------------------------------------------------------- /kodbox/mysql_user.txt: -------------------------------------------------------------------------------- 1 | kod_box -------------------------------------------------------------------------------- /nginx_proxy/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | proxy: 6 | build: ./proxy 7 | restart: always 8 | ports: 9 | - 80:80 10 | - 443:443 11 | labels: 12 | com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" 13 | com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen: "true" 14 | volumes: 15 | - certs:/etc/nginx/certs 16 | - vhost.d:/etc/nginx/vhost.d 17 | - html:/usr/share/nginx/html 18 | - /var/run/docker.sock:/tmp/docker.sock:ro 19 | environment: 20 | - ENABLE_IPV6=true 21 | networks: 22 | - proxy-tier 23 | 24 | letsencrypt-companion: 25 | image: jrcs/letsencrypt-nginx-proxy-companion 26 | restart: always 27 | volumes: 28 | - certs:/etc/nginx/certs 29 | - vhost.d:/etc/nginx/vhost.d 30 | - html:/usr/share/nginx/html 31 | - /var/run/docker.sock:/var/run/docker.sock:ro 32 | environment: 33 | - DEFAULT_EMAIL=me@expoli.tech 34 | - NGINX_DOCKER_GEN_CONTAINER=nginx_proxy_proxy_1 35 | networks: 36 | - proxy-tier 37 | depends_on: 38 | - proxy 39 | 40 | volumes: 41 | certs: 42 | external: 43 | name: fpm_certs 44 | vhost.d: 45 | external: 46 | name: fpm_vhost.d 47 | html: 48 | external: 49 | name: fpm_html 50 | 51 | networks: 52 | proxy-tier: 53 | external: 54 | name: proxy-tier 55 | -------------------------------------------------------------------------------- /nginx_proxy/proxy/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM tangcuyu/nginx-proxy:latest 2 | 3 | COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf 4 | -------------------------------------------------------------------------------- /nginx_proxy/proxy/uploadsize.conf: -------------------------------------------------------------------------------- 1 | client_max_body_size 10G; 2 | proxy_request_buffering off; 3 | -------------------------------------------------------------------------------- /prometheus/README.MD: -------------------------------------------------------------------------------- 1 | # prometheus 2 | 3 | `prometheus` 是一个强大的日志收集器、是用来监控主机状态得力工具,建议配合 `prometheus-node-exporter` 使用。 4 | 5 | `Grafana` 可用来提供图形界面与告警通知 6 | -------------------------------------------------------------------------------- /prometheus/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | prometheus: 5 | image: prom/prometheus 6 | restart: always 7 | # dns: 192.168.1.1 8 | volumes: 9 | - /etc/localtime:/etc/localtime:ro 10 | - /data/prometheus_data/prometheus_data:/prometheus 11 | - ./prometheus.yml:/etc/prometheus/prometheus.yml 12 | network_mode: host 13 | command: 14 | - "--web.listen-address=192.168.1.7:9090" 15 | - "--config.file=/etc/prometheus/prometheus.yml" 16 | - "--storage.tsdb.path=/prometheus" 17 | - "--web.console.libraries=/usr/share/prometheus/console_libraries" 18 | - "--web.console.templates=/usr/share/prometheus/consoles" -------------------------------------------------------------------------------- /prometheus/prometheus.yml: -------------------------------------------------------------------------------- 1 | # my global config 2 | global: 3 | scrape_interval: 20s # Set the scrape interval to every 15 seconds. Default is every 1 minute. 4 | evaluation_interval: 20s # Evaluate rules every 15 seconds. The default is every 1 minute. 5 | # scrape_timeout is set to the global default (10s). 6 | 7 | # Alertmanager configuration 8 | alerting: 9 | alertmanagers: 10 | - static_configs: 11 | - targets: 12 | # - alertmanager:9093 13 | 14 | # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. 15 | rule_files: 16 | # - "first_rules.yml" 17 | # - "second_rules.yml" 18 | 19 | # A scrape configuration containing exactly one endpoint to scrape: 20 | # Here it's Prometheus itself. 21 | scrape_configs: 22 | # The job name is added as a label `job=` to any timeseries scraped from this config. 23 | - job_name: 'prometheus' 24 | 25 | # metrics_path defaults to '/metrics' 26 | # scheme defaults to 'http'. 27 | 28 | static_configs: 29 | - targets: ['192.168.1.7:9090'] 30 | 31 | - job_name: 'Node Exporter' 32 | static_configs: 33 | - targets: ['localhost:9100'] 34 | 35 | - job_name: 'Traefik' 36 | static_configs: 37 | - targets: ['localhost:8082'] 38 | - job_name: 'Docker' 39 | # metrics_path defaults to '/metrics' 40 | # scheme defaults to 'http'. 41 | static_configs: 42 | - targets: ['localhost:9323'] -------------------------------------------------------------------------------- /qbittorrent/README.MD: -------------------------------------------------------------------------------- 1 | # qbittorrent 2 | 3 | ## 本项目特点 4 | 5 | 1. 支持多种CPU架构 6 | 2. 支持 docker 多线程工作、去除下载瓶颈 7 | 3. 使用 traefik 作为服务自动发现代理,无需自动配置路由与HTTPS 8 | 4. 支持IPv6 9 | 5. 支持PT做种 10 | 6. 拥有 Web-ui 11 | 12 | ## 注意 13 | 14 | 1. 使用时如果使用 `host` 模式、请放行相应的做种端口 15 | 2. 同步修改 [web/nginx.conf](web/nginx.conf) 中的后端地址 16 | 3. 若开启防火墙、请注意放行对应的web端口 `8888` 17 | 18 | ```conf 19 | upstream backend { 20 | server 192.168.1.106:8888; 21 | } 22 | ``` 23 | 24 | ## 展示 25 | 26 | ![](images/qBittorrent-Web-UI.png) 27 | 28 | ![](images/qBittorrent-v4-3-6-Web-UI.png) 29 | -------------------------------------------------------------------------------- /qbittorrent/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | services: 4 | qbittorrent: 5 | image: ghcr.io/linuxserver/qbittorrent 6 | container_name: qbittorrent 7 | environment: 8 | - PUID=1000 9 | - PGID=1000 10 | # - TZ=Aisa/Shanghai 11 | - WEBUI_PORT=8888 12 | restart: always 13 | 14 | volumes: 15 | - /data/1TB/qbittorrent/config:/config 16 | - /data/1TB/downloads/complete:/downloads 17 | network_mode: host 18 | 19 | qbittorrent-web: 20 | build: ./web 21 | restart: always 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.example.org`)" 25 | - "traefik.http.routers.qbittorrent.entrypoints=websecure" 26 | - "traefik.http.routers.qbittorrent.tls.certresolver=myresolver" 27 | - "traefik.http.services.qbittorrent.loadbalancer.server.port=80" 28 | depends_on: 29 | - qbittorrent 30 | networks: 31 | - proxy-tier 32 | networks: 33 | proxy-tier: 34 | external: 35 | name: traefik 36 | 37 | -------------------------------------------------------------------------------- /qbittorrent/images/qBittorrent-Web-UI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/expoli/docker-compose-files/fcd62148147542b6941938b9c951fe1a5b718721/qbittorrent/images/qBittorrent-Web-UI.png -------------------------------------------------------------------------------- /qbittorrent/images/qBittorrent-v4-3-6-Web-UI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/expoli/docker-compose-files/fcd62148147542b6941938b9c951fe1a5b718721/qbittorrent/images/qBittorrent-v4-3-6-Web-UI.png -------------------------------------------------------------------------------- /qbittorrent/web/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:alpine 2 | 3 | COPY nginx.conf /etc/nginx/nginx.conf 4 | #COPY nginx.conf /etc/nginx/default.conf 5 | -------------------------------------------------------------------------------- /qbittorrent/web/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | 12 | http { 13 | include /etc/nginx/mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log /var/log/nginx/access.log main; 21 | 22 | sendfile on; 23 | #tcp_nopush on; 24 | 25 | keepalive_timeout 65; 26 | 27 | set_real_ip_from 10.0.0.0/8; 28 | set_real_ip_from 172.16.0.0/12; 29 | set_real_ip_from 192.168.0.0/16; 30 | real_ip_header X-Real-IP; 31 | 32 | gzip on; 33 | 34 | upstream backend { 35 | server 192.168.1.106:8888; 36 | } 37 | 38 | server { 39 | listen 80; 40 | 41 | location / { 42 | 43 | proxy_pass http://backend; 44 | proxy_hide_header Referer; 45 | proxy_hide_header Origin; 46 | proxy_set_header Referer ''; 47 | proxy_set_header Origin ''; 48 | proxy_set_header Host $host; 49 | proxy_set_header X-Forwarded-Host $server_name:$server_port; 50 | proxy_set_header X-Real-IP $remote_addr; 51 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 52 | proxy_set_header X-Forwarded-Proto $scheme; 53 | add_header Front-End-Https on; 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base" 4 | ] 5 | } 6 | -------------------------------------------------------------------------------- /tailscale-derper/.env: -------------------------------------------------------------------------------- 1 | DERP_CERT_MODE=manual 2 | DERP_CERT_DIR=/app/certs 3 | DERP_DOMAIN=your.domain.com 4 | DERP_ADDR=:8443 5 | DERP_STUN=true 6 | DERP_STUN_PORT=3478 7 | DERP_VERIFY_CLIENTS=false -------------------------------------------------------------------------------- /tailscale-derper/README.MD: -------------------------------------------------------------------------------- 1 | # Custom DERP Servers 2 | 3 | Tailscale 运行分布在世界各地的 DERP 中继服务器,以在 NAT 遍历期间将您的 Tailscale 节点对等连接作为侧通道,并作为 NAT 遍历失败和无法建立直接连接的后备。 4 | 5 | 本文将会介绍如何让 Tailscale 使用自定义的 DERP Servers。 6 | 7 | 镜像地址:https://github.com/fredliang44/derper-docker 8 | 9 | # 配置详解 10 | 11 | | env | required | description | default value | 12 | | ------------------- | -------- | ---------------------------------------------------------------------- | ----------------- | 13 | | DERP_DOMAIN | true | derper server hostname | your-hostname.com | 14 | | DERP_CERT_DIR | false | directory to store LetsEncrypt certs(if addr's port is :443) | /app/certs | 15 | | DERP_CERT_MODE | false | mode for getting a cert. possible options: manual, letsencrypt | letsencrypt | 16 | | DERP_ADDR | false | listening server address | :443 | 17 | | DERP_STUN | false | also run a STUN server | true | 18 | | DERP_HTTP_PORT | false | The port on which to serve HTTP. Set to -1 to disable | 80 | 19 | | DERP_VERIFY_CLIENTS | false | verify clients to this DERP server through a local tailscaled instance | false | 20 | 21 | 22 | # 运行 23 | ``` 24 | docker-compose up -d 25 | ``` 26 | 27 | 官方文档:https://tailscale.com/kb/1118/custom-derp-servers/ 28 | 原理详解:https://icloudnative.io/posts/custom-derp-servers/ -------------------------------------------------------------------------------- /tailscale-derper/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | services: 4 | tailscale-derper: 5 | image: fredliang/derper 6 | container_name: tailscale-derper 7 | volumes: 8 | - ./certs:/app/certs 9 | ports: 10 | - 8443:8443 11 | # - 443:443 12 | - 3478:3478/udp 13 | expose: 14 | - 80 15 | - 443 16 | command: 17 | - "/app/derper" 18 | - "--hostname=$DERP_DOMAIN" 19 | - "--certmode=$DERP_CERT_MODE" 20 | - "--certdir=$DERP_CERT_DIR" 21 | - "--a=$DERP_ADDR" 22 | - "--stun=$DERP_STUN" 23 | - "--verify-clients=$DERP_VERIFY_CLIENTS" 24 | - "--stun-port=$DERP_STUN_PORT" 25 | env_file: 26 | - .env 27 | networks: 28 | - default 29 | networks: 30 | default: -------------------------------------------------------------------------------- /traefik/README.MD: -------------------------------------------------------------------------------- 1 | # traefik 2 | 3 | **本项目的核心组件**、服务自动发现的承担者 4 | 5 | 项目地址:https://github.com/traefik/traefik 6 | 7 | 文档地址:https://doc.traefik.io/traefik/ 8 | 9 | ![](images/traefik-architecture.png) 10 | 11 | ## 本项目特点 12 | 13 | 1. docker 服务发现 14 | 2. HTTPS 自动配置 15 | 3. prometheus 数据接口 16 | 4. web-ui 17 | 5. 80-443 强制跳转 18 | 19 | ## 注意 20 | 21 | 1. 该容器应在第一时间启动 22 | 2. `/letsencrypt/acme.json` 证书文件权限需要为 `600` 否则会报错,挂载时如果报错请注意检查权限 23 | 24 | ## 启动参数解读 25 | 26 | ```yaml 27 | command: 28 | # 调试模式 29 | # - "--log.level=DEBUG" 30 | # 取消下行注释即可使用 traefik 面板 31 | # - "--api.insecure=true" 32 | - "--providers.docker=true" 33 | - "--providers.docker.exposedbydefault=false" 34 | # http 入口点 别名 web 35 | - "--entrypoints.web.address=:80" 36 | # https 入口点 别名 websecure 37 | - "--entrypoints.websecure.address=:443" 38 | # 启动 https 自动配置 39 | - "--certificatesresolvers.myresolver.acme.httpchallenge=true" 40 | # https 认证接口为 web 41 | - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" 42 | # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" 43 | # 自动配置证书时使用指定DNS 44 | - "--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53" 45 | # 联系邮箱 如果证书过期发送邮件的地址 46 | - "--certificatesresolvers.myresolver.acme.email=me@example.org" 47 | # 证书信息储存路径、已经持久化存储 48 | - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" 49 | # 强制 HTTPS 跳转 50 | - "--entrypoints.web.http.redirections.entryPoint.to=websecure" 51 | - "--entrypoints.web.http.redirections.entryPoint.scheme=https 52 | # 取消注释即可使用 prometheus 搜集性能数据 53 | # - "--metrics.prometheus=true" 54 | ``` 55 | - traefik 面板 56 | ![](images/dashboard.png) 57 | -------------------------------------------------------------------------------- /traefik/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.3" 2 | 3 | services: 4 | 5 | traefik: 6 | image: "traefik:v2.5" 7 | container_name: "traefik" 8 | restart: always 9 | # labels: 10 | # # 取消注释即可使用 traefik 面板 11 | # - "traefik.enable=true" 12 | # - "traefik.port=8080" 13 | # - "traefik.http.services.dummyService.loadbalancer.server.port=8080" 14 | # - "traefik.http.routers.traefik_http.service=api@internal" 15 | # - "traefik.http.routers.monitor.rule=Host(`monitor.example.org`)" 16 | # - "traefik.http.routers.monitor.entrypoints=websecure" 17 | # - "traefik.http.routers.monitor.tls.certresolver=myresolver" 18 | 19 | command: 20 | # - "--log.level=DEBUG" 21 | # 取消注释即可使用 traefik 面板 22 | # - "--api.insecure=true" 23 | - "--providers.docker=true" 24 | - "--providers.docker.exposedbydefault=false" 25 | - "--entrypoints.web.address=:80" 26 | - "--entrypoints.websecure.address=:443" 27 | - "--certificatesresolvers.myresolver.acme.httpchallenge=true" 28 | - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" 29 | # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" 30 | - "--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53" 31 | - "--certificatesresolvers.myresolver.acme.email=me@example.org" 32 | - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" 33 | # 强制 HTTPS 跳转 34 | - "--entrypoints.web.http.redirections.entryPoint.to=websecure" 35 | - "--entrypoints.web.http.redirections.entryPoint.scheme=https" 36 | # 取消注释即可使用 prometheus 搜集性能数据 37 | # - "--metrics.prometheus=true" 38 | # - "--entryPoints.metrics.address=:8082" 39 | # - "--metrics.prometheus.entryPoint=metrics" 40 | 41 | ports: 42 | - "80:80" 43 | - "443:443" 44 | # - "8080:8080" # web 面板端口 45 | # network_mode: host 46 | volumes: 47 | - "./letsencrypt:/letsencrypt" 48 | - "/var/run/docker.sock:/var/run/docker.sock:ro" 49 | # 测试容器 50 | # whoami: 51 | # image: "traefik/whoami" 52 | # container_name: "simple-service" 53 | # restart: always 54 | # labels: 55 | # - "traefik.enable=true" 56 | # - "traefik.http.routers.whoami.rule=Host(`whoami.example.org`)" 57 | # - "traefik.http.routers.whoami.entrypoints=websecure" 58 | # - "traefik.http.routers.whoami.tls.certresolver=myresolver" 59 | 60 | # networks: 61 | # - proxy-tier 62 | 63 | networks: 64 | proxy-tier: 65 | external: 66 | name: traefik 67 | -------------------------------------------------------------------------------- /traefik/images/dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/expoli/docker-compose-files/fcd62148147542b6941938b9c951fe1a5b718721/traefik/images/dashboard.png -------------------------------------------------------------------------------- /traefik/images/traefik-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/expoli/docker-compose-files/fcd62148147542b6941938b9c951fe1a5b718721/traefik/images/traefik-architecture.png -------------------------------------------------------------------------------- /ttnode/README.MD: -------------------------------------------------------------------------------- 1 | # ttnode 2 | 3 | 源项目地址:https://github.com/ericwang2006/docker_ttnode 4 | -------------------------------------------------------------------------------- /ttnode/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | ttnode: 5 | image: ericwang2006/ttnode 6 | container_name: ttnode 7 | hostname: ttnode1 8 | #privileged: true 9 | cap_add: 10 | - ALL 11 | restart: always 12 | mac_address: C2:F2:9C:C5:B2:94 13 | dns: 114.114.114.114 14 | networks: 15 | macvlan: 16 | ipv4_address: 192.168.1.10 17 | volumes: 18 | - /data/hdd/ttnode:/mnts 19 | 20 | networks: 21 | macvlan: 22 | driver: macvlan 23 | driver_opts: 24 | parent: eth0 25 | ipam: 26 | config: 27 | - subnet: 192.168.1.0/24 28 | gateway: 192.168.1.1 -------------------------------------------------------------------------------- /v2raya/README.MD: -------------------------------------------------------------------------------- 1 | # v2raya 2 | 3 | 一个易用而强大的,专注于 Linux 的 V2Ray 客户端 4 | 5 | 官网地址:[https://v2raya.org/](https://v2raya.org/) 6 | -------------------------------------------------------------------------------- /v2raya/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | v2raya: 5 | image: mzz2017/v2raya-nightly 6 | network_mode: host 7 | restart: always 8 | volumes: 9 | - /home/alarm/Docker/v2raya/config:/etc/v2raya 10 | # privileged: true 11 | # environment: 12 | # - V2RAYA_ADDRESS=192.168.1.7:2017 13 | cap_add: 14 | - NET_ADMIN 15 | 16 | --------------------------------------------------------------------------------