├── README.md ├── appsmith ├── .env ├── docker-compose.yml └── readme.md ├── appwrite ├── .env ├── docker-compose.yml └── readme.md ├── budibase ├── .env ├── Caddyfile ├── docker-compose.yml ├── nginx.conf └── readme.md ├── code-server ├── .env ├── Caddyfile ├── docker-compose.yml ├── nginx.conf └── readme.md ├── directus ├── .env ├── docker-compose.yml └── readme.md ├── erpnext ├── .env ├── docker-compose.yml └── readme.md ├── grafana+promtail+loki+netdata ├── docker-compose.yml └── readme.md ├── hoppscotch ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── joplin ├── .env ├── docker-compose.yml └── readme.md ├── k6 ├── .env ├── docker-compose.yml └── readme.md ├── mautic ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── metabase+jitsu ├── jitsu │ ├── .env │ ├── .gitkeep │ └── docker-compose.yml ├── metabase │ ├── .env │ ├── .gitkeep │ └── docker-compose.yml ├── readme.md └── screenshot.png ├── motoradmin ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── n8n+postgres ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── netdata ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── nginx-proxy-manager ├── .env ├── docker-compose.yml └── readme.md ├── nocodb+postgres ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── outline ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── penpot ├── Caddyfile ├── config.env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── pihole ├── .env ├── docker-compose.yml └── readme.md ├── portainer-agent ├── .env ├── docker-compose.yml └── readme.md ├── portainer ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── supabase ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── tooljet ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── typebot ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── uptime-kuma ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md ├── vaultwarden ├── .env ├── Caddyfile ├── docker-compose.yml ├── nginx.conf └── readme.md └── wordpress ├── .env ├── docker-compose.yml ├── nginx.conf └── readme.md /README.md: -------------------------------------------------------------------------------- 1 | # Docker Compose Recipes 2 | Similar idea https://github.com/docker/awesome-compose 3 | 4 | ## :gear: Prerequisites 5 | Install docker and docker-compose. On debian-based system you can use: 6 | 7 | ``` 8 | sudo apt install docker.io docker-compose 9 | ``` 10 | ## :triangular_flag_on_post: First steps 11 | 12 | ``` 13 | # Clone repo 14 | git clone https://gitlab.com/broobe/docker-compose-samples.git 15 | 16 | # Go to the tool we want to install. Example: 17 | cd docker-compose-samples/vaultwarden 18 | 19 | # Read readme.md 20 | cat readme.md 21 | 22 | # Edit .env 23 | vim .env 24 | 25 | # Download images 26 | docker-compose pull 27 | 28 | # Start containers 29 | docker-compose up -d 30 | ``` 31 | 32 | ## :compass: TODO List 33 | * Better documentation. 34 | * Move all application vars to a .env file. 35 | * More docker compose-recipes. 36 | * More installation variants from the existing recipes. 37 | 38 | ## :wave: Contributing 39 | 40 | Considerations: 41 | 42 | * Do not place passwords or sensitive data on docker-compose.yml. 43 | * Use .env files for make more customizable the installation. 44 | * Each recipe should contain their own readme.md. 45 | * Avoid using configurations with non-persistent data. 46 | 47 | ## :busts_in_silhouette: Team 48 | 49 | This theme is maintained by the following person(s) and a bunch of [awesome contributors](https://github.com/lpadula/brolit-shell/graphs/contributors). 50 | 51 | [![Leandro Padula](https://github.com/lpadula.png?size=100)](https://github.com/lpadula) | 52 | --- | 53 | [Leandro Padula](https://github.com/lpadula) | 54 | 55 | ## :warning: License 56 | 57 | This project is licensed under the MIT License - see the [LICENSE](./LICENSE) file for details. 58 | -------------------------------------------------------------------------------- /appsmith/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # –––––––––––––––– OPTIONAL –––––––––––––––– 4 | -------------------------------------------------------------------------------- /appsmith/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | appsmith: 5 | image: index.docker.io/appsmith/appsmith-ce 6 | container_name: appsmith 7 | ports: 8 | - "80:80" 9 | - "443:443" 10 | - "9001:9001" 11 | volumes: 12 | - ./stacks:/appsmith-stacks 13 | labels: 14 | com.centurylinklabs.watchtower.enable: "true" 15 | restart: unless-stopped 16 | 17 | auto_update: 18 | image: containrrr/watchtower:latest-dev 19 | volumes: 20 | - /var/run/docker.sock:/var/run/docker.sock 21 | # Update check interval in seconds. 22 | command: --schedule "0 0 * ? * *" --label-enable --cleanup 23 | restart: unless-stopped 24 | -------------------------------------------------------------------------------- /appsmith/readme.md: -------------------------------------------------------------------------------- 1 | # Appsmith 2 | Low code project to build admin panels, internal tools, and dashboards. Integrates with 15+ databases and any API. 3 | 4 | * Official repo: https://github.com/appsmithorg/appsmith 5 | 6 | ## Configuration 7 | No configuration required. 8 | 9 | ## Installation 10 | ``` 11 | cd appsmith 12 | docker-compose pull && docker-compose up -d 13 | ``` 14 | 15 | ## Logs 16 | ``` 17 | docker logs -f appsmith 18 | ``` 19 | ## Update 20 | Appsmith use Watchtower to autoupdate it self, but you cand always update it manually: 21 | 22 | ``` 23 | docker-compose pull && docker-compose up -d --force-recreate appsmith 24 | ``` 25 | ## Export database 26 | ``` 27 | docker-compose exec appsmith appsmithctl export_db 28 | ``` 29 | The backup will be exported here: 30 | 31 | ``` 32 | ./stacks/data/backup/appsmith-data.archive 33 | ``` 34 | 35 | Backup .env: 36 | 37 | ``` 38 | docker cp appsmith:/appsmith-stacks/configuration/docker.env . 39 | ``` 40 | 41 | ## Import database 42 | ``` 43 | //First, copy the archive file into the container using the following command: 44 | docker cp ./appsmith-data.archive appsmith:/appsmith-stacks/data/restore/ 45 | 46 | //Second, run the following command to import data from this file: 47 | docker-compose exec appsmith appsmithctl import_db 48 | 49 | // Copy a docker.env from the original instance into this one. 50 | docker cp ./docker.env appsmith:/appsmith-stacks/configuration/ 51 | 52 | //Restart Appsmith server 53 | docker-compose exec appsmith supervisorctl restart backend 54 | ``` -------------------------------------------------------------------------------- /appwrite/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | _APP_DB_SCHEMA= 3 | _APP_DB_USER= 4 | _APP_DB_PASS= 5 | 6 | # –––––––––––––––– OPTIONAL –––––––––––––––– 7 | MYSQL_ROOT_PASSWORD=password -------------------------------------------------------------------------------- /appwrite/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | appwrite-lite: 6 | container_name: appwrite-lite 7 | build: 8 | context: . 9 | restart: unless-stopped 10 | ports: 11 | - 7501:80 12 | networks: 13 | - appwrite-lite 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | - appwrite-lite-uploads:/storage/uploads:rw 17 | - appwrite-lite-cache:/storage/cache:rw 18 | - appwrite-lite-config:/storage/config:rw 19 | - appwrite-lite-functions:/storage/functions:rw 20 | - appwrite-lite-redis:/data:rw 21 | depends_on: 22 | - mariadb 23 | environment: 24 | - _APP_ENV 25 | - _APP_SYSTEM_EMAIL_NAME 26 | - _APP_SYSTEM_EMAIL_ADDRESS 27 | - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS 28 | - _APP_OPTIONS_ABUSE 29 | - _APP_OPTIONS_FORCE_HTTPS 30 | - _APP_OPENSSL_KEY_V1 31 | - _APP_DOMAIN 32 | - _APP_DOMAIN_TARGET 33 | - _APP_DB_HOST 34 | - _APP_DB_PORT 35 | - _APP_DB_SCHEMA 36 | - _APP_DB_USER 37 | - _APP_DB_PASS 38 | - _APP_SMTP_HOST 39 | - _APP_SMTP_PORT 40 | - _APP_SMTP_SECURE 41 | - _APP_SMTP_USERNAME 42 | - _APP_SMTP_PASSWORD 43 | - _APP_STORAGE_LIMIT 44 | - _APP_FUNCTIONS_TIMEOUT 45 | - _APP_FUNCTIONS_CONTAINERS 46 | - _APP_FUNCTIONS_CPUS 47 | - _APP_FUNCTIONS_MEMORY 48 | - _APP_FUNCTIONS_MEMORY_SWAP 49 | 50 | mariadb: 51 | image: appwrite/mariadb:1.2.0 # fix issues when upgrading using: mysql_upgrade -u root -p 52 | container_name: appwrite-lite-mariadb 53 | restart: unless-stopped 54 | networks: 55 | - appwrite-lite 56 | volumes: 57 | - appwrite-lite-mariadb:/var/lib/mysql:rw 58 | ports: 59 | - "7502:3306" 60 | environment: 61 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 62 | - MYSQL_DATABASE=${_APP_DB_SCHEMA} 63 | - MYSQL_USER=${_APP_DB_USER} 64 | - MYSQL_PASSWORD=${_APP_DB_PASS} 65 | command: 'mysqld --innodb-flush-method=fsync' 66 | 67 | networks: 68 | appwrite-lite: 69 | 70 | volumes: 71 | appwrite-lite-mariadb: 72 | appwrite-lite-redis: 73 | appwrite-lite-cache: 74 | appwrite-lite-uploads: 75 | appwrite-lite-functions: 76 | appwrite-lite-config: -------------------------------------------------------------------------------- /appwrite/readme.md: -------------------------------------------------------------------------------- 1 | # Appwrite Lite 2 | A complete backend solution for your [Flutter / Vue / Angular / React / iOS / Android / *ANY OTHER*] app 3 | 4 | * Official repo: https://github.com/appwrite/lite 5 | 6 | * More resources: https://github.com/appwrite/awesome-appwrite 7 | 8 | ## Configuration 9 | Open .env and fill the required parameters. 10 | 11 | ## Installation 12 | 13 | ``` 14 | cd appwrite 15 | docker-compose pull && docker-compose up -d 16 | ``` 17 | 18 | ## Logs 19 | ``` 20 | docker logs -f appwrite-lite 21 | ``` -------------------------------------------------------------------------------- /budibase/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | BUDIBASE_PUBLIC_URI= 3 | MAIN_PORT=10000 4 | JWT_SECRET=testsecret 5 | MINIO_ACCESS_KEY=budibase 6 | MINIO_SECRET_KEY=budibase 7 | COUCH_DB_PASSWORD=budibase 8 | COUCH_DB_USER=budibase 9 | REDIS_PASSWORD=budibase 10 | INTERNAL_API_KEY=budibase 11 | ACME_EMAIL= 12 | 13 | # –––––––––––––––– OPTIONAL –––––––––––––––– 14 | APP_PORT=4002 15 | WORKER_PORT=4003 16 | MINIO_PORT=4004 17 | COUCH_DB_PORT=4005 18 | REDIS_PORT=6379 19 | WATCHTOWER_PORT=6161 20 | BUDIBASE_ENVIRONMENT=PRODUCTION -------------------------------------------------------------------------------- /budibase/Caddyfile: -------------------------------------------------------------------------------- 1 | {$DOMAIN}:443 { 2 | log { 3 | level INFO 4 | output file {$LOG_FILE} { 5 | roll_size 10MB 6 | roll_keep 10 7 | } 8 | } 9 | 10 | # Use the ACME HTTP-01 challenge to get a cert for the configured domain. 11 | tls {$EMAIL} 12 | 13 | # This setting may have compatibility issues with some browsers 14 | # (e.g., attachment downloading on Firefox). Try disabling this 15 | # if you encounter issues. 16 | encode gzip 17 | 18 | # Proxy everything else to Rocket 19 | reverse_proxy bbproxy:10000 { 20 | header_up X-Real-IP {remote_host} 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /budibase/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | app-service: 6 | restart: unless-stopped 7 | image: budibase.docker.scarf.sh/budibase/apps 8 | container_name: bbapps 9 | environment: 10 | SELF_HOSTED: 1 11 | COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984 12 | WORKER_URL: http://worker-service:4003 13 | MINIO_URL: http://minio-service:9000 14 | MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY} 15 | MINIO_SECRET_KEY: ${MINIO_SECRET_KEY} 16 | INTERNAL_API_KEY: ${INTERNAL_API_KEY} 17 | BUDIBASE_ENVIRONMENT: ${BUDIBASE_ENVIRONMENT} 18 | PORT: 4002 19 | JWT_SECRET: ${JWT_SECRET} 20 | LOG_LEVEL: info 21 | SENTRY_DSN: https://a34ae347621946bf8acded18e5b7d4b8@o420233.ingest.sentry.io/5338131 22 | ENABLE_ANALYTICS: "true" 23 | REDIS_URL: redis-service:6379 24 | REDIS_PASSWORD: ${REDIS_PASSWORD} 25 | depends_on: 26 | - worker-service 27 | - redis-service 28 | 29 | worker-service: 30 | restart: unless-stopped 31 | image: budibase.docker.scarf.sh/budibase/worker 32 | container_name: bbworker 33 | environment: 34 | SELF_HOSTED: 1 35 | PORT: 4003 36 | CLUSTER_PORT: ${MAIN_PORT} 37 | JWT_SECRET: ${JWT_SECRET} 38 | MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY} 39 | MINIO_SECRET_KEY: ${MINIO_SECRET_KEY} 40 | MINIO_URL: http://minio-service:9000 41 | APPS_URL: http://app-service:4002 42 | COUCH_DB_USERNAME: ${COUCH_DB_USER} 43 | COUCH_DB_PASSWORD: ${COUCH_DB_PASSWORD} 44 | COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984 45 | SENTRY_DSN: https://a34ae347621946bf8acded18e5b7d4b8@o420233.ingest.sentry.io/5338131 46 | INTERNAL_API_KEY: ${INTERNAL_API_KEY} 47 | REDIS_URL: redis-service:6379 48 | REDIS_PASSWORD: ${REDIS_PASSWORD} 49 | depends_on: 50 | - redis-service 51 | - minio-service 52 | - couch-init 53 | 54 | minio-service: 55 | restart: unless-stopped 56 | image: minio/minio 57 | volumes: 58 | - minio_data:/data 59 | environment: 60 | MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY} 61 | MINIO_SECRET_KEY: ${MINIO_SECRET_KEY} 62 | MINIO_BROWSER: "off" 63 | command: server /data 64 | healthcheck: 65 | test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] 66 | interval: 30s 67 | timeout: 20s 68 | retries: 3 69 | 70 | proxy-service: 71 | restart: unless-stopped 72 | ports: 73 | - "${MAIN_PORT}:10000" 74 | container_name: bbproxy 75 | image: budibase/proxy 76 | depends_on: 77 | - minio-service 78 | - worker-service 79 | - app-service 80 | - couchdb-service 81 | 82 | couchdb-service: 83 | restart: unless-stopped 84 | image: ibmcom/couchdb3 85 | environment: 86 | - COUCHDB_PASSWORD=${COUCH_DB_PASSWORD} 87 | - COUCHDB_USER=${COUCH_DB_USER} 88 | volumes: 89 | - couchdb3_data:/opt/couchdb/data 90 | 91 | couch-init: 92 | image: curlimages/curl 93 | environment: 94 | PUT_CALL: "curl -u ${COUCH_DB_USER}:${COUCH_DB_PASSWORD} -X PUT couchdb-service:5984" 95 | depends_on: 96 | - couchdb-service 97 | command: ["sh","-c","sleep 10 && $${PUT_CALL}/_users && $${PUT_CALL}/_replicator; fg;"] 98 | 99 | redis-service: 100 | restart: unless-stopped 101 | image: redis 102 | command: redis-server --requirepass ${REDIS_PASSWORD} 103 | volumes: 104 | - redis_data:/data 105 | 106 | watchtower-service: 107 | restart: always 108 | image: containrrr/watchtower 109 | volumes: 110 | - /var/run/docker.sock:/var/run/docker.sock 111 | command: --debug --http-api-update bbapps bbworker bbproxy 112 | environment: 113 | - WATCHTOWER_HTTP_API=true 114 | - WATCHTOWER_HTTP_API_TOKEN=budibase 115 | - WATCHTOWER_CLEANUP=true 116 | labels: 117 | - "com.centurylinklabs.watchtower.enable=false" 118 | 119 | caddy: 120 | image: caddy:2 121 | container_name: budibase-caddy 122 | restart: always 123 | ports: 124 | - 80:80 # Needed for the ACME HTTP-01 challenge. 125 | - 443:443 126 | volumes: 127 | - ./Caddyfile:/etc/caddy/Caddyfile:ro 128 | - ./caddy-config:/config 129 | - ./caddy-data:/data 130 | environment: 131 | - DOMAIN=${BUDIBASE_PUBLIC_URI} 132 | - EMAIL=${ACME_EMAIL} # The email address to use for ACME registration. 133 | - LOG_FILE=/data/access.log 134 | depends_on: 135 | - proxy-service 136 | 137 | volumes: 138 | couchdb3_data: 139 | driver: local 140 | minio_data: 141 | driver: local 142 | redis_data: 143 | driver: local -------------------------------------------------------------------------------- /budibase/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/budibase/nginx.conf -------------------------------------------------------------------------------- /budibase/readme.md: -------------------------------------------------------------------------------- 1 | # Budibase 2 | Budibase is an open-source low-code platform for creating internal apps in minutes. Supports PostgreSQL, MySQL, MSSQL, MongoDB, Rest API, Docker, K8s. 3 | 4 | * Official repo: https://github.com/Budibase/budibase 5 | 6 | ## Configuration 7 | Open .env and fill the required parameters. 8 | 9 | ## Installation 10 | 11 | ### Option 1: with Caddy inside docker stack 12 | ``` 13 | cd budibase 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Comment "caddy" service part on docker-compose.yml. 19 | 2. Run: **docker-compose pull** 20 | 3. Run: **docker-compose up -d** 21 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 22 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 23 | 6. Reload nginx: **service nginx reload** 24 | 7. Install certbot and run: **certbot --nginx -d vaultwarden.domain.com** 25 | 26 | ## Logs 27 | ``` 28 | docker logs -f bbapps 29 | ``` 30 | -------------------------------------------------------------------------------- /code-server/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | TZ=Europe/London 3 | PASSWORD=password* 4 | SUDO_PASSWORD=password* 5 | PROXY_DOMAIN=vscode.domain.com 6 | PORT=8443 7 | DEFAULT_WORKSPACE=/config/workspace 8 | 9 | # –––––––––––––––– OPTIONAL –––––––––––––––– 10 | HASHED_PASSWORD= 11 | SUDO_PASSWORD_HASH= 12 | ACME_EMAIL= -------------------------------------------------------------------------------- /code-server/Caddyfile: -------------------------------------------------------------------------------- 1 | {$DOMAIN}:443 { 2 | log { 3 | level INFO 4 | output file {$LOG_FILE} { 5 | roll_size 10MB 6 | roll_keep 10 7 | } 8 | } 9 | 10 | # Use the ACME HTTP-01 challenge to get a cert for the configured domain. 11 | tls {$EMAIL} 12 | 13 | # This setting may have compatibility issues with some browsers 14 | # (e.g., attachment downloading on Firefox). Try disabling this 15 | # if you encounter issues. 16 | encode gzip 17 | 18 | # Proxy everything else to Rocket 19 | reverse_proxy code-server:8443 { 20 | header_up X-Real-IP {remote_host} 21 | } 22 | } -------------------------------------------------------------------------------- /code-server/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2.1" 2 | 3 | services: 4 | code-server: 5 | image: lscr.io/linuxserver/code-server:latest 6 | container_name: code-server 7 | environment: 8 | - PUID=0 9 | - PGID=0 10 | - TZ=${TZ} 11 | - PASSWORD=${PASSWORD} 12 | - HASHED_PASSWORD=${HASHED_PASSWORD} 13 | - SUDO_PASSWORD=${SUDO_PASSWORD} 14 | - SUDO_PASSWORD_HASH=${SUDO_PASSWORD_HASH} 15 | - PROXY_DOMAIN=${PROXY_DOMAIN} 16 | - DEFAULT_WORKSPACE=${DEFAULT_WORKSPACE} 17 | volumes: 18 | - ./appdata/config:/config 19 | ports: 20 | - ${PORT}:8443 21 | restart: unless-stopped 22 | 23 | caddy: 24 | image: caddy:2 25 | container_name: caddy-code-server 26 | restart: always 27 | ports: 28 | - 80:80 # Needed for the ACME HTTP-01 challenge. 29 | - 443:443 30 | volumes: 31 | - ./Caddyfile:/etc/caddy/Caddyfile:ro 32 | - ./caddy-config:/config 33 | - ./caddy-data:/data 34 | environment: 35 | - DOMAIN=${PROXY_DOMAIN} 36 | - EMAIL=${ACME_EMAIL} # The email address to use for ACME registration. 37 | - LOG_FILE=/data/access.log -------------------------------------------------------------------------------- /code-server/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | server_name vscode.domain.com; 4 | 5 | location / { 6 | proxy_pass http://localhost:8443; 7 | proxy_http_version 1.1; 8 | proxy_set_header Upgrade $http_upgrade; 9 | proxy_set_header Connection "upgrade"; 10 | proxy_set_header Host $host; 11 | } 12 | 13 | listen 80; 14 | 15 | } -------------------------------------------------------------------------------- /code-server/readme.md: -------------------------------------------------------------------------------- 1 | # Code Server 2 | Run VS Code on any machine anywhere and access it in the browser. 3 | 4 | * Official repo: https://github.com/coder/code-server 5 | 6 | ## Configuration 7 | Edit .env file to configure domain, ports, and folder where workspace will be stored. 8 | 9 | ## Installation 10 | 11 | ### Option 1: with Caddy inside docker stack 12 | ``` 13 | cd code-server 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Comment "caddy" service part on docker-compose.yml. 19 | 2. Run: **docker-compose pull** 20 | 3. Run: **docker-compose up -d** 21 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 22 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 23 | 6. Reload nginx: **service nginx reload** 24 | 7. Install certbot and run: **certbot --nginx -d vscode.domain.com** 25 | 26 | ## Logs 27 | ``` 28 | docker logs -f code-server 29 | ``` 30 | -------------------------------------------------------------------------------- /directus/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # –––––––––––––––– OPTIONAL –––––––––––––––– 4 | -------------------------------------------------------------------------------- /directus/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | database: 6 | container_name: database 7 | image: postgis/postgis:13-master 8 | volumes: 9 | - ./data/database:/var/lib/postgresql/data 10 | networks: 11 | - directus 12 | environment: 13 | POSTGRES_USER: 'directus' 14 | POSTGRES_PASSWORD: 'directus' 15 | POSTGRES_DB: 'directus' 16 | 17 | cache: 18 | container_name: cache 19 | image: redis:6 20 | networks: 21 | - directus 22 | 23 | directus: 24 | container_name: directus 25 | image: directus/directus:latest 26 | ports: 27 | - 8055:8055 28 | volumes: 29 | # By default, uploads are stored in /directus/uploads 30 | # Always make sure your volumes matches the storage root when using 31 | # local driver 32 | - ./uploads:/directus/uploads 33 | # Make sure to also mount the volume when using SQLite 34 | # - ./database:/directus/database 35 | # If you want to load extensions from the host 36 | # - ./extensions:/directus/extensions 37 | networks: 38 | - directus 39 | depends_on: 40 | - cache 41 | - database 42 | environment: 43 | KEY: '255d861b-5ea1-5996-9aa3-922530ec40b1' 44 | SECRET: '6116487b-cda1-52c2-b5b5-c8022c45e263' 45 | DB_CLIENT: 'pg' 46 | DB_HOST: 'database' 47 | DB_PORT: '5432' 48 | DB_DATABASE: 'directus' 49 | DB_USER: 'directus' 50 | DB_PASSWORD: 'directus' 51 | CACHE_ENABLED: 'true' 52 | CACHE_STORE: 'redis' 53 | CACHE_REDIS: 'redis://cache:6379' 54 | ADMIN_EMAIL: 'admin@example.com' 55 | ADMIN_PASSWORD: 'd1r3ctu5' 56 | # Make sure to set this in production 57 | # (see https://docs.directus.io/self-hosted/config-options/#general) 58 | # PUBLIC_URL: 'https://directus.example.com' 59 | 60 | networks: 61 | directus: -------------------------------------------------------------------------------- /directus/readme.md: -------------------------------------------------------------------------------- 1 | # Directus 2 | Directus is a real-time API and App dashboard for managing SQL database content. 3 | 4 | * Official repo: https://github.com/directus/directus -------------------------------------------------------------------------------- /erpnext/.env: -------------------------------------------------------------------------------- 1 | # ERP-NEXT 2 | 3 | # –––––––––––––––– REQUIRED –––––––––––––––– 4 | LETSENCRYPT_EMAIL= 5 | SITE_NAME=erp.domain.com 6 | SITES=`erp.domain.com` 7 | 8 | # –––––––––––––––– OPTIONAL –––––––––––––––– 9 | ERPNEXT_VERSION=edge 10 | FRAPPE_VERSION=edge 11 | MARIADB_HOST=mariadb 12 | MYSQL_ROOT_PASSWORD=admin 13 | DB_ROOT_USER=root 14 | ADMIN_PASSWORD=admin 15 | INSTALL_APPS=erpnext 16 | ENTRYPOINT_LABEL=traefik.http.routers.erpnext-nginx.entrypoints=websecure 17 | CERT_RESOLVER_LABEL=traefik.http.routers.erpnext-nginx.tls.certresolver=myresolver 18 | HTTPS_REDIRECT_RULE_LABEL=traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) 19 | HTTPS_REDIRECT_ENTRYPOINT_LABEL=traefik.http.routers.http-catchall.entrypoints=web 20 | HTTPS_REDIRECT_MIDDLEWARE_LABEL=traefik.http.routers.http-catchall.middlewares=redirect-to-https 21 | HTTPS_USE_REDIRECT_MIDDLEWARE_LABEL=traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https 22 | SKIP_NGINX_TEMPLATE_GENERATION=0 23 | WORKER_CLASS=gthread 24 | -------------------------------------------------------------------------------- /erpnext/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | traefik: 6 | image: "traefik:v2.2" 7 | command: 8 | - "--providers.docker=true" 9 | - "--providers.docker.exposedbydefault=false" 10 | - "--entrypoints.web.address=:80" 11 | - "--entrypoints.websecure.address=:443" 12 | - "--certificatesresolvers.myresolver.acme.httpchallenge=true" 13 | - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" 14 | - "--certificatesresolvers.myresolver.acme.email=${LETSENCRYPT_EMAIL}" 15 | - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" 16 | labels: 17 | # enable traefik 18 | - "traefik.enable=true" 19 | # global redirect to https for production only 20 | - "${HTTPS_REDIRECT_RULE_LABEL}" 21 | - "${HTTPS_REDIRECT_ENTRYPOINT_LABEL}" 22 | - "${HTTPS_REDIRECT_MIDDLEWARE_LABEL}" 23 | # middleware redirect for production only 24 | - "${HTTPS_USE_REDIRECT_MIDDLEWARE_LABEL}" 25 | ports: 26 | - "80:80" 27 | - "443:443" 28 | volumes: 29 | - cert-vol:/letsencrypt 30 | - /var/run/docker.sock:/var/run/docker.sock:ro 31 | userns_mode: "host" 32 | 33 | erpnext-nginx: 34 | image: frappe/erpnext-nginx:${ERPNEXT_VERSION} 35 | restart: on-failure 36 | environment: 37 | - FRAPPE_PY=erpnext-python 38 | - FRAPPE_PY_PORT=8000 39 | - FRAPPE_SOCKETIO=frappe-socketio 40 | - SOCKETIO_PORT=9000 41 | - SKIP_NGINX_TEMPLATE_GENERATION=${SKIP_NGINX_TEMPLATE_GENERATION} 42 | labels: 43 | - "traefik.enable=true" 44 | - "traefik.http.routers.erpnext-nginx.rule=Host(${SITES})" 45 | - "${ENTRYPOINT_LABEL}" 46 | - "${CERT_RESOLVER_LABEL}" 47 | - "traefik.http.services.erpnext-nginx.loadbalancer.server.port=8080" 48 | volumes: 49 | - sites-vol:/var/www/html/sites:rw 50 | - assets-vol:/assets:rw 51 | 52 | erpnext-python: 53 | image: frappe/erpnext-worker:${ERPNEXT_VERSION} 54 | restart: on-failure 55 | environment: 56 | - MARIADB_HOST=${MARIADB_HOST} 57 | - REDIS_CACHE=redis-cache:6379 58 | - REDIS_QUEUE=redis-queue:6379 59 | - REDIS_SOCKETIO=redis-socketio:6379 60 | - SOCKETIO_PORT=9000 61 | - AUTO_MIGRATE=1 62 | - WORKER_CLASS=${WORKER_CLASS} 63 | volumes: 64 | - sites-vol:/home/frappe/frappe-bench/sites:rw 65 | - assets-vol:/home/frappe/frappe-bench/sites/assets:rw 66 | 67 | frappe-socketio: 68 | image: frappe/frappe-socketio:${FRAPPE_VERSION} 69 | restart: on-failure 70 | depends_on: 71 | - redis-socketio 72 | volumes: 73 | - sites-vol:/home/frappe/frappe-bench/sites:rw 74 | - logs-vol:/home/frappe/frappe-bench/logs:rw 75 | 76 | erpnext-worker-default: 77 | image: frappe/erpnext-worker:${ERPNEXT_VERSION} 78 | restart: on-failure 79 | command: worker 80 | depends_on: 81 | - redis-queue 82 | - redis-cache 83 | volumes: 84 | - sites-vol:/home/frappe/frappe-bench/sites:rw 85 | - logs-vol:/home/frappe/frappe-bench/logs:rw 86 | 87 | erpnext-worker-short: 88 | image: frappe/erpnext-worker:${ERPNEXT_VERSION} 89 | restart: on-failure 90 | command: worker 91 | environment: 92 | - WORKER_TYPE=short 93 | depends_on: 94 | - redis-queue 95 | - redis-cache 96 | volumes: 97 | - sites-vol:/home/frappe/frappe-bench/sites:rw 98 | - logs-vol:/home/frappe/frappe-bench/logs:rw 99 | 100 | erpnext-worker-long: 101 | image: frappe/erpnext-worker:${ERPNEXT_VERSION} 102 | restart: on-failure 103 | command: worker 104 | environment: 105 | - WORKER_TYPE=long 106 | depends_on: 107 | - redis-queue 108 | - redis-cache 109 | volumes: 110 | - sites-vol:/home/frappe/frappe-bench/sites:rw 111 | 112 | erpnext-schedule: 113 | image: frappe/erpnext-worker:${ERPNEXT_VERSION} 114 | restart: on-failure 115 | command: schedule 116 | depends_on: 117 | - redis-queue 118 | - redis-cache 119 | volumes: 120 | - sites-vol:/home/frappe/frappe-bench/sites:rw 121 | - logs-vol:/home/frappe/frappe-bench/logs:rw 122 | 123 | redis-cache: 124 | image: redis:latest 125 | restart: on-failure 126 | volumes: 127 | - redis-cache-vol:/data 128 | 129 | redis-queue: 130 | image: redis:latest 131 | restart: on-failure 132 | volumes: 133 | - redis-queue-vol:/data 134 | 135 | redis-socketio: 136 | image: redis:latest 137 | restart: on-failure 138 | volumes: 139 | - redis-socketio-vol:/data 140 | 141 | mariadb: 142 | image: mariadb:10.6 143 | restart: on-failure 144 | command: 145 | - --character-set-server=utf8mb4 146 | - --collation-server=utf8mb4_unicode_ci 147 | - --skip-character-set-client-handshake 148 | - --skip-innodb-read-only-compressed # Temporary fix for MariaDB 10.6 149 | environment: 150 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 151 | # Sometimes db initialization takes longer than 10 seconds and site-creator goes away. 152 | # Frappe doesn't use CONVERT_TZ() function that requires time zone info, so we can just skip it. 153 | - MYSQL_INITDB_SKIP_TZINFO=1 154 | volumes: 155 | - mariadb-vol:/var/lib/mysql 156 | 157 | site-creator: 158 | image: frappe/erpnext-worker:${ERPNEXT_VERSION} 159 | restart: "no" 160 | command: new 161 | depends_on: 162 | - erpnext-python 163 | environment: 164 | - SITE_NAME=${SITE_NAME} 165 | - DB_ROOT_USER=${DB_ROOT_USER} 166 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 167 | - ADMIN_PASSWORD=${ADMIN_PASSWORD} 168 | - INSTALL_APPS=${INSTALL_APPS} 169 | volumes: 170 | - sites-vol:/home/frappe/frappe-bench/sites:rw 171 | - logs-vol:/home/frappe/frappe-bench/logs:rw 172 | 173 | volumes: 174 | mariadb-vol: 175 | redis-cache-vol: 176 | redis-queue-vol: 177 | redis-socketio-vol: 178 | assets-vol: 179 | sites-vol: 180 | cert-vol: 181 | logs-vol: 182 | -------------------------------------------------------------------------------- /erpnext/readme.md: -------------------------------------------------------------------------------- 1 | # ERPNext 2 | Free and Open Source Enterprise Resource Planning (ERP). 3 | 4 | * Official repo: https://github.com/frappe/frappe_docker 5 | 6 | ## Configuration 7 | Open .env and fill the required parameters: 8 | ``` 9 | LETSENCRYPT_EMAIL= 10 | SITE_NAME= 11 | SITES= 12 | ``` 13 | 14 | ## Installation 15 | ``` 16 | cd erpnext 17 | docker-compose pull && docker-compose --project-name 'PROJECT_NAME' restart 18 | ``` 19 | 20 | ## Logs 21 | ``` 22 | docker logs -f erpnext 23 | ``` 24 | 25 | ### Backup 26 | ``` 27 | docker run -e "SITES=erp.broobe.com" -e "WITH_FILES=1" -v erpbroobecom_sites-vol:/home/frappe/frappe-bench/sites --network erpbroobecom_default frappe/erpnext-worker:edge backup 28 | ``` 29 | 30 | ### Restore 31 | ``` 32 | docker run -e "MYSQL_ROOT_PASSWORD=admin" -e "BUCKET_NAME=backups" -e "BUCKET_DIR=frappe-bench" -v custom_frappe_docker_sites-vol:/home/frappe/frappe-bench/sites -v custom_frappe_docker_sites-vol:/home/frappe/backups --network custom_frappe_docker_default custom-app-erpnext-worker:v13 restore-backup 33 | ``` 34 | 35 | ## Fix to common problems 36 | 37 | ### The system is being updated 38 | Edit config file with the command: 39 | ``` 40 | docker run -it -v erpbroobecom_sites-vol:/sites alpine vi /sites/common_site_config.json 41 | ``` 42 | Remove this line: 43 | ``` 44 | "maintenance mode":1 45 | ``` 46 | Restart docker instance: 47 | ``` 48 | docker-compose --project-name erp.broobe.com restart 49 | ``` 50 | Remove cache: 51 | ``` 52 | docker run -v erpbroobecom_sites-vol:/home/frappe/frappe-bench/sites --network erpbroobecom_default --user frappe frappe/frappe-worker:edge bench --site erp.broobe.com clear-cache 53 | ``` -------------------------------------------------------------------------------- /grafana+promtail+loki+netdata/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | loki: 5 | name: loki 6 | #driver: bridge 7 | 8 | services: 9 | 10 | netdata: 11 | image: netdata/netdata 12 | container_name: netdata 13 | cap_add: 14 | - SYS_PTRACE 15 | security_opt: 16 | - apparmor:unconfined 17 | volumes: 18 | - /etc/passwd:/host/etc/passwd:ro 19 | - /etc/group:/host/etc/group:ro 20 | - /proc:/host/proc:ro 21 | - /sys:/host/sys:ro 22 | - /var/run/docker.sock:/var/run/docker.sock:ro 23 | ports: 24 | - '19999:19999' 25 | networks: 26 | - loki 27 | 28 | influxdb: 29 | image: influxdb:1.8 30 | container_name: influxdb 31 | volumes: 32 | - 'influxdb-storage:/var/lib/influxdb' 33 | ports: 34 | - '127.0.0.1:8086:8086' 35 | restart: always 36 | networks: 37 | - loki 38 | 39 | loki: 40 | image: grafana/loki:2.4.2 41 | container_name: loki 42 | ports: 43 | - "3100:3100" 44 | command: -config.file=/etc/loki/local-config.yaml 45 | networks: 46 | - loki 47 | 48 | promtail: 49 | image: grafana/promtail:2.4.2 50 | container_name: promtail 51 | volumes: 52 | - /var/log:/var/log 53 | command: -config.file=/etc/promtail/config.yml 54 | networks: 55 | - loki 56 | 57 | grafana: 58 | image: grafana/grafana:latest 59 | container_name: grafana 60 | volumes: 61 | - 'grafana-storage:/var/lib/grafana' 62 | environment: 63 | - GF_AUTH_ANONYMOUS_ENABLED=true 64 | ports: 65 | - "3000:3000" 66 | networks: 67 | - loki 68 | 69 | netdata-grabber: 70 | image: terorie/netdata-influx 71 | container_name: netdata-influx 72 | environment: 73 | - NI_INFLUX_ADDR=http://influxdb:8086 74 | - NI_INFLUX_DB=netdata 75 | - NI_NETDATA_API=https://netdata:19999/api 76 | - NI_HOST_TAG=localhost-main 77 | - NI_CHARTS=system.cpu system.net system.pgpgio 78 | restart: always 79 | networks: 80 | - loki 81 | 82 | volumes: 83 | grafana-storage: 84 | influxdb-storage: 85 | -------------------------------------------------------------------------------- /grafana+promtail+loki+netdata/readme.md: -------------------------------------------------------------------------------- 1 | # Grafana, Promtail, Loki & Netdata 2 | Grafana is an open source data visualization platform which is primarily used for displaying metrics dashboards. It can aggregate, query, and display data from multiple sources such as Graphite, Prometheus, or MySQL. 3 | 4 | ## Configuration 5 | No configuration required. 6 | 7 | ## Installation 8 | ``` 9 | cd grafana+promtail+loki+netdata 10 | docker-compose pull && docker-compose up -d 11 | ``` 12 | 13 | ## Considerations 14 | * Grafana works with influxdb:1.8, dont works properly with influxdb:2.0+ 15 | * Grafana login: http://:3000 16 | * Default first login: admin:admin 17 | * We will neet to create a database in influxdb with the next command: 18 | ``` 19 | curl -i -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE netdata" 20 | ``` 21 | * And add it as datasource: 22 | URL: http://influxdb:8086, or http://user:pass@influxdb:8086 23 | Database: netdata 24 | Then you can add the dashboard with ID: 10922 -------------------------------------------------------------------------------- /hoppscotch/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | BASE_URL=https://hoppscotch.domain.com 4 | 5 | # –––––––––––––––– OPTIONAL –––––––––––––––– 6 | 7 | PORT=3000 -------------------------------------------------------------------------------- /hoppscotch/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | hoppscotch: 6 | image: hoppscotch/hoppscotch:latest 7 | container_name: hoppscotch 8 | restart: unless-stopped 9 | environment: 10 | HOST: 0.0.0.0 11 | BASE_URL: ${BASE_URL} 12 | # volumes: 13 | # - ./data/hoppscotch:/app 14 | ports: 15 | - "${PORT}:3000" 16 | # networks: 17 | # - web 18 | network_mode: bridge 19 | # labels: 20 | # traefik.enable: true 21 | # traefik.http.routers.hoppscotch.entrypoints: https 22 | # traefik.http.routers.hoppscotch.rule: Host(`hoppscotch.arul.io`) 23 | # traefik.http.services.hoppscotch.loadbalancer.server.port: 3000 24 | 25 | #networks: 26 | # web: 27 | # external: true -------------------------------------------------------------------------------- /hoppscotch/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name hoppscotch.domain.com; 6 | 7 | access_log off; 8 | 9 | #error_log /var/log/nginx/hoppscotch.domain.com.error.log debug; 10 | 11 | keepalive_timeout 70; 12 | client_max_body_size 50m; 13 | 14 | location / { 15 | proxy_pass http://127.0.0.1:3000; 16 | proxy_http_version 1.1; 17 | proxy_set_header Upgrade $http_upgrade; 18 | proxy_set_header Connection "Upgrade"; 19 | proxy_set_header Host $host; 20 | } 21 | 22 | } -------------------------------------------------------------------------------- /hoppscotch/readme.md: -------------------------------------------------------------------------------- 1 | # Hoppscotch 2 | Open source API development ecosystem. 3 | 4 | * Official repo: https://github.com/hoppscotch/hoppscotch 5 | 6 | ## Configuration 7 | Open and edit .env file. 8 | 9 | ## Installation 10 | 11 | ### Option 1: default 12 | ``` 13 | cd hoppscotch 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Run: **docker-compose pull** 19 | 2. Run: **docker-compose up -d** 20 | 3. Make a copy of nginx.conf on **/etc/nginx/sites-available** 21 | 4. Create symbolic link on **/etc/nginx/sites-enabled** 22 | 5. Reload nginx: **service nginx reload** 23 | 6. Install certbot and run: **certbot --nginx -d hoppscotch.domain.com** 24 | 25 | ## Logs 26 | ``` 27 | docker logs -f hoppscotch 28 | ``` 29 | -------------------------------------------------------------------------------- /joplin/.env: -------------------------------------------------------------------------------- 1 | # JOPLIN 2 | # ----------------------------------------------------------------------------- 3 | # Joplin Admin URL: https://joplin.domain.com/admin 4 | # 5 | # By default, the instance will be setup with admin@localhost and password admin 6 | # 7 | 8 | # –––––––––––––––– REQUIRED –––––––––––––––– 9 | 10 | # DATA FOLDER 11 | DATA_FOLDER= 12 | 13 | # SMTP 14 | MAILER_ENABLED=1 15 | MAILER_HOST= 16 | MAILER_PORT= 17 | MAILER_SECURE=1 18 | MAILER_AUTH_USER= 19 | MAILER_AUTH_PASSWORD= 20 | MAILER_NOREPLY_NAME= 21 | MAILER_NOREPLY_EMAIL= 22 | 23 | # APP 24 | APP_BASE_URL=https://joplin.domain.com 25 | APP_PORT=22300 26 | 27 | # –––––––––––––––– OPTIONAL –––––––––––––––– 28 | 29 | # DB 30 | DB_CLIENT=pg 31 | POSTGRES_PASSWORD=joplin 32 | POSTGRES_DATABASE=joplin 33 | POSTGRES_USER=joplin 34 | POSTGRES_PORT=5432 35 | POSTGRES_HOST=localhost 36 | 37 | -------------------------------------------------------------------------------- /joplin/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | joplin-db: 6 | image: postgres:13.1 7 | container_name: joplin-db 8 | volumes: 9 | - ${DATA_FOLDER}/data/postgres:/var/lib/postgresql/data 10 | restart: unless-stopped 11 | environment: 12 | - APP_PORT=22300 13 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} 14 | - POSTGRES_USER=${POSTGRES_USER} 15 | - POSTGRES_DB=${POSTGRES_DATABASE} 16 | 17 | joplin-app: 18 | image: joplin/server:latest 19 | container_name: joplin-app 20 | depends_on: 21 | - joplin-db 22 | ports: 23 | - "22300:22300" 24 | env_file: .env 25 | restart: unless-stopped 26 | environment: 27 | - APP_BASE_URL=${APP_BASE_URL} 28 | - DB_CLIENT=pg 29 | - POSTGRES_HOST=joplin-db 30 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} 31 | - POSTGRES_DATABASE=${POSTGRES_DATABASE} 32 | - POSTGRES_USER=${POSTGRES_USER} 33 | - POSTGRES_PORT=${POSTGRES_PORT} 34 | - MAILER_ENABLED=${MAILER_ENABLED} 35 | - MAILER_HOST=${MAILER_HOST} 36 | - MAILER_PORT=${MAILER_PORT} 37 | - MAILER_SECURE=${MAILER_SECURE} 38 | - MAILER_AUTH_USER=${MAILER_AUTH_USER} 39 | - MAILER_AUTH_PASSWORD=${MAILER_AUTH_PASSWORD} 40 | - MAILER_NOREPLY_NAME=${MAILER_NOREPLY_NAME} 41 | - MAILER_NOREPLY_EMAIL=${MAILER_NOREPLY_EMAIL} 42 | -------------------------------------------------------------------------------- /joplin/readme.md: -------------------------------------------------------------------------------- 1 | # Joplin Server 2 | Joplin - an open source note taking and to-do application with synchronization capabilities for Windows, macOS, Linux, Android and iOS. 3 | 4 | * Official repo: https://github.com/laurent22/joplin 5 | 6 | ## Configuration 7 | Open .env and fill the required parameters: 8 | ``` 9 | DATA_FOLDER= 10 | APP_BASE_URL= 11 | MAILER_HOST= 12 | MAILER_AUTH_USER= 13 | ... 14 | ``` 15 | 16 | ## Installation 17 | ``` 18 | cd joplin 19 | docker-compose pull && docker-compose up -d 20 | ``` 21 | 22 | ## Logs 23 | ``` 24 | docker logs -f joplin-app 25 | ``` -------------------------------------------------------------------------------- /k6/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | INFLUXDB_DB= 3 | INFLUXDB_DB_PORT= 4 | 5 | # –––––––––––––––– OPTIONAL –––––––––––––––– 6 | GF_AUTH_ANONYMOUS_ORG_ROLE=Admin 7 | GF_AUTH_ANONYMOUS_ENABLED=true 8 | GF_AUTH_BASIC_ENABLED=false -------------------------------------------------------------------------------- /k6/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | 3 | services: 4 | 5 | influxdb: 6 | image: influxdb:1.8 7 | container_name: influxdb 8 | networks: 9 | - k6 10 | - grafana 11 | ports: 12 | - "8086:8086" 13 | environment: 14 | - INFLUXDB_DB=k6 15 | 16 | grafana: 17 | image: grafana/grafana:latest 18 | container_name: grafana 19 | networks: 20 | - grafana 21 | ports: 22 | - "3000:3000" 23 | environment: 24 | - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin 25 | - GF_AUTH_ANONYMOUS_ENABLED=true 26 | - GF_AUTH_BASIC_ENABLED=false 27 | volumes: 28 | - ./grafana:/etc/grafana/provisioning/ 29 | 30 | k6: 31 | image: grafana/k6:latest 32 | container_name: k6 33 | networks: 34 | - k6 35 | ports: 36 | - "6565:6565" 37 | environment: 38 | - K6_OUT=influxdb=http://influxdb:8086/k6 39 | volumes: 40 | - ./samples:/scripts 41 | 42 | networks: 43 | k6: 44 | grafana: -------------------------------------------------------------------------------- /k6/readme.md: -------------------------------------------------------------------------------- 1 | # K6 2 | k6 is a modern load testing tool, building on our years of experience in the load and performance testing industry. It provides a clean, approachable scripting API, local and cloud execution, and flexible configuration. 3 | 4 | * Official repo: https://github.com/grafana/k6/ 5 | 6 | ## Configuration 7 | No configuration required. 8 | 9 | ## Installation 10 | 11 | ### Option 1: with Caddy inside docker stack 12 | ``` 13 | cd k6 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ## Logs 18 | ``` 19 | docker logs -f k6 20 | ``` 21 | -------------------------------------------------------------------------------- /mautic/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | MAUTIC_PORT=80 3 | 4 | # –––––––––––––––– OPTIONAL –––––––––––––––– 5 | MAUTIC_DB_HOST=database 6 | MAUTIC_DB_USER=root 7 | MAUTIC_DB_PASSWORD=mypassword 8 | MAUTIC_DB_NAME=mautic4 -------------------------------------------------------------------------------- /mautic/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | services: 4 | 5 | database: 6 | image: powertic/percona-docker 7 | container_name: database 8 | environment: 9 | MYSQL_ROOT_PASSWORD: mypassword 10 | ports: 11 | - "3306:3306" 12 | volumes: 13 | - ./database:/var/lib/mysql 14 | restart: always 15 | networks: 16 | - mautic-net 17 | command: --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --sql-mode="" 18 | 19 | mautic: 20 | container_name: mautic 21 | image: mautic/mautic:v4-apache 22 | volumes: 23 | - ./mautic_data:/var/www/html 24 | environment: 25 | - MAUTIC_DB_HOST=database 26 | - MAUTIC_DB_USER=root 27 | - MAUTIC_DB_PASSWORD=mypassword 28 | - MAUTIC_DB_NAME=mautic4 29 | restart: always 30 | networks: 31 | - mautic-net 32 | ports: 33 | - "${MAUTIC_PORT}:80" 34 | 35 | #volumes: 36 | # database: 37 | # driver: local 38 | # mautic_data: 39 | # driver: local 40 | networks: 41 | mautic-net: 42 | driver: bridge 43 | -------------------------------------------------------------------------------- /mautic/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name mautic.domain.com; 6 | 7 | access_log off; 8 | 9 | keepalive_timeout 70; 10 | client_max_body_size 50m; 11 | 12 | location / { 13 | proxy_pass http://127.0.0.1:808; 14 | proxy_http_version 1.1; 15 | proxy_set_header Upgrade $http_upgrade; 16 | proxy_set_header Connection "Upgrade"; 17 | proxy_set_header Host $host; 18 | } 19 | 20 | } -------------------------------------------------------------------------------- /mautic/readme.md: -------------------------------------------------------------------------------- 1 | # Mautic 2 | Mautic provides free and open source marketing automation software available to everyone. Free email marketing software, lead management and more. 3 | 4 | * Official repo: https://github.com/mautic/mautic 5 | 6 | ## Configuration 7 | Open .env and fill the required parameters. 8 | 9 | ## Installation 10 | 11 | ### Option 1: with Apache2 inside docker stack 12 | ``` 13 | cd mautic 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Change Mautic host port on .env file (could be 808 or another open port). 19 | 2. Run: **docker-compose pull** 20 | 3. Run: **docker-compose up -d** 21 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 22 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 23 | 6. Reload nginx: **service nginx reload** 24 | 7. Install certbot and run: **certbot --nginx -d mautic.domain.com** 25 | 26 | ## Logs 27 | ``` 28 | docker logs -f mautic 29 | ``` 30 | -------------------------------------------------------------------------------- /metabase+jitsu/jitsu/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | DATA_FOLDER= 3 | DOMAIN_NAME=domain.com 4 | SUBDOMAIN=jitsu.domain.com 5 | 6 | # –––––––––––––––– OPTIONAL –––––––––––––––– 7 | POSTGRES_HOST_PORT=5432 8 | POSTGRES_PORT=5432 9 | POSTGRES_DB=jitsu 10 | POSTGRES_USER=jitsu 11 | POSTGRES_PASSWORD=jitsu 12 | POSTGRES_DATA_FOLDER= 13 | 14 | -------------------------------------------------------------------------------- /metabase+jitsu/jitsu/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/metabase+jitsu/jitsu/.gitkeep -------------------------------------------------------------------------------- /metabase+jitsu/jitsu/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2.3" 2 | 3 | services: 4 | 5 | db: 6 | container_name: jitsu_db 7 | image: postgres 8 | restart: always 9 | environment: 10 | - POSTGRES_DB=${POSTGRES_DB} 11 | - POSTGRES_USER=${POSTGRES_USER} 12 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} 13 | ports: 14 | - ${POSTGRES_HOST_PORT}:${POSTGRES_PORT} 15 | volumes: 16 | - ./db-data:/var/lib/postgresql/data 17 | networks: 18 | - metabase-network 19 | 20 | jitsu: 21 | container_name: jitsu 22 | image: jitsucom/jitsu 23 | environment: 24 | - REDIS_URL=redis://redis:6379 25 | #Retroactive users recognition can affect RAM significant. Read more about the solution https://jitsu.com/docs/other-features/retroactive-user-recognition 26 | - USER_RECOGNITION_ENABLED=true 27 | - USER_RECOGNITION_REDIS_URL=redis://redis_users_recognition:6380 28 | - TERM=xterm-256color 29 | depends_on: 30 | - redis 31 | - db 32 | volumes: 33 | - ./compose-data/configurator/data/logs:/home/configurator/data/logs 34 | - ./compose-data/server/data/logs:/home/eventnative/data/logs 35 | - ./compose-data/server/data/logs/events:/home/eventnative/data/logs/events 36 | - /var/run/docker.sock:/var/run/docker.sock 37 | - workspace:/home/eventnative/data/airbyte 38 | restart: always 39 | ports: 40 | - "8000:8000" 41 | networks: 42 | - metabase-network 43 | 44 | redis: 45 | container_name: jitsu_redis 46 | image: redis:6.2.6-bullseye 47 | volumes: 48 | - ./compose-data/redis/data:/data 49 | restart: always 50 | networks: 51 | - metabase-network 52 | 53 | redis_users_recognition: 54 | container_name: jitsu_redis_users_recognition 55 | image: redis:6.2.6-bullseye 56 | volumes: 57 | - ./compose-data/redis_users_recognition/data:/data 58 | - ./compose-data/redis_users_recognition/redis.conf:/usr/local/etc/redis/redis.conf 59 | command: redis-server /usr/local/etc/redis/redis.conf 60 | restart: always 61 | networks: 62 | - metabase-network 63 | 64 | volumes: 65 | workspace: 66 | name: jitsu_workspace 67 | 68 | networks: 69 | metabase-network: 70 | name: metabase-network 71 | driver: bridge 72 | -------------------------------------------------------------------------------- /metabase+jitsu/metabase/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | DATA_FOLDER= 3 | DOMAIN_NAME=domain.com 4 | SUBDOMAIN=metabase.domain.com 5 | 6 | # –––––––––––––––– OPTIONAL –––––––––––––––– 7 | POSTGRES_HOST_PORT=5400 8 | POSTGRES_PORT=5432 9 | POSTGRES_DB=metabase 10 | POSTGRES_USER=postgres 11 | POSTGRES_PASSWORD=postgres 12 | POSTGRES_DATA_FOLDER= -------------------------------------------------------------------------------- /metabase+jitsu/metabase/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/metabase+jitsu/metabase/.gitkeep -------------------------------------------------------------------------------- /metabase+jitsu/metabase/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.5' 2 | 3 | services: 4 | 5 | db: 6 | container_name: metabase_db 7 | image: postgres 8 | restart: always 9 | environment: 10 | - POSTGRES_DB=${POSTGRES_DB} 11 | - POSTGRES_USER=${POSTGRES_USER} 12 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} 13 | ports: 14 | - ${POSTGRES_HOST_PORT}:${POSTGRES_PORT} 15 | volumes: 16 | - ./db-data:/var/lib/postgresql/data 17 | networks: 18 | - metabase-network 19 | 20 | metabase: 21 | container_name: metabase 22 | volumes: 23 | - ./metabase-data:/metabase-data 24 | environment: 25 | - MB_DB_TYPE=postgres 26 | - MB_DB_HOST=db 27 | - MB_DB_PORT=${POSTGRES_PORT} 28 | - MB_DB_DBNAME=${POSTGRES_DB} 29 | - MB_DB_USER=${POSTGRES_USER} 30 | - MB_DB_PASS=${POSTGRES_PASSWORD} 31 | ports: 32 | - 3000:3000 33 | image: metabase/metabase 34 | restart: always 35 | depends_on: 36 | - db 37 | networks: 38 | - metabase-network 39 | 40 | networks: 41 | metabase-network: 42 | name: metabase-network 43 | driver: bridge 44 | -------------------------------------------------------------------------------- /metabase+jitsu/readme.md: -------------------------------------------------------------------------------- 1 | # Metabase and Jitsu 2 | 3 | Two independent stacks that 'talk' each other with the configured network: metabase-network 4 | This let Metabase 'see' the postgres database configured inside Jitsu stack. 5 | 6 | Both tools use Postgres, so we change de default postgres port on the host for Metabase. 7 | 8 | ## Installation 9 | Adentro de cada una de las carpetas ejecutamos: 10 | 11 | ### Download images 12 | ``` 13 | docker-compose pull 14 | ``` 15 | 16 | ### Stop and delete containers 17 | ``` 18 | docker-compose stop && docker-compose rm 19 | ``` 20 | 21 | ### Start containers 22 | ``` 23 | docker-compose up -d 24 | ``` 25 | 26 | ### Considerations 27 | 28 | On Metabase, we need to add the same credentials configured on docker-compose.yml for Jitsu. On "Host" we need to specified "container_name", example: 29 | 30 | ![ScreenShot](./screenshot.png) -------------------------------------------------------------------------------- /metabase+jitsu/screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/metabase+jitsu/screenshot.png -------------------------------------------------------------------------------- /motoradmin/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # –––––––––––––––– OPTIONAL –––––––––––––––– 4 | -------------------------------------------------------------------------------- /motoradmin/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | app: 6 | depends_on: 7 | - 'postgres' 8 | image: 'motoradmin/motoradmin:latest' 9 | ports: 10 | - '3000:3000' 11 | volumes: 12 | - '.:/app' 13 | environment: 14 | SECRET_KEY_BASE: 15 | DATABASE_URL: postgresql://postgres:postgres@postgres:5432/motoradmin 16 | 17 | postgres: 18 | image: 'postgres:13.4' 19 | volumes: 20 | - 'postgres:/var/lib/postgresql/data' 21 | environment: 22 | POSTGRES_USER: postgres 23 | POSTGRES_PASSWORD: postgres 24 | POSTGRES_DB: motoradmin 25 | 26 | volumes: 27 | postgres: -------------------------------------------------------------------------------- /motoradmin/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name motoradmin.domain.com; 6 | 7 | access_log off; 8 | 9 | keepalive_timeout 70; 10 | client_max_body_size 50m; 11 | 12 | location / { 13 | proxy_pass http://127.0.0.1:3000; 14 | proxy_http_version 1.1; 15 | proxy_set_header Upgrade $http_upgrade; 16 | proxy_set_header Connection "Upgrade"; 17 | proxy_set_header Host $host; 18 | } 19 | 20 | } -------------------------------------------------------------------------------- /motoradmin/readme.md: -------------------------------------------------------------------------------- 1 | # Motor Admin 2 | Deploy a no-code admin panel for any application in less than a minute. Search, create, update, and delete data entries, create custom actions, and build reports. 3 | 4 | * Official repo: https://github.com/motor-admin/motor-admin 5 | 6 | ## Installation 7 | 8 | 1. Crate a key base with the command: `openssl rand -hex 64` 9 | 2. Update docker-compose.yml to add the new key on SECRET_KEY_BASE var. 10 | 11 | ### Option 1: without proxy 12 | ``` 13 | cd motoradmin 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Run: **docker-compose pull** 19 | 2. Run: **docker-compose up -d** 20 | 3. Make a copy of nginx.conf on **/etc/nginx/sites-available** 21 | 4. Create symbolic link on **/etc/nginx/sites-enabled** 22 | 5. Reload nginx: **service nginx reload** 23 | 6. Install certbot and run: **certbot --nginx -d motoradmin.domain.com** 24 | 25 | If you change motoradmin port, you need to change it on nginx.conf too. 26 | 27 | ## Logs 28 | ``` 29 | docker logs -f motoradmin 30 | ``` 31 | -------------------------------------------------------------------------------- /n8n+postgres/.env: -------------------------------------------------------------------------------- 1 | # N8N 2 | # –––––––––––––––– REQUIRED –––––––––––––––– 3 | DATA_FOLDER=./n8n 4 | DOMAIN_NAME= 5 | SUBDOMAIN= 6 | N8N_BASIC_AUTH_USER= 7 | N8N_BASIC_AUTH_PASSWORD= 8 | 9 | 10 | # –––––––––––––––– OPTIONAL –––––––––––––––– 11 | POSTGRES_USER=postgres 12 | POSTGRES_PASSWORD=postgres 13 | POSTGRES_DB=n8n 14 | POSTGRES_NON_ROOT_USER=n8n 15 | POSTGRES_NON_ROOT_PASSWORD= 16 | 17 | # If not set New York time will be used 18 | GENERIC_TIMEZONE= 19 | 20 | # The email address to use for the SSL certificate creation 21 | SSL_EMAIL= 22 | 23 | # SMTP 24 | N8N_EMAIL_MODE=smtp 25 | N8N_SMTP_HOST= 26 | N8N_SMTP_PORT= 27 | N8N_SMTP_USER= 28 | N8N_SMTP_PASS= 29 | N8N_SMTP_SENDER= 30 | N8N_SMTP_SSL= 31 | -------------------------------------------------------------------------------- /n8n+postgres/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.1" 2 | 3 | services: 4 | 5 | postgres: 6 | image: postgres:11 7 | restart: unless-stopped 8 | environment: 9 | - POSTGRES_USER 10 | - POSTGRES_PASSWORD 11 | - POSTGRES_DB 12 | - POSTGRES_NON_ROOT_USER 13 | - POSTGRES_NON_ROOT_PASSWORD 14 | volumes: 15 | - ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh 16 | - ./.n8n/db:/var/lib/postgresql/data:rw 17 | 18 | traefik: 19 | image: "traefik" 20 | restart: always 21 | command: 22 | - "--api=true" 23 | - "--api.insecure=true" 24 | - "--providers.docker=true" 25 | - "--providers.docker.exposedbydefault=false" 26 | - "--entrypoints.websecure.address=:443" 27 | - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" 28 | - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}" 29 | - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json" 30 | ports: 31 | - "443:443" 32 | volumes: 33 | - ./letsencrypt:/letsencrypt 34 | - /var/run/docker.sock:/var/run/docker.sock:ro 35 | 36 | n8n: 37 | image: n8nio/n8n 38 | container_name: n8n 39 | restart: unless-stopped 40 | labels: 41 | - traefik.enable=true 42 | - traefik.http.routers.n8n.rule=Host(`n8n.domain.com`) 43 | - traefik.http.routers.n8n.tls=true 44 | - traefik.http.routers.n8n.entrypoints=websecure 45 | - traefik.http.routers.n8n.tls.certresolver=mytlschallenge 46 | - traefik.http.middlewares.n8n.headers.SSLRedirect=true 47 | - traefik.http.middlewares.n8n.headers.STSSeconds=315360000 48 | - traefik.http.middlewares.n8n.headers.browserXSSFilter=true 49 | - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true 50 | - traefik.http.middlewares.n8n.headers.forceSTSHeader=true 51 | - traefik.http.middlewares.n8n.headers.SSLHost=broobe.com 52 | - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true 53 | - traefik.http.middlewares.n8n.headers.STSPreload=true 54 | environment: 55 | - DB_TYPE=postgresdb 56 | - DB_POSTGRESDB_HOST=postgres 57 | - DB_POSTGRESDB_PORT=5432 58 | - DB_POSTGRESDB_DATABASE=${POSTGRES_DB} 59 | - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER} 60 | - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD} 61 | #- N8N_BASIC_AUTH_ACTIVE=true 62 | #- N8N_BASIC_AUTH_USER 63 | #- N8N_BASIC_AUTH_PASSWORD 64 | - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME} 65 | - N8N_PORT=5678 66 | - N8N_PROTOCOL=https 67 | - NODE_ENV=production 68 | - WEBHOOK_TUNNEL_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/ 69 | - GENERIC_TIMEZONE=${GENERIC_TIMEZONE} 70 | - N8N_EMAIL_MODE=smtp 71 | - N8N_SMTP_HOST=${N8N_SMTP_HOST} 72 | - N8N_SMTP_PORT=${N8N_SMTP_PORT} 73 | - N8N_SMTP_USER=${N8N_SMTP_USER} 74 | - N8N_SMTP_PASS=${N8N_SMTP_PASS} 75 | - N8N_SMTP_SENDER=${N8N_SMTP_SENDER} 76 | - N8N_SMTP_SSL=${N8N_SMTP_SSL} 77 | ports: 78 | - 5678:5678 79 | volumes: 80 | - ./.n8n/n8n:/home/node/.n8n 81 | -------------------------------------------------------------------------------- /n8n+postgres/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name n8n.domain.com; 6 | 7 | # Log 8 | error_log /var/log/nginx/n8n.domain.com-error.log; 9 | 10 | location / { 11 | proxy_pass http://localhost:5678; 12 | proxy_set_header Connection ''; 13 | proxy_http_version 1.1; 14 | chunked_transfer_encoding off; 15 | proxy_buffering off; 16 | proxy_cache off; 17 | } 18 | 19 | } -------------------------------------------------------------------------------- /n8n+postgres/readme.md: -------------------------------------------------------------------------------- 1 | # n8n with postgres 2 | Free and open fair-code licensed node based Workflow Automation Tool. Easily automate tasks across different services. 3 | 4 | * Official repo: https://github.com/n8n-io/n8n 5 | 6 | ## Installation 7 | n8n default installation use SQLite. This docker-compose recipe use a postgres image to make data persistent. 8 | 9 | ### Option 1: with traefik inside docker stack 10 | ``` 11 | cd n8n+postgres 12 | docker-compose pull && docker-compose up -d 13 | ``` 14 | 15 | ### Option 2: with nginx installed on host 16 | 1. Comment "traefik" service part on docker-compose.yml. 17 | 2. Run: **docker-compose pull** 18 | 3. Run: **docker-compose up -d** 19 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 20 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 21 | 6. Reload nginx: **service nginx reload** 22 | 7. Install certbot and run: **certbot --nginx -d n8n.domain.com** 23 | 24 | ## Logs 25 | ``` 26 | docker logs -f n8n 27 | ``` 28 | -------------------------------------------------------------------------------- /netdata/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # –––––––––––––––– OPTIONAL –––––––––––––––– 4 | -------------------------------------------------------------------------------- /netdata/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | netdata: 6 | image: netdata/netdata 7 | container_name: netdata 8 | hostname: example.com # set to fqdn of host 9 | ports: 10 | - 19999:19999 11 | restart: unless-stopped 12 | cap_add: 13 | - SYS_PTRACE 14 | security_opt: 15 | - apparmor:unconfined 16 | volumes: 17 | - ./netdataconfig:/etc/netdata 18 | - netdatalib:/var/lib/netdata 19 | - netdatacache:/var/cache/netdata 20 | - /etc/passwd:/host/etc/passwd:ro 21 | - /etc/group:/host/etc/group:ro 22 | - /proc:/host/proc:ro 23 | - /sys:/host/sys:ro 24 | - /etc/os-release:/host/etc/os-release:ro 25 | 26 | volumes: 27 | # netdataconfig: 28 | netdatalib: 29 | netdatacache: -------------------------------------------------------------------------------- /netdata/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/netdata/nginx.conf -------------------------------------------------------------------------------- /netdata/readme.md: -------------------------------------------------------------------------------- 1 | Para exponer nginx: 2 | 3 | https://github.com/netdata/netdata/issues/9976 4 | 5 | Con php-fpm supongo que es algo similar. 6 | 7 | Abria que ver que onda MySQL, monit y el firewall. -------------------------------------------------------------------------------- /nginx-proxy-manager/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # –––––––––––––––– OPTIONAL –––––––––––––––– 4 | -------------------------------------------------------------------------------- /nginx-proxy-manager/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | app: 6 | image: 'jc21/nginx-proxy-manager:latest' 7 | restart: unless-stopped 8 | ports: 9 | - '80:80' 10 | - '81:81' 11 | - '443:443' 12 | volumes: 13 | - ./data:/data 14 | - ./letsencrypt:/etc/letsencrypt -------------------------------------------------------------------------------- /nginx-proxy-manager/readme.md: -------------------------------------------------------------------------------- 1 | # Nginx Proxy Manager 2 | Pre-built docker image that enables you to easily forward to your websites running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. 3 | 4 | * Official repo: https://github.com/NginxProxyManager/nginx-proxy-manager 5 | 6 | ## Installation 7 | 8 | ### Option 1: without proxy 9 | ``` 10 | cd nginx-proxy-manager 11 | docker-compose pull && docker-compose up -d 12 | ``` 13 | 14 | ### Option 2: with nginx installed on host 15 | 1. Run: **docker-compose pull** 16 | 2. Run: **docker-compose up -d** 17 | 3. Make a copy of nginx.conf on **/etc/nginx/sites-available** 18 | 4. Create symbolic link on **/etc/nginx/sites-enabled** 19 | 5. Reload nginx: **service nginx reload** 20 | 6. Install certbot and run: **certbot --nginx -d nginx.domain.com** 21 | 22 | If you change nginx-proxy-manager port, you need to change it on nginx.conf too. 23 | 24 | ### Log in to the Admin UI 25 | When your docker container is running, connect to it on port 81 for the admin interface. 26 | Sometimes this can take a little bit because of the entropy of keys. 27 | 28 | http://127.0.0.1:81 29 | 30 | Default Admin User: 31 | 32 | Email: admin@example.com 33 | Password: changeme 34 | 35 | ## Logs 36 | ``` 37 | docker logs -f nginx-proxy-manager 38 | ``` 39 | -------------------------------------------------------------------------------- /nocodb+postgres/.env: -------------------------------------------------------------------------------- 1 | # NOCODB 2 | # –––––––––––––––– REQUIRED –––––––––––––––– 3 | DOMAINNAME= 4 | 5 | # CLOUDFLARE TOKEN 6 | CF_DNS_API_TOKEN= 7 | 8 | # –––––––––––––––– OPTIONAL –––––––––––––––– 9 | # DATABASE 10 | DATABASE_NAME=xcdb 11 | DATABASE_USER=nocodb 12 | DATABASE_PW=SECURE_PW -------------------------------------------------------------------------------- /nocodb+postgres/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | 5 | nocodb: 6 | container_name: nocodb 7 | image: nocodb/nocodb:latest 8 | restart: always 9 | volumes: 10 | - nocodb-data:/usr/app/data 11 | networks: 12 | - traefik_proxy 13 | environment: 14 | - NC_DB=pg://nocodb-db:5432?u=${DATABASE_USER}&p=${DATABASE_PW}&d=${DATABASE_NAME} 15 | - NC_PUBLIC_URL=https://nocodb.${DOMAINNAME} 16 | - NC_DISABLE_TELE=true 17 | labels: 18 | - "traefik.enable=true" 19 | - "traefik.http.services.nocodb.loadbalancer.server.port=8080" 20 | - "traefik.http.routers.nocodb.rule=Host(`nocodb.${DOMAINNAME}`)" 21 | - "traefik.http.routers.nocodb.entrypoints=https" 22 | - "com.centurylinklabs.watchtower.enable=true" 23 | depends_on: 24 | - nocodb-db 25 | 26 | nocodb-db: 27 | image: postgres:12.1-alpine 28 | container_name: nocodb-db 29 | restart: always 30 | networks: 31 | - traefik_proxy 32 | environment: 33 | POSTGRES_USER: ${DATABASE_USER} 34 | POSTGRES_PASSWORD: ${DATABASE_PW} 35 | POSTGRES_DB: ${DATABASE_NAME} 36 | volumes: 37 | - nocodb-db:/var/lib/postgresql/data 38 | healthcheck: 39 | test: pg_isready -U ${DATABASE_USER} -d ${DATABASE_NAME} 40 | interval: 10s 41 | timeout: 2s 42 | retries: 10 43 | 44 | traefik: 45 | image: traefik:v2.2 46 | container_name: traefik 47 | restart: always 48 | command: 49 | #- "--log.level=DEBUG" 50 | - "--providers.docker=true" 51 | - "--ping=true" 52 | - "--ping.entryPoint=ping" 53 | - "--providers.docker.exposedbydefault=false" 54 | - "--providers.docker.network=traefik_proxy" 55 | - "--entryPoints.ping.address=:8081" 56 | - "--entrypoints.http.address=:80" 57 | - "--entrypoints.https.address=:443" 58 | - "--entrypoints.https.http.tls.certresolver=letsencrypt" 59 | - "--entrypoints.https.http.tls.domains[0].main=${DOMAINNAME}" 60 | - "--entrypoints.https.http.tls.domains[0].sans=*.${DOMAINNAME}" 61 | - "--entrypoints.http.http.redirections.entryPoint.to=https" 62 | - "--entrypoints.http.http.redirections.entryPoint.scheme=https" 63 | - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=15" 64 | - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" 65 | - "--certificatesresolvers.letsencrypt.acme.email=info@${DOMAINNAME}" 66 | - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" 67 | - "--certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53" 68 | environment: 69 | - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN} 70 | healthcheck: 71 | test: ["CMD", "wget", "-c", "http://localhost:8081/ping"] 72 | timeout: 3s 73 | retries: 3 74 | networks: 75 | - default 76 | - traefik_proxy 77 | ports: 78 | - "80:80" 79 | - "443:443" 80 | volumes: 81 | - "letsencrypt:/letsencrypt" 82 | - /var/run/docker.sock:/var/run/docker.sock:ro 83 | 84 | watchtower: 85 | image: containrrr/watchtower 86 | container_name: watchtower 87 | restart: always 88 | networks: 89 | - traefik_proxy 90 | command: --schedule "0 5 * * *" --cleanup --label-enable 91 | 92 | volumes: 93 | - /var/run/docker.sock:/var/run/docker.sock:ro 94 | labels: 95 | - "com.centurylinklabs.watchtower.enable=true" 96 | 97 | networks: 98 | traefik_proxy: 99 | name: traefik_proxy 100 | 101 | volumes: 102 | letsencrypt: 103 | name: traefik-letsencrypt 104 | nocodb-db: 105 | name: nocodb-db 106 | nocodb-data: 107 | name: nocodb-data -------------------------------------------------------------------------------- /nocodb+postgres/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/nocodb+postgres/nginx.conf -------------------------------------------------------------------------------- /nocodb+postgres/readme.md: -------------------------------------------------------------------------------- 1 | New ref: https://github.com/nocodb/nocodb/tree/develop/docker-compose -------------------------------------------------------------------------------- /outline/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` 4 | # in your terminal to generate a random value. 5 | SECRET_KEY= 6 | 7 | # Generate a unique random key. The format is not important but you could still use 8 | # `openssl rand -hex 32` in your terminal to produce this. 9 | UTILS_SECRET= 10 | 11 | # For production point these at your databases, in development the default 12 | # should work out of the box. 13 | DATABASE_URL=postgres://outline:outline@outline-postgres:5432/outline 14 | DATABASE_URL_TEST=postgres://outline:outline@outline-postgres:5432/outline-test 15 | DATABASE_CONNECTION_POOL_MIN= 16 | DATABASE_CONNECTION_POOL_MAX= 17 | # Uncomment this to disable SSL for connecting to Postgres 18 | PGSSLMODE=disable 19 | REDIS_URL=redis://outline-redis:6379 20 | 21 | # URL should point to the fully qualified, publicly accessible URL. If using a 22 | # proxy the port in URL and PORT may be different. 23 | URL=https://outline.domain.com 24 | PORT=3000 25 | 26 | # See [documentation](docs/SERVICES.md) on running a separate collaboration 27 | # server, for normal operation this does not need to be set. 28 | COLLABORATION_URL= 29 | 30 | # To support uploading of images for avatars and document attachments an 31 | # s3-compatible storage must be provided. AWS S3 is recommended for redundency 32 | # however if you want to keep all file storage local an alternative such as 33 | # minio (https://github.com/minio/minio) can be used. 34 | 35 | # A more detailed guide on setting up S3 is available here: 36 | # => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f 37 | # 38 | AWS_ACCESS_KEY_ID=get_a_key_from_aws 39 | AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key 40 | AWS_REGION=xx-xxxx-x 41 | AWS_S3_ACCELERATE_URL= 42 | AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569 43 | AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here 44 | AWS_S3_UPLOAD_MAX_SIZE=26214400 45 | AWS_S3_FORCE_PATH_STYLE=true 46 | AWS_S3_ACL=private 47 | 48 | 49 | # –––––––––––––– AUTHENTICATION –––––––––––––– 50 | 51 | # Third party signin credentials, at least ONE OF EITHER Google, Slack, 52 | # or Microsoft is required for a working installation or you'll have no sign-in 53 | # options. 54 | 55 | # To configure Slack auth, you'll need to create an Application at 56 | # => https://api.slack.com/apps 57 | # 58 | # When configuring the Client ID, add a redirect URL under "OAuth & Permissions": 59 | # https:///auth/slack.callback 60 | #SLACK_KEY=get_a_key_from_slack 61 | #SLACK_SECRET=get_the_secret_of_above_key 62 | 63 | # To configure Google auth, you'll need to create an OAuth Client ID at 64 | # => https://console.cloud.google.com/apis/credentials 65 | # 66 | # When configuring the Client ID, add an Authorized redirect URI: 67 | # https:///auth/google.callback 68 | GOOGLE_CLIENT_ID= 69 | GOOGLE_CLIENT_SECRET= 70 | 71 | # To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See 72 | # the guide for details on setting up your Azure App: 73 | # => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4 74 | AZURE_CLIENT_ID= 75 | AZURE_CLIENT_SECRET= 76 | AZURE_RESOURCE_APP_ID= 77 | 78 | # To configure generic OIDC auth, you'll need some kind of identity provider. 79 | # See documentation for whichever IdP you use to acquire the following info: 80 | # Redirect URI is https:///auth/oidc.callback 81 | OIDC_CLIENT_ID= 82 | OIDC_CLIENT_SECRET= 83 | OIDC_AUTH_URI= 84 | OIDC_TOKEN_URI= 85 | OIDC_USERINFO_URI= 86 | 87 | # Specify which claims to derive user information from 88 | # Supports any valid JSON path with the JWT payload 89 | OIDC_USERNAME_CLAIM=preferred_username 90 | 91 | # Display name for OIDC authentication 92 | OIDC_DISPLAY_NAME=OpenID 93 | 94 | # Space separated auth scopes. 95 | OIDC_SCOPES=openid profile email 96 | 97 | 98 | # –––––––––––––––– OPTIONAL –––––––––––––––– 99 | 100 | # Base64 encoded private key and certificate for HTTPS termination. This is only 101 | # required if you do not use an external reverse proxy. See documentation: 102 | # https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45 103 | SSL_KEY= 104 | SSL_CERT= 105 | 106 | # If using a Cloudfront/Cloudflare distribution or similar it can be set below. 107 | # This will cause paths to javascript, stylesheets, and images to be updated to 108 | # the hostname defined in CDN_URL. In your CDN configuration the origin server 109 | # should be set to the same as URL. 110 | CDN_URL= 111 | 112 | # Auto-redirect to https in production. The default is true but you may set to 113 | # false if you can be sure that SSL is terminated at an external loadbalancer. 114 | FORCE_HTTPS=true 115 | 116 | # Have the installation check for updates by sending anonymized statistics to 117 | # the maintainers 118 | ENABLE_UPDATES=true 119 | 120 | # How many processes should be spawned. As a reasonable rule divide your servers 121 | # available memory by 512 for a rough estimate 122 | WEB_CONCURRENCY=1 123 | 124 | # Override the maxium size of document imports, could be required if you have 125 | # especially large Word documents with embedded imagery 126 | MAXIMUM_IMPORT_SIZE=5120000 127 | 128 | # You can remove this line if your reverse proxy already logs incoming http 129 | # requests and this ends up being duplicative 130 | DEBUG=http 131 | 132 | # Comma separated list of domains to be allowed to signin to the wiki. If not 133 | # set, all domains are allowed by default when using Google OAuth to signin 134 | ALLOWED_DOMAINS= 135 | 136 | # For a complete Slack integration with search and posting to channels the 137 | # following configs are also needed, some more details 138 | # => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a 139 | # 140 | SLACK_VERIFICATION_TOKEN=your_token 141 | SLACK_APP_ID=A0XXXXXXX 142 | SLACK_MESSAGE_ACTIONS=true 143 | 144 | # Optionally enable google analytics to track pageviews in the knowledge base 145 | GOOGLE_ANALYTICS_ID= 146 | 147 | # Optionally enable Sentry (sentry.io) to track errors and performance 148 | SENTRY_DSN= 149 | 150 | # To support sending outgoing transactional emails such as "document updated" or 151 | # "you've been invited" you'll need to provide authentication for an SMTP server 152 | SMTP_HOST= 153 | SMTP_PORT= 154 | SMTP_USERNAME= 155 | SMTP_PASSWORD= 156 | SMTP_FROM_EMAIL= 157 | SMTP_REPLY_EMAIL= 158 | SMTP_TLS_CIPHERS= 159 | SMTP_SECURE=true 160 | 161 | # Custom logo that displays on the authentication screen, scaled to height: 60px 162 | # TEAM_LOGO=https://example.com/images/logo.png 163 | 164 | # The default interface language. See translate.getoutline.com for a list of 165 | # available language codes and their rough percentage translated. 166 | DEFAULT_LANGUAGE=en_US -------------------------------------------------------------------------------- /outline/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | outline: 6 | image: outlinewiki/outline 7 | container_name: outline 8 | env_file: ./.env 9 | ports: 10 | - "3000:3000" 11 | depends_on: 12 | - postgres 13 | - redis 14 | - storage 15 | 16 | redis: 17 | image: redis 18 | container_name: outline-redis 19 | env_file: ./.env 20 | ports: 21 | - "6379:6379" 22 | volumes: 23 | - ./redis.conf:/redis.conf 24 | command: ["redis-server", "/redis.conf"] 25 | healthcheck: 26 | test: ["CMD", "redis-cli", "ping"] 27 | interval: 10s 28 | timeout: 30s 29 | retries: 3 30 | 31 | postgres: 32 | image: postgres 33 | container_name: outline-postgres 34 | #env_file: ./.env 35 | ports: 36 | - "5432:5432" 37 | environment: 38 | - POSTGRES_INITDB_ARGS=--data-checksums 39 | - POSTGRES_DB=outline 40 | - POSTGRES_USER=outline 41 | - POSTGRES_PASSWORD=outline 42 | volumes: 43 | - database-data:/var/lib/postgresql/data 44 | healthcheck: 45 | test: ["CMD", "pg_isready -U user"] 46 | interval: 30s 47 | timeout: 20s 48 | retries: 3 49 | 50 | storage: 51 | image: minio/minio 52 | container_name: outline-minio 53 | env_file: ./.env 54 | ports: 55 | - "9000:9000" 56 | entrypoint: sh 57 | command: -c 'minio server' 58 | deploy: 59 | restart_policy: 60 | condition: on-failure 61 | volumes: 62 | - storage-data:/data 63 | healthcheck: 64 | test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] 65 | interval: 30s 66 | timeout: 20s 67 | retries: 3 68 | 69 | https-portal: 70 | image: steveltn/https-portal 71 | container_name: outline-https 72 | env_file: ./.env 73 | ports: 74 | - '80:80' 75 | - '443:443' 76 | links: 77 | - outline 78 | - storage 79 | restart: always 80 | volumes: 81 | - https-portal-data:/var/lib/https-portal 82 | healthcheck: 83 | test: ["CMD", "service", "nginx", "status"] 84 | interval: 30s 85 | timeout: 20s 86 | retries: 3 87 | 88 | 89 | volumes: 90 | https-portal-data: 91 | storage-data: 92 | database-data: 93 | 94 | #networks: 95 | # outline: -------------------------------------------------------------------------------- /outline/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | server_name domain.com; 4 | 5 | # Log 6 | error_log /var/log/nginx/domain.com-error.log; 7 | 8 | # Proxy 9 | add_header Strict-Transport-Security "max-age=31536000; preload"; 10 | add_header HTTPS "on"; 11 | 12 | location / { 13 | 14 | # Outline default port 15 | proxy_pass http://localhost:3000/; 16 | 17 | proxy_set_header Upgrade $http_upgrade; 18 | proxy_set_header Connection "Upgrade"; 19 | proxy_set_header Host $host; 20 | 21 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header Host $host; 22 | proxy_set_header Host $http_host; 23 | proxy_set_header X-Real-IP $remote_addr; 24 | proxy_set_header X-Scheme $scheme; 25 | proxy_set_header X-Forwarded-Proto $scheme; 26 | proxy_redirect off; 27 | } 28 | 29 | listen 80; 30 | 31 | } -------------------------------------------------------------------------------- /outline/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/outline/readme.md -------------------------------------------------------------------------------- /penpot/Caddyfile: -------------------------------------------------------------------------------- 1 | {$DOMAIN}:443 { 2 | log { 3 | level INFO 4 | output file {$LOG_FILE} { 5 | roll_size 10MB 6 | roll_keep 10 7 | } 8 | } 9 | 10 | # Use the ACME HTTP-01 challenge to get a cert for the configured domain. 11 | tls {$EMAIL} 12 | 13 | # This setting may have compatibility issues with some browsers 14 | # (e.g., attachment downloading on Firefox). Try disabling this 15 | # if you encounter issues. 16 | encode gzip 17 | 18 | # Proxy everything else to Rocket 19 | reverse_proxy penpot-frontend:80 { 20 | header_up X-Real-IP {remote_host} 21 | } 22 | } -------------------------------------------------------------------------------- /penpot/config.env: -------------------------------------------------------------------------------- 1 | # Should be set to the public domain where penpot is going to be served. 2 | PENPOT_PUBLIC_URI=https://penpot.domain.com 3 | 4 | # Temporal workaround because of bad builtin default 5 | PENPOT_HTTP_SERVER_HOST=0.0.0.0 6 | 7 | # Standard database connection parameters (only postgresql is supported): 8 | PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot 9 | PENPOT_DATABASE_USERNAME=penpot 10 | PENPOT_DATABASE_PASSWORD=penpot 11 | 12 | # Redis is used for the websockets notifications. 13 | PENPOT_REDIS_URI=redis://penpot-redis/0 14 | 15 | # By default, files uploaded by users are stored in local filesystem. But it 16 | # can be configured to store in AWS S3 or completely in de the database. 17 | # Storing in the database makes the backups more easy but will make access to 18 | # media less performant. 19 | ASSETS_STORAGE_BACKEND=assets-fs 20 | PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets 21 | 22 | # Telemetry. When enabled, a periodical process will send anonymous data about 23 | # this instance. Telemetry data will enable us to learn on how the application 24 | # is used, based on real scenarios. If you want to help us, please leave it 25 | # enabled. 26 | PENPOT_TELEMETRY_ENABLED=true 27 | 28 | # Email sending configuration. By default, emails are printed in the console, 29 | # but for production usage is recommended to setup a real SMTP provider. Emails 30 | # are used to confirm user registrations. 31 | PENPOT_SMTP_ENABLED= 32 | PENPOT_SMTP_DEFAULT_FROM= 33 | PENPOT_SMTP_DEFAULT_REPLY_TO= 34 | PENPOT_SMTP_HOST= 35 | PENPOT_SMTP_PORT= 36 | PENPOT_SMTP_USERNAME= 37 | PENPOT_SMTP_PASSWORD= 38 | PENPOT_SMTP_TLS=true 39 | #PENPOT_SMTP_SSL=false 40 | 41 | # Feature flags. Right now they are only affect frontend, but in 42 | # future release they will affect to both backend and frontend. 43 | #PENPOT_FLAGS="enable-registration enable-demo-users" 44 | PENPOT_FLAGS="enable-demo-users disable-secure-session-cookies enable-insecure-registration" 45 | 46 | # Comma separated list of allowed domains to register. Empty to allow all. 47 | # PENPOT_REGISTRATION_DOMAIN_WHITELIST="" 48 | 49 | # The email address to use for ACME registration. 50 | ACME_EMAIL= 51 | 52 | ## Authentication providers 53 | 54 | # Google 55 | # PENPOT_GOOGLE_CLIENT_ID= 56 | # PENPOT_GOOGLE_CLIENT_SECRET= 57 | 58 | # GitHub 59 | # PENPOT_GITHUB_CLIENT_ID= 60 | # PENPOT_GITHUB_CLIENT_SECRET= 61 | 62 | # GitLab 63 | # PENPOT_GITLAB_BASE_URI=https://gitlab.com 64 | # PENPOT_GITLAB_CLIENT_ID= 65 | # PENPOT_GITLAB_CLIENT_SECRET= 66 | 67 | # OpenID Connect (since 1.5.0) 68 | # PENPOT_OIDC_BASE_URI= 69 | # PENPOT_OIDC_CLIENT_ID= 70 | # PENPOT_OIDC_CLIENT_SECRET= 71 | 72 | # LDAP 73 | # PENPOT_LDAP_HOST=ldap 74 | # PENPOT_LDAP_PORT=10389 75 | # PENPOT_LDAP_SSL=false 76 | # PENPOT_LDAP_STARTTLS=false 77 | # PENPOT_LDAP_BASE_DN=ou=people,dc=planetexpress,dc=com 78 | # PENPOT_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com 79 | # PENPOT_LDAP_BIND_PASSWORD=GoodNewsEveryone 80 | # PENPOT_LDAP_ATTRS_USERNAME=uid 81 | # PENPOT_LDAP_ATTRS_EMAIL=mail 82 | # PENPOT_LDAP_ATTRS_FULLNAME=cn 83 | # PENPOT_LDAP_ATTRS_PHOTO=jpegPhoto 84 | # PENPOT_LOGIN_WITH_LDAP=true -------------------------------------------------------------------------------- /penpot/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | services: 4 | penpot-frontend: 5 | image: "penpotapp/frontend:latest" 6 | container_name: penpot-frontend 7 | ports: 8 | - 9001:80 9 | 10 | volumes: 11 | - penpot_assets_data:/opt/data 12 | 13 | env_file: 14 | - config.env 15 | 16 | depends_on: 17 | - penpot-backend 18 | - penpot-exporter 19 | 20 | networks: 21 | - penpot 22 | 23 | penpot-backend: 24 | image: "penpotapp/backend:latest" 25 | container_name: penpot-backend 26 | volumes: 27 | - penpot_assets_data:/opt/data 28 | 29 | depends_on: 30 | - penpot-postgres 31 | - penpot-redis 32 | 33 | env_file: 34 | - config.env 35 | 36 | networks: 37 | - penpot 38 | 39 | penpot-exporter: 40 | image: "penpotapp/exporter:latest" 41 | container_name: penpot-exporter 42 | environment: 43 | # Don't touch it; this uses internal docker network to 44 | # communicate with the frontend. 45 | - PENPOT_PUBLIC_URI=https://penpot-frontend 46 | networks: 47 | - penpot 48 | 49 | penpot-postgres: 50 | image: "postgres:13" 51 | container_name: penpot-postgres 52 | restart: always 53 | stop_signal: SIGINT 54 | 55 | environment: 56 | - POSTGRES_INITDB_ARGS=--data-checksums 57 | - POSTGRES_DB=penpot 58 | - POSTGRES_USER=penpot 59 | - POSTGRES_PASSWORD=penpot 60 | 61 | volumes: 62 | #- penpot_postgres_data:/var/lib/postgresql/data 63 | - penpot_postgres_data:/var/lib/docker/volumes/postgresql/data 64 | 65 | networks: 66 | - penpot 67 | 68 | penpot-redis: 69 | image: redis:6 70 | container_name: penpot-redis 71 | restart: always 72 | networks: 73 | - penpot 74 | 75 | caddy: 76 | image: caddy:2 77 | container_name: penpot-caddy 78 | restart: always 79 | ports: 80 | - 80:80 # Needed for the ACME HTTP-01 challenge. 81 | - 443:443 82 | volumes: 83 | - ./Caddyfile:/etc/caddy/Caddyfile:ro 84 | - ./caddy-config:/config 85 | - ./caddy-data:/data 86 | environment: 87 | - DOMAIN=${PENPOT_PUBLIC_URI} 88 | - EMAIL=${ACME_EMAIL} # The email address to use for ACME registration. 89 | - LOG_FILE=/data/access.log 90 | networks: 91 | - penpot 92 | 93 | networks: 94 | penpot: 95 | 96 | volumes: 97 | penpot_postgres_data: 98 | penpot_assets_data: -------------------------------------------------------------------------------- /penpot/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/penpot/nginx.conf -------------------------------------------------------------------------------- /penpot/readme.md: -------------------------------------------------------------------------------- 1 | # Penpot 2 | Penpot is the first Open Source design and prototyping platform meant for cross-domain teams. 3 | 4 | * Official repo: https://github.com/penpot/penpot 5 | 6 | ## Configuration 7 | Open .env and fill the required parameters: 8 | ``` 9 | DATA_FOLDER= 10 | PENPOT_PUBLIC_URI= 11 | ACME_EMAIL= 12 | PENPOT_SMTP_ENABLED= 13 | ``` 14 | 15 | ## Installation 16 | 17 | ### Option 1: with Caddy inside docker stack 18 | ``` 19 | cd penpot+caddy 20 | docker-compose pull && docker-compose up -d 21 | ``` 22 | 23 | ### Option 2: with nginx installed on host 24 | 1. Comment "caddy" service part on docker-compose.yml. 25 | 2. Run: **docker-compose pull** 26 | 3. Run: **docker-compose up -d** 27 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 28 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 29 | 6. Reload nginx: **service nginx reload** 30 | 7. Install certbot and run: **certbot --nginx -d vaultwarden.domain.com** 31 | 32 | ## Logs 33 | ``` 34 | docker logs -f penpot 35 | ``` 36 | -------------------------------------------------------------------------------- /pihole/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # –––––––––––––––– OPTIONAL –––––––––––––––– 4 | -------------------------------------------------------------------------------- /pihole/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | pihole: 6 | container_name: pihole 7 | image: pihole/pihole:latest 8 | # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" 9 | ports: 10 | - "53:53/tcp" 11 | - "53:53/udp" 12 | - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server 13 | - "80:80/tcp" 14 | environment: 15 | TZ: 'America/Chicago' 16 | WEBPASSWORD: 'set a secure password here or it will be random' 17 | volumes: 18 | - './etc-pihole:/etc/pihole' 19 | - './etc-dnsmasq.d:/etc/dnsmasq.d' 20 | # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities 21 | cap_add: 22 | - NET_ADMIN # Recommended but not required (DHCP needs NET_ADMIN) 23 | restart: unless-stopped -------------------------------------------------------------------------------- /pihole/readme.md: -------------------------------------------------------------------------------- 1 | # Pi Hole 2 | Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. 3 | 4 | * Official repo: https://github.com/pi-hole/docker-pi-hole/ 5 | 6 | ## Installation 7 | 8 | ``` 9 | cd pihole 10 | docker-compose pull && docker-compose up -d 11 | ``` 12 | 13 | ## Logs 14 | ``` 15 | docker logs -f pihole 16 | ``` -------------------------------------------------------------------------------- /portainer-agent/.env: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/portainer-agent/.env -------------------------------------------------------------------------------- /portainer-agent/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.2' 2 | 3 | services: 4 | agent: 5 | image: portainer/agent 6 | environment: 7 | # REQUIRED: Should be equal to the service name prefixed by "tasks." when 8 | # deployed inside an overlay network 9 | AGENT_CLUSTER_ADDR: tasks.agent 10 | # AGENT_PORT: 9001 11 | # LOG_LEVEL: debug 12 | volumes: 13 | - /var/run/docker.sock:/var/run/docker.sock 14 | - /var/lib/docker/volumes:/var/lib/docker/volumes 15 | networks: 16 | - agent_network 17 | deploy: 18 | mode: global 19 | placement: 20 | constraints: [node.platform.os == linux] -------------------------------------------------------------------------------- /portainer-agent/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/portainer-agent/readme.md -------------------------------------------------------------------------------- /portainer/.env: -------------------------------------------------------------------------------- 1 | # PORTAINER 2 | # –––––––––––––––– REQUIRED –––––––––––––––– 3 | PORTAINER_DOMAIN= 4 | 5 | # –––––––––––––––– OPTIONAL –––––––––––––––– 6 | PORTAINER_PORT=9000 7 | PORTAINER_DATA=./portainer_data -------------------------------------------------------------------------------- /portainer/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | services: 4 | 5 | portainer: 6 | image: portainer/portainer-ce 7 | container_name: portainer 8 | command: -H unix:///var/run/docker.sock 9 | restart: always 10 | environment: 11 | - VIRTUAL_HOST=${PORTAINER_DOMAIN} 12 | - VIRTUAL_PORT=${PORTAINER_PORT} 13 | ports: 14 | - ${PORTAINER_PORT}:9000 15 | volumes: 16 | - /var/run/docker.sock:/var/run/docker.sock 17 | - ${PORTAINER_DATA}:/data -------------------------------------------------------------------------------- /portainer/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/portainer/nginx.conf -------------------------------------------------------------------------------- /portainer/readme.md: -------------------------------------------------------------------------------- 1 | # Portainer 2 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. 3 | 4 | * Official repo: https://github.com/portainer/portainer 5 | 6 | ## Configuration 7 | No configuration required. 8 | 9 | ## Installation 10 | 11 | ### Option 1: default 12 | ``` 13 | cd portainer 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Comment "caddy" service part on docker-compose.yml. 19 | 2. Run: **docker-compose pull** 20 | 3. Run: **docker-compose up -d** 21 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 22 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 23 | 6. Reload nginx: **service nginx reload** 24 | 7. Install certbot and run: **certbot --nginx -d vaultwarden.domain.com** 25 | 26 | ## Logs 27 | ``` 28 | docker logs -f portainer 29 | ``` 30 | -------------------------------------------------------------------------------- /supabase/.env: -------------------------------------------------------------------------------- 1 | # SUPABASE 2 | # –––––––––––––––– REQUIRED –––––––––––––––– 3 | # YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION: https://supabase.com/docs/guides/hosting/overview#api-keys 4 | POSTGRES_PASSWORD=your-super-secret-and-long-postgres-password 5 | JWT_SECRET=your-super-secret-jwt-token-with-at-least-32-characters-long 6 | ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE 7 | SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q 8 | 9 | # –––––––––––––––– OPTIONAL –––––––––––––––– 10 | SITE_URL=http://localhost:3000 11 | ADDITIONAL_REDIRECT_URLS= 12 | JWT_EXPIRY=3600 13 | DISABLE_SIGNUP=false 14 | 15 | ## Email auth 16 | ENABLE_EMAIL_SIGNUP=true 17 | ENABLE_EMAIL_AUTOCONFIRM=true 18 | SMTP_ADMIN_EMAIL= 19 | SMTP_HOST= 20 | SMTP_PORT= 21 | SMTP_USER= 22 | SMTP_PASS= 23 | SMTP_SENDER_NAME= 24 | 25 | ## Phone auth 26 | ENABLE_PHONE_SIGNUP=false 27 | ENABLE_PHONE_AUTOCONFIRM=false 28 | 29 | STUDIO_PORT=3000 30 | POSTGRES_PORT=5432 31 | 32 | ## API endpoint ports 33 | KONG_HTTP_PORT=8000 34 | KONG_HTTPS_PORT=8443 35 | 36 | ## Public REST endpoint - replace this if you intend to use Studio outside of localhost 37 | PUBLIC_REST_URL=http://localhost:8000/rest/v1/ -------------------------------------------------------------------------------- /supabase/docker-compose.yml: -------------------------------------------------------------------------------- 1 | # Based on: https://github.com/supabase/supabase/blob/master/docker/docker-compose.yml 2 | version: "3.8" 3 | 4 | services: 5 | studio: 6 | container_name: supabase-studio 7 | image: supabase/studio:latest 8 | restart: unless-stopped 9 | ports: 10 | - ${STUDIO_PORT}:3000/tcp 11 | environment: 12 | STUDIO_PG_META_URL: http://meta:8080 13 | POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 14 | SUPABASE_URL: http://kong:8000 15 | SUPABASE_REST_URL: ${PUBLIC_REST_URL} 16 | SUPABASE_ANON_KEY: ${ANON_KEY} 17 | SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY} 18 | 19 | kong: 20 | container_name: supabase-kong 21 | image: kong:2.1 22 | restart: unless-stopped 23 | ports: 24 | - ${KONG_HTTP_PORT}:8000/tcp 25 | - ${KONG_HTTPS_PORT}:8443/tcp 26 | environment: 27 | KONG_DATABASE: "off" 28 | KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml 29 | # https://github.com/supabase/cli/issues/14 30 | KONG_DNS_ORDER: LAST,A,CNAME 31 | KONG_PLUGINS: request-transformer,cors,key-auth,acl 32 | volumes: 33 | - ./volumes/api/kong.yml:/var/lib/kong/kong.yml 34 | 35 | auth: 36 | container_name: supabase-auth 37 | image: supabase/gotrue:v2.5.21 38 | depends_on: 39 | - db 40 | restart: unless-stopped 41 | environment: 42 | GOTRUE_API_HOST: 0.0.0.0 43 | GOTRUE_API_PORT: 9999 44 | GOTRUE_DB_DRIVER: postgres 45 | GOTRUE_DB_DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@db:5432/postgres?search_path=auth 46 | GOTRUE_SITE_URL: ${SITE_URL} 47 | GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS} 48 | GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP} 49 | GOTRUE_JWT_ADMIN_ROLES: service_role 50 | GOTRUE_JWT_AUD: authenticated 51 | GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated 52 | GOTRUE_JWT_EXP: ${JWT_EXPIRY} 53 | GOTRUE_JWT_SECRET: ${JWT_SECRET} 54 | GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP} 55 | GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM} 56 | GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL} 57 | GOTRUE_SMTP_HOST: ${SMTP_HOST} 58 | GOTRUE_SMTP_PORT: ${SMTP_PORT} 59 | GOTRUE_SMTP_USER: ${SMTP_USER} 60 | GOTRUE_SMTP_PASS: ${SMTP_PASS} 61 | GOTRUE_SMTP_SENDER_NAME: ${SMTP_SENDER_NAME} 62 | GOTRUE_MAILER_URLPATHS_INVITE: /auth/v1/verify 63 | GOTRUE_MAILER_URLPATHS_CONFIRMATION: /auth/v1/verify 64 | GOTRUE_MAILER_URLPATHS_RECOVERY: /auth/v1/verify 65 | GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: /auth/v1/verify 66 | GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP} 67 | GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM} 68 | 69 | rest: 70 | container_name: supabase-rest 71 | image: postgrest/postgrest:v9.0.0 72 | depends_on: 73 | - db 74 | restart: unless-stopped 75 | environment: 76 | PGRST_DB_URI: postgres://postgres:${POSTGRES_PASSWORD}@db:5432/postgres 77 | PGRST_DB_SCHEMAS: public,storage, graphql_public 78 | PGRST_DB_ANON_ROLE: anon 79 | PGRST_JWT_SECRET: ${JWT_SECRET} 80 | PGRST_DB_USE_LEGACY_GUCS: "false" 81 | 82 | realtime: 83 | container_name: supabase-realtime 84 | image: supabase/realtime:v0.21.0 85 | depends_on: 86 | - db 87 | restart: unless-stopped 88 | environment: 89 | DB_HOST: db 90 | DB_PORT: 5432 91 | DB_NAME: postgres 92 | DB_USER: postgres 93 | DB_PASSWORD: ${POSTGRES_PASSWORD} 94 | DB_SSL: "false" 95 | PORT: 4000 96 | JWT_SECRET: ${JWT_SECRET} 97 | REPLICATION_MODE: RLS 98 | REPLICATION_POLL_INTERVAL: 100 99 | SECURE_CHANNELS: "true" 100 | SLOT_NAME: supabase_realtime_rls 101 | TEMPORARY_SLOT: "true" 102 | command: > 103 | bash -c "./prod/rel/realtime/bin/realtime eval Realtime.Release.migrate 104 | && ./prod/rel/realtime/bin/realtime start" 105 | storage: 106 | container_name: supabase-storage 107 | image: supabase/storage-api:v0.10.0 108 | depends_on: 109 | - db 110 | - rest 111 | restart: unless-stopped 112 | environment: 113 | ANON_KEY: ${ANON_KEY} 114 | SERVICE_KEY: ${SERVICE_ROLE_KEY} 115 | POSTGREST_URL: http://rest:3000 116 | PGRST_JWT_SECRET: ${JWT_SECRET} 117 | DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@db:5432/postgres 118 | PGOPTIONS: -c search_path=storage,public 119 | FILE_SIZE_LIMIT: 52428800 120 | STORAGE_BACKEND: file 121 | FILE_STORAGE_BACKEND_PATH: /var/lib/storage 122 | TENANT_ID: stub 123 | # TODO: https://github.com/supabase/storage-api/issues/55 124 | REGION: stub 125 | GLOBAL_S3_BUCKET: stub 126 | volumes: 127 | - ./volumes/storage:/var/lib/storage 128 | 129 | meta: 130 | container_name: supabase-meta 131 | image: supabase/postgres-meta:v0.29.0 132 | depends_on: 133 | - db 134 | restart: unless-stopped 135 | environment: 136 | PG_META_PORT: 8080 137 | PG_META_DB_HOST: db 138 | PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD} 139 | 140 | db: 141 | container_name: supabase-db 142 | image: supabase/postgres:14.1.0.19 143 | command: postgres -c config_file=/etc/postgresql/postgresql.conf 144 | restart: unless-stopped 145 | ports: 146 | - ${POSTGRES_PORT}:5432 147 | environment: 148 | POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 149 | volumes: 150 | # - ./volumes/db/data:/var/lib/postgresql/data 151 | - ./volumes/db/init:/docker-entrypoint-initdb.d -------------------------------------------------------------------------------- /supabase/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/supabase/nginx.conf -------------------------------------------------------------------------------- /supabase/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/supabase/readme.md -------------------------------------------------------------------------------- /tooljet/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | TOOLJET_HOST=https://localhost 4 | TOOLJET_CLIENT_PORT=999 5 | TOOLJET_SERVER_PORT=3000 6 | 7 | # –––––––––––––––– OPTIONAL –––––––––––––––– 8 | 9 | LOCKBOX_MASTER_KEY=replace_with_lockbox_master_key 10 | SECRET_KEY_BASE=replace_with_secret_key_base 11 | 12 | # DATABASE CONFIG 13 | ORM_LOGGING=all 14 | PG_DB=tooljet_production 15 | PG_USER=postgres 16 | PG_HOST=postgres 17 | PG_PASS=postgres 18 | PG_SERVER_PORT=5432 19 | 20 | # Checks every 24 hours to see if a new version of ToolJet is available 21 | # (Enabled by default. Set 0 to disable) 22 | CHECK_FOR_UPDATES= 23 | 24 | # Checks every 24 hours to update app telemetry data to ToolJet hub. 25 | # (Telemetry is enabled by default. Set value to true to disable.) 26 | # DISABLE_APP_TELEMETRY=false 27 | 28 | GOOGLE_CLIENT_ID= 29 | GOOGLE_CLIENT_SECRET= 30 | 31 | # EMAIL CONFIGURATION 32 | DEFAULT_FROM_EMAIL= 33 | SMTP_USERNAME= 34 | SMTP_PASSWORD= 35 | SMTP_DOMAIN= 36 | SMTP_PORT= 37 | 38 | # DISABLE USER SIGNUPS (true or false). Default: true 39 | DISABLE_SIGNUPS= 40 | 41 | # OBSERVABILITY 42 | APM_VENDOR= 43 | SENTRY_DNS= 44 | SENTRY_DEBUG= 45 | 46 | # FEATURE TOGGLE 47 | COMMENT_FEATURE_ENABLE= 48 | ENABLE_MULTIPLAYER_EDITING=true 49 | 50 | #SSO 51 | SSO_DISABLE_SIGNUP= 52 | SSO_RESTRICTED_DOMAIN= 53 | SSO_GOOGLE_OAUTH2_CLIENT_ID= 54 | SSO_GIT_OAUTH2_CLIENT_ID= 55 | SSO_GIT_OAUTH2_CLIENT_SECRET= 56 | SSO_GIT_OAUTH2_HOST= 57 | 58 | #TELEMETRY 59 | DEPLOYMENT_PLATFORM=docker 60 | -------------------------------------------------------------------------------- /tooljet/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | client: 6 | tty: true 7 | stdin_open: true 8 | image: tooljet/tooljet-client-ce:latest 9 | restart: always 10 | env_file: .env 11 | depends_on: 12 | - server 13 | volumes: 14 | - ./logs:/var/log/openresty/ 15 | # - ./certs:/etc/resty-auto-ssl/ 16 | # - ./fallbackcerts:/etc/fallback-certs 17 | ports: 18 | - ${TOOLJET_CLIENT_PORT}:80 19 | # - 443:443 20 | command: openresty -g "daemon off;" 21 | networks: 22 | - internal 23 | 24 | server: 25 | image: tooljet/tooljet-server-ce:latest 26 | tty: true 27 | stdin_open: true 28 | restart: always 29 | ports: 30 | - ${TOOLJET_SERVER_PORT}:3000 31 | env_file: .env 32 | environment: 33 | SERVE_CLIENT: "false" 34 | command: npm run start:prod 35 | depends_on: 36 | - postgres 37 | networks: 38 | - internal 39 | 40 | postgres: 41 | image: postgres:13 42 | restart: always 43 | ports: 44 | - ${PG_SERVER_PORT}:5432 45 | volumes: 46 | - ./postgres:/var/lib/postgresql/data 47 | environment: 48 | - POSTGRES_PASSWORD=postgres 49 | networks: 50 | - internal 51 | 52 | networks: 53 | internal: 54 | name: tooljet_network 55 | driver: bridge 56 | 57 | volumes: 58 | postgres: 59 | driver: local 60 | driver_opts: 61 | o: bind 62 | type: none 63 | device: ${PWD}/postgres_data 64 | certs: 65 | logs: 66 | fallbackcerts: 67 | -------------------------------------------------------------------------------- /tooljet/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/tooljet/nginx.conf -------------------------------------------------------------------------------- /tooljet/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/docker-compose-recipes/6b0ace42dc6729239a4ea2b8875865eff63d8288/tooljet/readme.md -------------------------------------------------------------------------------- /typebot/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | VIEWER_URL=https://bot.domain.com 4 | BUILDER_URL=https://bot-builder.domain.com 5 | ENCRYPTION_SECRET= 6 | ADMIN_EMAIL= 7 | GOOGLE_CLIENT_ID= 8 | GOOGLE_CLIENT_SECRET= 9 | 10 | # –––––––––––––––– OPTIONAL –––––––––––––––– 11 | 12 | # DATABASE 13 | POSTGRES_DB=postgres 14 | POSTGRES_PASSWORD=postgres 15 | 16 | # MINIO 17 | S3_ACCESS_KEY=minio 18 | S3_SECRET_KEY=minio123 19 | S3_BUCKET=typebot 20 | S3_ENDPOINT=minio -------------------------------------------------------------------------------- /typebot/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.3' 2 | 3 | services: 4 | 5 | minio: 6 | image: minio/minio 7 | container_name: minio-typebot 8 | command: server /data 9 | ports: 10 | - '9050:9000' 11 | environment: 12 | MINIO_ROOT_USER: ${S3_ACCESS_KEY} 13 | MINIO_ROOT_PASSWORD: ${S3_SECRET_KEY} 14 | volumes: 15 | - ./s3_data:/data 16 | 17 | # This service just makes sure a bucket with the right policies is created 18 | createbuckets: 19 | image: minio/mc 20 | container_name: bucket-typebot 21 | depends_on: 22 | - minio 23 | entrypoint: > 24 | /bin/sh -c " 25 | sleep 10; 26 | /usr/bin/mc config host add minio http://${S3_ENDPOINT}:9000 ${S3_ACCESS_KEY} ${S3_SECRET_KEY}; 27 | /usr/bin/mc mb minio/typebot; 28 | /usr/bin/mc policy set public minio/typebot/public; 29 | exit 0; 30 | " 31 | 32 | typebot-db: 33 | image: postgres:13 34 | container_name: pg-typebot 35 | restart: always 36 | volumes: 37 | - ./db_data:/var/lib/postgresql/data 38 | environment: 39 | - POSTGRES_DB=${POSTGRES_DB} 40 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} 41 | 42 | typebot-builder: 43 | image: baptistearno/typebot-builder:latest 44 | container_name: builder-typebot 45 | restart: always 46 | depends_on: 47 | - typebot-db 48 | ports: 49 | - '5000:3000' 50 | extra_hosts: 51 | - 'host.docker.internal:host-gateway' 52 | # See https://docs.typebot.io/self-hosting/configuration for more configuration options 53 | environment: 54 | - S3_ACCESS_KEY=${S3_ACCESS_KEY} 55 | - S3_SECRET_KEY=${S3_SECRET_KEY} 56 | - S3_BUCKET=${S3_BUCKET} 57 | - S3_ENDPOINT=${S3_ENDPOINT} # change to your domain name 58 | - DATABASE_URL=postgresql://postgres:${POSTGRES_DB}@typebot-db:5432/${POSTGRES_PASSWORD} 59 | - NEXTAUTH_URL=${BUILDER_URL} 60 | - NEXT_PUBLIC_VIEWER_URL=${VIEWER_URL} 61 | - ENCRYPTION_SECRET=${ENCRYPTION_SECRET} 62 | - ADMIN_EMAIL=${ADMIN_EMAIL} 63 | - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID} 64 | - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET} 65 | 66 | typebot-viewer: 67 | image: baptistearno/typebot-viewer:latest 68 | container_name: viewer-typebot 69 | restart: always 70 | ports: 71 | - '5001:3000' 72 | # See https://docs.typebot.io/self-hosting/configuration for more configuration options 73 | environment: 74 | - S3_ACCESS_KEY=${S3_ACCESS_KEY} 75 | - S3_SECRET_KEY=${S3_SECRET_KEY} 76 | - S3_BUCKET=${S3_BUCKET} 77 | - S3_ENDPOINT=${S3_ENDPOINT} # change to your domain name 78 | - DATABASE_URL=postgresql://postgres:${POSTGRES_DB}@typebot-db:5432/${POSTGRES_PASSWORD} 79 | - NEXT_PUBLIC_VIEWER_URL=${VIEWER_URL} 80 | - ENCRYPTION_SECRET=${ENCRYPTION_SECRET} 81 | 82 | #volumes: 83 | # db_data: 84 | # s3_data: -------------------------------------------------------------------------------- /typebot/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name typebot.domain.com; 6 | 7 | access_log off; 8 | 9 | #error_log /var/log/nginx/typebot.domain.com.error.log debug; 10 | 11 | keepalive_timeout 70; 12 | client_max_body_size 50m; 13 | 14 | location / { 15 | proxy_pass http://127.0.0.1:5001; 16 | proxy_http_version 1.1; 17 | proxy_set_header Upgrade $http_upgrade; 18 | proxy_set_header Connection "Upgrade"; 19 | proxy_set_header Host $host; 20 | } 21 | 22 | } 23 | 24 | server { 25 | 26 | listen 80; 27 | 28 | server_name typebot-builder.domain.com; 29 | 30 | access_log off; 31 | #error_log /var/log/nginx/typebot-builder.domain.com.error.log debug; 32 | 33 | keepalive_timeout 70; 34 | client_max_body_size 50m; 35 | 36 | location / { 37 | proxy_pass http://127.0.0.1:5000; 38 | proxy_http_version 1.1; 39 | proxy_set_header Upgrade $http_upgrade; 40 | proxy_set_header Connection "Upgrade"; 41 | proxy_set_header Host $host; 42 | } 43 | 44 | } -------------------------------------------------------------------------------- /typebot/readme.md: -------------------------------------------------------------------------------- 1 | # Typebot 2 | Typebot is an open-source project that allows you to create conversational apps/forms (Lead qualification, Product launch, User onboarding, Customer support), embed them anywhere on your web/mobile apps, and collect results in real-time. 3 | 4 | * Official repo: https://github.com/baptisteArno/typebot.io 5 | 6 | ## Configuration 7 | Open and edit .env file. 8 | 9 | ## Installation 10 | 11 | ### Option 1: default 12 | ``` 13 | cd typebot 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Run: **docker-compose pull** 19 | 2. Run: **docker-compose up -d** 20 | 3. Make a copy of nginx.conf on **/etc/nginx/sites-available** 21 | 4. Create symbolic link on **/etc/nginx/sites-enabled** 22 | 5. Reload nginx: **service nginx reload** 23 | 6. Install certbot and run: **certbot --nginx -d typebot.domain.com,typebot-builder.domain.com** 24 | 25 | ## Logs 26 | ``` 27 | docker logs -f typebot-viewer 28 | docker logs -f typebot-builder 29 | ``` 30 | -------------------------------------------------------------------------------- /uptime-kuma/.env: -------------------------------------------------------------------------------- 1 | # –––––––––––––––– REQUIRED –––––––––––––––– 2 | 3 | # –––––––––––––––– OPTIONAL –––––––––––––––– 4 | -------------------------------------------------------------------------------- /uptime-kuma/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | kuma: 6 | image: 'louislam/uptime-kuma:1' 7 | container_name: uptime-kuma 8 | ports: 9 | - '3001:3001' 10 | volumes: 11 | - './uptimekuma_data:/app/data' -------------------------------------------------------------------------------- /uptime-kuma/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | server_name domain.com; 4 | 5 | location / { 6 | proxy_pass http://localhost:3001; 7 | proxy_http_version 1.1; 8 | proxy_set_header Upgrade $http_upgrade; 9 | proxy_set_header Connection "upgrade"; 10 | proxy_set_header Host $host; 11 | } 12 | 13 | listen 80; 14 | 15 | } -------------------------------------------------------------------------------- /uptime-kuma/readme.md: -------------------------------------------------------------------------------- 1 | # Uptime Kuma 2 | It is a self-hosted monitoring tool like "Uptime Robot". 3 | 4 | * Official repo: https://github.com/louislam/uptime-kuma 5 | 6 | ## Configuration 7 | No configuration required. 8 | 9 | ## Installation 10 | 11 | ### Option 1: with Caddy inside docker stack 12 | ``` 13 | cd uptime-kuma 14 | docker-compose pull && docker-compose up -d 15 | ``` 16 | 17 | ### Option 2: with nginx installed on host 18 | 1. Comment "caddy" service part on docker-compose.yml. 19 | 2. Run: **docker-compose pull** 20 | 3. Run: **docker-compose up -d** 21 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 22 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 23 | 6. Reload nginx: **service nginx reload** 24 | 7. Install certbot and run: **certbot --nginx -d vaultwarden.domain.com** 25 | 26 | ## Logs 27 | ``` 28 | docker logs -f uptime-kuma 29 | ``` 30 | -------------------------------------------------------------------------------- /vaultwarden/.env: -------------------------------------------------------------------------------- 1 | ## Vaultwarden Configuration File 2 | ## Uncomment any of the following lines to change the defaults 3 | ## 4 | ## Be aware that most of these settings will be overridden if they were changed 5 | ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . 6 | 7 | ## Main data folder 8 | DATA_FOLDER=./vw-data 9 | 10 | ## Database URL 11 | ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3 12 | # DATABASE_URL=data/db.sqlite3 13 | ## When using MySQL, specify an appropriate connection URI. 14 | ## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html 15 | # DATABASE_URL=mysql://user:password@host[:port]/database_name 16 | ## When using PostgreSQL, specify an appropriate connection URI (recommended) 17 | ## or keyword/value connection string. 18 | ## Details: 19 | ## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html 20 | ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING 21 | # DATABASE_URL=postgresql://user:password@host[:port]/database_name 22 | 23 | ## Database max connections 24 | ## Define the size of the connection pool used for connecting to the database. 25 | # DATABASE_MAX_CONNS=10 26 | 27 | ## Individual folders, these override %DATA_FOLDER% 28 | # RSA_KEY_FILENAME=data/rsa_key 29 | # ICON_CACHE_FOLDER=data/icon_cache 30 | # ATTACHMENTS_FOLDER=data/attachments 31 | # SENDS_FOLDER=data/sends 32 | 33 | ## Templates data folder, by default uses embedded templates 34 | ## Check source code to see the format 35 | # TEMPLATES_FOLDER=/path/to/templates 36 | ## Automatically reload the templates for every request, slow, use only for development 37 | # RELOAD_TEMPLATES=false 38 | 39 | ## Client IP Header, used to identify the IP of the client, defaults to "X-Real-IP" 40 | ## Set to the string "none" (without quotes), to disable any headers and just use the remote IP 41 | # IP_HEADER=X-Real-IP 42 | 43 | ## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever") 44 | # ICON_CACHE_TTL=2592000 45 | ## Cache time-to-live for icons which weren't available, in seconds (0 is "forever") 46 | # ICON_CACHE_NEGTTL=259200 47 | 48 | ## Web vault settings 49 | # WEB_VAULT_FOLDER=web-vault/ 50 | # WEB_VAULT_ENABLED=true 51 | 52 | ## Enables websocket notifications 53 | # WEBSOCKET_ENABLED=false 54 | 55 | ## Controls the WebSocket server address and port 56 | # WEBSOCKET_ADDRESS=0.0.0.0 57 | # WEBSOCKET_PORT=3012 58 | 59 | ## Controls whether users are allowed to create Bitwarden Sends. 60 | ## This setting applies globally to all users. 61 | ## To control this on a per-org basis instead, use the "Disable Send" org policy. 62 | # SENDS_ALLOWED=true 63 | 64 | ## Controls whether users can enable emergency access to their accounts. 65 | ## This setting applies globally to all users. 66 | # EMERGENCY_ACCESS_ALLOWED=true 67 | 68 | ## Job scheduler settings 69 | ## 70 | ## Job schedules use a cron-like syntax (as parsed by https://crates.io/crates/cron), 71 | ## and are always in terms of UTC time (regardless of your local time zone settings). 72 | ## 73 | ## How often (in ms) the job scheduler thread checks for jobs that need running. 74 | ## Set to 0 to globally disable scheduled jobs. 75 | # JOB_POLL_INTERVAL_MS=30000 76 | ## 77 | ## Cron schedule of the job that checks for Sends past their deletion date. 78 | ## Defaults to hourly (5 minutes after the hour). Set blank to disable this job. 79 | # SEND_PURGE_SCHEDULE="0 5 * * * *" 80 | ## 81 | ## Cron schedule of the job that checks for trashed items to delete permanently. 82 | ## Defaults to daily (5 minutes after midnight). Set blank to disable this job. 83 | # TRASH_PURGE_SCHEDULE="0 5 0 * * *" 84 | ## 85 | ## Cron schedule of the job that checks for incomplete 2FA logins. 86 | ## Defaults to once every minute. Set blank to disable this job. 87 | # INCOMPLETE_2FA_SCHEDULE="30 * * * * *" 88 | ## 89 | ## Cron schedule of the job that sends expiration reminders to emergency access grantors. 90 | ## Defaults to hourly (5 minutes after the hour). Set blank to disable this job. 91 | # EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE="0 5 * * * *" 92 | ## 93 | ## Cron schedule of the job that grants emergency access requests that have met the required wait time. 94 | ## Defaults to hourly (5 minutes after the hour). Set blank to disable this job. 95 | # EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 5 * * * *" 96 | 97 | ## Enable extended logging, which shows timestamps and targets in the logs 98 | # EXTENDED_LOGGING=true 99 | 100 | ## Timestamp format used in extended logging. 101 | ## Format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime 102 | # LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f" 103 | 104 | ## Logging to file 105 | ## It's recommended to also set 'ROCKET_CLI_COLORS=off' 106 | # LOG_FILE=/path/to/log 107 | 108 | ## Logging to Syslog 109 | ## This requires extended logging 110 | ## It's recommended to also set 'ROCKET_CLI_COLORS=off' 111 | # USE_SYSLOG=false 112 | 113 | ## Log level 114 | ## Change the verbosity of the log output 115 | ## Valid values are "trace", "debug", "info", "warn", "error" and "off" 116 | ## Setting it to "trace" or "debug" would also show logs for mounted 117 | ## routes and static file, websocket and alive requests 118 | # LOG_LEVEL=Info 119 | 120 | ## Enable WAL for the DB 121 | ## Set to false to avoid enabling WAL during startup. 122 | ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB, 123 | ## this setting only prevents vaultwarden from automatically enabling it on start. 124 | ## Please read project wiki page about this setting first before changing the value as it can 125 | ## cause performance degradation or might render the service unable to start. 126 | # ENABLE_DB_WAL=true 127 | 128 | ## Database connection retries 129 | ## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely 130 | # DB_CONNECTION_RETRIES=15 131 | 132 | ## Disable icon downloading 133 | ## Set to true to disable icon downloading, this would still serve icons from $ICON_CACHE_FOLDER, 134 | ## but it won't produce any external network request. Needs to set $ICON_CACHE_TTL to 0, 135 | ## otherwise it will delete them and they won't be downloaded again. 136 | # DISABLE_ICON_DOWNLOAD=false 137 | 138 | ## Icon download timeout 139 | ## Configure the timeout value when downloading the favicons. 140 | ## The default is 10 seconds, but this could be to low on slower network connections 141 | # ICON_DOWNLOAD_TIMEOUT=10 142 | 143 | ## Icon blacklist Regex 144 | ## Any domains or IPs that match this regex won't be fetched by the icon service. 145 | ## Useful to hide other servers in the local network. Check the WIKI for more details 146 | ## NOTE: Always enclose this regex withing single quotes! 147 | # ICON_BLACKLIST_REGEX='^(192\.168\.0\.[0-9]+|192\.168\.1\.[0-9]+)$' 148 | 149 | ## Any IP which is not defined as a global IP will be blacklisted. 150 | ## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block 151 | # ICON_BLACKLIST_NON_GLOBAL_IPS=true 152 | 153 | ## Disable 2FA remember 154 | ## Enabling this would force the users to use a second factor to login every time. 155 | ## Note that the checkbox would still be present, but ignored. 156 | # DISABLE_2FA_REMEMBER=false 157 | 158 | ## Maximum attempts before an email token is reset and a new email will need to be sent. 159 | # EMAIL_ATTEMPTS_LIMIT=3 160 | 161 | ## Token expiration time 162 | ## Maximum time in seconds a token is valid. The time the user has to open email client and copy token. 163 | # EMAIL_EXPIRATION_TIME=600 164 | 165 | ## Email token size 166 | ## Number of digits in an email token (min: 6, max: 19). 167 | ## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting! 168 | # EMAIL_TOKEN_SIZE=6 169 | 170 | ## Controls if new users can register 171 | # SIGNUPS_ALLOWED=true 172 | 173 | ## Controls if new users need to verify their email address upon registration 174 | ## Note that setting this option to true prevents logins until the email address has been verified! 175 | ## The welcome email will include a verification link, and login attempts will periodically 176 | ## trigger another verification email to be sent. 177 | # SIGNUPS_VERIFY=false 178 | 179 | ## If SIGNUPS_VERIFY is set to true, this limits how many seconds after the last time 180 | ## an email verification link has been sent another verification email will be sent 181 | # SIGNUPS_VERIFY_RESEND_TIME=3600 182 | 183 | ## If SIGNUPS_VERIFY is set to true, this limits how many times an email verification 184 | ## email will be re-sent upon an attempted login. 185 | # SIGNUPS_VERIFY_RESEND_LIMIT=6 186 | 187 | ## Controls if new users from a list of comma-separated domains can register 188 | ## even if SIGNUPS_ALLOWED is set to false 189 | # SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org 190 | 191 | ## Controls which users can create new orgs. 192 | ## Blank or 'all' means all users can create orgs (this is the default): 193 | # ORG_CREATION_USERS= 194 | ## 'none' means no users can create orgs: 195 | # ORG_CREATION_USERS=none 196 | ## A comma-separated list means only those users can create orgs: 197 | ORG_CREATION_USERS= 198 | 199 | ## Token for the admin interface, preferably use a long random string 200 | ## One option is to use 'openssl rand -base64 48' 201 | ## If not set, the admin panel is disabled 202 | ADMIN_TOKEN= 203 | 204 | ## Enable this to bypass the admin panel security. This option is only 205 | ## meant to be used with the use of a separate auth layer in front 206 | # DISABLE_ADMIN_TOKEN=false 207 | 208 | ## Invitations org admins to invite users, even when signups are disabled 209 | # INVITATIONS_ALLOWED=true 210 | ## Name shown in the invitation emails that don't come from a specific organization 211 | # INVITATION_ORG_NAME=Vaultwarden 212 | 213 | ## Per-organization attachment storage limit (KB) 214 | ## Max kilobytes of attachment storage allowed per organization. 215 | ## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization. 216 | # ORG_ATTACHMENT_LIMIT= 217 | ## Per-user attachment storage limit (KB) 218 | ## Max kilobytes of attachment storage allowed per user. 219 | ## When this limit is reached, the user will not be allowed to upload further attachments. 220 | # USER_ATTACHMENT_LIMIT= 221 | 222 | ## Number of days to wait before auto-deleting a trashed item. 223 | ## If unset (the default), trashed items are not auto-deleted. 224 | ## This setting applies globally, so make sure to inform all users of any changes to this setting. 225 | # TRASH_AUTO_DELETE_DAYS= 226 | 227 | ## Number of minutes to wait before a 2FA-enabled login is considered incomplete, 228 | ## resulting in an email notification. An incomplete 2FA login is one where the correct 229 | ## master password was provided but the required 2FA step was not completed, which 230 | ## potentially indicates a master password compromise. Set to 0 to disable this check. 231 | ## This setting applies globally to all users. 232 | # INCOMPLETE_2FA_TIME_LIMIT=3 233 | 234 | ## Controls the PBBKDF password iterations to apply on the server 235 | ## The change only applies when the password is changed 236 | # PASSWORD_ITERATIONS=100000 237 | 238 | ## Controls whether a password hint should be shown directly in the web page if 239 | ## SMTP service is not configured. Not recommended for publicly-accessible instances 240 | ## as this provides unauthenticated access to potentially sensitive data. 241 | # SHOW_PASSWORD_HINT=false 242 | 243 | ## Domain settings 244 | ## The domain must match the address from where you access the server 245 | ## It's recommended to configure this value, otherwise certain functionality might not work, 246 | ## like attachment downloads, email links and U2F. 247 | ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs 248 | DOMAIN= 249 | 250 | ACME_EMAIL= 251 | 252 | ## Allowed iframe ancestors (Know the risks!) 253 | ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors 254 | ## Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets 255 | ## This adds the configured value to the 'Content-Security-Policy' headers 'frame-ancestors' value. 256 | ## Multiple values must be separated with a whitespace. 257 | # ALLOWED_IFRAME_ANCESTORS= 258 | 259 | ## Yubico (Yubikey) Settings 260 | ## Set your Client ID and Secret Key for Yubikey OTP 261 | ## You can generate it here: https://upgrade.yubico.com/getapikey/ 262 | ## You can optionally specify a custom OTP server 263 | # YUBICO_CLIENT_ID=11111 264 | # YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA 265 | # YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify 266 | 267 | ## Duo Settings 268 | ## You need to configure all options to enable global Duo support, otherwise users would need to configure it themselves 269 | ## Create an account and protect an application as mentioned in this link (only the first step, not the rest): 270 | ## https://help.bitwarden.com/article/setup-two-step-login-duo/#create-a-duo-security-account 271 | ## Then set the following options, based on the values obtained from the last step: 272 | # DUO_IKEY= 273 | # DUO_SKEY= 274 | # DUO_HOST= 275 | ## After that, you should be able to follow the rest of the guide linked above, 276 | ## ignoring the fields that ask for the values that you already configured beforehand. 277 | 278 | ## Authenticator Settings 279 | ## Disable authenticator time drifted codes to be valid. 280 | ## TOTP codes of the previous and next 30 seconds will be invalid 281 | ## 282 | ## According to the RFC6238 (https://tools.ietf.org/html/rfc6238), 283 | ## we allow by default the TOTP code which was valid one step back and one in the future. 284 | ## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes. 285 | ## You can disable this, so that only the current TOTP Code is allowed. 286 | ## Keep in mind that when a sever drifts out of time, valid codes could be marked as invalid. 287 | ## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid. 288 | # AUTHENTICATOR_DISABLE_TIME_DRIFT=false 289 | 290 | ## Rocket specific settings 291 | ## See https://rocket.rs/v0.4/guide/configuration/ for more details. 292 | #ROCKET_ADDRESS=0.0.0.0 293 | #ROCKET_PORT=8080 # Defaults to 80 in the Docker images, or 8000 otherwise. 294 | #ROCKET_WORKERS=10 295 | #ROCKET_TLS={certs="/etc/letsencrypt/live/vault.broobe.com/fullchain.pem",key="/etc/letsencrypt/live/vault.broobe.com/privkey.pem"} 296 | 297 | ## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service. 298 | ## To make sure the email links are pointing to the correct host, set the DOMAIN variable. 299 | ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory 300 | SMTP_HOST= 301 | SMTP_FROM= 302 | SMTP_FROM_NAME=Vault 303 | SMTP_PORT=587 # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS. 304 | SMTP_SSL=true # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default. 305 | SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here. 306 | SMTP_USERNAME= 307 | SMTP_PASSWORD= 308 | SMTP_TIMEOUT=15 309 | 310 | ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections. 311 | ## Possible values: ["Plain", "Login", "Xoauth2"]. 312 | ## Multiple options need to be separated by a comma ','. 313 | # SMTP_AUTH_MECHANISM="Plain" 314 | 315 | ## Server name sent during the SMTP HELO 316 | ## By default this value should be is on the machine's hostname, 317 | ## but might need to be changed in case it trips some anti-spam filters 318 | # HELO_NAME= 319 | 320 | ## SMTP debugging 321 | ## When set to true this will output very detailed SMTP messages. 322 | ## WARNING: This could contain sensitive information like passwords and usernames! Only enable this during troubleshooting! 323 | # SMTP_DEBUG=false 324 | 325 | ## Accept Invalid Hostnames 326 | ## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks! 327 | ## Only use this as a last resort if you are not able to use a valid certificate. 328 | # SMTP_ACCEPT_INVALID_HOSTNAMES=false 329 | 330 | ## Accept Invalid Certificates 331 | ## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks! 332 | ## Only use this as a last resort if you are not able to use a valid certificate. 333 | ## If the Certificate is valid but the hostname doesn't match, please use SMTP_ACCEPT_INVALID_HOSTNAMES instead. 334 | # SMTP_ACCEPT_INVALID_CERTS=false 335 | 336 | ## Require new device emails. When a user logs in an email is required to be sent. 337 | ## If sending the email fails the login attempt will fail!! 338 | # REQUIRE_DEVICE_EMAIL=false 339 | 340 | ## HIBP Api Key 341 | ## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key 342 | # HIBP_API_KEY= 343 | 344 | # vim: syntax=ini 345 | 346 | -------------------------------------------------------------------------------- /vaultwarden/Caddyfile: -------------------------------------------------------------------------------- 1 | {$DOMAIN}:443 { 2 | log { 3 | level INFO 4 | output file {$LOG_FILE} { 5 | roll_size 10MB 6 | roll_keep 10 7 | } 8 | } 9 | 10 | # Use the ACME HTTP-01 challenge to get a cert for the configured domain. 11 | tls {$EMAIL} 12 | 13 | # This setting may have compatibility issues with some browsers 14 | # (e.g., attachment downloading on Firefox). Try disabling this 15 | # if you encounter issues. 16 | encode gzip 17 | 18 | # Notifications redirected to the WebSocket server 19 | reverse_proxy /notifications/hub vaultwarden:3012 20 | 21 | # Proxy everything else to Rocket 22 | reverse_proxy vaultwarden:8097 { 23 | # Send the true remote IP to Rocket, so that vaultwarden can put this in the 24 | # log, so that fail2ban can ban the correct IP. 25 | header_up X-Real-IP {remote_host} 26 | } 27 | } -------------------------------------------------------------------------------- /vaultwarden/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | 3 | services: 4 | vaultwarden: 5 | image: vaultwarden/server:latest 6 | container_name: vaultwarden 7 | restart: always 8 | environment: 9 | - WEBSOCKET_ENABLED=true 10 | - SIGNUPS_ALLOWED=false 11 | - DOMAIN=${DOMAIN} 12 | - SMTP_HOST=${SMTP_HOST} 13 | - SMTP_FROM=${SMTP_FROM} 14 | - SMTP_PORT=${SMTP_PORT} 15 | - SMTP_SSL=${SMTP_SSL} 16 | - SMTP_USERNAME=${SMTP_USERNAME} 17 | - SMTP_PASSWORD=${SMTP_PASSWORD} 18 | - ADMIN_TOKEN=${ADMIN_TOKEN} 19 | ports: 20 | - 8097:80 21 | volumes: 22 | - ${DATA_FOLDER}:/data 23 | 24 | caddy: 25 | image: caddy:2 26 | container_name: caddy-vaultwarden 27 | restart: always 28 | ports: 29 | - 80:80 # Needed for the ACME HTTP-01 challenge. 30 | - 443:443 31 | volumes: 32 | - ${DATA_FOLDER}/Caddyfile:/etc/caddy/Caddyfile:ro 33 | - ${DATA_FOLDER}/caddy-config:/config 34 | - ${DATA_FOLDER}/caddy-data:/data 35 | environment: 36 | - DOMAIN=${DOMAIN} 37 | - EMAIL=${ACME_EMAIL} # The email address to use for ACME registration. 38 | - LOG_FILE=/data/access.log 39 | -------------------------------------------------------------------------------- /vaultwarden/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name vaultwarden.domain.com; 6 | 7 | access_log off; 8 | 9 | keepalive_timeout 70; 10 | client_max_body_size 50m; 11 | 12 | location / { 13 | proxy_pass http://127.0.0.1:8097; 14 | proxy_http_version 1.1; 15 | proxy_set_header Upgrade $http_upgrade; 16 | proxy_set_header Connection "Upgrade"; 17 | proxy_set_header Host $host; 18 | } 19 | 20 | location /notifications/hub { 21 | proxy_pass http://127.0.0.1:3012; 22 | proxy_set_header Upgrade $http_upgrade; 23 | proxy_set_header Connection "upgrade"; 24 | } 25 | 26 | location /notifications/hub/negotiate { 27 | proxy_pass http://127.0.0.1:8097; 28 | } 29 | 30 | } -------------------------------------------------------------------------------- /vaultwarden/readme.md: -------------------------------------------------------------------------------- 1 | # Vaultwarden 2 | Unofficial Bitwarden compatible server written in Rust. 3 | 4 | * Official repo: https://github.com/dani-garcia/vaultwarden 5 | 6 | ## Configuration 7 | Open .env and fill the required parameters: 8 | ``` 9 | DATA_FOLDER= 10 | DOMAIN= 11 | ACME_EMAIL= 12 | SMTP_HOST= 13 | ``` 14 | 15 | ## Installation 16 | 17 | ### Option 1: with Caddy inside docker stack 18 | ``` 19 | cd vaultwarden 20 | docker-compose pull && docker-compose up -d 21 | ``` 22 | 23 | If you change vaultwarden port, you need to change it on Caddyfile too. 24 | 25 | ### Option 2: with nginx installed on host 26 | 1. Comment "caddy" service part on docker-compose.yml. 27 | 2. Run: **docker-compose pull** 28 | 3. Run: **docker-compose up -d** 29 | 4. Make a copy of nginx.conf on **/etc/nginx/sites-available** 30 | 5. Create symbolic link on **/etc/nginx/sites-enabled** 31 | 6. Reload nginx: **service nginx reload** 32 | 7. Install certbot and run: **certbot --nginx -d vaultwarden.domain.com** 33 | 34 | If you change vaultwarden port, you need to change it on nginx.conf too. 35 | 36 | ## Logs 37 | ``` 38 | docker logs -f vaultwarden 39 | ``` 40 | -------------------------------------------------------------------------------- /wordpress/.env: -------------------------------------------------------------------------------- 1 | # WORDPRESS 2 | # –––––––––––––––– REQUIRED –––––––––––––––– 3 | PROJECT_NAME= 4 | CERT_EMAIL= 5 | PROJECT_DOMAIN= 6 | 7 | # PHPMYADMIN 8 | PHPMYADMIN_DOMAIN= 9 | 10 | # –––––––––––––––– OPTIONAL –––––––––––––––– 11 | # WP 12 | WWW_DATA_DIR=./wordpress 13 | WORDPRESS_TABLE_PREFIX=wp_ 14 | # PHP 15 | PHP_VERSION=8.1 16 | # NGINX 17 | NGINX_PORT=80 18 | NGINX_SSL_PORT=443 19 | NGINX_CONF_DIR=./nginx/conf 20 | # OPEN LITE SPEED 21 | OLS_VERSION= 22 | OLS_DATA_DIR=. 23 | # CERTBOT 24 | CERT_CONF_DIR=./certbot/conf 25 | CERT_LOGS_DIR=./certbot/logs 26 | CERT_DATA_DIR=./certbot/data 27 | # MYSQL 28 | MYSQL_DATABASE=db_name 29 | MYSQL_USER=db_user 30 | MYSQL_PASSWORD=db_user_pass 31 | MYSQL_ROOT_PASSWORD='root_pass' 32 | MYSQL_DATA_DIR=./mysql_data 33 | # REDIS 34 | REDIS_DATA=./redis 35 | PHPMYADMIN_DATA=./phpmyadmin -------------------------------------------------------------------------------- /wordpress/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.9" 2 | 3 | services: 4 | 5 | # WORDPRESS 6 | wordpress: 7 | container_name: wordpress_${PROJECT_NAME} 8 | image: wordpress:php${PHP_VERSION}-apache 9 | restart: always 10 | stdin_open: true 11 | tty: true 12 | hostname: ${PROJECT_DOMAIN} 13 | environment: 14 | WORDPRESS_DB_HOST: mariadb 15 | WORDPRESS_DB_USER: ${MYSQL_USER} 16 | WORDPRESS_DB_PASSWORD: ${MYSQL_PASSWORD} 17 | WORDPRESS_DB_NAME: ${MYSQL_DATABASE} 18 | WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX} 19 | volumes: 20 | - ${WWW_DATA_DIR}:/var/www/html 21 | networks: 22 | - internal 23 | 24 | # DATABASES 25 | mariadb: 26 | container_name: mariadb_${PROJECT_NAME} 27 | image: mariadb 28 | restart: always 29 | command: --max_allowed_packet=256M 30 | environment: 31 | MYSQL_DATABASE: ${MYSQL_DATABASE} 32 | MYSQL_USER: ${MYSQL_USER} 33 | MYSQL_PASSWORD: ${MYSQL_PASSWORD} 34 | MYSQL_RANDOM_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} 35 | volumes: 36 | - ${MYSQL_DATA_DIR}:/var/lib/mysql 37 | ports: 38 | - "3306:3306" 39 | networks: 40 | - internal 41 | 42 | # mysql: 43 | # container_name: mysql_${PROJECT_NAME} 44 | # image: mysql:8.0 45 | # command: --default-authentication-plugin=mysql_native_password 46 | # expose: 47 | # - "3306" 48 | # restart: unless-stopped 49 | # environment: 50 | # MYSQL_DATABASE: ${MYSQL_DATABASE} 51 | # MYSQL_USER: ${MYSQL_USER} 52 | # MYSQL_PASSWORD: ${MYSQL_PASSWORD} 53 | # MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} 54 | # volumes: 55 | # - ${MYSQL_DATA_DIR}:/var/lib/mysql 56 | 57 | # WP-CLI 58 | wordpress-cli: 59 | container_name: wpcli_${PROJECT_NAME} 60 | depends_on: 61 | - mariadb 62 | - wordpress 63 | image: wordpress:cli 64 | # vstm: This is required to run wordpress-cli with the same user-id as wordpress. 65 | user: xfs 66 | # vstm: add shared volume 67 | volumes: 68 | - ${WWW_DATA_DIR}:/var/www/html 69 | 70 | # WEBSERVER 71 | # nginx: 72 | # container_name: nginx_${PROJECT_NAME} 73 | # image: nginx:latest 74 | # restart: unless-stopped 75 | # ports: 76 | # - ${NGINX_PORT}:80 77 | # - ${NGINX_SSL_PORT}:443 78 | # volumes: 79 | # - ${NGINX_CONF_DIR}:/etc/nginx/conf.d 80 | # - ${CERT_CONF_DIR}:/etc/nginx/ssl 81 | # - ${WWW_DATA_DIR}:/var/www/html 82 | # networks: 83 | # - proxy 84 | # - internal 85 | 86 | # litespeed: 87 | # container_name: openlitespeed_${PROJECT_NAME} 88 | # image: litespeedtech/openlitespeed:${OLS_VERSION}-${PHP_VERSION} 89 | # logging: 90 | # driver: none 91 | # volumes: 92 | # - ${OLS_DATA_DIR}/lsws/conf:/usr/local/lsws/conf 93 | # - ${OLS_DATA_DIR}/lsws/admin-conf:/usr/local/lsws/admin/conf 94 | # - ${OLS_DATA_DIR}/bin/container:/usr/local/bin 95 | # - ${OLS_DATA_DIR}/sites:/var/www/vhosts/ 96 | # - ${OLS_DATA_DIR}/acme:/root/.acme.sh/ 97 | # - ${OLS_DATA_DIR}/logs:/usr/local/lsws/logs/ 98 | # ports: 99 | # - 80:80 100 | # - 443:443 101 | # - 443:443/udp 102 | # - 7080:7080 103 | # restart: always 104 | # environment: 105 | # TZ: ${TimeZone} 106 | # networks: 107 | # - proxy 108 | # - internal 109 | 110 | # REDIS 111 | wpredis: 112 | container_name: redis_${PROJECT_NAME} 113 | image: redis:6 114 | restart: unless-stopped 115 | volumes: 116 | - ${REDIS_DATA}:/data 117 | networks: 118 | - internal 119 | 120 | # PHPMYADMIN 121 | phpmyadmin: 122 | container_name: phpmyadmin_${PROJECT_NAME} 123 | image: phpmyadmin/phpmyadmin 124 | ports: 125 | - 8080:80 126 | - 8443:443 127 | hostname: ${PHPMYADMIN_DOMAIN} 128 | environment: 129 | PMA_HOST: mariadb 130 | PMA_USER: ${MYSQL_USER} 131 | PMA_PASSWORD: ${MYSQL_PASSWORD} 132 | restart: always 133 | volumes: 134 | - ${PHPMYADMIN_DATA}:/data 135 | networks: 136 | - internal 137 | 138 | # CERTBOT 139 | certbot: 140 | container_name: certbot_${PROJECT_NAME} 141 | image: certbot/certbot:latest 142 | #command: certonly --webroot --webroot-path=/var/www/html --email ${CERT_EMAIL} --agree-tos --no-eff-email -d domain.com -d www.domain.com 143 | volumes: 144 | - ${CERT_CONF_DIR}:/etc/letsencrypt 145 | - ${CERT_LOGS_DIR}:/var/log/letsencrypt 146 | - ${WWW_DATA_DIR}:/var/www/html 147 | 148 | networks: 149 | internal: 150 | # proxy: 151 | # external: true 152 | 153 | #volumes: 154 | # db_data: 155 | # wordpress_data: -------------------------------------------------------------------------------- /wordpress/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen [::]:80; 4 | listen 80; 5 | 6 | server_name domain.com www.domain.com; 7 | 8 | root /var/www/html; 9 | 10 | index index.php; 11 | 12 | location ~ /.well-known/acme-challenge { 13 | allow all; 14 | root /var/www/html; 15 | } 16 | 17 | location / { 18 | try_files $uri @apache; 19 | } 20 | 21 | location ~ ^/.user.ini { 22 | deny all; 23 | } 24 | 25 | location ~* .(svg|svgz)$ { 26 | types {} 27 | default_type image/svg+xml; 28 | } 29 | 30 | location = /favicon.ico { 31 | log_not_found off; 32 | access_log off; 33 | } 34 | 35 | location = /robots.txt { 36 | allow all; 37 | log_not_found off; 38 | access_log off; 39 | } 40 | 41 | location @apache { 42 | proxy_set_header X-Real-IP $remote_addr; 43 | proxy_set_header X-Forwarded-For $remote_addr; 44 | proxy_set_header X-Forwarded-Proto $scheme; 45 | proxy_set_header Host $host; 46 | proxy_pass http://wordpress:80; 47 | } 48 | 49 | location ~[^?]*/$ { 50 | proxy_set_header X-Real-IP $remote_addr; 51 | proxy_set_header X-Forwarded-For $remote_addr; 52 | proxy_set_header X-Forwarded-Proto $scheme; 53 | proxy_set_header Host $host; 54 | proxy_pass http://wordpress:80; 55 | } 56 | 57 | location ~ .php$ { 58 | proxy_set_header X-Real-IP $remote_addr; 59 | proxy_set_header X-Forwarded-For $remote_addr; 60 | proxy_set_header X-Forwarded-Proto $scheme; 61 | proxy_set_header Host $host; 62 | proxy_pass http://wordpress:80; 63 | } 64 | 65 | location ~/. { 66 | deny all; 67 | access_log off; 68 | log_not_found off; 69 | } 70 | 71 | } -------------------------------------------------------------------------------- /wordpress/readme.md: -------------------------------------------------------------------------------- 1 | Refs: 2 | 3 | https://stackoverflow.com/questions/65108253/docker-wordpress-seperate-default-plugins-from-own-plugins 4 | https://github.com/michaelcardoza/wp-docker/blob/master/docker-compose.yml 5 | https://www.cloudbooklet.com/install-wordpress-with-docker-compose-nginx-apache-with-ssl/ --------------------------------------------------------------------------------