From: Giorgio Ravera Date: Fri, 4 Jul 2025 18:38:31 +0000 (+0200) Subject: Various updates X-Git-Url: http://git.giorgioravera.it/?a=commitdiff_plain;h=c3662d5aaba847b12be634841817a88637fa7d7c;p=docker.git Various updates --- diff --git a/code-server/docker-compose.yaml b/code-server/docker-compose.yaml deleted file mode 100644 index c345239..0000000 --- a/code-server/docker-compose.yaml +++ /dev/null @@ -1,42 +0,0 @@ -services: - code-server: - container_name: code-server - image: lscr.io/linuxserver/code-server:latest - restart: unless-stopped - #ports: - # - 8443:8443 - environment: - - TZ=${DOCKER_TZ} - - PUID=1000 - - PGID=1000 - #- PASSWORD=password #optional - # printf 'thisismypassword' | sha256sum | cut -d' ' -f1 - - HASHED_PASSWORD=5e2f4cae5d297d554b8a1840abd59bab2bfa93254081d733000deefbfb102c15 - #- SUDO_PASSWORD=password #optional - - SUDO_PASSWORD_HASH=6dcd8d81529b070e3551b7615fc8573e58e9ad7dc7b4a94597ca801bc0e43d27 - - PROXY_DOMAIN=code.giorgioravera.it - - DEFAULT_WORKSPACE=/config/workspace - volumes: - - ${DOCKER_CFG_DIR}/code-server:/config - networks: - - proxy - labels: - - "traefik.enable=true" - # Router: HTTP - - "traefik.http.routers.code-server.entrypoints=http" - - "traefik.http.routers.code-server.rule=Host(`code.giorgioravera.it`)" - #- "traefik.http.routers.code-server.service=code-server" - - "traefik.http.routers.code-server.middlewares=code-server-https-redirect" - # Router: HTTPS - - "traefik.http.routers.code-server-secure.entrypoints=https" - - "traefik.http.routers.code-server-secure.rule=Host(`code.giorgioravera.it`)" - - "traefik.http.routers.code-server-secure.tls=true" - - "traefik.http.routers.code-server-secure.service=code-server" - # Middlewares: Redirect http to https - - "traefik.http.middlewares.code-server-https-redirect.redirectscheme.scheme=https" - # Services: Loadbalancer - - "traefik.http.services.code-server.loadbalancer.server.port=8443" - -networks: - proxy: - external: true diff --git a/download/filebrowser.yaml b/download/filebrowser.yaml index 5bd65f3..3ae9a15 100644 --- a/download/filebrowser.yaml +++ b/download/filebrowser.yaml @@ -11,8 +11,8 @@ services: - PGID=1000 volumes: - /mnt/download/complete:/srv - - ${DOCKER_CFG_DIR}/download/filebrowser/filebrowser.db:/database.db - - ${DOCKER_CFG_DIR}/download/filebrowser/filebrowser.json:/.filebrowser.json + - ${DOCKER_CFG_DIR}/download/filebrowser/database:/database + - ${DOCKER_CFG_DIR}/download/filebrowser/config:/config networks: - proxy healthcheck: diff --git a/openvscode-server/docker-compose.yaml b/openvscode-server/docker-compose.yaml new file mode 100644 index 0000000..3048efc --- /dev/null +++ b/openvscode-server/docker-compose.yaml @@ -0,0 +1,57 @@ +services: + openvscode-server: + container_name: openvscode-server + image: lscr.io/linuxserver/openvscode-server:latest + restart: unless-stopped + #ports: + # - 3000:3000 + environment: + - TZ=${DOCKER_TZ} + - PUID=1000 + - PGID=1000 + #- CONNECTION_TOKEN=supersecrettoken #optional + - CONNECTION_SECRET=/token + #- SUDO_PASSWORD=password #optional + #- SUDO_PASSWORD_HASH=$$2a$$12$$XJrWUkkJ/q9T/LbuH2Uw4OHrv0Ne1Ptc80WcEfOzAMOPsJbl.xiH2 + - PROXY_DOMAIN=code.giorgioravera.it + - DEFAULT_WORKSPACE=/config/workspace + volumes: + - ${DOCKER_CFG_DIR}/openvscode-server/config:/config + - ${DOCKER_CFG_DIR}/openvscode-server/token:/token + # Projects + - ${DOCKER_CFG_DIR}/homeassistant:/homeassistant + networks: + - proxy + labels: + - "traefik.enable=true" + # Router: HTTP + - "traefik.http.routers.openvscode-server.entrypoints=http" + - "traefik.http.routers.openvscode-server.rule=Host(`code.giorgioravera.it`)" + #- "traefik.http.routers.openvscode-server.service=openvscode-server" + #- "traefik.http.routers.openvscode-server.middlewares=openvscode-server-auth-passwd" + #- "traefik.http.routers.openvscode-server.middlewares=openvscode-server-auth-ldap" + - "traefik.http.routers.openvscode-server.middlewares=openvscode-server-https-redirect" + # Router: HTTPS + - "traefik.http.routers.openvscode-server-secure.entrypoints=https" + - "traefik.http.routers.openvscode-server-secure.rule=Host(`code.giorgioravera.it`)" + - "traefik.http.routers.openvscode-server-secure.tls=true" + - "traefik.http.routers.openvscode-server-secure.service=openvscode-server" + #- "traefik.http.routers.openvscode-server-secure.middlewares=openvscode-server-passwd" + - "traefik.http.routers.openvscode-server-secure.middlewares=openvscode-server-auth-ldap" + # Middlewares: Redirect http to https + - "traefik.http.middlewares.openvscode-server-https-redirect.redirectscheme.scheme=https" + # Middlewares: Passwd Auth + #- "traefik.http.middlewares.openvscode-server-auth-passwd.basicauth.usersfile=/passwd/openvscode" + # Middlewares: LDAP Auth + - "traefik.http.middlewares.openvscode-server-auth-ldap.plugin.ldapAuth.enabled=true" + - "traefik.http.middlewares.openvscode-server-auth-ldap.plugin.ldapAuth.url=ldaps://ldap.giorgioravera.it" + - "traefik.http.middlewares.openvscode-server-auth-ldap.plugin.ldapAuth.port=636" + - "traefik.http.middlewares.openvscode-server-auth-ldap.plugin.ldapAuth.useTLS=true" + - "traefik.http.middlewares.openvscode-server-auth-ldap.plugin.ldapAuth.baseDN=ou=Users,dc=giorgioravera,dc=it" + - "traefik.http.middlewares.openvscode-server-auth-ldap.plugin.ldapAuth.attribute=uid" + # Services: Loadbalancer + - "traefik.http.services.openvscode-server.loadbalancer.server.port=3000" + +networks: + proxy: + external: true diff --git a/traefik/docker-compose.yaml b/traefik/docker-compose.yaml index 9365989..e70ebc7 100644 --- a/traefik/docker-compose.yaml +++ b/traefik/docker-compose.yaml @@ -33,16 +33,18 @@ services: - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`traefik.giorgioravera.it`)" #- "traefik.http.routers.traefik.service=api@internal" - - "traefik.http.routers.traefik.middlewares=traefik-auth" + #- "traefik.http.routers.traefik.middlewares=traefik-auth-passwd" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" # Router: HTTPS - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`traefik.giorgioravera.it`)" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.service=api@internal" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" + - "traefik.http.routers.traefik-secure.middlewares=traefik-auth-passwd" # Middlewares: Redirect http to https - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/passwd" + # Middlewares: Passwd Auth + - "traefik.http.middlewares.traefik-auth-passwd.basicauth.usersfile=/passwd/traefik" # Services: Loadbalancer - - "traefik.http.services.workaround.loadbalancer.server.port=9999" + #- "traefik.http.services.workaround.loadbalancer.server.port=9999" + - "traefik.http.services.traefik.loadbalancer.server.port=9999" diff --git a/traefik/docker-compose.yaml.agent b/traefik/docker-compose.yaml.agent new file mode 100644 index 0000000..87b3530 --- /dev/null +++ b/traefik/docker-compose.yaml.agent @@ -0,0 +1,74 @@ +services: + traefik: + container_name: traefik + image: traefik:latest + command: + # Enable Hub communication (open the port 9900 and 9901 by default) + - --experimental.hub=true + - --hub.tls.insecure=true + - --metrics.prometheus.addrouterslabels=true +# - --api +# - --api.dashboard +# - --entrypoints.http.address=:80 +# - --entrypoints.https.address=:443 +# - --providers.docker=true +# - --providers.file.watch=true +# - --log.level=DEBUG + restart: always + #ports: + # - 80:80 + # - 443:443 + environment: + - TZ=${DOCKER_TZ} + volumes: + - ${DOCKER_CFG_DIR}/traefik/traefik.yml:/traefik.yml:ro + - ${DOCKER_CFG_DIR}/traefik/passwd:/passwd + #- ${DOCKER_CFG_DIR}/traefik/acme.json:/acme.json + - ${DOCKER_CFG_DIR}/traefik/config:/config + - ${DOCKER_CFG_DIR}/traefik/traefik.log:/traefik.log + - ${DOCKER_CFG_DIR}/traefik/access.log:/access.log + - /etc/ssl/giorgioravera.it/fullchain.pem:/certs/fullchain.pem + - /etc/ssl/giorgioravera.it/privkey.pem:/certs/privkey.pem + - /var/run/docker.sock:/var/run/docker.sock + network_mode: host + labels: + - "traefik.enable=true" + # Router: HTTP + - "traefik.http.routers.traefik.entrypoints=http" + - "traefik.http.routers.traefik.rule=Host(`traefik.giorgioravera.it`)" + #- "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" + # Router: HTTPS + - "traefik.http.routers.traefik-secure.entrypoints=https" + - "traefik.http.routers.traefik-secure.rule=Host(`traefik.giorgioravera.it`)" + - "traefik.http.routers.traefik-secure.tls=true" + - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" + # Middlewares: Redirect http to https + - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" + - "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/passwd" + # Services: Loadbalancer + - "traefik.http.services.workaround.loadbalancer.server.port=9999" + + # Start the agent with the latest version + hub-agent: + container_name: hub-agent + image: ghcr.io/traefik/hub-agent-traefik:v1.0.0 + command: + - run + - --hub.token=efabfa58-21b6-489c-8d5d-da82f64e5f73 + - --auth-server.advertise-url=http://hub-agent + - --traefik.host=traefik + - --traefik.tls.insecure=true + restart: "on-failure" + environment: + - TZ=${DOCKER_TZ} + volumes: + - /var/run/docker.sock:/var/run/docker.sock + depends_on: + - traefik + network_mode: host + labels: + - "traefik.enable=false" + diff --git a/xen-orchestra-ce/docker-compose.yaml b/xen-orchestra-ce/docker-compose.yaml deleted file mode 100644 index 5cdb6da..0000000 --- a/xen-orchestra-ce/docker-compose.yaml +++ /dev/null @@ -1,65 +0,0 @@ -version: '3' - -services: - orchestra: - container_name: XO_server - image: ezka77/xen-orchestra-ce:latest - restart: always - ports: - - "8000:8000" - depends_on: - - redis - environment: - - DEBUG=xo:main - - NODE_ENV=production - - XOA_PLAN=5 - - TZ=${DOCKER_TZ} - #privileged: true - # SYS_ADMIN should be enough capability to use NFS mount - cap_add: - - SYS_ADMIN - volumes: - - ${DOCKER_CFG_DIR}/xen-orchestra-ce/xo-data:/storage - networks: - - proxy - logging: &default_logging - driver: "json-file" - options: - max-size: "1M" - max-file: "2" - healthcheck: - disable: true - labels: - - "traefik.enable=true" - # Router: HTTP - - "traefik.http.routers.xoa.entrypoints=http" - - "traefik.http.routers.xoa.rule=Host(`xoa.giorgioravera.it`)" - #- "traefik.http.routers.xoa.service=xoa" - - "traefik.http.routers.xoa.middlewares=xoa-https-redirect" - # Router: HTTPS - - "traefik.http.routers.xoa-secure.entrypoints=https" - - "traefik.http.routers.xoa-secure.rule=Host(`xoa.giorgioravera.it`)" - - "traefik.http.routers.xoa-secure.tls=true" - - "traefik.http.routers.xoa-secure.service=xoa" - # Middlewares: Redirect http to https - - "traefik.http.middlewares.xoa-https-redirect.redirectscheme.scheme=https" - # Services: Loadbalancer - - "traefik.http.services.xoa.loadbalancer.server.port=8000" - - redis: - container_name: XO_redis - image: redis:alpine - command: redis-server --appendonly yes - restart: always - environment: - - TZ=${DOCKER_TZ} - volumes: - - ${DOCKER_CFG_DIR}/xen-orchestra-ce/redis-data:/data - networks: - - proxy - logging: - <<: *default_logging - -networks: - proxy: - external: true