guezoloic/serverconfig
1
0
Fork 0
mirror of https://github.com/guezoloic/serverconfig.git synced 2026-01-25 07:34:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: rework docker-compose and add HOSTNAME_WEBSITE

Browse Source
This commit is contained in:
Loïc GUEZO
2025-08-24 23:21:31 +02:00
parent 1da9f7dae1
commit e75cc47008
2 changed files with 113 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
config/docker-compose.yml
View File

@@ -1,47 +1,115 @@
volumes: volumes:
etc_wireguard: wireguard-volume:
grafana-storage: name: wireguard-volume
etc_certs: grafana-volume:
# save certifcate name: grafana-volume
etc_acme: certs-volume:
name: certs-volume
acme-volume: # save certifcates
name: acme-volume
mail-data-volume:
name: mail-data-volume
mail-state-volume:
name: mail-state-volume
services: services:
backup: backup:
image: jareware/docker-volume-backup # --------------------------------
container_name: backup-docker-container # Auto backup through S3
# --------------------------------
image: offen/docker-volume-backup
container_name: backup-container
restart: unless-stopped restart: unless-stopped
environment: environment:
AWS_S3_BUCKET_NAME: ${S3_BUCKET} AWS_S3_BUCKET_NAME: ${S3_BUCKET}
AWS_EXTRA_ARGS: --endpoint ${ENDPOINT} AWS_ENDPOINT: ${ENDPOINT}
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
BACKUP_CRON_EXPRESSION: "0 0 * * *" BACKUP_CRON_EXPRESSION: "0 0 * * *"
BACKUP_RETENTION_DAYS: 3
volumes: volumes:
- etc_wireguard:/backup/etc_wireguard:ro - wireguard-volume:/backup/wireguard:ro
- etc_certs:/backup/etc_certs:ro - grafana-volume:/backup/grafana:ro
- etc_acme:/backup/etc_acme:ro - certs-volume:/backup/certs:ro
- /var/run/docker.sock:/var/run/docker.sock:ro - acme-volume:/backup/acme:ro
- mail-data-volume:/backup/maildata:ro
- mail-state-volume:/backup/mailstate:ro
# --------------------------------
# Auto update containers
# --------------------------------
watchtower: watchtower:
image: containrrr/watchtower image: containrrr/watchtower
container_name: watchtower container_name: watchtower
restart: unless-stopped
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
# --------------------------------
# ACME Companion for SSL certs
# --------------------------------
acme-companion:
image: nginxproxy/acme-companion
container_name: acme-companion
restart: unless-stopped
environment:
- DEFAULT_EMAIL=${EMAIL}
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- certs-volume:/etc/nginx/certs
- /etc/nginx/vhost.d
- ./default_html:/usr/share/nginx/html
- acme-volume:/etc/acme.sh
labels:
- "docker-volume-backup.stop-during-backup=true"
networks:
- proxy-network
depends_on:
- nginx-proxy
# --------------------------------
# Reverse Proxy
# --------------------------------
nginx-proxy:
image: nginxproxy/nginx-proxy:alpine
container_name: nginx-proxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs-volume:/etc/nginx/certs
- /etc/nginx/vhost.d
- ./default_html:/usr/share/nginx/html
labels:
- "docker-volume-backup.stop-during-backup=true"
networks:
- proxy-network
# --------------------------------
# Website
# --------------------------------
web:
build: ./guezoloic/website
container_name: guezoloic-web
restart: unless-stopped
environment:
- VIRTUAL_HOST=${HOSTNAME_WEBSITE}
- LETSENCRYPT_HOST=${HOSTNAME_WEBSITE}
- LETSENCRYPT_EMAIL=${EMAIL}
networks:
- proxy-network
depends_on:
- nginx-proxy
# --------------------------------
# VPN Wireguard
# --------------------------------
wg-easy: wg-easy:
image: ghcr.io/wg-easy/wg-easy:15 image: ghcr.io/wg-easy/wg-easy:15
container_name: wg-easy container_name: wg-easy
networks:
- network-container
volumes:
- etc_wireguard:/etc/wireguard
- /lib/modules:/lib/modules:ro
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
labels:
- "docker-volume-backup.stop-during-backup=true"
restart: unless-stopped restart: unless-stopped
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
@@ -53,56 +121,34 @@ services:
- net.ipv6.conf.all.forwarding=1 - net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.default.forwarding=1 - net.ipv6.conf.default.forwarding=1
environment: environment:
- TZ=Europe/Paris
- VIRTUAL_HOST=${HOSTNAME_VPN} - VIRTUAL_HOST=${HOSTNAME_VPN}
- LETSENCRYPT_HOST=${HOSTNAME_VPN} - LETSENCRYPT_HOST=${HOSTNAME_VPN}
- LETSENCRYPT_EMAIL=${EMAIL} - LETSENCRYPT_EMAIL=${EMAIL}
- VIRTUAL_PORT=51821 - VIRTUAL_PORT=51821
depends_on:
- nginx-proxy
acme-companion:
image: nginxproxy/acme-companion
container_name: acme-companion
restart: unless-stopped
environment:
- DEFAULT_EMAIL=${EMAIL}
- NGINX_PROXY_CONTAINER=nginx-proxy
depends_on:
- nginx-proxy
labels:
- "docker-volume-backup.stop-during-backup=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- etc_certs:/etc/nginx/certs
- /etc/nginx/vhost.d
- ./default_html:/usr/share/nginx/html
- etc_acme:/etc/acme.sh
networks: networks:
- network-container - proxy-network
- vpn-network
nginx-proxy: volumes:
image: nginxproxy/nginx-proxy:alpine - wireguard-volume:/etc/wireguard
container_name: nginx-proxy - /lib/modules:/lib/modules:ro
restart: unless-stopped
ports: ports:
- "80:80" - "51820:51820/udp"
- "443:443"
labels: labels:
- "docker-volume-backup.stop-during-backup=true" - "docker-volume-backup.stop-during-backup=true"
volumes: depends_on:
- /var/run/docker.sock:/tmp/docker.sock:ro - nginx-proxy
- etc_certs:/etc/nginx/certs
- /etc/nginx/vhost.d
- ./default_html:/usr/share/nginx/html
networks:
- network-container
# --------------------------------
# Monitoring Prometheus
# --------------------------------
prometheus: prometheus:
image: prom/prometheus:latest image: prom/prometheus:latest
container_name: prometheus container_name: prometheus
restart: unless-stopped
volumes: volumes:
- /etc/serverconfig/prometheus.yml:/etc/prometheus/prometheus.yml - /etc/serverconfig/prometheus.yml:/etc/prometheus/prometheus.yml
restart: unless-stopped
networks: networks:
- monitor-network - monitor-network
@@ -116,9 +162,9 @@ services:
- VIRTUAL_PORT=3000 - VIRTUAL_PORT=3000
- LETSENCRYPT_EMAIL=${EMAIL} - LETSENCRYPT_EMAIL=${EMAIL}
volumes: volumes:
- grafana-storage:/var/lib/grafana - grafana-volume:/var/lib/grafana
networks: networks:
- network-container - proxy-network
- monitor-network - monitor-network
# synapse: # synapse:
@@ -138,9 +184,13 @@ services:
# expose: # expose:
# - "8008" # - "8008"
networks: networks:
network-container: proxy-network:
name: proxy-network
external: false external: false
monitor-network: monitor-network:
name: monitor-network
external: false
vpn-network:
name: vpn-network
external: false external: false

2
scripts/docker-compose.sh
View File

@@ -9,7 +9,7 @@ if [[ "--install" == $INSTALLED ]]; then
docker-compose Installation\n\ docker-compose Installation\n\
--------------------------------------------------" --------------------------------------------------"
ENV_LIST=("EMAIL" "HOSTNAME_VPN" "HOSTNAME_GRAFANA") ENV_LIST=("EMAIL" "HOSTNAME_VPN" "HOSTNAME_GRAFANA" "HOSTNAME_WEBSITE")
for env in "${ENV_LIST[@]}"; do for env in "${ENV_LIST[@]}"; do
read -p "Enter value for $env: " value read -p "Enter value for $env: " value