diff options
Diffstat (limited to 'services/docker')
29 files changed, 245 insertions, 462 deletions
diff --git a/services/docker/auto-backup/daemon.bash b/services/docker/auto-backup/daemon.bash index da9f853..c82e2d0 100755 --- a/services/docker/auto-backup/daemon.bash +++ b/services/docker/auto-backup/daemon.bash @@ -15,9 +15,7 @@ success() { echo -e "\033[32mSuccess: " "$@" "\033[0m" } -if [[ -z "$CRUPEST_AUTO_BACKUP_INTERVAL" ]]; then - die "Backup interval not set, please set it!" -fi +[[ -n "$CRUPEST_AUTO_BACKUP_INTERVAL" ]] || die "Backup interval not set, please set it!" note "Checking secrets..." [[ -n "$RCLONE_S3_PROVIDER" ]] || die "S3 provider not set!" diff --git a/services/docker/auto-backup/rclone.conf b/services/docker/auto-backup/rclone.conf index bfcbbc3..0cf3b64 100644 --- a/services/docker/auto-backup/rclone.conf +++ b/services/docker/auto-backup/rclone.conf @@ -1,4 +1,4 @@ [remote] type = s3 env_auth = true -no_head = true +no_check_bucket = true diff --git a/services/docker/debian-dev/Dockerfile b/services/docker/debian-dev/Dockerfile deleted file mode 100644 index 8114c56..0000000 --- a/services/docker/debian-dev/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM debian:latest - -ARG USER=crupest -ARG IN_CHINA= - -ENV CRUPEST_DEBIAN_DEV_USER=${USER} -ENV CRUPEST_DEBIAN_DEV_IN_CHINA=${IN_CHINA} - -ADD bootstrap /bootstrap -RUN /bootstrap/setup.bash - -ENV LANG=en_US.utf8 -USER ${USER} -WORKDIR /home/${USER} - -RUN --mount=type=secret,id=code-server-password,required=true,env=CRUPEST_CODE_SERVER_PASSWORD \ - mkdir -p ${HOME}/.config/code-server && \ - echo -e "auth: password\nhashed-password: " >> ${HOME}/.config/code-server/config.yaml && \ - echo -n "$CRUPEST_CODE_SERVER_PASSWORD" | argon2 $(shuf -i 10000000-99999999 -n 1 --random-source /dev/urandom) -e >> ${HOME}/.config/code-server/config.yaml - -EXPOSE 4567 -VOLUME [ "/home/${USER}" ] - -CMD [ "tini", "--", "/usr/bin/code-server", "--bind-addr", "0.0.0.0:4567" ] diff --git a/services/docker/debian-dev/bootstrap/extra/setup-cmake.bash b/services/docker/debian-dev/bootstrap/extra/setup-cmake.bash deleted file mode 100755 index 76c1ae4..0000000 --- a/services/docker/debian-dev/bootstrap/extra/setup-cmake.bash +++ /dev/null @@ -1,9 +0,0 @@ -#! /usr/bin/env bash - -set -e - -CMAKE_VERSION=$(curl -s https://api.github.com/repos/Kitware/CMake/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') -wget -O cmake-installer.sh https://github.com/Kitware/CMake/releases/download/v"$CMAKE_VERSION"/cmake-"$CMAKE_VERSION"-linux-x86_64.sh -chmod +x cmake-installer.sh -./cmake-installer.sh --skip-license --prefix=/usr -rm cmake-installer.sh diff --git a/services/docker/debian-dev/bootstrap/extra/setup-dotnet.bash b/services/docker/debian-dev/bootstrap/extra/setup-dotnet.bash deleted file mode 100755 index 0ef7743..0000000 --- a/services/docker/debian-dev/bootstrap/extra/setup-dotnet.bash +++ /dev/null @@ -1,10 +0,0 @@ -#! /usr/bin/env bash - -set -e - -wget https://packages.microsoft.com/config/debian/11/packages-microsoft-prod.deb -O packages-microsoft-prod.deb -dpkg -i packages-microsoft-prod.deb -rm packages-microsoft-prod.deb - -apt-get update -apt-get install -y dotnet-sdk-7.0 diff --git a/services/docker/debian-dev/bootstrap/extra/setup-llvm.bash b/services/docker/debian-dev/bootstrap/extra/setup-llvm.bash deleted file mode 100755 index 48dde86..0000000 --- a/services/docker/debian-dev/bootstrap/extra/setup-llvm.bash +++ /dev/null @@ -1,26 +0,0 @@ -#! /usr/bin/env bash - -set -e - -LLVM_VERSION=18 - -. /bootstrap/func.bash - -if is_true "$CRUPEST_DEBIAN_DEV_IN_CHINA"; then - base_url=https://mirrors.tuna.tsinghua.edu.cn/llvm-apt -else - base_url=https://apt.llvm.org -fi - -wget "$base_url/llvm.sh" -chmod +x llvm.sh -./llvm.sh $LLVM_VERSION all -m "$base_url" -rm llvm.sh - -update-alternatives --install /usr/bin/clang clang /usr/bin/clang-$LLVM_VERSION 100 \ - --slave /usr/bin/clang++ clang++ /usr/bin/clang++-$LLVM_VERSION \ - --slave /usr/bin/clangd clangd /usr/bin/clangd-$LLVM_VERSION \ - --slave /usr/bin/clang-format clang-format /usr/bin/clang-format-$LLVM_VERSION \ - --slave /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-$LLVM_VERSION \ - --slave /usr/bin/lldb lldb /usr/bin/lldb-$LLVM_VERSION \ - --slave /usr/bin/lld lld /usr/bin/lld-$LLVM_VERSION diff --git a/services/docker/debian-dev/bootstrap/home/.bashrc b/services/docker/debian-dev/bootstrap/home/.bashrc deleted file mode 100644 index 3646ee2..0000000 --- a/services/docker/debian-dev/bootstrap/home/.bashrc +++ /dev/null @@ -1,117 +0,0 @@ -# ~/.bashrc: executed by bash(1) for non-login shells. -# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) -# for examples - -# If not running interactively, don't do anything -case $- in - *i*) ;; - *) return;; -esac - -# don't put duplicate lines or lines starting with space in the history. -# See bash(1) for more options -HISTCONTROL=ignoreboth - -# append to the history file, don't overwrite it -shopt -s histappend - -# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) -HISTSIZE=1000 -HISTFILESIZE=2000 - -# check the window size after each command and, if necessary, -# update the values of LINES and COLUMNS. -shopt -s checkwinsize - -# If set, the pattern "**" used in a pathname expansion context will -# match all files and zero or more directories and subdirectories. -#shopt -s globstar - -# make less more friendly for non-text input files, see lesspipe(1) -#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" - -# set variable identifying the chroot you work in (used in the prompt below) -if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then - debian_chroot=$(cat /etc/debian_chroot) -fi - -# set a fancy prompt (non-color, unless we know we "want" color) -case "$TERM" in - xterm-color|*-256color) color_prompt=yes;; -esac - -# uncomment for a colored prompt, if the terminal has the capability; turned -# off by default to not distract the user: the focus in a terminal window -# should be on the output of commands, not on the prompt -#force_color_prompt=yes - -if [ -n "$force_color_prompt" ]; then - if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then - # We have color support; assume it's compliant with Ecma-48 - # (ISO/IEC-6429). (Lack of such support is extremely rare, and such - # a case would tend to support setf rather than setaf.) - color_prompt=yes - else - color_prompt= - fi -fi - -if [ "$color_prompt" = yes ]; then - PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' -else - PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' -fi -unset color_prompt force_color_prompt - -# If this is an xterm set the title to user@host:dir -case "$TERM" in -xterm*|rxvt*) - PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" - ;; -*) - ;; -esac - -# enable color support of ls and also add handy aliases -if [ -x /usr/bin/dircolors ]; then - test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" - alias ls='ls --color=auto' - #alias dir='dir --color=auto' - #alias vdir='vdir --color=auto' - - #alias grep='grep --color=auto' - #alias fgrep='fgrep --color=auto' - #alias egrep='egrep --color=auto' -fi - -# colored GCC warnings and errors -#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' - -# some more ls aliases -#alias ll='ls -l' -#alias la='ls -A' -#alias l='ls -CF' - -# Alias definitions. -# You may want to put all your additions into a separate file like -# ~/.bash_aliases, instead of adding them here directly. -# See /usr/share/doc/bash-doc/examples in the bash-doc package. - -if [ -f ~/.bash_aliases ]; then - . ~/.bash_aliases -fi - -# enable programmable completion features (you don't need to enable -# this, if it's already enabled in /etc/bash.bashrc and /etc/profile -# sources /etc/bash.bashrc). -if ! shopt -oq posix; then - if [ -f /usr/share/bash-completion/bash_completion ]; then - . /usr/share/bash-completion/bash_completion - elif [ -f /etc/bash_completion ]; then - . /etc/bash_completion - fi -fi - -alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg" -. /usr/share/bash-completion/completions/quilt -complete -F _quilt_completion $_quilt_complete_opt dquilt diff --git a/services/docker/debian-dev/bootstrap/home/.quiltrc-dpkg b/services/docker/debian-dev/bootstrap/home/.quiltrc-dpkg deleted file mode 100644 index e8fc3c5..0000000 --- a/services/docker/debian-dev/bootstrap/home/.quiltrc-dpkg +++ /dev/null @@ -1,13 +0,0 @@ -d=. -while [ ! -d $d/debian -a `readlink -e $d` != / ]; - do d=$d/..; done -if [ -d $d/debian ] && [ -z $QUILT_PATCHES ]; then - # if in Debian packaging tree with unset $QUILT_PATCHES - QUILT_PATCHES="debian/patches" - QUILT_PATCH_OPTS="--reject-format=unified" - QUILT_DIFF_ARGS="-p ab --no-timestamps --no-index --color=auto" - QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" - QUILT_COLORS="diff_hdr=1;32:diff_add=1;34:diff_rem=1;31:diff_hunk=1;33:" - QUILT_COLORS="${QUILT_COLORS}diff_ctx=35:diff_cctx=33" - if ! [ -d $d/debian/patches ]; then mkdir $d/debian/patches; fi -fi diff --git a/services/docker/debian-dev/bootstrap/official.sources b/services/docker/debian-dev/bootstrap/official.sources deleted file mode 100644 index c9aa9a0..0000000 --- a/services/docker/debian-dev/bootstrap/official.sources +++ /dev/null @@ -1,23 +0,0 @@ -Types: deb -URIs: http://deb.debian.org/debian -Suites: bookworm bookworm-updates bookworm-backports -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -Types: deb-src -URIs: http://deb.debian.org/debian -Suites: bookworm bookworm-updates bookworm-backports -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -Types: deb -URIs: http://deb.debian.org/debian-security -Suites: bookworm-security -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -Types: deb-src -URIs: http://deb.debian.org/debian-security -Suites: bookworm-security -Components: main contrib non-free non-free-firmware -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg diff --git a/services/docker/debian-dev/bootstrap/setup-apt.bash b/services/docker/debian-dev/bootstrap/setup-apt.bash deleted file mode 100755 index 38cba05..0000000 --- a/services/docker/debian-dev/bootstrap/setup-apt.bash +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -# shellcheck disable=1090,1091 - -set -e - -if [[ $EUID -ne 0 ]]; then - die "This script must be run as root." -fi - -script_dir=$(dirname "$0") - -old_one="/etc/apt/sources.list" -new_one="/etc/apt/sources.list.d/debian.sources" - -echo "Setup apt sources ..." - -echo "Backup old ones to .bak ..." -if [[ -f "$old_one" ]]; then - mv "$old_one" "$old_one.bak" -fi - -if [[ -f "$new_one" ]]; then - mv "$new_one" "$new_one.bak" -fi - -echo "Copy the new one ..." -cp "$script_dir/official.sources" "$new_one" - -if [[ -n "$CRUPEST_DEBIAN_DEV_IN_CHINA" ]]; then - echo "Replace with China mirror ..." - china_mirror="mirrors.ustc.edu.cn" - sed -i "s|deb.debian.org|${china_mirror}|" "$new_one" -fi - -echo "Try to use https ..." -apt-get update -apt-get install -y apt-transport-https ca-certificates - -sed -i 's|http://|https://|' "$new_one" - -echo "APT source setup done!" diff --git a/services/docker/debian-dev/bootstrap/setup.bash b/services/docker/debian-dev/bootstrap/setup.bash deleted file mode 100755 index 65aabbb..0000000 --- a/services/docker/debian-dev/bootstrap/setup.bash +++ /dev/null @@ -1,56 +0,0 @@ -#! /usr/bin/env bash -# shellcheck disable=1090,1091 - -set -e -o pipefail - -die() { - echo "$@" >&2 - exit 1 -} - -if [[ $EUID -ne 0 ]]; then - die "This script must be run as root." -fi - -script_dir=$(dirname "$0") - -os_release_file="/etc/os-release" -if [[ -f "$os_release_file" ]]; then - debian_version=$(. "$os_release_file"; echo "$VERSION_CODENAME") - if [[ "$debian_version" != "bookworm" ]]; then - die "This script can only be run on Debian Bookworm. But it is $debian_version" - fi -else - die "$os_release_file not found. Failed to get debian version." -fi - -script_dir=$(dirname "$0") - -export DEBIAN_FRONTEND=noninteractive - -echo "Begin to setup debian..." - -bash "$script_dir/setup-apt.bash" - -echo "Installing packages..." -apt-get update -apt-get install -y \ - tini locales procps sudo vim less man bash-completion curl wget \ - build-essential git devscripts debhelper quilt argon2 - -echo "Setting up locale..." -localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 - -echo "Setting up sudo..." -sed -i.bak 's|%sudo[[:space:]]\+ALL=(ALL:ALL)[[:space:]]\+ALL|%sudo ALL=(ALL:ALL) NOPASSWD: ALL|' /etc/sudoers - -echo "Creating user $CRUPEST_DEBIAN_DEV_USER ..." -useradd -m -G sudo -s /usr/bin/bash "$CRUPEST_DEBIAN_DEV_USER" - -echo "Setting up code-server..." -curl -fsSL https://code-server.dev/install.sh | sh - -echo "Cleaning up apt source index..." -rm -rf /var/lib/apt/lists/* - -echo "Setup debian done." diff --git a/services/docker/mail-server/Dockerfile b/services/docker/mail-server/Dockerfile new file mode 100644 index 0000000..8ac8792 --- /dev/null +++ b/services/docker/mail-server/Dockerfile @@ -0,0 +1,11 @@ +FROM denoland/deno AS deno-build +COPY --from=deno . /workdir/ +WORKDIR /workdir +RUN deno install +RUN deno task compile:mail + +FROM dovecot/dovecot:latest-root +COPY --from=deno-build /workdir/mail/out/crupest-mail /app/ +ADD dovecot.conf /etc/dovecot/dovecot.conf +ADD app/* /app/ +CMD ["/app/main.bash"] diff --git a/services/docker/mail-server/app/main.bash b/services/docker/mail-server/app/main.bash new file mode 100755 index 0000000..2dfc2ee --- /dev/null +++ b/services/docker/mail-server/app/main.bash @@ -0,0 +1,12 @@ +#!/usr/bin/bash + +set -e -o pipefail + +die() { + echo "$@" >&2 + exit 1 +} + +/app/crupest-mail serve --real & + +/dovecot/sbin/dovecot -F diff --git a/services/docker/mail-server/aws-lambda.js b/services/docker/mail-server/aws-lambda.js new file mode 100644 index 0000000..d240c1a --- /dev/null +++ b/services/docker/mail-server/aws-lambda.js @@ -0,0 +1,23 @@ +export const handler = async (event, context, callback) => { + const sesNotification = event.Records[0].ses; + console.log("SES Notification:\n", JSON.stringify(sesNotification, null, 2)); + + const res = await fetch( + `https://mail.crupest.life/${process.env.CRUPEST_MAIL_SERVER_AWS_INBOUND_PATH}`, + { + method: "POST", + headers: { + "content-type": "application/json", + "Authorization": process.env.CRUPEST_MAIL_SERVER_AWS_INBOUND_KEY, + }, + body: JSON.stringify({ + key: sesNotification.mail.messageId, + recipients: sesNotification.receipt.recipients, + }), + }, + ); + console.log(res); + console.log(res.text()); + + callback(null, { "disposition": "CONTINUE" }); +}; diff --git a/services/docker/mail-server/dovecot.conf b/services/docker/mail-server/dovecot.conf new file mode 100644 index 0000000..0c5ec30 --- /dev/null +++ b/services/docker/mail-server/dovecot.conf @@ -0,0 +1,197 @@ +dovecot_config_version = 2.4.1 +dovecot_storage_version = 2.4.0 + +base_dir = /run/dovecot +state_dir = /run/dovecot +log_path = /dev/stdout + +protocols = imap submission lmtp sieve +sendmail_path = /app/out/crupest-mail sendmail +submission_relay_host = 127.0.0.1 +submission_relay_port = 2346 +submission_relay_trusted = yes + +mail_driver = maildir +mail_home = /data/vmail/%{user | domain}/%{user | username} +mail_path = ~/mail +mail_log_events = delete undelete expunge save copy mailbox_create mailbox_delete mailbox_rename flag_change + +# Setup default mailboxes for inbox namespace +@mailbox_defaults = english + +namespace inbox { + mailbox Archive { + special_use = "\\Archive" + } +} + +mail_plugins { + fts = yes + fts_flatcurve = yes + mail_log = yes + notify = yes +} + +fts_autoindex = yes +fts_autoindex_max_recent_msgs = 999 +fts_search_add_missing = yes +language_filters = normalizer-icu snowball stopwords + +language_tokenizers = generic email-address +language_tokenizer_generic_algorithm = simple + +language en { + default = yes + filters = lowercase snowball english-possessive stopwords +} + +fts flatcurve { + substring_search = yes +} + +auth_mechanisms = plain login + +passdb passwd-file { + passwd_file_path = /data/userdb + default_password_scheme = SHA512-CRYPT +} + +userdb passwd-file { + passwd_file_path = /data/userdb + fields { + uid:default = vmail + gid:default = vmail + home:default = /data/vmail/%{user | domain}/%{user | username} + } +} + +ssl = yes +ssl_server { + cert_file = /etc/dovecot/ssl/tls.crt + key_file = /etc/dovecot/ssl/tls.key +} + +protocol imap { + mail_plugins { + imap_sieve = yes + imap_filter_sieve = yes + } +} + +protocol lmtp { + mail_plugins { + sieve = yes + } +} + +protocol lda { + mail_plugins { + sieve = yes + } +} + +service imap-login { + process_min_avail = 1 + client_limit = 100 +} + +service pop3-login { + process_min_avail = 1 + client_limit = 100 +} + +service submission-login { + process_min_avail = 1 + client_limit = 100 + + inet_listener submissions { + port = 465 + ssl = yes + } +} + +service managesieve-login { + process_min_avail = 1 + client_limit = 100 +} + +sieve_plugins = sieve_imapsieve sieve_extprograms + +event_exporter log { + format = json + time_format = rfc3339 +} + +# Add default backend metrics +@metric_defaults = backend + +# Log auth failures +metric auth_failures { + filter = event=auth_request_finished AND NOT success=yes + exporter = log +} + +metric imap_command { + filter = event=imap_command_finished + group_by cmd_name { + method discrete { + } + } + group_by tagged_reply_state { + method discrete { + } + } +} + +metric smtp_command { + filter = event=smtp_server_command_finished and protocol=submission + group_by cmd_name { + method discrete { + } + } + group_by status_code { + method discrete { + } + } + group_by duration { + method exponential { + base = 10 + min_magnitude = 1 + max_magnitude = 5 + } + } +} + +metric lmtp_command { + filter = event=smtp_server_command_finished and protocol=lmtp + group_by cmd_name { + method discrete { + } + } + group_by status_code { + method discrete { + } + } + group_by duration { + method exponential { + base = 10 + min_magnitude = 1 + max_magnitude = 5 + } + } +} + +# Add duration metrics for deliveries +metric mail_deliveries { + filter = event=mail_delivery_finished + group_by duration { + method exponential { + base = 10 + min_magnitude = 1 + max_magnitude = 5 + } + } +} + +!include_try vendor.d/*.conf +!include_try conf.d/*.conf diff --git a/services/docker/nginx/Dockerfile b/services/docker/nginx/Dockerfile index 77398cd..3169e00 100644 --- a/services/docker/nginx/Dockerfile +++ b/services/docker/nginx/Dockerfile @@ -6,6 +6,5 @@ FROM nginx:mainline RUN apt update && apt-get install -y tini certbot && rm -rf /var/lib/apt/lists/* ADD mail-robots.txt /srv/mail/robots.txt ADD certbot.bash nginx-wrapper.bash /app/ -COPY configs/. /etc/nginx/ COPY --from=build-www /project/public /srv/www CMD ["/usr/bin/tini", "--", "/app/nginx-wrapper.bash"] diff --git a/services/docker/nginx/configs/common/acme-challenge b/services/docker/nginx/configs/common/acme-challenge deleted file mode 100644 index 26054b8..0000000 --- a/services/docker/nginx/configs/common/acme-challenge +++ /dev/null @@ -1,3 +0,0 @@ -location /.well-known/acme-challenge { - root /srv/acme; -} diff --git a/services/docker/nginx/configs/common/http-listen b/services/docker/nginx/configs/common/http-listen deleted file mode 100644 index 76cb18d..0000000 --- a/services/docker/nginx/configs/common/http-listen +++ /dev/null @@ -1,2 +0,0 @@ -listen 80; -listen [::]:80; diff --git a/services/docker/nginx/configs/common/https-listen b/services/docker/nginx/configs/common/https-listen deleted file mode 100644 index db2f68e..0000000 --- a/services/docker/nginx/configs/common/https-listen +++ /dev/null @@ -1,3 +0,0 @@ -listen 443 ssl; -listen [::]:443 ssl; -http2 on; diff --git a/services/docker/nginx/configs/common/https-redirect b/services/docker/nginx/configs/common/https-redirect deleted file mode 100644 index 56d095d..0000000 --- a/services/docker/nginx/configs/common/https-redirect +++ /dev/null @@ -1,3 +0,0 @@ -location / { - return 301 https://$host$request_uri; -} diff --git a/services/docker/nginx/configs/common/proxy-common b/services/docker/nginx/configs/common/proxy-common deleted file mode 100644 index 4193548..0000000 --- a/services/docker/nginx/configs/common/proxy-common +++ /dev/null @@ -1,7 +0,0 @@ -proxy_http_version 1.1; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $connection_upgrade; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_set_header X-Real-IP $remote_addr; diff --git a/services/docker/nginx/configs/conf.d/default.conf b/services/docker/nginx/configs/conf.d/default.conf deleted file mode 100644 index 515942b..0000000 --- a/services/docker/nginx/configs/conf.d/default.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 80 default_server; - listen [::]:80 default_server; - listen 443 ssl default_server; - listen [::]:443 ssl default_server; - http2 on; - - return 444; -} diff --git a/services/docker/nginx/configs/conf.d/websocket.conf b/services/docker/nginx/configs/conf.d/websocket.conf deleted file mode 100644 index 32af4c3..0000000 --- a/services/docker/nginx/configs/conf.d/websocket.conf +++ /dev/null @@ -1,4 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} diff --git a/services/docker/nginx/configs/templates/code.conf.template b/services/docker/nginx/configs/templates/code.conf.template deleted file mode 100644 index aa70ebc..0000000 --- a/services/docker/nginx/configs/templates/code.conf.template +++ /dev/null @@ -1,6 +0,0 @@ -server { - server_name code.${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/acme-challenge; -} diff --git a/services/docker/nginx/configs/templates/mail.conf.template b/services/docker/nginx/configs/templates/mail.conf.template deleted file mode 100644 index 7f5f215..0000000 --- a/services/docker/nginx/configs/templates/mail.conf.template +++ /dev/null @@ -1,29 +0,0 @@ -server { - server_name mail.${CRUPEST_DOMAIN}; - include common/https-listen; - - location = /robots.txt { - root /srv/mail; - } - - location / { - include common/proxy-common; - proxy_pass http://roundcubemail:80/; - } - - location /rspamd/ { - include common/proxy-common; - proxy_pass http://mailserver:11334/; - } - - client_max_body_size 5G; -} - - -server { - server_name mail.${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/https-redirect; - include common/acme-challenge; -} diff --git a/services/docker/nginx/configs/templates/root.conf.template b/services/docker/nginx/configs/templates/root.conf.template deleted file mode 100644 index e3e93ad..0000000 --- a/services/docker/nginx/configs/templates/root.conf.template +++ /dev/null @@ -1,45 +0,0 @@ -server { - server_name ${CRUPEST_DOMAIN}; - include common/https-listen; - - location / { - root /srv/www; - } - - location /2fa/ { - include common/proxy-common; - proxy_pass http://2fauth:8000/; - } - - location /git/ { - include common/proxy-common; - client_max_body_size 5G; - proxy_pass http://git-server:3636; - } - - location = /github { - return 301 ${CRUPEST_GITHUB}; - } - - location = /github/ { - return 301 ${CRUPEST_GITHUB}; - } - - location /_${CRUPEST_V2RAY_PATH} { - if ($http_upgrade != "websocket") { - return 404; - } - - proxy_redirect off; - include common/proxy-common; - proxy_pass http://v2ray:10000; - } -} - -server { - server_name ${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/https-redirect; - include common/acme-challenge; -} diff --git a/services/docker/nginx/configs/templates/ssl.conf.template b/services/docker/nginx/configs/templates/ssl.conf.template deleted file mode 100644 index 54205f1..0000000 --- a/services/docker/nginx/configs/templates/ssl.conf.template +++ /dev/null @@ -1,17 +0,0 @@ -# This file contains important security parameters. If you modify this file -# manually, Certbot will be unable to automatically provide future security -# updates. Instead, Certbot will print and log an error message with a path to -# the up-to-date file that you will need to refer to when manually updating -# this file. Contents are based on https://ssl-config.mozilla.org - -ssl_certificate /etc/letsencrypt/live/${CRUPEST_DOMAIN}/fullchain.pem; -ssl_certificate_key /etc/letsencrypt/live/${CRUPEST_DOMAIN}/privkey.pem; - -ssl_session_cache shared:le_nginx_SSL:10m; -ssl_session_timeout 1440m; -ssl_session_tickets off; - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_prefer_server_ciphers off; - -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; diff --git a/services/docker/nginx/configs/templates/timeline.conf.template b/services/docker/nginx/configs/templates/timeline.conf.template deleted file mode 100644 index a467594..0000000 --- a/services/docker/nginx/configs/templates/timeline.conf.template +++ /dev/null @@ -1,6 +0,0 @@ -server { - server_name timeline.${CRUPEST_DOMAIN}; - include common/http-listen; - - include common/acme-challenge; -} diff --git a/services/docker/nginx/nginx-wrapper.bash b/services/docker/nginx/nginx-wrapper.bash index c848287..a4a19ec 100755 --- a/services/docker/nginx/nginx-wrapper.bash +++ b/services/docker/nginx/nginx-wrapper.bash @@ -7,10 +7,6 @@ die() { exit 1 } -[[ -n "$CRUPEST_DOMAIN" ]] || die "CRUPEST_DOMAIN is not set. It is used as root domain." -[[ -n "$CRUPEST_GITHUB" ]] || die "CRUPEST_GITHUB is not set. It is used as GitHub redirection." -[[ -n "$CRUPEST_V2RAY_PATH" ]] || die "CRUPEST_V2RAY_PATH is not set. It is used as v2ray tunnel endpoint." - /app/certbot.bash & /docker-entrypoint.sh nginx "-g" "daemon off;" |