diff options
Diffstat (limited to 'template')
| -rw-r--r-- | template/crupest-api-config.json.template | 10 | ||||
| -rw-r--r-- | template/docker-compose.yaml.template | 58 | ||||
| -rw-r--r-- | template/nginx/2fa.conf.template | 19 | ||||
| -rw-r--r-- | template/nginx/cert-only.conf.template | 13 | ||||
| -rw-r--r-- | template/nginx/code.conf.template | 22 | ||||
| -rw-r--r-- | template/nginx/common/acme-challenge | 3 | ||||
| -rw-r--r-- | template/nginx/common/https-redirect | 3 | ||||
| -rw-r--r-- | template/nginx/common/proxy-common | 7 | ||||
| -rw-r--r-- | template/nginx/git.conf.template | 22 | ||||
| -rw-r--r-- | template/nginx/mail.conf.template | 27 | ||||
| -rw-r--r-- | template/nginx/redirect.conf.template | 23 | ||||
| -rw-r--r-- | template/nginx/reverse-proxy.conf.template | 32 | ||||
| -rw-r--r-- | template/nginx/root.conf.template | 61 | ||||
| -rw-r--r-- | template/nginx/server.json | 39 | ||||
| -rw-r--r-- | template/nginx/server.schema.json | 93 | ||||
| -rw-r--r-- | template/nginx/server.ts | 36 | ||||
| -rw-r--r-- | template/nginx/static-file.conf.template | 23 | ||||
| -rw-r--r-- | template/nginx/timeline.conf.template | 7 | ||||
| -rw-r--r-- | template/v2ray-client-config.json.template | 46 |
19 files changed, 131 insertions, 413 deletions
diff --git a/template/crupest-api-config.json.template b/template/crupest-api-config.json.template deleted file mode 100644 index 65a7944..0000000 --- a/template/crupest-api-config.json.template +++ /dev/null @@ -1,10 +0,0 @@ -{ - "CrupestApi": { - "Todos": { - "Username": "$CRUPEST_GITHUB_USERNAME", - "ProjectNumber": "$CRUPEST_GITHUB_PROJECT_NUMBER", - "Token": "$CRUPEST_GITHUB_TOKEN", - "Count": "$CRUPEST_GITHUB_TODO_COUNT" - } - } -} diff --git a/template/docker-compose.yaml.template b/template/docker-compose.yaml.template index d86aae6..cebdfb3 100644 --- a/template/docker-compose.yaml.template +++ b/template/docker-compose.yaml.template @@ -1,38 +1,27 @@ services: - timeline: - image: crupest/timeline:latest - pull_policy: always - container_name: timeline - restart: on-failure:3 - environment: - - ASPNETCORE_FORWARDEDHEADERS_ENABLED=true - - TIMELINE_DisableAutoBackup=true - volumes: - - ./data/timeline:/root/timeline - crupest-blog: + blog: pull_policy: build build: - context: ./docker/crupest-blog + context: ./docker/blog dockerfile: Dockerfile pull: true tags: - - "crupest/crupest-blog:latest" - container_name: crupest-blog - restart: on-failure:3 + - "crupest/blog:latest" + container_name: blog volumes: - "blog-public:/public" + restart: on-failure:3 nginx: pull_policy: build build: - context: ./docker/crupest-nginx + context: ./docker/nginx dockerfile: Dockerfile pull: true tags: - - "crupest/crupest-nginx:latest" + - "crupest/nginx:latest" container_name: nginx - restart: on-failure:3 ports: - "80:80" - "443:443" @@ -41,33 +30,22 @@ services: - "./nginx-config:/etc/nginx/conf.d:ro" - "./data/certbot/certs:/etc/letsencrypt:ro" - "./data/certbot/webroot:/srv/acme:ro" - - "blog-public:/srv/blog:ro" - - crupest-api: - pull_policy: build - build: - context: ./docker/crupest-api - dockerfile: Dockerfile - pull: true - tags: - - "crupest/crupest-api:latest" - container_name: crupest-api - volumes: - - "./crupest-api-config.json:/crupest-api-config.json:ro" + - "blog-public:/srv/www/blog:ro" + restart: on-failure:3 v2ray: pull_policy: build build: - context: ./docker/crupest-v2ray + context: ./docker/v2ray dockerfile: Dockerfile pull: true tags: - - "crupest/crupest-v2ray:latest" - command: [ "run", "-c", "/etc/v2fly/config.json" ] + - "crupest/v2ray:latest" container_name: v2ray - restart: on-failure:3 + command: [ "run", "-c", "/etc/v2fly/config.json" ] volumes: - "./v2ray-config.json:/etc/v2fly/config.json:ro" + restart: on-failure:3 auto-certbot: pull_policy: build @@ -148,7 +126,7 @@ services: debian-dev: pull_policy: build build: - context: ./docker/crupest-debian-dev + context: ./docker/debian-dev dockerfile: Dockerfile pull: true args: @@ -158,16 +136,15 @@ services: container_name: debian-dev init: true command: [ "/bootstrap/start/code-server.bash" ] - restart: on-failure:3 volumes: - ./data/debian-dev:/data - debian-dev-home:/home/crupest + restart: on-failure:3 forgejo: image: code.forgejo.org/forgejo/forgejo:9 pull_policy: always container_name: forgejo - restart: on-failure:3 environment: - USER_UID=1000 - USER_GID=1000 @@ -175,11 +152,11 @@ services: - ./data/forgejo:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro + restart: on-failure:3 roundcubemail: image: roundcube/roundcubemail:latest container_name: roundcubemail - restart: on-failure:3 volumes: - ./data/secret/gnupg:/gnupg - ./data/roundcube/www/html:/var/www/html @@ -193,6 +170,7 @@ services: - ROUNDCUBEMAIL_SMTP_PORT=465 - ROUNDCUBEMAIL_DB_TYPE=sqlite - ROUNDCUBEMAIL_PLUGINS=archive,enigma,jqueryui,newmail_notifier,show_additional_headers,userinfo,zipdownload + restart: on-failure:3 2fauth: image: 2fauth/2fauth @@ -218,4 +196,4 @@ services: volumes: blog-public: debian-dev-home: - roundcubemail-temp:
\ No newline at end of file + roundcubemail-temp: diff --git a/template/nginx/2fa.conf.template b/template/nginx/2fa.conf.template new file mode 100644 index 0000000..aad66c1 --- /dev/null +++ b/template/nginx/2fa.conf.template @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name 2fa.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://2fauth:8000/; + } +} + +server { + listen 80; + listen [::]:80; + server_name 2fa.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/cert-only.conf.template b/template/nginx/cert-only.conf.template deleted file mode 100644 index 08daa8a..0000000 --- a/template/nginx/cert-only.conf.template +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 444; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/code.conf.template b/template/nginx/code.conf.template new file mode 100644 index 0000000..a67500d --- /dev/null +++ b/template/nginx/code.conf.template @@ -0,0 +1,22 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name code.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://debian-dev:8080/; + } + + client_max_body_size 5G; +} + + +server { + listen 80; + listen [::]:80; + server_name code.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/common/acme-challenge b/template/nginx/common/acme-challenge new file mode 100644 index 0000000..26054b8 --- /dev/null +++ b/template/nginx/common/acme-challenge @@ -0,0 +1,3 @@ +location /.well-known/acme-challenge { + root /srv/acme; +} diff --git a/template/nginx/common/https-redirect b/template/nginx/common/https-redirect new file mode 100644 index 0000000..56d095d --- /dev/null +++ b/template/nginx/common/https-redirect @@ -0,0 +1,3 @@ +location / { + return 301 https://$host$request_uri; +} diff --git a/template/nginx/common/proxy-common b/template/nginx/common/proxy-common new file mode 100644 index 0000000..4193548 --- /dev/null +++ b/template/nginx/common/proxy-common @@ -0,0 +1,7 @@ +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Real-IP $remote_addr; diff --git a/template/nginx/git.conf.template b/template/nginx/git.conf.template new file mode 100644 index 0000000..ea2a627 --- /dev/null +++ b/template/nginx/git.conf.template @@ -0,0 +1,22 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name git.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://forgejo:3000/; + } + + client_max_body_size 5G; +} + + +server { + listen 80; + listen [::]:80; + server_name git.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/mail.conf.template b/template/nginx/mail.conf.template new file mode 100644 index 0000000..ba2e44e --- /dev/null +++ b/template/nginx/mail.conf.template @@ -0,0 +1,27 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mail.${CRUPEST_DOMAIN}; + + location / { + include common/proxy-common; + proxy_pass http://roundcubemail:80/; + } + + location /rspamd/ { + include common/proxy-common; + proxy_pass http://mailserver:11334/; + } + + client_max_body_size 5G; +} + + +server { + listen 80; + listen [::]:80; + server_name mail.${CRUPEST_DOMAIN}; + + include common/https-redirect; + include common/acme-challenge; +} diff --git a/template/nginx/redirect.conf.template b/template/nginx/redirect.conf.template deleted file mode 100644 index b3122e2..0000000 --- a/template/nginx/redirect.conf.template +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 ${CRUPEST_NGINX_URL}$request_uri; - } -} - -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 ${CRUPEST_NGINX_URL}$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/reverse-proxy.conf.template b/template/nginx/reverse-proxy.conf.template deleted file mode 100644 index 01442ab..0000000 --- a/template/nginx/reverse-proxy.conf.template +++ /dev/null @@ -1,32 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://${CRUPEST_NGINX_UPSTREAM_SERVER}; - } - - client_max_body_size 5G; -} - -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 https://$host$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/root.conf.template b/template/nginx/root.conf.template index 21d144c..3f20cf1 100644 --- a/template/nginx/root.conf.template +++ b/template/nginx/root.conf.template @@ -13,27 +13,9 @@ server { } proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; + include common/proxy-common; proxy_pass http://v2ray:10000; } - - location /api { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://crupest-api:5000; - } - } server { @@ -41,43 +23,6 @@ server { listen [::]:80; server_name ${CRUPEST_DOMAIN}; - location / { - return 301 https://$host$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} - -# For mail temporarily -# TODO: Make subpath supported in aio. -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name mail.${CRUPEST_DOMAIN}; - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://roundcubemail:80/; - } - - location /rspamd/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://mailserver:11334/; - } - - client_max_body_size 5G; + include common/https-redirect; + include common/acme-challenge; } diff --git a/template/nginx/server.json b/template/nginx/server.json deleted file mode 100644 index fa84030..0000000 --- a/template/nginx/server.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "$schema": "./server.schema.json", - "sites": [ - { - "type": "reverse-proxy", - "subdomain": "timeline", - "upstream": "timeline:5000" - }, - { - "type": "reverse-proxy", - "subdomain": "code", - "upstream": "debian-dev:8080" - }, - { - "type": "reverse-proxy", - "subdomain": "git", - "upstream": "forgejo:3000" - }, - { - "type": "cert-only", - "subdomain": "mail" - }, - { - "type": "reverse-proxy", - "subdomain": "2fa", - "upstream": "2fauth:8000" - }, - { - "type": "static-file", - "subdomain": "blog", - "root": "/srv/blog" - }, - { - "type": "redirect", - "subdomain": "github", - "url": "https://github.com/crupest" - } - ] -} diff --git a/template/nginx/server.schema.json b/template/nginx/server.schema.json deleted file mode 100644 index c3bc7c0..0000000 --- a/template/nginx/server.schema.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "definitions": { - "CertOnlySite": { - "properties": { - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "cert-only" - ], - "type": "string" - } - }, - "type": "object" - }, - "RedirectSite": { - "properties": { - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "redirect" - ], - "type": "string" - }, - "url": { - "type": "string" - } - }, - "type": "object" - }, - "ReverseProxySite": { - "properties": { - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "reverse-proxy" - ], - "type": "string" - }, - "upstream": { - "type": "string" - } - }, - "type": "object" - }, - "StaticFileSite": { - "properties": { - "root": { - "type": "string" - }, - "subdomain": { - "type": "string" - }, - "type": { - "enum": [ - "static-file" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "properties": { - "sites": { - "items": { - "anyOf": [ - { - "$ref": "#/definitions/ReverseProxySite" - }, - { - "$ref": "#/definitions/StaticFileSite" - }, - { - "$ref": "#/definitions/RedirectSite" - }, - { - "$ref": "#/definitions/CertOnlySite" - } - ] - }, - "type": "array" - } - }, - "type": "object" -} - diff --git a/template/nginx/server.ts b/template/nginx/server.ts deleted file mode 100644 index 368e5ff..0000000 --- a/template/nginx/server.ts +++ /dev/null @@ -1,36 +0,0 @@ -// Used to generate json schema. - -export interface ReverseProxySite { - type: "reverse-proxy"; - subdomain: string; - upstream: string; -} - -export interface StaticFileSite { - type: "static-file"; - subdomain: string; - root: string; -} - -export interface RedirectSite { - type: "redirect"; - subdomain: string; - url: string; -} - -export interface CertOnlySite { - type: "cert-only"; - subdomain: string; -} - -export type Site = - | ReverseProxySite - | StaticFileSite - | RedirectSite - | CertOnlySite; - -export type Sites = Site[]; - -export interface Server { - sites: Sites; -} diff --git a/template/nginx/static-file.conf.template b/template/nginx/static-file.conf.template deleted file mode 100644 index 3022886..0000000 --- a/template/nginx/static-file.conf.template +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - root ${CRUPEST_NGINX_ROOT}; - } -} - -server { - listen 80; - listen [::]:80; - server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; - - location / { - return 301 https://$host$request_uri; - } - - location /.well-known/acme-challenge { - root /srv/acme; - } -} diff --git a/template/nginx/timeline.conf.template b/template/nginx/timeline.conf.template new file mode 100644 index 0000000..db908e8 --- /dev/null +++ b/template/nginx/timeline.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + listen [::]:80; + server_name timeline.${CRUPEST_DOMAIN}; + + include common/acme-challenge; +} diff --git a/template/v2ray-client-config.json.template b/template/v2ray-client-config.json.template deleted file mode 100644 index 0c99c6d..0000000 --- a/template/v2ray-client-config.json.template +++ /dev/null @@ -1,46 +0,0 @@ -{ - "inbounds": [ - { - "port": 1080, - "listen": "127.0.0.1", - "protocol": "socks", - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - }, - "settings": { - "auth": "noauth", - "udp": false - } - } - ], - "outbounds": [ - { - "protocol": "vmess", - "settings": { - "vnext": [ - { - "address": "$CRUPEST_DOMAIN", - "port": 443, - "users": [ - { - "id": "$CRUPEST_V2RAY_TOKEN", - "alterId": 0 - } - ] - } - ] - }, - "streamSettings": { - "network": "ws", - "security": "tls", - "wsSettings": { - "path": "/_$CRUPEST_V2RAY_PATH" - } - } - } - ] -}
\ No newline at end of file |