phares3757/linux-proxmox-server
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phares3757:11-25
Branches Tags
phares3757:main phares3757:11-25 phares3757:11-23
..
compare: phares3757:11-23
Branches Tags
phares3757:11-25 phares3757:11-23 phares3757:main

1 Commits
11-25 ... 11-23

Author SHA1 Message Date
Mike Phares
b32f5ee0b8 2024-11-23 2024-11-23 22:34:08 -07:00
29 changed files with 339 additions and 156 deletions
Expand all files Collapse all files

5
.gitignore vendored
View File

@ -43,17 +43,18 @@
!etc/dnsmasq.d/* !etc/dnsmasq.d/*
!etc/fstab/* !etc/fstab/*
!etc/netplan/* !etc/netplan/*
!etc/nginx/include/*
!etc/nginx/sites-available/* !etc/nginx/sites-available/*
!etc/mysql/mariadb.conf.d/* !etc/mysql/mariadb.conf.d/*
!etc/php/* !etc/php/*
!etc/postgresql/* !etc/postgresql/*
!etc/wsl/* !etc/wsl/*
!etc/dnsmasq.d/SDN/*
!etc/letsencrypt/**/* !etc/letsencrypt/**/*
!opt/copy/**/* !opt/copy/**/*
!opt/stacks/**/*.env !opt/dockge/**/*.yaml
!opt/stacks/**/*.yaml
!root/**/*container !root/**/*container
!home/podman/**/*volume !home/podman/**/*volume

8
.vscode/settings.json vendored
View File

@ -3,5 +3,11 @@
"*.container": "ini", "*.container": "ini",
"*.org": "ini", "*.org": "ini",
"*.net": "ini" "*.net": "ini"
} },
"cSpell.words": [
"diskstation",
"dockge",
"neko",
"phares"
]
} }

24
etc/dnsmasq.d/SDN/00-default.conf Normal file
View File

@ -0,0 +1,24 @@
except-interface=lo
enable-ra
quiet-ra
bind-dynamic
no-hosts
dhcp-leasefile=/var/lib/misc/dnsmasq.SDN.leases
dhcp-hostsfile=/etc/dnsmasq.d/SDN/ethers
dhcp-ignore=tag:!known
dhcp-option=26,1500
ra-param=*,mtu:1500,0
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
dhcp-option=252,"\n"
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants.
dhcp-option=vendor:MSFT,2,1i
# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore

3
etc/dnsmasq.d/SDN/10-SDN.conf Normal file
View File

@ -0,0 +1,3 @@
dhcp-option=tag:SDN-192.168.32.1-25,option:router,192.168.32.1
dhcp-range=set:SDN-192.168.32.1-25,192.168.32.1,static,255.255.255.128,infinite
interface=SDN

2
etc/dnsmasq.d/SDN/ethers Normal file
View File

@ -0,0 +1,2 @@
BC:24:11:D6:FC:B3,192.168.32.100
BC:24:11:6A:65:00,192.168.32.101

20
etc/nginx/include/adguard.conf Normal file
View File

@ -0,0 +1,20 @@
server {
# touch /etc/nginx/include/adguard.affirm.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.affirm.duckdns.org.key -out /etc/nginx/include/adguard.affirm.duckdns.org.crt -config /etc/nginx/include/adguard.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name adguard.affirm.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.31.12:3002/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

20
etc/nginx/include/chat.conf Normal file
View File

@ -0,0 +1,20 @@
server {
# touch /etc/nginx/include/chat.affirm.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/chat.affirm.duckdns.org.key -out /etc/nginx/include/chat.affirm.duckdns.org.crt -config /etc/nginx/include/chat.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name chat.affirm.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.0.31:5001/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

24
etc/nginx/include/cockpit.conf Normal file
View File

@ -0,0 +1,24 @@
server {
# touch /etc/nginx/include/cockpit.affirm.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.affirm.duckdns.org.key -out /etc/nginx/include/cockpit.affirm.duckdns.org.crt -config /etc/nginx/include/cockpit.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name cockpit.affirm.duckdns.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://127.0.0.1:9090/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
gzip off;
}
}

18
etc/nginx/include/diskstation.conf Normal file
View File

@ -0,0 +1,18 @@
server {
# touch /etc/nginx/include/diskstation.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name diskstation.affirm.duckdns.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.0.31:5001/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

20
etc/nginx/include/dockge.conf Normal file
View File

@ -0,0 +1,20 @@
server {
# touch /etc/nginx/include/dockge.affirm.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dockge.affirm.duckdns.org.key -out /etc/nginx/include/dockge.affirm.duckdns.org.crt -config /etc/nginx/include/dockge.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name dockge.affirm.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.31.12:5002/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

18
etc/nginx/include/drive.conf Normal file
View File

@ -0,0 +1,18 @@
server {
# touch /etc/nginx/include/drive.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name drive.affirm.duckdns.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.0.31:5001/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

19
etc/nginx/include/firefox.conf Normal file
View File

@ -0,0 +1,19 @@
server {
# touch /etc/nginx/include/firefox.affirm.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.affirm.duckdns.org.key -out /etc/nginx/include/firefox.affirm.duckdns.org.crt -config /etc/nginx/include/firefox.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name firefox.affirm.duckdns.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.31.12:5800/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

32
etc/nginx/include/kuma.conf Normal file
View File

@ -0,0 +1,32 @@
server {
# touch /etc/nginx/include/kuma.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name kuma.affirm.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.31.12:3001/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
# [Container]
# AutoUpdate=registry
# ContainerName=uptime-kuma-server
# Environment="UPTIME_KUMA_SSL_CERT=/certs/server.cert"
# Environment="UPTIME_KUMA_SSL_KEY=/certs/server.key"
# Image=docker.io/louislam/uptime-kuma:1
# PodmanArgs=--add-host=cockpit.phares.duckdns.org:192.168.11.2
# PodmanArgs=--add-host=mattermost.phares.duckdns.org:192.168.11.2
# PublishPort=3004:3001
# Volume=uptime-kuma-server-data.volume:/app/data:rw
# Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
# Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro

24
etc/nginx/include/neko.conf Normal file
View File

@ -0,0 +1,24 @@
server {
# touch /etc/nginx/include/neko.affirm.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.affirm.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name neko.affirm.duckdns.org;
location / {
# https://neko.m1k1o.net/#/getting-started/reverse-proxy
proxy_pass http://192.168.31.12:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Protocol $scheme;
}
}

19
etc/nginx/include/photos.conf Normal file
View File

@ -0,0 +1,19 @@
server {
# touch /etc/nginx/include/photos.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name photos.affirm.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.0.31:5001/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

19
etc/nginx/include/products.conf Normal file
View File

@ -0,0 +1,19 @@
server {
# touch /etc/nginx/include/products.affirm.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/products.affirm.duckdns.org.key -out /etc/nginx/include/products.affirm.duckdns.org.crt -config /etc/nginx/include/products.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name products.affirm.duckdns.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.31.12:5005/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

22
etc/nginx/include/pve.conf Normal file
View File

@ -0,0 +1,22 @@
server {
# touch /etc/nginx/include/pve.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name pve.affirm.duckdns.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.31.12:8006/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 500M;
}
}

23
etc/nginx/include/quartz.conf Normal file
View File

@ -0,0 +1,23 @@
server {
listen 8084 default_server;
root /var/www/html-quartz;
index index.html index.htm;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
server {
# touch /etc/nginx/include/quartz.affirm.duckdns.org
ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name quartz.affirm.duckdns.org;
root /var/www/html-quartz;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri.html $uri/ =404;
}
}

1
etc/nginx/sites-available/default
View File

@ -7,7 +7,6 @@ include /etc/nginx/include/drive.conf; # https://drive.affirm.duckdns.org # http
include /etc/nginx/include/firefox.conf; # https://firefox.affirm.duckdns.org # http://192.168.31.12:5800/; include /etc/nginx/include/firefox.conf; # https://firefox.affirm.duckdns.org # http://192.168.31.12:5800/;
include /etc/nginx/include/kuma.conf; # https://kuma.affirm.duckdns.org # http://192.168.32.100:3001/; include /etc/nginx/include/kuma.conf; # https://kuma.affirm.duckdns.org # http://192.168.32.100:3001/;
include /etc/nginx/include/neko.conf; # https://neko.affirm.duckdns.org # http://192.168.31.12:8082/; include /etc/nginx/include/neko.conf; # https://neko.affirm.duckdns.org # http://192.168.31.12:8082/;
include /etc/nginx/include/open-project.conf; # https://open-project.affirm.duckdns.org # https://192.168.31.12:8080/;
include /etc/nginx/include/photos.conf; # https://photos.affirm.duckdns.org # https://192.168.31.12:5001/; include /etc/nginx/include/photos.conf; # https://photos.affirm.duckdns.org # https://192.168.31.12:5001/;
include /etc/nginx/include/products.conf; # https://products.affirm.duckdns.org # https://192.168.31.12:5005/; include /etc/nginx/include/products.conf; # https://products.affirm.duckdns.org # https://192.168.31.12:5005/;
include /etc/nginx/include/pve.conf; # https://pve.affirm.duckdns.org # https://192.168.31.12:8006/; include /etc/nginx/include/pve.conf; # https://pve.affirm.duckdns.org # https://192.168.31.12:8006/;

22
opt/dockge/compose.yaml Normal file
View File

@ -0,0 +1,22 @@
services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
ports:
# Host Port : Container Port
- 5002:5001
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/app/data
# If you want to use private registries, you need to share the auth file with Dockge:
# - /root/.docker/:/root/.docker
# Stacks Directory
# ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
# ⚠️ 1. FULL path only. No relative path (MUST)
# ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
- /opt/stacks:/opt/stacks
environment:
# Tell Dockge where is your stacks directory
- DOCKGE_STACKS_DIR=/opt/stacks

1
opt/stacks/firefox/.env
View File

@ -1 +0,0 @@
FF_OPEN_URL=https://192.168.31.1

8
opt/stacks/firefox/compose.yaml
View File

@ -1,8 +0,0 @@
version: '3'
services:
firefox:
image: jlesage/firefox
ports:
- "5800:5800"
volumes:
- "/docker/appdata/firefox:/config:rw"

0
opt/stacks/kuma/.env
View File

8
opt/stacks/kuma/compose.yaml
View File

@ -1,8 +0,0 @@
version: "3"
services:
kuma:
image: docker.io/louislam/uptime-kuma:1
ports:
- 3001:3001
volumes:
- /docker/appdata/kuma:/app/data:rw

1
opt/stacks/one-review-webapp-production/.env
View File

@ -1 +0,0 @@
ASPNETCORE_ENVIRONMENT=Production

7
opt/stacks/one-review-webapp-production/compose.yaml
View File

@ -1,7 +0,0 @@
version: "3"
services:
one-review-webapp:
image: one-review-webapp
ports:
- 5005:5001
networks: {}

11
opt/stacks/open-project/.env
View File

@ -1,11 +0,0 @@
TAG=14-slim
OPENPROJECT_HTTPS=false
OPENPROJECT_HOST__NAME=open-project.affirm.duckdns.org
PORT=192.168.31.12:8080
OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
IMAP_ENABLED=false
DATABASE_URL=postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true
RAILS_MIN_THREADS=4
RAILS_MAX_THREADS=16
PGDATA="/var/lib/postgresql/data"
OPDATA="/var/openproject/assets"

112
opt/stacks/open-project/compose.yaml
View File

@ -1,112 +0,0 @@
networks:
frontend: null
backend: null
volumes:
pgdata: null
opdata: null
x-op-restart-policy: &a2
restart: unless-stopped
x-op-image: &a1
image: openproject/openproject:${TAG:-15-slim}
x-op-app: &a3
<<:
- *a1
- *a2
environment:
OPENPROJECT_HTTPS: ${OPENPROJECT_HTTPS:-true}
OPENPROJECT_HOST__NAME: ${OPENPROJECT_HOST__NAME:-localhost:8080}
OPENPROJECT_HSTS: ${OPENPROJECT_HSTS:-true}
RAILS_CACHE_STORE: memcache
OPENPROJECT_CACHE__MEMCACHE__SERVER: cache:11211
OPENPROJECT_RAILS__RELATIVE__URL__ROOT: ${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}
DATABASE_URL: ${DATABASE_URL:-postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true}
RAILS_MIN_THREADS: ${RAILS_MIN_THREADS:-4}
RAILS_MAX_THREADS: ${RAILS_MAX_THREADS:-16}
# set to true to enable the email receiving feature. See ./docker/cron for more options
IMAP_ENABLED: ${IMAP_ENABLED:-false}
volumes:
- ${OPDATA:-opdata}:/var/openproject/assets
services:
db:
image: postgres:13
<<: *a2
stop_grace_period: 3s
volumes:
- ${PGDATA:-pgdata}:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-p4ssw0rd}
POSTGRES_DB: openproject
networks:
- backend
cache:
image: memcached
<<: *a2
networks:
- backend
proxy:
build:
context: ./proxy
args:
APP_HOST: web
image: openproject/proxy
<<: *a2
ports:
- ${PORT:-8080}:80
depends_on:
- web
networks:
- frontend
web:
<<: *a3
command: ./docker/prod/web
networks:
- frontend
- backend
depends_on:
- db
- cache
- seeder
labels:
- autoheal=true
healthcheck:
test:
- CMD
- curl
- -f
- http://localhost:8080${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}/health_checks/default
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
autoheal:
image: willfarrell/autoheal:1.2.0
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
AUTOHEAL_CONTAINER_LABEL: autoheal
AUTOHEAL_START_PERIOD: 600
AUTOHEAL_INTERVAL: 30
worker:
<<: *a3
command: ./docker/prod/worker
networks:
- backend
depends_on:
- db
- cache
- seeder
cron:
<<: *a3
command: ./docker/prod/cron
networks:
- backend
depends_on:
- db
- cache
- seeder
seeder:
<<: *a3
command: ./docker/prod/seeder
restart: on-failure
networks:
- backend

4
opt/stacks/openproject-docker-compose/.gitignore vendored
View File

@ -1,4 +0,0 @@
.env
docker-compose.override.yml
backups/