Compare commits
10 Commits
d3c5ab62e2
...
7604cdeb28
| Author | SHA1 | Date | |
|---|---|---|---|
| 7604cdeb28 | |||
| e3090d6070 | |||
| 93bcfacab2 | |||
| b4be828739 | |||
| f3c319e0d6 | |||
| f04ae146a0 | |||
| d6a4744da7 | |||
| d089ba8b9d | |||
| 6cf8772530 | |||
| 166d27f82a |
@@ -1,5 +1,3 @@
|
||||
version: "3.9"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
@@ -12,7 +10,7 @@ volumes:
|
||||
|
||||
services:
|
||||
duplicati:
|
||||
image: duplicati/duplicati
|
||||
image: duplicati/duplicati:beta
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- duplicati-conf:/data
|
||||
@@ -20,15 +18,17 @@ services:
|
||||
- /mnt/raid/nextcloud_data:/backup
|
||||
networks:
|
||||
- proxy
|
||||
ports:
|
||||
- "8200:8200"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.duplicati.entrypoints=web"
|
||||
- "traefik.http.routers.duplicati.rule=Host(`backup-asu.ddnss.de`)"
|
||||
- "traefik.http.routers.duplicati.middlewares=sftp"
|
||||
- "traefik.http.routers.duplicati.middlewares=duplicati"
|
||||
- "traefik.http.middlewares.duplicati.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.duplicati-secure.entrypoints=websecure"
|
||||
- "traefik.http.routers.duplicati-secure.rule=Host(`backup-asu.ddnss.de`)"
|
||||
- "traefik.http.routers.duplicati-secure.service=sftp-secure"
|
||||
- "traefik.http.routers.duplicati-secure.service=duplicati-secure"
|
||||
- "traefik.http.routers.duplicati-secure.tls=true"
|
||||
- "traefik.http.routers.duplicati-secure.tls.certresolver=myresolver"
|
||||
- "traefik.http.services.duplicati-secure.loadbalancer.server.port=8090"
|
||||
- "traefik.http.services.duplicati-secure.loadbalancer.server.port=8200"
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
version: "3.9"
|
||||
|
||||
volumes:
|
||||
nextcloud:
|
||||
name: nextcloud
|
||||
@@ -79,10 +77,10 @@ services:
|
||||
- ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf
|
||||
|
||||
db:
|
||||
image: mysql:latest
|
||||
image: mysql:9
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- nextcloud-db:/var/lib/postgresql/data
|
||||
- nextcloud-db:/var/lib/mysql
|
||||
networks:
|
||||
- nextcloud
|
||||
environment:
|
||||
|
||||
@@ -31,7 +31,7 @@ server {
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
@@ -76,6 +76,12 @@ server {
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
location /.well-known/webfinger { return 301 /index.php/.well-known/webfinger/; }
|
||||
location /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
@@ -109,10 +115,26 @@ server {
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
|
||||
# Javascript mimetype fixes for nginx
|
||||
# Note: The block below should be removed, and the js|mjs section should be
|
||||
# added to the block below this one. This is a temporary fix until Nginx
|
||||
# upstream fixes the js mime-type
|
||||
location ~* \.(?:js|mjs)$ {
|
||||
types {
|
||||
text/javascript js mjs;
|
||||
}
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463, immutable";
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
|
||||
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
@@ -1,10 +1,12 @@
|
||||
version: "3.9"
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
services:
|
||||
sftp:
|
||||
image: drakkan/sftpgo:alpine-slim
|
||||
ports:
|
||||
- "2222:2022"
|
||||
- "2022:2022"
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
version: "3.9"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: false
|
||||
@@ -11,7 +9,7 @@ volumes:
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.9
|
||||
image: traefik:v2.11
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- --global.sendAnonymousUsage=false
|
||||
@@ -22,7 +20,6 @@ services:
|
||||
- --providers.docker.swarmMode=false
|
||||
- --entryPoints.web.address=:80
|
||||
- --entryPoints.websecure.address=:443
|
||||
- --entryPoints.sftp.address=:2222/tcp
|
||||
- --certificatesresolvers.myresolver.acme.tlschallenge=true
|
||||
- --certificatesresolvers.myresolver.acme.email=maier@arbeitsschutz-ulm.de
|
||||
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
|
||||
|
||||
29
vault/docker-compose.yaml
Normal file
29
vault/docker-compose.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
vault:
|
||||
name: vault
|
||||
|
||||
services:
|
||||
vault:
|
||||
image: vaultwarden/server:alpine
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- vault:/data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.vault.entrypoints=web"
|
||||
- "traefik.http.routers.vault.rule=Host(`bitwarden-asu.ddnss.de`)"
|
||||
- "traefik.http.routers.vault.middlewares=vault"
|
||||
- "traefik.http.middlewares.vault.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.vault-secure.entrypoints=websecure"
|
||||
- "traefik.http.routers.vault-secure.rule=Host(`bitwarden-asu.ddnss.de`)"
|
||||
- "traefik.http.routers.vault-secure.service=vault-secure"
|
||||
- "traefik.http.routers.vault-secure.tls=true"
|
||||
- "traefik.http.routers.vault-secure.tls.certresolver=myresolver"
|
||||
- "traefik.http.services.vault-secure.loadbalancer.server.port=80"
|
||||
networks:
|
||||
- proxy
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
version: "3.9"
|
||||
|
||||
services:
|
||||
watchtower:
|
||||
image: containrrr/watchtower
|
||||
@@ -9,5 +7,9 @@ services:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
WATCHTOWER_INCLUDE_STOPPED: true
|
||||
WATCHTOWER_MONITOR_ONLY: true
|
||||
WATCHTOWER_MONITOR_ONLY: false
|
||||
WATCHTOWER_SCHEDULE: "0 0 4 * * *"
|
||||
WATCHTOWER_WARN_ON_HEAD_FAILURE: "never"
|
||||
WATCHTOWER_NOTIFICATIONS: "shoutrrr"
|
||||
WATCHTOWER_NOTIFICATION_URL: "mattermost://watchtower@cs-mm.ddnss.de/og4ckuqet7fafb8kjuaigzuh7c"
|
||||
WATCHTOWER_NOTIFICATION_TEMPLATE: "{{range .}} ASU - {{.Time.Format \"2006-01-02 15:04:05\"}} ({{.Level}}): {{.Message}}{{println}}{{end}}"
|
||||
|
||||
Reference in New Issue
Block a user