Compare commits
1 Commits
main
...
fix_hedged
Author | SHA1 | Date |
---|---|---|
Simon | 951490a1da |
30
README.md
30
README.md
|
@ -1,40 +1,28 @@
|
|||
# Services
|
||||
|
||||
Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien utilise et met à jour de façon presque hebdomadaire. L'ensemble des variables d'environnement enregistrées dans les fichiers `.env` est présent pour une logique d'exemple et n'a jamais été utilisé en production. Nous vous conseillons de ne jamais le faire si vous utilisez le dépôt.
|
||||
Vous trouverez dans ce dépôt l'ensemble des services Open Source que j'utilise et mets à jour quotidiennement.
|
||||
|
||||
## Liste des services
|
||||
|
||||
### Pour les utilisateurs
|
||||
|
||||
- [Directus](./directus) : Permet d'administrer une base de données
|
||||
- [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel
|
||||
- [listmonk](./listmonk) : Gestionnaire de listes de diffusion et de newsletter
|
||||
- [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes
|
||||
- [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration
|
||||
- [signaturepdf](./signaturepdf) : Logiciel WEB libre permettant de modifier un fichier PDF facilement
|
||||
- [Plausible](./plausible) : Plausible est une plateforme d'analyse Web légère et open source
|
||||
- [Vaultwarden](./vaultwarden) : Gestionnaire de mot de passe compatible avec Bitwarden
|
||||
- [Vikunja](./vikunja) : L'application pour organiser sa vie
|
||||
|
||||
### Pour les devs / ops
|
||||
|
||||
- [ClickHouse](./clickhouse) : Un logiciel libre de base de données orientée colonnes pour le traitement analytique en ligne
|
||||
- [Drone](./drone) : Un service d'intégration continue
|
||||
- [GeoIP Update](./geoipupdate) : Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
|
||||
- [Gitea](./gitea) : Un service Git très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
|
||||
- [Drone](./drone) `en pause` : Un service d'intégration continue
|
||||
- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
|
||||
- [Grafana](./grafana) : Un outil de supervision simple et élégant
|
||||
- [LLDAP](./lldap): Implémentation légère de LDAP pour l'authentification
|
||||
- [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.
|
||||
- [Prometheus](./prometheus) : Un logiciel de surveillance informatique
|
||||
- [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances
|
||||
- [Registry Docker](./registry) : Une application qui permet de distribuer des images Docker
|
||||
- [Docker Registry](./registry) : Une application qui permet de distribuer des images Docker
|
||||
- [Traefik](./traefik) : Traefik, un reverse-proxy pour vos conteneurs
|
||||
- [Uptime Kuma](./uptimekuma) : outil de surveillance de site ou service WEB
|
||||
- [Watchtower](./watchtower) : Automatiser la mise à jour d'image docker
|
||||
- [Watchtower](./watchtower) `en pause` : Automatiser la mise à jour d'image docker
|
||||
|
||||
## Comment ça marche ?
|
||||
|
||||
Vous pouvez réutiliser ce dépôt pour vos services, il existe une documentation dans le dossier [_examples_](./examples).
|
||||
Vous pouvez réutiliser ce dépôt pour votre infrastructure. J'ai mis une documentation dans le dossier [_examples_](./examples).
|
||||
|
||||
### Docker et Docker Compose
|
||||
|
||||
|
@ -47,11 +35,9 @@ Voici les commandes de base :
|
|||
|
||||
### ./run
|
||||
|
||||
> 🚧 RésiLien a changé de façon de faire et nous n'utilisons plus les scripts `run`. Nous passons maintenant par Ansible. Les scripts ne seront plus mis à jour et finiront peut être par être supprimés. Utilisez les avec précaution.
|
||||
|
||||
Vous pourrez trouver dans les dossiers des services un script bash `run`. Le principe est de faciliter la maintenance de chaque service.
|
||||
|
||||
Vous pouvez lancer le script sans paramètres pour afficher la documentation du script.
|
||||
Vous pouvez lancer le script sans paramètre pour afficher la documentation du script.
|
||||
|
||||
## Documentation
|
||||
|
||||
|
@ -69,8 +55,6 @@ En haut de chaque script il y a `set -eu` qui veut dire :
|
|||
|
||||
## Tâches
|
||||
|
||||
> 🚧 Ses tâches ne sont pas à jour
|
||||
|
||||
Général :
|
||||
|
||||
- [ ] Mettre en place une rotation des logs
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#CLICKHOUSE_VOLUME_NAME=
|
||||
#CLICKHOUSE_CONTAINER_NAME=
|
||||
#CLICKHOUSE_IMAGE=
|
|
@ -1,16 +0,0 @@
|
|||
# ClickHouse
|
||||
|
||||
> ClickHouse est un logiciel libre de base de données orientée colonnes (DBMS) pour le traitement analytique en ligne (OLAP).
|
||||
>
|
||||
> <cite>[Wikipédia][wikipedia]</cite>
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site Officiel][site]
|
||||
- [Code source][source]
|
||||
- [Docker Hub][dockerhub]
|
||||
|
||||
[wikipedia]: https://fr.wikipedia.org/wiki/ClickHouse
|
||||
[site]: https://clickhouse.com/
|
||||
[source]: https://github.com/ClickHouse/ClickHouse
|
||||
[dockerhub]: https://hub.docker.com/r/clickhouse/clickhouse-server
|
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
clickhouse:
|
||||
name: ${CLICKHOUSE_VOLUME_NAME:-clickhouse}
|
||||
|
||||
services:
|
||||
clickhouse:
|
||||
container_name: ${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
|
||||
image: ${CLICKHOUSE_IMAGE:-clickhouse/clickhouse-server:22.2.2.1-alpine}
|
||||
restart: always
|
||||
volumes:
|
||||
- clickhouse:/var/lib/clickhouse
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ulimits:
|
||||
nofile:
|
||||
soft: 262144
|
||||
hard: 262144
|
|
@ -1,56 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/directus/docker-compose.yml:${SERVICES_DIR}/directus/docker-compose.traefik.yml:${SERVICES_DIR}/directus/docker-compose.smtp.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
##########
|
||||
# DIRECTUS
|
||||
#
|
||||
# see https://github.com/directus/directus/blob/main/api/example.env
|
||||
|
||||
DIRECTUS_CONTAINER_NAME=directus_cool_life
|
||||
DIRECTUS_DOMAIN=directus.cool.life
|
||||
DIRECTUS_PUBLIC_URL=https://${DIRECTUS_DOMAIN}
|
||||
DIRECTUS_KEY=255d861b-5ea1-5996-9aa3-922530ec40b1
|
||||
DIRECTUS_SECRET=6116487b-cda1-52c2-b5b5-c8022c45e263
|
||||
DIRECTUS_ADMIN_EMAIL=admin@example.com
|
||||
DIRECTUS_ADMIN_PASSWORD=d1r3ctu5
|
||||
|
||||
EMAIL_FROM=no-reply@${DIRECTUS_DOMAIN}
|
||||
EMAIL_SMTP_HOST=mail.example.org
|
||||
#EMAIL_SMTP_PORT=
|
||||
EMAIL_SMTP_USER=user
|
||||
EMAIL_SMTP_PASSWORD=password
|
||||
#EMAIL_SMTP_SECURE=
|
||||
#EMAIL_SMTP_IGNORE_TLS=
|
||||
|
||||
# DIRECTUS_PUID=
|
||||
# DIRECTUS_PGID=
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=directus-postgres
|
||||
POSTGRES_VOLUME_NAME=directus-postgres
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
#######
|
||||
# REDIS
|
||||
|
||||
#REDIS_IMAGE=
|
||||
#REDIS_CONTAINER_NAME=
|
||||
#REDIS_VOLUME_NAME=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
|
@ -1,20 +0,0 @@
|
|||
# Directus
|
||||
|
||||
> Directus wraps your new or existing SQL database with a realtime GraphQL+REST API for developers, and an intuitive admin app for non-technical users.
|
||||
|
||||
## Configuration
|
||||
|
||||
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer Directus.
|
||||
|
||||
- `CORS_ORIGIN` à comme valeur par défaut `false` et peut prendre `true` pour accepter toutes les connexions, mais il est préférable de spécifier directement les sites comme ceci `array:https://example.com,https://staging.example.com`.
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site officiel][website]
|
||||
- [Github][github]
|
||||
- [L'image Docker][docker]
|
||||
|
||||
[website]: https://directus.io/
|
||||
[docker]: https://hub.docker.com/r/directus/directus
|
||||
[github]: https://github.com/directus/directus/
|
||||
[documentation]: https://docs.directus.io/reference/environment-variables/
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
directus:
|
||||
environment:
|
||||
CACHE_ENABLED: 'true'
|
||||
CACHE_STORE: 'redis'
|
||||
CACHE_REDIS: 'redis://${REDIS_CONTAINER_NAME:-redis}:6379'
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
directus:
|
||||
environment:
|
||||
EMAIL_TRANSPORT: smtp
|
||||
EMAIL_FROM: ${EMAIL_FROM:?err}
|
||||
EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
|
||||
EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
|
||||
EMAIL_SMTP_USER: ${EMAIL_SMTP_USER:?err}
|
||||
EMAIL_SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD:?err}
|
||||
EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
|
||||
EMAIL_SMTP_IGNORE_TLS: ${EMAIL_SMTP_IGNORE_TLS:-false}
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
directus:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.rule=Host(`${DIRECTUS_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-directus}.entrypoints=web
|
|
@ -1,38 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
directus:
|
||||
name: ${DIRECTUS_VOLUME_NAME:-directus}
|
||||
|
||||
services:
|
||||
directus:
|
||||
container_name: ${DIRECTUS_CONTAINER_NAME:-directus}
|
||||
image: ${DIRECTUS_IMAGE:-directus/directus:9.8.0}
|
||||
restart: always
|
||||
volumes:
|
||||
- directus:/directus/uploads
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
environment:
|
||||
KEY: ${DIRECTUS_KEY:?err}
|
||||
SECRET: ${DIRECTUS_SECRET:?err}
|
||||
TELEMETRY: false
|
||||
|
||||
ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:?err}
|
||||
ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:?err}
|
||||
PUBLIC_URL: ${DIRECTUS_PUBLIC_URL:?err}
|
||||
CORS_ENABLED: ${DIRECTUS_CORS_ENABLED:-false}
|
||||
CORS_ORIGIN: ${DIRECTUS_CORS_ORIGIN:-false}
|
||||
|
||||
DB_CLIENT: 'pg'
|
||||
DB_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
DB_PORT: '5432'
|
||||
DB_DATABASE: ${POSTGRES_DB:?err}
|
||||
DB_USER: ${POSTGRES_USER:?err}
|
||||
DB_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
||||
|
||||
TZ: ${TZ:-Europe/Paris}
|
||||
|
||||
PUID: ${DIRECTUS_PUID:-1000}
|
||||
PGID: ${DIRECTUS_PGID:-1000}
|
|
@ -0,0 +1,37 @@
|
|||
## DOCKER
|
||||
|
||||
COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
|
||||
TRAEFIK_NETWORK_NAME=kifeart
|
||||
|
||||
|
||||
## DRONE SERVER
|
||||
|
||||
# https://hub.docker.com/r/drone/drone/tags
|
||||
DRONE_SERVER_IMAGE=drone/drone:1.7.0
|
||||
|
||||
DRONE_SERVER_VOLUME_NAME=drone-server
|
||||
DRONE_SERVER_CONTAINER_NAME=drone-server
|
||||
|
||||
# https://docs.drone.io/server/reference/
|
||||
DRONE_GIT_ALWAYS_AUTH=true
|
||||
DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
|
||||
DRONE_SERVER_HOST=ci.cool.life
|
||||
DRONE_SERVER_PROTO=https
|
||||
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
DRONE_GITEA_SERVER=gitea.cool.life
|
||||
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
|
||||
DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
|
||||
|
||||
|
||||
|
||||
## DRONE RUNNER
|
||||
|
||||
# https://hub.docker.com/r/drone/drone-runner-docker/tags
|
||||
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
|
||||
DRONE_RUNNER_CONTAINER_NAME=drone-runner
|
||||
DRONE_RUNNER_CAPACITY=2
|
||||
DRONE_RUNNER_HOST=ci-runner.cool.life
|
||||
DRONE_RUNNER_NAME=ci-runner.cool.life
|
||||
DRONE_RUNNER_UI_USERNAME=kosssi
|
||||
DRONE_RUNNER_UI_PASSWORD=$not$a$password
|
|
@ -4,22 +4,6 @@
|
|||
>
|
||||
> <cite>[Codeflow][article]</cite>
|
||||
|
||||
## Documentation
|
||||
|
||||
Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
|
||||
|
||||
Le service est basé sur 2 briques :
|
||||
- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
|
||||
- le coté exécution des tâches (_[runner](./runner)_).
|
||||
|
||||
### Génération de clé
|
||||
|
||||
Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
|
||||
|
||||
```
|
||||
openssl rand -hex 16
|
||||
```
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site internet][site]
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
version: "3.8"
|
||||
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
|
||||
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
|
||||
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}
|
|
@ -0,0 +1,22 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
|
||||
traefik.http.routers.drone-server.entrypoints: 'web'
|
||||
|
||||
drone-runner:
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
|
||||
traefik.http.routers.drone-runner.entrypoints: 'web'
|
|
@ -0,0 +1,41 @@
|
|||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
drone-server:
|
||||
name: ${DRONE_SERVER_VOLUME_NAME}
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
container_name: ${DRONE_SERVER_CONTAINER_NAME}
|
||||
image: ${DRONE_SERVER_IMAGE}
|
||||
restart: always
|
||||
environment:
|
||||
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
|
||||
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
|
||||
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
|
||||
DRONE_LOGS_DEBUG: 'true'
|
||||
volumes:
|
||||
- drone-server:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
drone-runner:
|
||||
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
|
||||
image: ${DRONE_RUNNER_IMAGE}
|
||||
restart: always
|
||||
depends_on:
|
||||
- drone-server
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
DRONE_RPC_PROTO: http
|
||||
DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
|
||||
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
|
||||
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
|
||||
DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
|
||||
DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
|
||||
DRONE_DEBUG: 'true'
|
|
@ -1,36 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=../..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
|
||||
## DRONE RUNNER
|
||||
#https://docs.drone.io/runner/docker/configuration/reference/
|
||||
|
||||
### Docker
|
||||
# https://hub.docker.com/r/drone/drone-runner-docker/tags
|
||||
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
|
||||
DRONE_RUNNER_CONTAINER_NAME=drone-server
|
||||
|
||||
### Drone
|
||||
# https://docs.drone.io/runner/docker/installation/linux/
|
||||
DRONE_RPC_HOST=drone.cool.life
|
||||
DRONE_RPC_PROTO=https
|
||||
DRONE_RPC_SECRET=change-me
|
||||
DRONE_RUNNER_HOST=ci-runner.cool.life
|
||||
DRONE_RUNNER_CAPACITY=2
|
||||
DRONE_RUNNER_NAME=drone-runner
|
||||
DRONE_UI_USERNAME=resilien
|
||||
DRONE_UI_PASSWORD=change-me
|
||||
DRONE_UI_DISABLE=false
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
|
@ -1,11 +0,0 @@
|
|||
# Drone CI Runner
|
||||
|
||||
Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
|
||||
|
||||
## Installation
|
||||
|
||||
L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
|
||||
|
||||
Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
|
||||
|
||||
Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/runner/docker/configuration/dashboard/
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
environment:
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
|
||||
DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
|
||||
DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
|
||||
DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
ports:
|
||||
- "3000:3000"
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/runner/docker/configuration/logging/
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
environment:
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
|
||||
DRONE_DEBUG: ${DRONE_DEBUG:-false}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
|
||||
DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
|
||||
DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
external: true
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/runner/docker/installation/linux/
|
||||
|
||||
services:
|
||||
drone-runner:
|
||||
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
|
||||
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
|
||||
DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
|
||||
DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
|
||||
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
|
||||
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
|
||||
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
|
|
@ -1,65 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=../..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
|
||||
## DRONE SERVER
|
||||
# https://docs.drone.io/server/reference/
|
||||
|
||||
### Docker
|
||||
# https://hub.docker.com/r/drone/drone/tags
|
||||
DRONE_SERVER_IMAGE=drone/drone:2.8.0
|
||||
DRONE_SERVER_VOLUME_NAME=drone-server
|
||||
DRONE_SERVER_CONTAINER_NAME=drone-server
|
||||
|
||||
### Drone
|
||||
|
||||
DRONE_RPC_SECRET=change-me
|
||||
DRONE_SERVER_HOST=ci.cool.life
|
||||
DRONE_SERVER_PROTO=https
|
||||
|
||||
### User
|
||||
DRONE_ADMIN_USER=resilien
|
||||
DRONE_ADMIN_TOKEN=change-me
|
||||
DRONE_USER_FILTER=resilien
|
||||
DRONE_REGISTRATION_CLOSED=true
|
||||
|
||||
### Gitea
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
#DRONE_GIT_ALWAYS_AUTH=
|
||||
DRONE_GITEA_SERVER=gitea.cool.life
|
||||
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
|
||||
DRONE_GITEA_CLIENT_SECRET=change-me
|
||||
|
||||
## Header
|
||||
# https://docs.drone.io/server/headers/
|
||||
#DRONE_HTTP_SSL_REDIRECT=
|
||||
#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
|
||||
#DRONE_HTTP_SSL_HOST=
|
||||
#DRONE_HTTP_STS_SECONDS=
|
||||
|
||||
### Cookie
|
||||
# https://docs.drone.io/server/cookie/
|
||||
DRONE_COOKIE_SECRET=change-me
|
||||
#DRONE_COOKIE_TIMEOUT=720h
|
||||
|
||||
### POSTGRES
|
||||
# https://docs.drone.io/server/storage/encryption/
|
||||
DRONE_DATABASE_SECRET=change-me
|
||||
POSTGRES_USER=user
|
||||
POSTGRES_PASSWORD=password
|
||||
POSTGRES_VOLUME_NAME=postgres
|
||||
POSTGRES_CONTAINER_NAME=postgres
|
||||
POSTGRES_DB=drone
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
|
@ -1,42 +0,0 @@
|
|||
# Drone CI Server
|
||||
|
||||
## Installation
|
||||
|
||||
L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
|
||||
|
||||
## Configuration
|
||||
|
||||
Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
|
||||
|
||||
### Installation du CLI
|
||||
|
||||
Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
|
||||
|
||||
### Configuration du CLI en local
|
||||
|
||||
Il faut :
|
||||
- l'url de l'instance (`DRONE_SERVER_HOST`)
|
||||
- le protocol de l'instance (`DRONE_SERVER_PROTO`)
|
||||
- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
|
||||
|
||||
```
|
||||
export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
|
||||
export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
|
||||
```
|
||||
|
||||
[Documentation officielle](https://docs.drone.io/cli/configure/)
|
||||
|
||||
### Les utilisateurs
|
||||
|
||||
Il faut ajouter les utilisateurs non admin :
|
||||
|
||||
```
|
||||
drone user add kosssi
|
||||
drone user add killian
|
||||
export PROMETHEUS_TOKEN=`openssl rand -hex 16`
|
||||
drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
|
||||
```
|
||||
|
||||
En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
|
||||
|
||||
[Documentation officielle](https://docs.drone.io/server/user/machine/#create-accounts) [cli](https://docs.drone.io/cli/user/drone-user-add/)
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/server/cookie/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-cookie-secret/
|
||||
DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
|
||||
# https://docs.drone.io/server/reference/drone-cookie-timeout/
|
||||
DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/server/provider/gitea/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-git-always-auth/
|
||||
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
|
||||
# https://docs.drone.io/server/reference/drone-gitea-server/
|
||||
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
|
||||
# https://docs.drone.io/server/reference/drone-gitea-client-id/
|
||||
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
|
||||
# https://docs.drone.io/server/reference/drone-gitea-client-secret/
|
||||
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/server/headers/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
|
||||
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
|
||||
DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
|
||||
DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
ports:
|
||||
- "3000:3000"
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/server/logging/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-logs-debug/
|
||||
DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-text/
|
||||
DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-pretty/
|
||||
DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-color/
|
||||
DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
|
||||
# https://docs.drone.io/server/reference/drone-logs-trace/
|
||||
DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/server/storage/database/
|
||||
# https://docs.drone.io/server/storage/encryption/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-database-secret/
|
||||
DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
|
||||
# https://docs.drone.io/server/reference/drone-database-driver/
|
||||
DRONE_DATABASE_DRIVER: postgres
|
||||
# https://docs.drone.io/server/reference/drone-database-datasource/
|
||||
DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
external: true
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
|
||||
# https://docs.drone.io/server/user/registration/
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-user-create/
|
||||
DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
|
||||
# https://docs.drone.io/server/reference/drone-user-filter/
|
||||
DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
|
||||
# https://docs.drone.io/server/reference/drone-registration-closed/
|
||||
DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
drone-server:
|
||||
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
|
||||
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.11.1}
|
||||
restart: always
|
||||
environment:
|
||||
# https://docs.drone.io/server/reference/drone-rpc-secret/
|
||||
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
|
||||
# https://docs.drone.io/server/reference/drone-server-host/
|
||||
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
|
||||
# https://docs.drone.io/server/reference/drone-server-proto/
|
||||
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
|
||||
volumes:
|
||||
- drone-server:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
|
@ -13,5 +13,3 @@ Si nous allons dans le dossier `traefik.cool.life` par example, il est possible
|
|||
## DOCKER_HOST
|
||||
|
||||
Si vous gérez des serveurs à distance, il est possible d'utiliser la variable `DOCKER_HOST` dans votre fichier `.env` pour expliquer que le service doit s’exécuter sur ce serveur.
|
||||
|
||||
> RésiLien utilise maintenant ce système avec une génération automatique des fichiers .env à l'aide d'Ansible, nous permettant de facilement déployer un nouveau service, de le déplacer de serveur
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
#GEOIP_VOLUME_NAME=
|
||||
#GEOIP_IMAGE=
|
||||
#GEOIP_CONTAINER_NAME=
|
||||
|
||||
#GEOIP_EDITION_IDS=
|
||||
GEOIP_LICENSE_KEY=blablabla
|
||||
#GEOIP_DOWNLOAD_PATH=
|
||||
#GEOIP_SCHEDULE=
|
||||
#GEOIP_LOG_LEVEL=
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
geoip:
|
||||
name: ${GEOIP_VOLUME_NAME:-geoip}
|
||||
|
||||
services:
|
||||
geoip:
|
||||
image: ${GEOIP_IMAGE:-crazymax/geoip-updater:latest}
|
||||
container_name: ${GEOIP_CONTAINER_NAME:-geoip-updater}
|
||||
restart: always
|
||||
volumes:
|
||||
- geoip:${GEOIP_DOWNLOAD_PATH:-/data}
|
||||
environment:
|
||||
EDITION_IDS: ${GEOIP_EDITION_IDS:-GeoLite2-City}
|
||||
LICENSE_KEY: ${GEOIP_LICENSE_KEY:-err}
|
||||
DOWNLOAD_PATH: ${GEOIP_DOWNLOAD_PATH:-/data}
|
||||
SCHEDULE: ${GEOIP_SCHEDULE:-0 0 * * 0} # Every Sunday
|
||||
LOG_LEVEL: ${GEOIP_LOG_LEVEL:-info}
|
||||
LOG_JSON: ${GEOIP_LOG_JSON:-false}
|
|
@ -1,10 +0,0 @@
|
|||
#GEOIPUPDATE_VOLUME_NAME=
|
||||
#GEOIPUPDATE_IMAGE=
|
||||
#GEOIPUPDATE_CONTAINER_NAME=
|
||||
|
||||
GEOIPUPDATE_ACCOUNT_ID=<change-me>
|
||||
GEOIPUPDATE_LICENSE_KEY=<change-me>
|
||||
#GEOIPUPDATE_EDITION_IDS=
|
||||
#GEOIPUPDATE_FREQUENCY=
|
||||
#GEOIPUPDATE_VERBOSE=
|
||||
#GEOIPUPDATE_DB_DIR=
|
|
@ -1,14 +0,0 @@
|
|||
# HedgeDoc
|
||||
|
||||
> Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site officiel][website]
|
||||
- [Github][github]
|
||||
- [L'image Docker de LinuxServer][docker]
|
||||
|
||||
[website]: https://www.maxmind.com/en/home
|
||||
[docker]: https://hub.docker.com/r/maxmindinc/geoipupdate
|
||||
[github]: https://github.com/maxmind/geoipupdate
|
||||
[documentation]: https://dev.maxmind.com/geoip/updating-databases
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
geoipupdate:
|
||||
name: ${GEOIPUPDATE_VOLUME_NAME:-geoipupdate}
|
||||
|
||||
services:
|
||||
geoipupdate:
|
||||
image: ${GEOIPUPDATE_IMAGE:-maxmindinc/geoipupdate:v4.9.0}
|
||||
container_name: ${GEOIPUPDATE_CONTAINER_NAME:-geoip-updater}
|
||||
restart: always
|
||||
volumes:
|
||||
- geoipupdate:${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
|
||||
environment:
|
||||
GEOIPUPDATE_ACCOUNT_ID: ${GEOIPUPDATE_ACCOUNT_ID:?err}
|
||||
GEOIPUPDATE_LICENSE_KEY: ${GEOIPUPDATE_LICENSE_KEY:?err}
|
||||
GEOIPUPDATE_EDITION_IDS: ${GEOIPUPDATE_EDITION_IDS:-GeoLite2-City}
|
||||
GEOIPUPDATE_FREQUENCY: ${GEOIPUPDATE_FREQUENCY:-72}
|
||||
GEOIPUPDATE_VERBOSE: ${GEOIPUPDATE_VERBOSE:-false}
|
||||
GEOIPUPDATE_DB_DIR: ${GEOIPUPDATE_DB_DIR:-/usr/share/GeoIP}
|
36
gitea/.env
36
gitea/.env
|
@ -1,34 +1,26 @@
|
|||
########
|
||||
# DOCKER
|
||||
COMPOSE_FILE=../postgres/docker-compose.yml:./docker-compose.yml:./docker-compose.override.yml
|
||||
|
||||
SERVICES_DIR=".."
|
||||
COMPOSE_FILE=${SERVICES_DIR}/gitea/docker-compose.yml:${SERVICES_DIR}/gitea/docker-compose.traefik.yml:${SERVICES_DIR}/gitea/docker-compose.smtp.yml:${SERVICES_DIR}/gitea/docker-compose.metrics.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
COMPOSE_PROJECT_NAME=$GITEA_DOMAIN
|
||||
# APP
|
||||
|
||||
#######
|
||||
# GITEA
|
||||
GITEA_VOLUME_NAME=gitea
|
||||
GITEA_PROTOCOL=http
|
||||
GITEA_DOMAIN=gitea.lan
|
||||
|
||||
# APP CONFIG
|
||||
# https://docs.gitea.io/en-us/install-with-docker/#environments-variables
|
||||
|
||||
GITEA_DOMAIN=gitea.lan
|
||||
GITEA_VOLUME_NAME=gitea
|
||||
GITEA_IMAGE=gitea/gitea:1.18.4
|
||||
GITEA_PROTOCOL=http
|
||||
GITEA_SECRET_KEY=kt5UdK0m9lI9MDyhVOFEB5jk7VwFynDyaxcUjEJUpWJBrC6FyH4dkUDKLYEa7hGn
|
||||
GITEA_INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzY5NzkxMzZ9.Iopu6DBUhglmNPzEyYylfmTmEUpYLHYEsNrm50GoBkU
|
||||
|
||||
# SMTP
|
||||
|
||||
GITEA__mailer__FROM='"Name" <email@example.com>'
|
||||
GITEA__mailer__SMTP_ADDR=smtp.gitea.lan
|
||||
GITEA__mailer__SMTP_PORT=465
|
||||
GITEA__mailer__USER=gitea.lan
|
||||
GITEA__mailer__PASSWD=gitea.lan
|
||||
DISABLE_SSH=true
|
||||
RUN_MODE=prod
|
||||
ROOT_URL=${GITEA_PROTOCOL}://${GITEA_DOMAIN}
|
||||
DISABLE_REGISTRATION=true
|
||||
DISABLE_GRAVATAR=true
|
||||
#INSTALL_LOCK=true
|
||||
|
||||
# DATABASE
|
||||
# Voir la description ../postgres/README.md
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=gitea-postgres
|
||||
POSTGRES_VOLUME_NAME=gitea-postgres
|
||||
POSTGRES_IMAGE=postgres:15.2-alpine
|
||||
|
|
|
@ -4,8 +4,6 @@
|
|||
>
|
||||
> <cite>[Documentation][documentation]</cite>
|
||||
|
||||
Il est possible de configurer l'intégralité du service à l'aide de variable d'environnement voir [la documentation officielle](https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables).
|
||||
|
||||
## Commandes
|
||||
|
||||
```sh
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
gitea:
|
||||
environment:
|
||||
- GITEA__METRICS__ENABLED=true
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
gitea:
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
gitea:
|
||||
environment:
|
||||
- GITEA__database__DB_TYPE=postgres
|
||||
- GITEA__database__HOST=${POSTGRES_CONTAINER_NAME:-postgres}:5432
|
||||
- GITEA__database__NAME=${POSTGRES_DB}
|
||||
- GITEA__database__USER=${POSTGRES_USER}
|
||||
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
|
||||
depends_on:
|
||||
- postgres
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
gitea:
|
||||
environment:
|
||||
- GITEA__mailer__ENABLED=true
|
||||
- GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:-smtp}
|
||||
- GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
|
||||
- GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
|
||||
|
||||
- GITEA__mailer__USER=${GITEA__mailer__USER:?GITEA__mailer__USER not set}
|
||||
- GITEA__mailer__PASSWD="""${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}"""
|
||||
|
||||
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
|
|
@ -1,15 +1,16 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
gitea:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.rule=Host(`${GITEA_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-gitea}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-gitea}.loadbalancer.server.port=3000
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
|
||||
traefik.http.routers.gitea.rule: 'Host(`${GITEA_DOMAIN:?err}`)'
|
||||
traefik.http.routers.gitea.entrypoints: 'web'
|
||||
|
||||
traefik.http.services.gitea.loadbalancer.server.port: '3000'
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
gitea:
|
||||
|
@ -7,17 +7,19 @@ volumes:
|
|||
services:
|
||||
gitea:
|
||||
container_name: ${GITEA_CONTAINER_NAME:-gitea}
|
||||
image: ${GITEA_IMAGE:-gitea/gitea:1.20.4}
|
||||
image: ${GITEA_IMAGE:-gitea/gitea:1.15.2}
|
||||
restart: always
|
||||
environment:
|
||||
- USER_UID=${GITEA_UID:-1000}
|
||||
- USER_GID=${GITEA_GID:-1000}
|
||||
# Security
|
||||
# docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY
|
||||
- GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
|
||||
# docker run -it --rm gitea/gitea:1 gitea generate secret INTERNAL_TOKEN
|
||||
- GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
|
||||
# - USER_UID=1000
|
||||
# - USER_GID=1000
|
||||
DB_TYPE: postgres
|
||||
DB_HOST: postgres:5432
|
||||
DB_NAME: ${POSTGRES_DB}
|
||||
DB_USER: ${POSTGRES_USER}
|
||||
DB_PASSWD: ${POSTGRES_PASSWORD}
|
||||
volumes:
|
||||
- gitea:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
depends_on:
|
||||
- postgres
|
||||
|
|
47
grafana/.env
47
grafana/.env
|
@ -1,48 +1,3 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/grafana/docker-compose.yml:${SERVICES_DIR}/grafana/docker-compose.traefik.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
#########
|
||||
# GRAFANA
|
||||
|
||||
GRAFANA_DOMAIN=grafana.cool.life
|
||||
#GRAFANA_VOLUME_NAME=
|
||||
#GRAFANA_CONTAINER_NAME=
|
||||
#GRAFANA_IMAGE=
|
||||
|
||||
GF_SECURITY_ADMIN_USER=admin
|
||||
GF_SECURITY_ADMIN_PASSWORD=password
|
||||
#GF_SECURITY_DISABLE_GRAVATAR=
|
||||
#GF_SECURITY_COOKIE_SECURE=
|
||||
#GF_USERS_ALLOW_SIGN_UP=
|
||||
GF_INSTALL_PLUGINS=grafana-piechart-panel
|
||||
|
||||
######
|
||||
# SMTP
|
||||
|
||||
#GF_SMTP_HOST=
|
||||
#GF_SMTP_USER=
|
||||
#GF_SMTP_PASSWORD=
|
||||
#GF_SMTP_FROM_ADDRESS=
|
||||
#GF_SMTP_FROM_NAME=
|
||||
|
||||
#######
|
||||
# REDIS
|
||||
|
||||
#REDIS_IMAGE=
|
||||
#REDIS_CONTAINER_NAME=
|
||||
#REDIS_VOLUME_NAME=
|
||||
|
||||
#GF_REMOTE_CACHE_CONNSTR=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
GF_SECURITY_ADMIN_PASSWORD=admin
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
# Grafana
|
||||
|
||||
> Grafana est un logiciel libre sous licence GNU Affero General Public License Version 32 (anciennement sous licence Apache 2.0 avant avril 2021) qui permet la visualisation de données. Il permet de réaliser des tableaux de bord et des graphiques depuis plusieurs sources dont des bases de données temporelles comme Graphite (en), InfluxDB et OpenTSDB3.
|
||||
>
|
||||
> -- <cite>[Wikipédia](https://fr.wikipedia.org/wiki/Grafana)</cite>
|
||||
|
||||
## 🔧 Configuration
|
||||
|
||||
La configuration du service ce base sur la documentation officielle, plusieurs pages sont intéressantes à lire :
|
||||
- [Lancer l'image Docker de Grafana](https://grafana.com/docs/grafana/latest/installation/docker/)
|
||||
- [Configuration l'image Docker Grafana](https://grafana.com/docs/grafana/latest/administration/configure-docker/)
|
||||
- [Surcharger la configuration à l'aide des variables d'environment](https://grafana.com/docs/grafana/latest/administration/configuration/#override-configuration-with-environment-variables)
|
||||
|
||||
## 🔗 Liens
|
||||
|
||||
- [Site officiel](https://grafana.com)
|
||||
- [La documentation](https://grafana.com/docs)
|
||||
- [Github](https://github.com/grafana/grafana)
|
||||
- [L'image Docker sur Docker Hub](https://hub.docker.com/r/grafana/grafana)
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
grafana:
|
||||
environment:
|
||||
# https://grafana.com/docs/grafana/latest/administration/configuration/#database
|
||||
GF_DATABASE_TYPE: postgres
|
||||
GF_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
GF_DATABASE_NAME: ${POSTGRES_DB:?err}
|
||||
GF_DATABASE_USER: ${POSTGRES_USER:?err}
|
||||
GF_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
grafana:
|
||||
environment:
|
||||
# https://grafana.com/docs/grafana/latest/administration/configuration/#remote_cache
|
||||
GF_REMOTE_CACHE_TYPE: redis
|
||||
GF_REMOTE_CACHE_CONNSTR: ${GF_REMOTE_CACHE_CONNSTR:-addr=redis:6379,ssl=false}
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
grafana:
|
||||
environment:
|
||||
# https://grafana.com/docs/grafana/latest/administration/configuration/#smtp
|
||||
GF_SMTP_ENABLED: true
|
||||
GF_SMTP_HOST: ${GF_SMTP_HOST:?err} # with port
|
||||
GF_SMTP_USER: ${GF_SMTP_USER:?err}
|
||||
GF_SMTP_PASSWORD: ${GF_SMTP_PASSWORD:?err}
|
||||
GF_SMTP_FROM_ADDRESS: ${GF_SMTP_FROM_ADDRESS:?err}
|
||||
GF_SMTP_FROM_NAME: ${GF_SMTP_FROM_NAME:?err}
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
grafana:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.rule=Host(`${GRAFANA_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-grafana}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
|
@ -1,4 +1,9 @@
|
|||
---
|
||||
version: "3"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
|
||||
volumes:
|
||||
grafana:
|
||||
|
@ -7,17 +12,17 @@ volumes:
|
|||
services:
|
||||
grafana:
|
||||
container_name: ${GRAFANA_CONTAINER_NAME:-grafana}
|
||||
image: ${GRAFANA_IMAGE:-grafana/grafana:8.4.6}
|
||||
image: ${GRAFANA_IMAGE:-grafana/grafana:8.1.3}
|
||||
restart: always
|
||||
volumes:
|
||||
- grafana:/var/lib/grafana
|
||||
environment:
|
||||
GF_ANALYTICS_CHECK_FOR_UPDATES: ${GF_ANALYTICS_CHECK_FOR_UPDATES:-false}
|
||||
GF_ANALYTICS_REPORTING_ENABLED: ${GF_ANALYTICS_REPORTING_ENABLED:-false}
|
||||
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
|
||||
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:?err}
|
||||
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:?err}
|
||||
GF_SECURITY_DISABLE_GRAVATAR: ${GF_SECURITY_DISABLE_GRAVATAR:-true}
|
||||
GF_SECURITY_COOKIE_SECURE: ${GF_SECURITY_COOKIE_SECURE:-true}
|
||||
GF_SERVER_PROTOCOL: ${GF_SERVER_PROTOCOL:-http}
|
||||
GF_USERS_ALLOW_SIGN_UP: ${GF_USERS_ALLOW_SIGN_UP:-false}
|
||||
GF_INSTALL_PLUGINS: ${GF_INSTALL_PLUGINS}
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
traefik.http.routers.grafana.rule: 'Host(`${GRAFANA_DOMAIN:?err}`)'
|
||||
traefik.http.routers.grafana.entrypoints: 'web'
|
||||
|
|
|
@ -11,7 +11,7 @@ La configuration est séparé en 3 fichiers :
|
|||
|
||||
## Configuration
|
||||
|
||||
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc, elles n'ont pas tous été intégrées.
|
||||
[De nombreuses variables d'environnement][documentation] peuvent être précisé pour configurer HedgeDoc.
|
||||
|
||||
Modifier les variables dans le fichier [`.env`](../examples/hedgedoc.example.com/.env).
|
||||
|
||||
|
@ -21,23 +21,6 @@ Lancer le service :
|
|||
docker-compose up -d
|
||||
```
|
||||
|
||||
## Debug
|
||||
|
||||
### Se connecter à la base de données
|
||||
|
||||
```shell
|
||||
. .env
|
||||
docker exec -it $POSTGRES_CONTAINER_NAME psql $POSTGRES_DB -U $POSTGRES_USER
|
||||
```
|
||||
|
||||
### Traitement des notes vides
|
||||
|
||||
```
|
||||
SELECT count(*) FROM public."Notes" WHERE content = '';
|
||||
SELECT * FROM public."Notes" WHERE content = '';
|
||||
DELETE FROM public."Notes" WHERE content = '';
|
||||
```
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site officiel][website]
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
hedgedoc:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
hedgedoc:
|
||||
|
@ -7,27 +7,24 @@ volumes:
|
|||
services:
|
||||
hedgedoc:
|
||||
container_name: ${HEDGEDOC_CONTAINER_NAME:-hedgedoc}
|
||||
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.9.3-ls53}
|
||||
image: ${HEDGEDOC_IMAGE:-linuxserver/hedgedoc:1.8.2-ls23}
|
||||
restart: always
|
||||
depends_on:
|
||||
- postgres
|
||||
volumes:
|
||||
- hedgedoc:/config/uploads
|
||||
- hedgedoc:/opt/hedgedoc/public/uploads
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
# https://docs.hedgedoc.org/configuration/
|
||||
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
|
||||
CMD_DB_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:?err}
|
||||
CMD_DOMAIN: ${HEDGEDOC_DOMAIN:?err}
|
||||
CMD_SESSION_SECRET: ${CMD_SESSION_SECRET:?err}
|
||||
NODE_ENV: ${NODE_ENV:-development} # `production` or `development`
|
||||
CMD_PROTOCOL_USESSL: ${CMD_PROTOCOL_USESSL:-false}
|
||||
CMD_ALLOW_GRAVATAR: ${CMD_ALLOW_GRAVATAR:-true}
|
||||
CMD_ALLOW_ANONYMOUS: ${CMD_ALLOW_ANONYMOUS:-true}
|
||||
CMD_ALLOW_ANONYMOUS_EDITS: ${CMD_ALLOW_ANONYMOUS_EDITS:-false}
|
||||
CMD_ALLOW_FREEURL: ${CMD_ALLOW_FREEURL:-false}
|
||||
CMD_REQUIRE_FREEURL_AUTHENTICATION: ${CMD_REQUIRE_FREEURL_AUTHENTICATION:-false}
|
||||
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
|
||||
CMD_ALLOW_EMAIL_REGISTER: ${CMD_ALLOW_EMAIL_REGISTER:-true}
|
||||
CMD_DEFAULT_PERMISSION: ${CMD_DEFAULT_PERMISSION:-editable}
|
||||
PGID: ${PGID:-1000}
|
||||
PUID: ${PUID:-1000}
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/listmonk/docker-compose.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
## APP
|
||||
|
||||
LISTMONK_DOMAIN=localhost
|
||||
LISTMONK_ADMIN_USERNAME=
|
||||
LISTMONK_ADMIN_PASSWORD=
|
||||
#LISTMONK_CONTAINER_NAME=listmonk
|
||||
#LISTMONK_VOLUME_NAME=listmonk
|
||||
#LISTMONK_IMAGE=listmonk/listmonk:v2.3.0
|
||||
|
||||
## POSTGRES
|
||||
|
||||
#POSTGRES_VOLUME_NAME=
|
||||
#POSTGRES_CONTAINER_NAME=
|
||||
#POSTGRES_IMAGE=
|
||||
POSTGRES_USER=listmonk
|
||||
POSTGRES_PASSWORD=listmonk
|
||||
POSTGRES_DB=listmonk
|
|
@ -1,37 +0,0 @@
|
|||
# listmonk
|
||||
|
||||
> Gestionnaire de listes de diffusion et de newsletter
|
||||
|
||||
## Documentation
|
||||
|
||||
listmonk ne gère actuellement pas le multicompte.
|
||||
|
||||
Pour utiliser avec une configuration avec les variables d'environnements il faut la commande suivante :
|
||||
|
||||
```
|
||||
command: [sh, -c, "./listmonk --config ''"]
|
||||
```
|
||||
|
||||
Pour l'installation il faut lancer la commande suivante pour initialiser la base de donnée :
|
||||
|
||||
```
|
||||
command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
|
||||
```
|
||||
|
||||
Pour faire les mise à jour et ainsi migrer la base de donnée :
|
||||
|
||||
```
|
||||
command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
|
||||
```
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site Officiel][site]
|
||||
- [Documentation][documentation]
|
||||
- [Code source][source]
|
||||
- [Docker Hub][dockerhub]
|
||||
|
||||
[site]: https://listmonk.app/
|
||||
[source]: https://github.com/knadh/listmonk
|
||||
[documentation]: https://listmonk.app/docs/
|
||||
[dockerhub]: https://hub.docker.com/r/listmonk/listmonk
|
|
@ -1,41 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
listmonk:
|
||||
name: ${LISTMONK_VOLUME_NAME:-listmonk}
|
||||
|
||||
services:
|
||||
listmonk:
|
||||
container_name: ${LISTMONK_CONTAINER_NAME:-listmonk}
|
||||
image: ${LISTMONK_IMAGE:-listmonk/listmonk:v2.3.0}
|
||||
restart: always
|
||||
#command: [sh, -c, "yes | ./listmonk --install --config '' && ./listmonk --config ''"]
|
||||
#command: [sh, -c, "yes | ./listmonk --upgrade --config '' && ./listmonk --config ''"]
|
||||
command: [sh, -c, "./listmonk --config ''"]
|
||||
depends_on:
|
||||
- postgres
|
||||
environment:
|
||||
LISTMONK_app__address: 0.0.0.0:9000
|
||||
LISTMONK_app__admin_username: ${LISTMONK_ADMIN_USERNAME:?err}
|
||||
LISTMONK_app__admin_password: ${LISTMONK_ADMIN_PASSWORD:?err}
|
||||
LISTMONK_db__host: ${POSTGRES_CONTAINER_NAME:?err}
|
||||
LISTMONK_db__port: 5432
|
||||
LISTMONK_db__user: ${POSTGRES_USER:?err}
|
||||
LISTMONK_db__password: ${POSTGRES_PASSWORD:?err}
|
||||
LISTMONK_db__database: ${POSTGRES_DB:?err}
|
||||
LISTMONK_db__ssl_mode: disable
|
||||
TZ: Europe/Paris
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- listmonk:/listmonk/uploads
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.rule=Host(`${LISTMONK_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-listmonk}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
50
lldap/.env
50
lldap/.env
|
@ -1,50 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/lldap/docker-compose.yml:${SERVICES_DIR}/lldap/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
#######
|
||||
# LLDAP
|
||||
|
||||
SERVICE_DOMAIN=lldap.cool.life
|
||||
LLDAP_VOLUME_NAME=lldap_cool_life
|
||||
LLDAP_CONTAINER_NAME=lldap_cool_life
|
||||
LLDAP_IMAGE=nitnelave/lldap:v0.4.3
|
||||
|
||||
LLDAP_JWT_SECRET="6IeP8UUbEkQXrkUNbnu1sGpcZOu29wUTWh3uiEgMorI="
|
||||
LLDAP_VERBOSE=true
|
||||
|
||||
LLDAP_LDAP_BASE_DN="dc=cool,dc=life"
|
||||
LLDAP_LDAP_USER_DN="myuser"
|
||||
LLDAP_LDAP_USER_EMAIL="admin@cool.life"
|
||||
LLDAP_LDAP_USER_PASS="mon-mot-de-passe"
|
||||
|
||||
# LLDAP_TEST_EMAIL_TO=
|
||||
# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=
|
||||
# LLDAP_SMTP_OPTIONS__SERVER=
|
||||
# LLDAP_SMTP_OPTIONS__PORT=
|
||||
# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=
|
||||
# LLDAP_SMTP_OPTIONS__USER=
|
||||
# LLDAP_SMTP_OPTIONS__PASSWORD=
|
||||
# LLDAP_SMTP_OPTIONS__FROM=
|
||||
# LLDAP_SMTP_OPTIONS__REPLY_TO=
|
||||
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=lldap-postgres
|
||||
POSTGRES_VOLUME_NAME=lldap-postgres
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
|
@ -1,27 +0,0 @@
|
|||
# LLDAP
|
||||
|
||||
> Implémentation légère de LDAP pour l'authentification :
|
||||
> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à [Authelia](https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml) en passant par Nextcloud et plus encore !
|
||||
|
||||
## Documentation
|
||||
|
||||
- Le fichier [`lldap_config.docker_template.toml`](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) contient toute la configuration possible de l'outil.
|
||||
- De base le projet utilise SQLite, mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml)
|
||||
- Le projet n'est pas [traduit](https://github.com/lldap/lldap/issues/20) actuellement
|
||||
- Lors du lancement du service une clé est généré aléatoirement dans le fichier `private_key` du dossier `/data` du container, ce fichier est important il faut donc le sauvegarder puisque les mots de passe sont chiffrés en base avec.
|
||||
|
||||
## Configuration
|
||||
|
||||
La configuration a été séparée en 5 fichiers :
|
||||
|
||||
- [`docker-compose.yml`](./docker-compose.yml) contient la configuration de base
|
||||
- [`docker-compose.local.yml`](./docker-compose.local.yml) permettant de tester le service sans Traefik
|
||||
- [`docker-compose.smtp.yml`](./docker-compose.smtp.yml) correspondant à la configuration du service SMTP
|
||||
- [`docker-compose.postgres.yml`](./docker-compose.postgres.yml) pour configurer le service Postgres
|
||||
- [`docker-compose.traefik.yml`](./docker-compose.traefik.yml) pour configurer automatiquement Traefik
|
||||
|
||||
## Liens
|
||||
|
||||
- [Code source](https://github.com/lldap/lldap)
|
||||
- [Docker Hub](https://hub.docker.com/r/nitnelave/lldap)
|
||||
- [Documentation](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml)
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
lldap:
|
||||
ports:
|
||||
# For LDAP
|
||||
- "3890:3890"
|
||||
# For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
|
||||
- "6360:6360"
|
||||
# For the web front-end
|
||||
- "17170:17170"
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
lldap:
|
||||
environment:
|
||||
- LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB}
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
lldap:
|
||||
environment:
|
||||
- LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO}
|
||||
- LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET}
|
||||
- LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER}
|
||||
- LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT}
|
||||
- LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION}
|
||||
- LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER}
|
||||
- LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD}
|
||||
- LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM}
|
||||
- LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__REPLY_TO}
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
lldap:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${SERVICE_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
# - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt
|
||||
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170
|
||||
- traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http
|
||||
|
||||
# https://github.com/lldap/lldap/issues/247#issuecomment-1489962511
|
||||
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${SERVICE_DOMAIN:?err}`)
|
||||
# - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
# - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
lldap:
|
||||
name: ${LLDAP_VOLUME_NAME:-lldap}
|
||||
|
||||
services:
|
||||
lldap:
|
||||
container_name: ${LLDAP_CONTAINER_NAME:-lldap}
|
||||
image: ${LLDAP_IMAGE:-nitnelave/lldap:v0.4.3}
|
||||
restart: always
|
||||
volumes:
|
||||
- "lldap:/data"
|
||||
environment:
|
||||
- TZ=${TIMEZONE:-Europe/Paris}
|
||||
- LLDAP_VERBOSE=${LLDAP_VERBOSE:-false}
|
||||
|
||||
- LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err}
|
||||
- LLDAP_HTTP_URL=https://${SERVICE_DOMAIN:?err}
|
||||
|
||||
- LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err}
|
||||
- LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err}
|
||||
- LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL:?err}
|
||||
- LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS:?err}
|
|
@ -1,63 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/mobilizon/docker-compose.yml:${SERVICES_DIR}/mobilizon/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/geoip/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
############
|
||||
## MOBILIZON
|
||||
|
||||
MOBILIZON_INSTANCE_NAME="RésiLien - Mobilizon"
|
||||
MOBILIZON_DOMAIN=mobilizon.lan
|
||||
#MOBILIZON_INSTANCE_PORT=4000
|
||||
MOBILIZON_INSTANCE_EMAIL=no-reply@mobilizon.lan
|
||||
|
||||
MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
|
||||
MOBILIZON_ADMIN_EMAIL=admin@mobilizon.lan
|
||||
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
|
||||
|
||||
MOBILIZON_INSTANCE_SECRET_KEY_BASE=changethis
|
||||
MOBILIZON_INSTANCE_SECRET_KEY=changethis
|
||||
|
||||
MOBILIZON_SMTP_SERVER=localhost
|
||||
MOBILIZON_SMTP_HOSTNAME=localhost
|
||||
MOBILIZON_SMTP_PORT=25
|
||||
MOBILIZON_SMTP_SSL=false
|
||||
MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
|
||||
MOBILIZON_SMTP_PASSWORD=password
|
||||
|
||||
#MOBILIZON_PUID=
|
||||
#MOBILIZON_PGID=
|
||||
|
||||
#######
|
||||
# GEOIP
|
||||
|
||||
#GEOIP_VOLUME_NAME=
|
||||
#GEOIP_IMAGE=
|
||||
#GEOIP_CONTAINER_NAME=
|
||||
|
||||
#GEOIP_EDITION_IDS=
|
||||
GEOIP_LICENSE_KEY=
|
||||
#GEOIP_DOWNLOAD_PATH=
|
||||
#GEOIP_SCHEDULE=
|
||||
#GEOIP_LOG_LEVEL=
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
|
||||
POSTGRES_USER=mobilizon_user
|
||||
POSTGRES_PASSWORD=mobilizon_password
|
||||
POSTGRES_DB=mobilizon_db
|
||||
#POSTGRES_CONTAINER_NAME=mobilizon_postgres
|
||||
#POSTGRES_VOLUME_NAME=mobilizon_postgres
|
||||
POSTGRES_IMAGE=kartoza/postgis:14-3.1
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
|
@ -1,23 +0,0 @@
|
|||
# Mobilizon
|
||||
|
||||
> Mobilizon est un logiciel libre d'organisation d'évènements et de gestion de groupes (Meet-up) lancé en octobre 2020 par Framasoft pour proposer une alternative libre aux plateformes des GAFAM (Facebook, Meetup.com, EventBrite).
|
||||
>
|
||||
> -- <cite>[Wikipedia](https://fr.wikipedia.org/wiki/Mobilizon)</cite>
|
||||
|
||||
On peut retrouver la documentation sur le [site officiel](https://docs.joinmobilizon.org/fr/).
|
||||
|
||||
## Configuration
|
||||
|
||||
Mobilizon utilise de la géolocalisation pour les évènements et du coup il faut :
|
||||
- une base de données spécifique _[PostGIS](https://fr.wikipedia.org/wiki/PostGIS)_ qui se base sur _Postgres_. Actuellement la configuration de l'image Docker Postgres est compatible il faut donc juste changer le nom de l'image et utiliser [kartoza/postgis](https://hub.docker.com/r/kartoza/postgis) à la place.
|
||||
- un fichier GeoLite2 et pour cela il faut créer une clé pour accéder au service en ligne de [maxmind](https://www.maxmind.com), on utilise ensuite l'image docker [geoip-updater](https://crazymax.dev/geoip-updater/install/docker/) de crazymax pour automatiser le téléchargement et la mise à jour du fichier.
|
||||
|
||||
## Liens
|
||||
|
||||
- 🌐 [Site website](https://joinmobilizon.org)
|
||||
- 🔢 [voir les instances](https://instances.joinmobilizon.org/instances)
|
||||
- 💻 Source officiel :
|
||||
- [le logiciel](https://framagit.org/framasoft/mobilizon)
|
||||
- [l'image _Docker_](https://framagit.org/framasoft/joinmobilizon/docker)
|
||||
- 📜 [Documentation](https://docs.joinmobilizon.org)
|
||||
- 🐳 [Docker Hub](https://hub.docker.com/r/framasoft/mobilizon)
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
mobilizon:
|
||||
ports:
|
||||
- "${MOBILIZON_INSTANCE_PORT:-4000}:${MOBILIZON_PORT:-4000}"
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
mobilizon:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.rule=Host(`${MOBILIZON_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-mobilizon}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
|
@ -1,45 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
mobilizon:
|
||||
name: ${MOBILIZON_VOLUME_NAME:-mobilizon}
|
||||
|
||||
services:
|
||||
mobilizon:
|
||||
container_name: ${MOBILIZON_CONTAINER_NAME:-mobilizon}
|
||||
image: ${MOBILIZON_IMAGE:-framasoft/mobilizon:2.0.2}
|
||||
restart: always
|
||||
depends_on:
|
||||
- postgres
|
||||
- geoip
|
||||
volumes:
|
||||
- mobilizon:/var/lib/mobilizon/uploads
|
||||
# - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro
|
||||
- geoip:/var/lib/mobilizon/geo_db
|
||||
environment:
|
||||
MOBILIZON_INSTANCE_NAME: ${MOBILIZON_INSTANCE_NAME}
|
||||
MOBILIZON_INSTANCE_HOST: ${MOBILIZON_DOMAIN}
|
||||
MOBILIZON_INSTANCE_PORT: ${MOBILIZON_INSTANCE_PORT:-4000}
|
||||
MOBILIZON_INSTANCE_EMAIL: ${MOBILIZON_INSTANCE_EMAIL}
|
||||
|
||||
MOBILIZON_REPLY_EMAIL: ${MOBILIZON_REPLY_EMAIL}
|
||||
MOBILIZON_ADMIN_EMAIL: ${MOBILIZON_ADMIN_EMAIL}
|
||||
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: ${MOBILIZON_INSTANCE_REGISTRATIONS_OPEN:-false}
|
||||
|
||||
MOBILIZON_DATABASE_USERNAME: ${POSTGRES_USER}
|
||||
MOBILIZON_DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
MOBILIZON_DATABASE_DBNAME: ${POSTGRES_DB}
|
||||
MOBILIZON_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
|
||||
MOBILIZON_INSTANCE_SECRET_KEY_BASE: ${MOBILIZON_INSTANCE_SECRET_KEY_BASE:?err}
|
||||
MOBILIZON_INSTANCE_SECRET_KEY: ${MOBILIZON_INSTANCE_SECRET_KEY:?err}
|
||||
|
||||
MOBILIZON_SMTP_SERVER: ${MOBILIZON_SMTP_SERVER:?err}
|
||||
MOBILIZON_SMTP_HOSTNAME: ${MOBILIZON_SMTP_HOSTNAME:?err}
|
||||
MOBILIZON_SMTP_PORT: ${MOBILIZON_SMTP_PORT:?err}
|
||||
MOBILIZON_SMTP_SSL: ${MOBILIZON_SMTP_SSL:?err}
|
||||
MOBILIZON_SMTP_USERNAME: ${MOBILIZON_SMTP_USERNAME:?err}
|
||||
MOBILIZON_SMTP_PASSWORD: ${MOBILIZON_SMTP_PASSWORD:?err}
|
||||
|
||||
PUID: ${MOBILIZON_PUID:-1000}
|
||||
PGID: ${MOBILIZON_PGID:-1000}
|
|
@ -1,51 +1,23 @@
|
|||
########
|
||||
# DOCKER
|
||||
## DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
COMPOSE_FILE=./docker-compose.yml
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/nextcloud/docker-compose.yml:${SERVICES_DIR}/nextcloud/docker-compose.config.yml:${SERVICES_DIR}/nextcloud/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/redis/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
TRAEFIK_NETWORK_NAME=kifeart
|
||||
|
||||
## APP
|
||||
|
||||
NEXTCLOUD_DOMAIN=nextcloud.cool.life
|
||||
NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
|
||||
NEXTCLOUD_CONTAINER_NAME=nextcloud
|
||||
NEXTCLOUD_VOLUME_NAME=nextcloud
|
||||
NEXTCLOUD_DOMAIN=nextcloud.cool.life
|
||||
|
||||
NEXTCLOUD_ADMIN_USER=user
|
||||
NEXTCLOUD_ADMIN_PASSWORD=password
|
||||
NEXTCLOUD_ADMIN_USER: user
|
||||
NEXTCLOUD_ADMIN_PASSWORD: password
|
||||
|
||||
#SMTP_HOST=mail.test.org
|
||||
#SMTP_SECURE=
|
||||
#SMTP_PORT=
|
||||
#SMTP_AUTHTYPE=
|
||||
#SMTP_NAME=test@test.org
|
||||
#SMTP_PASSWORD=blablablabla
|
||||
#MAIL_FROM_ADDRESS=no-reply
|
||||
#MAIL_DOMAIN=test.org
|
||||
|
||||
##########
|
||||
# POSTGRES
|
||||
# DATABASE
|
||||
# Voir la description ../postgres/README.md
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
POSTGRES_CONTAINER_NAME=nextcloud-postgres
|
||||
POSTGRES_VOLUME_NAME=nextcloud-postgres
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
#######
|
||||
# REDIS
|
||||
|
||||
#REDIS_IMAGE=
|
||||
REDIS_CONTAINER_NAME=nextcloud-redis
|
||||
#REDIS_VOLUME_NAME=
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
|
||||
#TRAEFIK_ENTRYPOINTS=
|
||||
|
|
|
@ -10,82 +10,47 @@
|
|||
>
|
||||
> -- <cite>[Github][github]</cite>
|
||||
|
||||
On peut trouver [la documentation ici][documentation] en anglais ou ici pour la [traduction française](https://doc-nextcloud-fr.indie.host/fr/) fait par [IndieHosters](https://indiehosters.net/) et [Paquerette](https://paquerette.eu/).
|
||||
On peut trouver [la documentation ici][documentation].
|
||||
|
||||
## Aide
|
||||
|
||||
Commande pour se connecter à un serveur :
|
||||
|
||||
```sh
|
||||
. .env
|
||||
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm ash
|
||||
```
|
||||
docker exec --user www-data -it nextcloud bash
|
||||
|
||||
Pour mettre un site en maintenance :
|
||||
|
||||
```sh
|
||||
. .env
|
||||
docker exec --user www-data -it ${NEXTCLOUD_CONTAINER_NAME}-fpm php occ maintenance:mode --on
|
||||
docker-compose exec --user www-data nextcloud php occ db:add-missing-primary-keys
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
Il est possible de configurer certaines parties avec des variables d'environnement :
|
||||
- Soit les variables sont spécifique à l'image Docker
|
||||
- soit avec des variables du type `NC_` + clé (exemple : NC_default_phone_region=FR)
|
||||
Il est possible de configurer certaines parties avec des variables d'environnement, mais ce n'est pas le cas de l'ensemble de la configuration.
|
||||
|
||||
### Création d'un groupe
|
||||
Voici les modifications que j'effectue :
|
||||
|
||||
```
|
||||
export NC_GROUP=com-en-aubrac
|
||||
php occ group:add $NC_GROUP
|
||||
docker-compose exec --user www-data nextcloud-fpm ash
|
||||
vi config/config.php
|
||||
```
|
||||
Ajout de la configuration suivante :
|
||||
```
|
||||
'default_language' => 'fr',
|
||||
'default_locale' => 'fr_FR',
|
||||
'default_phone_region' => 'FR',
|
||||
'defaultapp' => 'files',
|
||||
'preview_max_x' => 2048,
|
||||
'preview_max_y' => 2048,
|
||||
'jpeg_quality' => 60,
|
||||
```
|
||||
|
||||
### Création d'un utilisateur
|
||||
|
||||
Ajout de imagemagick :
|
||||
```
|
||||
# La variable OC_PASS est spécifique pour l'utilisation de --password-from-env
|
||||
export OC_PASS=unmotdepasse!
|
||||
|
||||
export NC_USER=simon
|
||||
export NC_NAME=Simon
|
||||
export NC_MAIL=simon@example.org
|
||||
export NC_QUOTA="180 GB"
|
||||
|
||||
php occ user:add --password-from-env --display-name=$NC_NAME --group="$NC_GROUP" $NC_USER
|
||||
php occ user:setting $NC_USER settings email $NC_MAIL
|
||||
docker-compose exec nextcloud-fpm apk add --no-cache imagemagick
|
||||
```
|
||||
|
||||
### Quota
|
||||
|
||||
Pour bien comprendre les quotas dans Nextcloud : https://docs.nextcloud.com/server/latest/user_manual/en/files/quota.html
|
||||
ou
|
||||
|
||||
```
|
||||
export NC_USER=simon
|
||||
export NC_QUOTA="10 GB"
|
||||
php occ user:setting $NC_USER files quota "$NC_QUOTA"
|
||||
```
|
||||
|
||||
### imagemagick
|
||||
|
||||
> Le module php-imagick n’a aucun support SVG dans cette instance. Pour une meilleure compatibilité, il est recommandé de l’installer.
|
||||
|
||||
Pour résoudre ce problème il faut ajouter le paquet `imagemagick`
|
||||
|
||||
```
|
||||
. .env
|
||||
docker exec -it ${NEXTCLOUD_CONTAINER_NAME}-fpm apk add --no-cache imagemagick
|
||||
```
|
||||
|
||||
## Application
|
||||
|
||||
Suppression d'application :
|
||||
|
||||
```
|
||||
php occ app:disable dashboard
|
||||
php occ app:disable photos
|
||||
php occ app:disable weather_status
|
||||
php occ app:disable user_status
|
||||
ssh <server>
|
||||
docker exec nextcloud-fpm apk add --no-cache imagemagick
|
||||
```
|
||||
|
||||
## PHP-FPM: remédier à server reached pm.max_children
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
environment:
|
||||
&nextcloud-configuration
|
||||
NC_trashbin_retention_obligation: ${NC_trashbin_retention_obligation:-auto, 30}
|
||||
NC_force_language: ${NC_force_language:-fr}
|
||||
NC_default_locale: ${NC_default_locale:-fr_FR}
|
||||
NC_force_locale: ${NC_force_locale:-fr_FR}
|
||||
NC_default_language: ${NC_default_language:-fr}
|
||||
NC_default_phone_region: ${NC_default_phone_region:-FR}
|
||||
NC_defaultapp: ${NC_defaultapp:-files}
|
||||
NC_preview_max_x: ${NC_preview_max_x:-2048}
|
||||
NC_preview_max_y: ${NC_preview_max_y:-2048}
|
||||
NC_jpeg_quality: ${NC_jpeg_quality:-60}
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *nextcloud-configuration
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
nextcloud-web:
|
||||
ports:
|
||||
- ${LOCAL_PORT:-80}:80
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
depends_on:
|
||||
- postgres
|
||||
environment:
|
||||
&postgres-configuration
|
||||
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
|
||||
POSTGRES_USER: ${POSTGRES_USER:?err}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
||||
POSTGRES_DB: ${POSTGRES_DB:?err}
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *postgres-configuration
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
depends_on:
|
||||
- redis
|
||||
environment:
|
||||
&redis-configuration
|
||||
REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *redis-configuration
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
environment:
|
||||
&smtp-configuration
|
||||
SMTP_HOST: ${SMTP_HOST:?err}
|
||||
SMTP_SECURE: ${SMTP_SECURE:-}
|
||||
SMTP_PORT: ${SMTP_PORT:-587}
|
||||
SMTP_AUTHTYPE: ${SMTP_AUTHTYPE:-LOGIN}
|
||||
SMTP_NAME: ${SMTP_NAME:?err}
|
||||
SMTP_PASSWORD: ${SMTP_PASSWORD:?err}
|
||||
MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS:?err}
|
||||
MAIL_DOMAIN: ${MAIL_DOMAIN:?err}
|
||||
|
||||
nextcloud-cron:
|
||||
environment:
|
||||
<<: *smtp-configuration
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
environment:
|
||||
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
nextcloud-web:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.rule=Host(`${NEXTCLOUD_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-nextcloud}.middlewares=nextcloud_redirect
|
||||
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
|
||||
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
|
|
@ -1,52 +1,98 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME}
|
||||
|
||||
volumes:
|
||||
nextcloud:
|
||||
name: ${NEXTCLOUD_VOLUME_NAME:-nextcloud}
|
||||
name: ${NEXTCLOUD_VOLUME_NAME}
|
||||
nextcloud-postgres:
|
||||
name: ${POSTGRES_VOLUME_NAME}
|
||||
|
||||
services:
|
||||
nextcloud-fpm:
|
||||
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
&fpm-configuration
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS?err}
|
||||
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER?err}
|
||||
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
|
||||
OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
|
||||
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
|
||||
PUID: ${NEXTCLOUD_PUID:-1000}
|
||||
PGID: ${NEXTCLOUD_PGID:-1000}
|
||||
|
||||
nextcloud-web:
|
||||
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-web
|
||||
build: ${SERVICES_DIR}/nextcloud/web
|
||||
container_name: nextcloud-web
|
||||
build: ./web
|
||||
restart: always
|
||||
environment:
|
||||
NEXTCLOUD_FPM_CONTAINER_NAME: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
|
||||
PUID: ${NEXTCLOUD_PUID:-1000}
|
||||
PGID: ${NEXTCLOUD_PGID:-1000}
|
||||
depends_on:
|
||||
- nextcloud-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
labels:
|
||||
traefik.enable: 'true'
|
||||
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
|
||||
traefik.http.routers.nextcloud-fpm.rule: 'Host(`${NEXTCLOUD_DOMAIN}`)'
|
||||
traefik.http.routers.nextcloud-fpm.entrypoints: 'web'
|
||||
traefik.http.routers.nextcloud-fpm.middlewares: nextcloud_redirect
|
||||
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
|
||||
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
|
||||
|
||||
nextcloud-fpm:
|
||||
container_name: nextcloud-fpm
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
|
||||
restart: always
|
||||
hostname: ${NEXTCLOUD_DOMAIN}
|
||||
depends_on:
|
||||
- nextcloud-postgres
|
||||
- nextcloud-redis
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_DOMAIN}
|
||||
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
|
||||
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
|
||||
OVERWRITEPROTOCOL: 'https'
|
||||
APACHE_DISABLE_REWRITE_IP: '1'
|
||||
TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME}
|
||||
OVERWRITEPROTOCOL: 'https'
|
||||
POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
REDIS_HOST: 'nextcloud-redis'
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
|
||||
nextcloud-postgres:
|
||||
container_name: ${POSTGRES_CONTAINER_NAME}
|
||||
image: ${POSTGRES_IMAGE:-postgres:12.8-alpine}
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
volumes:
|
||||
- nextcloud-postgres:/var/lib/postgresql/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
nextcloud-redis:
|
||||
image: ${REDIS_IMAGE:-redis:6.2.5-alpine}
|
||||
container_name: nextcloud-redis
|
||||
restart: always
|
||||
environment:
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
nextcloud-cron:
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
|
||||
container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-cron
|
||||
image: ${NEXTCLOUD_IMAGE:-nextcloud:22.1.1-fpm-alpine}
|
||||
container_name: nextcloud-cron
|
||||
restart: always
|
||||
depends_on:
|
||||
- nextcloud-web
|
||||
entrypoint: /cron.sh
|
||||
environment:
|
||||
<<: *fpm-configuration
|
||||
PUID: 1001
|
||||
PGID: 119
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
. $DIR/../help.sh
|
||||
. $DIR/../postgres/run --only-source
|
||||
|
||||
nextcloud_help() {
|
||||
echo "./run backup : Lancement de la sauvegarde de Nextcloud"
|
||||
echo "./run restore : Restauration de la sauvegarde de Nextcloud"
|
||||
}
|
||||
|
||||
nextcloud_backup() {
|
||||
script_env
|
||||
BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
|
||||
BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
|
||||
backup_folder_create
|
||||
|
||||
POSTGRES_BACKUP_FILE=backups/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_postgres.sql
|
||||
docker-compose exec --user www-data nextcloud php occ maintenance:mode --on
|
||||
postgres_backup
|
||||
|
||||
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup --volumes-from nextcloud alpine:3.12.3 ash -c "cd /var/www/html && tar cvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar ."
|
||||
docker-compose exec --user www-data nextcloud php occ maintenance:mode --off
|
||||
}
|
||||
|
||||
nextcloud_restore() {
|
||||
script_env
|
||||
|
||||
postgres_restore
|
||||
docker run -it --rm -v $HOME/backups/${NEXTCLOUD_DOMAIN}:/backup -v nextcloud:/var/www/html alpine:3.12.3 ash -c "cd /var/www/html && tar xvf /backup/${BACKUP_DATE}_${NEXTCLOUD_DOMAIN}_files.tar --strip 1"
|
||||
}
|
||||
|
||||
if [ $# -ge 1 ]; then
|
||||
if [ "${1}" == "backup" ]; then
|
||||
script_start
|
||||
nextcloud_backup
|
||||
script_end
|
||||
elif [ "${1}" == "restore" ]; then
|
||||
script_start
|
||||
nextcloud_restore
|
||||
script_end
|
||||
elif [ "${1}" != "--only-source" ]; then
|
||||
nextcloud_help
|
||||
fi
|
||||
else
|
||||
nextcloud_help
|
||||
fi
|
|
@ -1,3 +1,3 @@
|
|||
FROM nginx:1.25.3-alpine
|
||||
FROM nginx:1.21.1-alpine
|
||||
|
||||
COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
|
|
@ -1,172 +0,0 @@
|
|||
upstream php-handler {
|
||||
server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
|
||||
}
|
||||
|
||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||
map $arg_v $asset_immutable {
|
||||
"" "";
|
||||
default "immutable";
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 10G;
|
||||
client_body_timeout 300s;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||
# for tuning hints
|
||||
client_body_buffer_size 512k;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Add .mjs as a file extension for javascript
|
||||
# Either include it in the default mime.types list
|
||||
# or include you can include that list explicitly and add the file extension
|
||||
# only for Nextcloud like below:
|
||||
include mime.types;
|
||||
types {
|
||||
text/javascript js mjs;
|
||||
}
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass php-handler;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
# Serve static files
|
||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
|
||||
location ~ \.wasm$ {
|
||||
default_type application/wasm;
|
||||
}
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,174 @@
|
|||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server nextcloud-fpm:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||
|
||||
# The following rule is only needed for the Social app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
}
|
||||
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host:$server_port/remote.php/dav;
|
||||
}
|
||||
|
||||
# location /nginx_status {
|
||||
# stub_status;
|
||||
# allow 192.168.1.0/24; #only allow requests from local network
|
||||
# deny all; #deny all other hosts
|
||||
# }
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
|
||||
# Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,71 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/plausible/docker-compose.yml:${SERVICES_DIR}/plausible/docker-compose.clickhouse.yml:${SERVICES_DIR}/plausible/docker-compose.local.yml:${SERVICES_DIR}/postgres/docker-compose.yml:${SERVICES_DIR}/clickhouse/docker-compose.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
## APP
|
||||
|
||||
PLAUSIBLE_DOMAIN=localhost
|
||||
BASE_URL=http://${PLAUSIBLE_DOMAIN}:8000
|
||||
#PLAUSIBLE_CONTAINER_NAME=plausible
|
||||
#PLAUSIBLE_VOLUME_NAME=plausible
|
||||
#PLAUSIBLE_IMAGE=plausible/analytics:v1.4.4
|
||||
|
||||
ADMIN_USER_NAME=example
|
||||
ADMIN_USER_EMAIL=email@example.org
|
||||
ADMIN_USER_PWD=change-me
|
||||
SECRET_KEY_BASE=AFnMQwN54ovHIqCQQGFZX5gUFpgpxasCEnzQwQsyfZLPRbiwzDYAqYDJQlQM8SbmicVJr97axXaSCfXD9zSEQQ==
|
||||
#DISABLE_AUTH=
|
||||
#DISABLE_REGISTRATION=
|
||||
|
||||
## POSTGRES
|
||||
|
||||
#POSTGRES_VOLUME_NAME=
|
||||
#POSTGRES_CONTAINER_NAME=
|
||||
#POSTGRES_IMAGE=
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=plausible_dev
|
||||
|
||||
## CLICKHOUSE
|
||||
|
||||
#CLICKHOUSE_VOLUME_NAME=
|
||||
#CLICKHOUSE_CONTAINER_NAME=
|
||||
#CLICKHOUSE_IMAGE=
|
||||
|
||||
## SMTP
|
||||
|
||||
#MAILER_EMAIL=
|
||||
#SMTP_HOST_ADDR=
|
||||
#SMTP_HOST_PORT=
|
||||
#SMTP_USER_NAME=
|
||||
#SMTP_USER_PWD=
|
||||
#SMTP_HOST_SSL_ENABLED=
|
||||
#SMTP_RETRIES=
|
||||
|
||||
## GOOGLE SEARCH CONSOLE
|
||||
|
||||
#GOOGLE_CLIENT_ID=
|
||||
#GOOGLE_CLIENT_SECRET=
|
||||
|
||||
## GEOIPUPDATE
|
||||
|
||||
#GEOIPUPDATE_VOLUME_NAME=
|
||||
#GEOIPUPDATE_IMAGE=
|
||||
#GEOIPUPDATE_CONTAINER_NAME=
|
||||
#GEOIPUPDATE_ACCOUNT_ID=
|
||||
#GEOIPUPDATE_LICENSE_KEY=
|
||||
#GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
|
||||
#GEOIPUPDATE_FREQUENCY=
|
||||
#GEOIPUPDATE_VERBOSE=
|
||||
#GEOIPUPDATE_DB_DIR=
|
||||
|
||||
## TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME=
|
||||
#TRAEFIK_ENTRYPOINTS=
|
|
@ -1,15 +0,0 @@
|
|||
# Plausible
|
||||
|
||||
> Plausible est une plateforme d'analyse Web légère et open source.
|
||||
|
||||
## Liens
|
||||
|
||||
- [Site Officiel][site]
|
||||
- [Documentation][documentation]
|
||||
- [Code source][source]
|
||||
- [Docker Hub][dockerhub]
|
||||
|
||||
[site]: https://plausible.io/
|
||||
[source]: https://github.com/plausible/analytics
|
||||
[documentation]: https://plausible.io/docs
|
||||
[dockerhub]: https://hub.docker.com/r/plausible/analytics
|
|
@ -1,14 +0,0 @@
|
|||
<yandex>
|
||||
<logger>
|
||||
<level>warning</level>
|
||||
<console>true</console>
|
||||
</logger>
|
||||
|
||||
<!-- Stop all the unnecessary logging -->
|
||||
<query_thread_log remove="remove"/>
|
||||
<query_log remove="remove"/>
|
||||
<text_log remove="remove"/>
|
||||
<trace_log remove="remove"/>
|
||||
<metric_log remove="remove"/>
|
||||
<asynchronous_metric_log remove="remove"/>
|
||||
</yandex>
|
|
@ -1,8 +0,0 @@
|
|||
<yandex>
|
||||
<profiles>
|
||||
<default>
|
||||
<log_queries>0</log_queries>
|
||||
<log_query_threads>0</log_query_threads>
|
||||
</default>
|
||||
</profiles>
|
||||
</yandex>
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
clickhouse:
|
||||
volumes:
|
||||
- ./clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
|
||||
- ./clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
plausible:
|
||||
depends_on:
|
||||
- geoipupdate
|
||||
environment:
|
||||
- GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
|
||||
volumes:
|
||||
- geoipupdate:/geoip:ro
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
plausible:
|
||||
environment:
|
||||
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:?err}
|
||||
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:?err}
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
plausible:
|
||||
ports:
|
||||
- ${LOCAL_PORT:-8000}:8000
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
plausible:
|
||||
environment:
|
||||
MAILER_EMAIL: ${MAILER_EMAIL:-hello@plausible.local}
|
||||
SMTP_HOST_ADDR: ${SMTP_HOST_ADDR:-localhost}
|
||||
SMTP_HOST_PORT: ${SMTP_HOST_PORT:-25}
|
||||
SMTP_USER_NAME: ${SMTP_USER_NAME}
|
||||
SMTP_USER_PWD: ${SMTP_USER_PWD}
|
||||
SMTP_HOST_SSL_ENABLED: ${SMTP_HOST_SSL_ENABLED:-false}
|
||||
SMTP_RETRIES: ${SMTP_RETRIES:-2}
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
external: true
|
||||
|
||||
services:
|
||||
plausible:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.rule=Host(`${PLAUSIBLE_DOMAIN:?err}`)
|
||||
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-plausible}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
|
|
@ -1,31 +0,0 @@
|
|||
---
|
||||
|
||||
volumes:
|
||||
plausible:
|
||||
name: ${PLAUSIBLE_VOLUME_NAME:-plausible}
|
||||
|
||||
services:
|
||||
plausible:
|
||||
container_name: ${PLAUSIBLE_CONTAINER_NAME:-plausible}
|
||||
image: ${PLAUSIBLE_IMAGE:-plausible/analytics:v1.4.4}
|
||||
restart: always
|
||||
command: ${PLAUSIBLE_DOCKER_COMMAND:-sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"}
|
||||
depends_on:
|
||||
- clickhouse
|
||||
- postgres
|
||||
environment:
|
||||
ADMIN_USER_NAME: ${ADMIN_USER_NAME:?err}
|
||||
ADMIN_USER_EMAIL: ${ADMIN_USER_EMAIL:?err}
|
||||
ADMIN_USER_PWD: ${ADMIN_USER_PWD:?err}
|
||||
BASE_URL: ${BASE_URL}
|
||||
SECRET_KEY_BASE: ${SECRET_KEY_BASE:?err}
|
||||
DISABLE_AUTH: ${DISABLE_AUTH:-false}
|
||||
DISABLE_REGISTRATION: ${DISABLE_REGISTRATION:-false}
|
||||
DATABASE_URL: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}
|
||||
CLICKHOUSE_DATABASE_URL: http://${CLICKHOUSE_CONTAINER_NAME:-clickhouse}:8123/${CLICKHOUSE_CONTAINER_NAME:-clickhouse}
|
||||
SITE_LIMIT: ${SITE_LIMIT:-3}
|
||||
SELFHOST: ${SELFHOST:-true}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-warn}
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
|
@ -1,7 +1,3 @@
|
|||
#POSTGRES_VOLUME_NAME=
|
||||
#POSTGRES_CONTAINER_NAME=
|
||||
#POSTGRES_IMAGE=
|
||||
|
||||
POSTGRES_USER=user-example
|
||||
POSTGRES_PASSWORD=password-example
|
||||
POSTGRES_DB=postgres-database-name-example
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
|
@ -7,14 +7,12 @@ volumes:
|
|||
services:
|
||||
postgres:
|
||||
container_name: ${POSTGRES_CONTAINER_NAME:-postgres}
|
||||
image: ${POSTGRES_IMAGE:-postgres:14.2-alpine}
|
||||
image: ${POSTGRES_IMAGE:-postgres:13.4-alpine}
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_USER: ${POSTGRES_USER:?err}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
|
||||
POSTGRES_DB: ${POSTGRES_DB:?err}
|
||||
PUID: ${POSTGRES_PUID:-1000}
|
||||
PGID: ${POSTGRES_PGID:-1000}
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
########
|
||||
# DOCKER
|
||||
|
||||
#DOCKER_CONTEXT=
|
||||
#DOCKER_HOST=
|
||||
SERVICES_DIR=..
|
||||
COMPOSE_FILE=${SERVICES_DIR}/prometheus/docker-compose.yml:${SERVICES_DIR}/prometheus/docker-compose.traefik.yml
|
||||
#COMPOSE_PROJECT_NAME=
|
||||
|
||||
############
|
||||
# PROMETHEUS
|
||||
|
||||
#PROMETHEUS_IMAGE=
|
||||
PROMETHEUS_DOMAIN=prometheus.cool.life
|
||||
|
||||
#########
|
||||
# TRAEFIK
|
||||
|
||||
#TRAEFIK_NETWORK_NAME=
|
||||
#TRAEFIK_ROUTER_NAME=
|
||||
#TRAEFIK_ENTRYPOINTS=
|
|
@ -1,3 +0,0 @@
|
|||
ARG PROMETHEUS_IMAGE
|
||||
FROM $PROMETHEUS_IMAGE
|
||||
ADD prometheus.yml /etc/prometheus/
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue