Compare commits

..

4 commits

Author SHA1 Message Date
89cab71539
env file is optional 2025-03-07 22:51:07 +01:00
a4e7ae9ec1
fix environnement variables 2025-03-07 22:45:03 +01:00
62d98cac71
fix and add traeffik and environnement configurations
change version for v-0.5
change db name
2025-03-07 22:36:18 +01:00
ded1243cbd
first draft for conduwuit 2025-03-07 22:08:29 +01:00
22 changed files with 137 additions and 198 deletions

View file

@ -0,0 +1,75 @@
# conduwuit - Behind Traefik Reverse Proxy
services:
homeserver:
### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
### then you are ready to go.
image: girlbossceo/conduwuit:v0.5.0-rc3-b6e9dc3d98704c56027219d3775336910a0136c6
restart: unless-stopped
volumes:
- db:/var/lib/conduwuit
#- ./conduwuit.toml:/etc/conduwuit.toml
ports:
- 6167:6167
networks:
- proxy
environment:
CONDUWUIT_SERVER_NAME: matrix.gnous.eu
CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
CONDUWUIT_PORT: 6167 # pas touche, c'est le port de Docker
CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
CONDUWUIT_ALLOW_REGISTRATION: 'true'
CONDUWUIT_ALLOW_FEDERATION: 'true'
CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
CONDUWUIT_LOG: warn,state_res=warn
CONDUWUIT_ADDRESS: 0.0.0.0 # because in a container
env_file:
- path: .env
required: false
#cpuset: "0-4" # Uncomment to limit to specific CPU cores
ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
nofile:
soft: 1048567
hard: 1048567
labels:
- "traefik.enable=true"
- "traefik.http.routers.mastodon-web.entrypoints=websecure"
- "traefik.http.routers.mastodon-web.rule=Host(`matrix.gnous.eu`)"
- "traefik.http.routers.mastodon-web.middlewares=proxyHeader@file,proxyError@file"
# volé depuis https://community.traefik.io/t/setting-up-conduit-matrix-server-with-traefik/19394
- "traefik.http.routers.to-conduit.middlewares=cors-headers@docker"
- "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
- "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
- "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
### Uncomment if you want to use your own Element-Web App.
### Note: You need to provide a config.json for Element and you also need a second
### Domain or Subdomain for the communication between Element and conduwuit
### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
#element-web:
# image: vectorim/element-web:latest
# restart: unless-stopped
# #volumes:
# # - ./element_config.json:/app/config.json
# networks:
# - proxy
# ports:
# - 3000:80
# depends_on:
# - homeserver
volumes:
db:
driver: local
networks:
# This is the network Traefik listens to, if your network has a different
# name, don't forget to change it here and in the docker-compose.override.yml
proxy:
external: true
# vim: ts=2:sw=2:expandtab

View file

@ -9,7 +9,7 @@ volumes:
services: services:
server: server:
image: codeberg.org/forgejo/forgejo:12.0.1 image: codeberg.org/forgejo/forgejo:10.0.1
restart: always restart: always
container_name: forgejo container_name: forgejo
env_file: env_file:
@ -82,7 +82,7 @@ services:
depends_on: depends_on:
- cache - cache
cache: cache:
image: "redis:8-alpine" image: "redis:7-alpine"
restart: always restart: always
healthcheck: healthcheck:
test: ["CMD", "redis-cli", "ping"] test: ["CMD", "redis-cli", "ping"]

View file

@ -4,7 +4,7 @@ networks:
services: services:
renovate: renovate:
image: ghcr.io/renovatebot/renovate:41.43.2-full image: ghcr.io/renovatebot/renovate:39.185.0-full
restart: always restart: always
environment: environment:
- LOG_LEVEL=info - LOG_LEVEL=info

View file

@ -1,6 +1,6 @@
services: services:
backup: backup:
image: mazzolino/restic:1.8.0 image: mazzolino/restic:1.7.2
hostname: docker hostname: docker
restart: unless-stopped restart: unless-stopped
environment: environment:
@ -31,7 +31,7 @@ services:
- ./ssh:/run/secrets/.ssh:ro - ./ssh:/run/secrets/.ssh:ro
prune: prune:
image: mazzolino/restic:1.8.0 image: mazzolino/restic:1.7.2
hostname: docker hostname: docker
restart: unless-stopped restart: unless-stopped
environment: environment:

View file

@ -8,7 +8,7 @@ volumes:
services: services:
server: server:
image: "searxng/searxng:2025.4.24-c6c6d3027" image: "searxng/searxng:2025.1.6-6dab7fe78"
depends_on: depends_on:
- "redis" - "redis"
environment: environment:
@ -37,7 +37,7 @@ services:
- "traefik.http.routers.searx.rule=Host(`searx.gnous.eu`)" - "traefik.http.routers.searx.rule=Host(`searx.gnous.eu`)"
- "traefik.http.routers.searx.middlewares=proxyHeader@file,proxyError@file" - "traefik.http.routers.searx.middlewares=proxyHeader@file,proxyError@file"
redis: redis:
image: "redis:8.0-alpine" image: "redis:7.4-alpine"
command: 'redis-server --save "" --appendonly "no"' command: 'redis-server --save "" --appendonly "no"'
healthcheck: healthcheck:
test: ["CMD", "redis-cli", "ping"] test: ["CMD", "redis-cli", "ping"]

View file

@ -1,6 +1,6 @@
services: services:
traefik-kop: traefik-kop:
image: "ghcr.io/jittering/traefik-kop:0.17" image: "ghcr.io/jittering/traefik-kop:0.14"
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock

View file

@ -8,7 +8,7 @@ volumes:
services: services:
wallabag: wallabag:
image: wallabag/wallabag:2.6.13 image: wallabag/wallabag:2.6.10
restart: unless-stopped restart: unless-stopped
environment: environment:
- SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql

View file

@ -12,7 +12,7 @@ volumes:
services: services:
gitlab: gitlab:
image: gitlab/gitlab-ce:18.2.1-ce.0 image: gitlab/gitlab-ce:17.9.1-ce.0
container_name: gitlab container_name: gitlab
restart: always restart: always
hostname: "gitlab.gnous.eu" hostname: "gitlab.gnous.eu"

View file

@ -19,7 +19,7 @@ SMTP_FROM_ADDRESS=Mastodon <service@gnous.eu>
S3_ENABLED=true S3_ENABLED=true
S3_BUCKET=gnoustoot S3_BUCKET=gnoustoot
S3_REGION=fr-par S3_REGION=fr-par
S3_HOSTNAME=cdn.gnous.eu S3_HOSTNAME=obiwan.gnous.eu
S3_ENDPOINT=https://s3.fr-par.scw.cloud S3_ENDPOINT=https://s3.fr-par.scw.cloud
ES_ENABLED=false ES_ENABLED=false

View file

@ -5,7 +5,7 @@ networks:
services: services:
redis: redis:
image: redis:8-alpine image: redis:7-alpine
restart: always restart: always
healthcheck: healthcheck:
test: ["CMD", "redis-cli", "ping"] test: ["CMD", "redis-cli", "ping"]
@ -13,7 +13,7 @@ services:
- mastodon - mastodon
web: web:
image: ghcr.io/mastodon/mastodon:v4.4.2 image: ghcr.io/mastodon/mastodon:v4.3.4
restart: always restart: always
env_file: env_file:
- path: .env.production - path: .env.production
@ -42,7 +42,7 @@ services:
- "ofelia.job-exec.clean-account.command=tootctl accounts cull" - "ofelia.job-exec.clean-account.command=tootctl accounts cull"
streaming: streaming:
image: ghcr.io/mastodon/mastodon-streaming:v4.4.2 image: ghcr.io/mastodon/mastodon-streaming:v4.3.4
restart: always restart: always
env_file: env_file:
- path: .env.production - path: .env.production
@ -65,7 +65,7 @@ services:
- "traefik.http.routers.mastodon-streaming.middlewares=proxyHeader@file,proxyError@file" - "traefik.http.routers.mastodon-streaming.middlewares=proxyHeader@file,proxyError@file"
sidekiq: sidekiq:
image: ghcr.io/mastodon/mastodon:v4.4.2 image: ghcr.io/mastodon/mastodon:v4.3.4
restart: always restart: always
env_file: env_file:
- path: .env.production - path: .env.production

View file

@ -1,6 +1,6 @@
services: services:
backup: backup:
image: mazzolino/restic:1.8.0 image: mazzolino/restic:1.7.2
hostname: docker hostname: docker
restart: unless-stopped restart: unless-stopped
environment: environment:
@ -28,7 +28,7 @@ services:
- ./ssh:/run/secrets/.ssh:ro - ./ssh:/run/secrets/.ssh:ro
prune: prune:
image: mazzolino/restic:1.8.0 image: mazzolino/restic:1.7.2
hostname: docker hostname: docker
restart: unless-stopped restart: unless-stopped
environment: environment:

View file

@ -1,6 +1,6 @@
services: services:
traefik-kop: traefik-kop:
image: "ghcr.io/jittering/traefik-kop:0.17" image: "ghcr.io/jittering/traefik-kop:0.14"
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock

View file

@ -8,7 +8,7 @@ volumes:
services: services:
vaultwarden: vaultwarden:
image: vaultwarden/server:1.34.1 image: vaultwarden/server:1.33.2
container_name: vaultwarden container_name: vaultwarden
environment: environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications. - WEBSOCKET_ENABLED=true # Enable WebSocket notifications.

View file

@ -9,7 +9,7 @@ volumes:
services: services:
server: server:
image: woodpeckerci/woodpecker-server:v3.8.0 image: woodpeckerci/woodpecker-server:v3.2.0
container_name: woodpecker_server container_name: woodpecker_server
environment: environment:
- WOODPECKER_OPEN=true - WOODPECKER_OPEN=true

View file

@ -1,20 +0,0 @@
TRAEFIK_KOP_REDIS_ADDR=[[TRAEFIK_KOP_REDIS_ADDR]]
TRAEFIK_KOP_REDIS_PASS=[[TRAEFIK_KOP_REDIS_PASS]]
# TRACS3 ENV
TRACS_AWS_REGION=[[TRACS_AWS_REGION]]
TRACS_S3_ENDPOINT=[[TRACS_S3_ENDPOINT]]
TRACS_S3_ACCESS_KEY_ID=[[TRACS_S3_ACCESS_KEY_ID]]
TRACS_S3_SECRET=[[TRACS_S3_SECRET]]
TRACS_CLOSET_BUCKET=[[TRACS_CLOSET_BUCKET]]
TRACS_CLOSET_PASSWORD=[[TRACS_CLOSET_PASSWORD]]
AWS_CONFIGURE_PLUGINS=awscli_plugin_endpoint
AWS_REQUEST_CHECKSUM_CALCULATION=WHEN_REQUIRED
AWS_S3_SIGNATURE_VERSION=s3v4
TRAEFIK_LOCAL_STORE=/certificates/
TRAEFIK_OUTPUT_FILE=/configs/certificates.toml
TRAEFIK_CERTIFICATE_DIR=/certificates/
# TRACING
OLTP_HTTP_ENDPOINT=[[OLTP_HTTP_ENDPOINT]]
OLTP_HTTP_BASIC_AUTH=[[OLTP_HTTP_BASIC_AUTH]]

View file

@ -1,110 +0,0 @@
services:
traefik:
image: "traefik:v3.5.0"
container_name: "traefik"
command:
- "--log.level=info"
- "--log.maxsize=100"
- "--log.maxage=3"
- "--metrics.prometheus=true"
- "--entryPoints.web.address=:80"
- "--entryPoints.web.http.redirections.entryPoint.to=webpublic"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
- "--entryPoints.web.http.redirections.entryPoint.permanent=true"
- "--entryPoints.web.allowACMEByPass=true"
- "--entryPoints.websecure.address=:446"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=172.0.0.0/8"
- "--entryPoints.webpublic.address=:443"
- "--entryPoints.webpublic.http.tls=true"
- "--entryPoints.webpublic.forwardedHeaders.trustedIPs=172.0.0.0/8"
- "--entryPoints.ssh.address=:2222"
- "--entryPoints.sshgitlab.address=:2223"
- "--providers.file.directory=/traefik"
- "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
- "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
- "--tracing=true"
- "--tracing.otlp=true"
- "--tracing.otlp.http=true"
- "--tracing.serviceName=traefik"
- "--tracing.sampleRate=0.2"
- "--tracing.otlp.http.endpoint=${OLTP_HTTP_ENDPOINT}"
- "--tracing.otlp.http.headers.Authorization=Basic ${OLTP_HTTP_BASIC_AUTH}"
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/traefik/sites:/traefik"
- "certificates:/certificates"
network_mode: host
epee:
image: "git.gnous.eu/enpls/epee-service:stable"
restart: always
container_name: "epee"
ports:
- "5900:5900"
networks:
- traefik_internal
varnish:
image: varnish:7.7.1
restart: always
command: -F -a :445,PROXY -f /etc/varnish/default.vcl -T 127.0.0.1:6082 -t 120 -p thread_pool_min=50 -p thread_pool_max=1000 -p thread_pool_timeout=120 -i varnish -s malloc,2048M -n varnish
ports:
- 445:445
volumes:
- /etc/varnish:/etc/varnish
- "workdir:/var/lib/varnish"
tracs3:
image: ghcr.io/outout14/traefik-acme-s3:main
env_file:
- tracs3.env
command:
- "sync"
volumes:
- "/etc/traefik/sites:/configs"
- "certificates:/certificates"
network_mode: "host"
environment:
- AWS_REGION=${TRACS_AWS_REGION}
- AWS_DEFAULT_REGION=${TRACS_AWS_REGION}
- AWS_ENDPOINT_URL=${TRACS_S3_ENDPOINT}
- AWS_S3_ENDPOINT=${TRACS_S3_ENDPOINT}
- AWS_S3API_ENDPOINT=${TRACS_S3_ENDPOINT}
- AWS_ACCESS_KEY_ID=${TRACS_S3_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${TRACS_S3_SECRET}
- CLOSET_BUCKET=${TRACS_CLOSET_BUCKET}
- CLOSET_PASSWORD=${TRACS_CLOSET_PASSWORD}
tracs3-certificate-sync:
image: mcuadros/ofelia:latest
restart: always
depends_on:
tracs3:
condition: service_completed_successfully
command: daemon --docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
ofelia.job-run.certificate-rotate.schedule: "@every 10m"
ofelia.job-run.certificate-rotate.command: "sh -c 'docker restart front-http-par-tracs3-1'"
ofelia.job-run.certificate-rotate.image: "docker:cli"
ofelia.job-run.certificate-rotate.volume: "/var/run/docker.sock:/var/run/docker.sock"
volumes:
certificates:
workdir:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
networks:
traefik_internal:
enable_ipv6: true

View file

@ -14,7 +14,3 @@ AWS_S3_SIGNATURE_VERSION=s3v4
TRAEFIK_LOCAL_STORE=/certificates/ TRAEFIK_LOCAL_STORE=/certificates/
TRAEFIK_OUTPUT_FILE=/configs/certificates.toml TRAEFIK_OUTPUT_FILE=/configs/certificates.toml
TRAEFIK_CERTIFICATE_DIR=/certificates/ TRAEFIK_CERTIFICATE_DIR=/certificates/
# TRACING
OLTP_HTTP_ENDPOINT=[[OLTP_HTTP_ENDPOINT]]
OLTP_HTTP_BASIC_AUTH=[[OLTP_HTTP_BASIC_AUTH]]

View file

@ -1,7 +1,10 @@
services: services:
traefik: traefik:
image: "traefik:v3.5.0" image: "traefik:v3.3"
container_name: "traefik" container_name: "traefik"
depends_on:
tracs3:
condition: service_completed_successfully
command: command:
- "--log.level=info" - "--log.level=info"
- "--log.maxsize=100" - "--log.maxsize=100"
@ -9,57 +12,57 @@ services:
- "--metrics.prometheus=true" - "--metrics.prometheus=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80" - "--entryPoints.web.address=:80"
- "--entryPoints.web.http.redirections.entryPoint.to=webpublic" - "--entryPoints.name.allowACMEByPass=true"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https" - "--entryPoints.websecure.address=:443"
- "--entryPoints.web.http.redirections.entryPoint.permanent=true" - "--entryPoints.websecure.http3"
- "--entryPoints.web.allowACMEByPass=true" - "--entryPoints.websecure.http.tls=true"
- "--entryPoints.websecure.address=:446"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=172.0.0.0/8"
- "--entryPoints.webpublic.address=:443"
- "--entryPoints.webpublic.http.tls=true"
- "--entryPoints.webpublic.forwardedHeaders.trustedIPs=172.0.0.0/8"
- "--entryPoints.ssh.address=:2222" - "--entryPoints.ssh.address=:2222"
- "--entryPoints.sshgitlab.address=:2223" - "--entryPoints.sshgitlab.address=:2223"
- "--providers.docker=true"
- "--providers.file.directory=/traefik" - "--providers.file.directory=/traefik"
- "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}" - "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
- "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}" - "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
ports:
- "--tracing=true" - target: 80
- "--tracing.otlp=true" published: 80
- "--tracing.otlp.http=true" protocol: tcp
- "--tracing.serviceName=traefik" mode: host
- "--tracing.sampleRate=0.2" - target: 443
- "--tracing.otlp.http.endpoint=${OLTP_HTTP_ENDPOINT}" published: 443
- "--tracing.otlp.http.headers.Authorization=Basic ${OLTP_HTTP_BASIC_AUTH}" protocol: tcp
restart: always mode: host
- target: 443
published: 443
protocol: udp
mode: host
- target: 2222
published: 2222
protocol: tcp
mode: host
- target: 2223
published: 2223
protocol: tcp
mode: host
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/traefik/sites:/traefik" - "/etc/traefik/sites:/traefik"
- "certificates:/certificates" - "certificates:/certificates"
network_mode: host networks:
- traefik_internal
epee: epee:
image: "git.gnous.eu/enpls/epee-service:stable" image: "git.gnous.eu/enpls/epee-service:stable"
restart: always
container_name: "epee" container_name: "epee"
ports: ports:
- "5900:5900" - "5900:5900"
networks: networks:
- traefik_internal - traefik_internal
varnish:
image: varnish:7.7.1
restart: always
command: -F -a :445,PROXY -f /etc/varnish/default.vcl -T 127.0.0.1:6082 -t 120 -p thread_pool_min=50 -p thread_pool_max=1000 -p thread_pool_timeout=120 -i varnish -s malloc,2048M -n varnish
ports:
- 445:445
volumes:
- /etc/varnish:/etc/varnish
- "workdir:/var/lib/varnish"
tracs3: tracs3:
image: ghcr.io/outout14/traefik-acme-s3:main image: ghcr.io/outout14/traefik-acme-s3:main
env_file: env_file:
@ -100,11 +103,6 @@ services:
volumes: volumes:
certificates: certificates:
workdir:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
networks: networks:
traefik_internal: traefik_internal:
enable_ipv6: true enable_ipv6: true

View file

@ -15,7 +15,7 @@ services:
restart: unless-stopped restart: unless-stopped
ports: ports:
- 8085:3000 - 8085:3000
image: semaphoreui/semaphore:v2.15.4 image: semaphoreui/semaphore:v2.12.14
env_file: env_file:
- path: .env - path: .env
required: false required: false

View file

@ -1,6 +1,6 @@
services: services:
traefik-kop: traefik-kop:
image: "ghcr.io/jittering/traefik-kop:0.17" image: "ghcr.io/jittering/traefik-kop:0.14"
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock

View file

@ -11,7 +11,7 @@ services:
- db-data:/var/lib/postgresql/data - db-data:/var/lib/postgresql/data
server: server:
image: ghcr.io/requarks/wiki:2.5.307 image: ghcr.io/requarks/wiki:2.5.306
depends_on: depends_on:
- db - db
environment: environment:

View file

@ -10,7 +10,7 @@ volumes:
services: services:
server: server:
image: woodpeckerci/woodpecker-server:v3.8.0 image: woodpeckerci/woodpecker-server:v3.2.0
container_name: woodpecker_server container_name: woodpecker_server
environment: environment:
- WOODPECKER_OPEN=false - WOODPECKER_OPEN=false