diff --git a/caddy/Caddyfile b/caddy/Caddyfile index 76f2a7b..de2a321 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -31,7 +31,6 @@ rik.veenboer.xyz \ *.rik.veenboer.xyz \ { - reverse_proxy nginx handle_path /test/* { reverse_proxy host:12345 } @@ -65,6 +64,14 @@ import unprotected homarr host:17575 import unprotected jellyseerr host:15055 #import unprotected seafile host:12380 + +seafile.rik.veenboer.xyz { + log { + output file /var/log/seafile.log + } + reverse_proxy host:12380 +} + (authentik) { reverse_proxy /outpost.goauthentik.io/* http://host:19000 forward_auth http://host:19000 { @@ -116,6 +123,7 @@ import protected filebrowser host:8002 #import protected app host:12345 + ha.rik.veenboer.xyz { log { output file /var/log/ha.log diff --git a/docker-compose.caddy.yml b/docker-compose.caddy.yml index 47e021e..1f0447c 100644 --- a/docker-compose.caddy.yml +++ b/docker-compose.caddy.yml @@ -3,8 +3,6 @@ services: build: context: /opt/caddy/ container_name: caddy - depends_on: - - nginx environment: - AWS_REGION=eu-west-1 - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?} @@ -12,8 +10,6 @@ services: - GEO_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:?} - GEO_API_KEY=${MAXMIND_API_KEY:?} image: caddy - links: - - nginx ports: - 443:443 restart: unless-stopped diff --git a/docker-compose.nginx.yml b/docker-compose.nginx.yml deleted file mode 100644 index e375456..0000000 --- a/docker-compose.nginx.yml +++ /dev/null @@ -1,15 +0,0 @@ -services: - nginx: - container_name: nginx - extra_hosts: - - host:192.168.2.200 - image: nginx:1.25.4 - ports: - - 20080:80 - restart: unless-stopped - volumes: - - /opt/nginx/etc/.htpasswd:/host/etc/.htpasswd - - /opt/nginx/etc/nginx/conf:/etc/nginx/conf - - /opt/nginx/etc/nginx/conf.d:/etc/nginx/conf.d - - /opt/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf - - /opt/nginx/var/log/nginx:/var/log/nginx diff --git a/nginx/etc/.htpasswd b/nginx/etc/.htpasswd deleted file mode 100644 index 78b8e7b..0000000 --- a/nginx/etc/.htpasswd +++ /dev/null @@ -1 +0,0 @@ -user:$apr1$PUlYgSSM$cZbvFGsKVt4SsAsB5Bifr1 diff --git a/nginx/etc/nginx/conf.d/global.conf b/nginx/etc/nginx/conf.d/global.conf deleted file mode 100644 index 03eb4c7..0000000 --- a/nginx/etc/nginx/conf.d/global.conf +++ /dev/null @@ -1,19 +0,0 @@ -server { - # seafile - listen 80; - server_name seafile.rik.veenboer.xyz; - location / { - proxy_pass http://host:8100; - include /etc/nginx/conf/proxy.conf; - } - location /seafhttp { - rewrite ^/seafhttp(.*)$ $1 break; - proxy_pass http://host:8182; - client_max_body_size 0; - } - location /seafdav { - proxy_pass http://host:8180; - include /etc/nginx/conf/proxy.conf; - } -} - diff --git a/nginx/etc/nginx/conf/headers.conf b/nginx/etc/nginx/conf/headers.conf deleted file mode 100644 index 5739273..0000000 --- a/nginx/etc/nginx/conf/headers.conf +++ /dev/null @@ -1,13 +0,0 @@ -auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user; -auth_request_set $sub $upstream_http_x_vouch_idp_claims_sub; -auth_request_set $name $upstream_http_x_vouch_idp_claims_name; -auth_request_set $email $upstream_http_x_vouch_idp_claims_email; -auth_request_set $email_verified $upstream_http_x_vouch_idp_claims_email_verified; -auth_request_set $preferred_username $upstream_http_x_vouch_idp_claims_preferred_username; - -proxy_set_header X-Forwarded-User $auth_resp_x_vouch_user; -proxy_set_header X-Forwarded-Sub $sub; -proxy_set_header X-Forwarded-Name $name; -proxy_set_header X-Forwarded-Email $email; -proxy_set_header X-Forwarded-Email-Verified $email_verified; -proxy_set_header X-Forwarded-Preferred-Username $preferred_username; diff --git a/nginx/etc/nginx/conf/proxy.conf b/nginx/etc/nginx/conf/proxy.conf deleted file mode 100644 index 78a948d..0000000 --- a/nginx/etc/nginx/conf/proxy.conf +++ /dev/null @@ -1,10 +0,0 @@ -# Proxy -proxy_redirect off; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Ssl on; - -# Websocket -proxy_http_version 1.1; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $http_connection; diff --git a/nginx/etc/nginx/conf/ssl.conf b/nginx/etc/nginx/conf/ssl.conf deleted file mode 100644 index debf64c..0000000 --- a/nginx/etc/nginx/conf/ssl.conf +++ /dev/null @@ -1,20 +0,0 @@ -# Enable SSL -ssl_certificate /host/etc/certs/certificate+intermediate.pem; -ssl_certificate_key /host/etc/certs/key.pem; -ssl_dhparam /host/etc/certs/dh.pem; - -# Increased security, from https://cipherli.st/ -ssl_protocols TLSv1 TLSv1.1 TLSv1.2; -ssl_prefer_server_ciphers on; -ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; -ssl_ecdh_curve secp384r1; -ssl_session_cache shared:SSL:10m; -ssl_session_tickets off; -ssl_stapling on; -ssl_stapling_verify on; -resolver_timeout 5s; -add_header X-Frame-Options DENY; -add_header X-Content-Type-Options nosniff; - -# Redirect HTTP trafic -error_page 497 https://$host:$server_port$request_uri; \ No newline at end of file diff --git a/nginx/etc/nginx/conf/vouch-path.conf b/nginx/etc/nginx/conf/vouch-path.conf deleted file mode 100644 index 48874dd..0000000 --- a/nginx/etc/nginx/conf/vouch-path.conf +++ /dev/null @@ -1,14 +0,0 @@ -location /vouch { # vouch - proxy_pass http://host:9093; # must not! have a slash at the end - proxy_set_header Host $http_host; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - # these return values are used by the @error401 call - auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; - auth_request_set $auth_resp_err $upstream_http_x_vouch_err; - auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; -} - -# if /vouch/validate returns `401 not authorized` then forward the request to the error401block -error_page 401 = @error401; diff --git a/nginx/etc/nginx/conf/vouch.conf b/nginx/etc/nginx/conf/vouch.conf deleted file mode 100644 index 499679c..0000000 --- a/nginx/etc/nginx/conf/vouch.conf +++ /dev/null @@ -1,31 +0,0 @@ -# Any request to this server will first be sent to this URL -auth_request /vouch-validate; - -# Get the authorized user name (email address) -auth_request_set $auth_user $upstream_http_x_vouch_user; - -location = /vouch-validate { - internal; - - # This address is where Vouch will be listening on - proxy_pass http://host:9090/validate; - proxy_pass_request_body off; # no need to send the POST body - - proxy_set_header Content-Length ""; - proxy_set_header Host $http_host; # This is required according to the Vouch-Proxy official example - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # These return values are passed to the @error401 call - auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; - auth_request_set $auth_resp_err $upstream_http_x_vouch_err; - auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; -} - -error_page 401 = @error401; - -# If the user is not logged in, redirect them to Vouch's login URL -location @error401 { - return 302 https://vouch.rik.veenboer.xyz/login?url=https://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err; -} diff --git a/nginx/etc/nginx/nginx.conf b/nginx/etc/nginx/nginx.conf deleted file mode 100644 index 6726aec..0000000 --- a/nginx/etc/nginx/nginx.conf +++ /dev/null @@ -1,33 +0,0 @@ -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - client_max_body_size 500M; - - server_tokens off; - error_page 401 403 404 /404.html; - include /etc/nginx/conf.d/*.conf; -} diff --git a/seafile-new/docker-compose.seafile.yml b/seafile-new/docker-compose.seafile.yml deleted file mode 100644 index 4af3915..0000000 --- a/seafile-new/docker-compose.seafile.yml +++ /dev/null @@ -1,56 +0,0 @@ -services: - db: - image: ${SEAFILE_DB_IMAGE:-mariadb:10.11} - container_name: seafile-mysql - environment: - - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:?Variable is not set or empty} - - MYSQL_LOG_CONSOLE=true - - MARIADB_AUTO_UPGRADE=1 - volumes: - - "${SEAFILE_MYSQL_VOLUME:-/opt/seafile-mysql/db}:/var/lib/mysql" - - healthcheck: - test: - [ - "CMD", - "/usr/local/bin/healthcheck.sh", - "--connect", - "--mariadbupgrade", - "--innodb_initialized", - ] - interval: 20s - start_period: 30s - timeout: 5s - retries: 10 - - seafile: - image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:12.0-latest} - container_name: seafile - ports: - - "12380:80" - - "18082:8082" - volumes: - - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared - environment: - - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db} - - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306} - - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-} - - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty} - - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db} - - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db} - - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db} - - TIME_ZONE=${TIME_ZONE:-Etc/UTC} - - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com} - - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret} - - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} - - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http} - - SITE_ROOT=${SITE_ROOT:-/} - - NON_ROOT=${NON_ROOT:-false} - - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty} - - ENABLE_SEADOC=${ENABLE_SEADOC:-false} - - SEADOC_SERVER_URL=${SEADOC_SERVER_URL:-http://example.example.com/sdoc-server} - labels: - caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} - caddy.reverse_proxy: "{{upstreams 80}}" - depends_on: - - db