From a0ef593f850121a9c66b615d957f513a4d93f66f Mon Sep 17 00:00:00 2001 From: akanealw Date: Sat, 29 Mar 2025 22:52:04 -0500 Subject: [PATCH] added linkwarden and updated caddyfile --- linkwarden/.env | 74 ++++++++++++++++++++++++++++++++++++ linkwarden/compose.yml | 32 ++++++++++++++++ reverseproxy/caddy/Caddyfile | 51 ++++++++++++++----------- 3 files changed, 135 insertions(+), 22 deletions(-) create mode 100644 linkwarden/.env create mode 100644 linkwarden/compose.yml diff --git a/linkwarden/.env b/linkwarden/.env new file mode 100644 index 0000000..fef88ad --- /dev/null +++ b/linkwarden/.env @@ -0,0 +1,74 @@ +NEXTAUTH_URL=http://localhost:3000/api/v1/auth +NEXTAUTH_SECRET=pheimoo9roozahghaithais4Ooxiexahrie4ieph + +# Manual installation database settings +# Example: DATABASE_URL=postgresql://user:password@localhost:5432/linkwarden +DATABASE_URL= + +# Docker installation database settings +POSTGRES_PASSWORD=siel9Oogoh8sheeghohqu7thaNoo6cet9eeyoJie + +# Additional Optional Settings +PAGINATION_TAKE_COUNT= +STORAGE_FOLDER= +AUTOSCROLL_TIMEOUT= +NEXT_PUBLIC_DISABLE_REGISTRATION=false +NEXT_PUBLIC_CREDENTIALS_ENABLED= +DISABLE_NEW_SSO_USERS= +RE_ARCHIVE_LIMIT= +MAX_LINKS_PER_USER= +ARCHIVE_TAKE_COUNT= +BROWSER_TIMEOUT= +IGNORE_UNAUTHORIZED_CA= +IGNORE_HTTPS_ERRORS= +IGNORE_URL_SIZE_LIMIT= +NEXT_PUBLIC_DEMO= +NEXT_PUBLIC_DEMO_USERNAME= +NEXT_PUBLIC_DEMO_PASSWORD= +NEXT_PUBLIC_ADMIN= +NEXT_PUBLIC_MAX_FILE_BUFFER= +MONOLITH_MAX_BUFFER= +MONOLITH_CUSTOM_OPTIONS= +PDF_MAX_BUFFER= +SCREENSHOT_MAX_BUFFER= +READABILITY_MAX_BUFFER= +PREVIEW_MAX_BUFFER= +IMPORT_LIMIT= +PLAYWRIGHT_LAUNCH_OPTIONS_EXECUTABLE_PATH= +MAX_WORKERS= +DISABLE_PRESERVATION= +NEXT_PUBLIC_RSS_POLLING_INTERVAL_MINUTES= +RSS_SUBSCRIPTION_LIMIT_PER_USER= + +# SMTP Settings +NEXT_PUBLIC_EMAIL_PROVIDER= +EMAIL_FROM= +EMAIL_SERVER= +BASE_URL= + +# Proxy settings +PROXY= +PROXY_USERNAME= +PROXY_PASSWORD= +PROXY_BYPASS= + +# PDF archive settings +PDF_MARGIN_TOP= +PDF_MARGIN_BOTTOM= + +################# +# SSO Providers # +################# + +# Authelia +NEXT_PUBLIC_AUTHELIA_ENABLED="" +AUTHELIA_CLIENT_ID="" +AUTHELIA_CLIENT_SECRET="" +AUTHELIA_WELLKNOWN_URL="" + +# Authentik +NEXT_PUBLIC_AUTHENTIK_ENABLED= +AUTHENTIK_CUSTOM_NAME= +AUTHENTIK_ISSUER= +AUTHENTIK_CLIENT_ID= +AUTHENTIK_CLIENT_SECRET= diff --git a/linkwarden/compose.yml b/linkwarden/compose.yml new file mode 100644 index 0000000..b386c27 --- /dev/null +++ b/linkwarden/compose.yml @@ -0,0 +1,32 @@ +services: + postgres: + image: postgres:16-alpine + env_file: .env + restart: always + networks: + - linkwarden + volumes: + - ./pgdata:/var/lib/postgresql/data + + linkwarden: + image: ghcr.io/linkwarden/linkwarden:latest + container_name: linkwarden + env_file: .env + environment: + - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres + restart: always + ports: + - 3000:3000 + networks: + - linkwarden + - reverseproxy + volumes: + - ./data:/data/data + depends_on: + - postgres + +networks: + linkwarden: + name: linkwarden + reverseproxy: + external: true diff --git a/reverseproxy/caddy/Caddyfile b/reverseproxy/caddy/Caddyfile index a8c0928..f46d294 100644 --- a/reverseproxy/caddy/Caddyfile +++ b/reverseproxy/caddy/Caddyfile @@ -57,7 +57,7 @@ akanealw.com { @akanealwcom host akanealw.com handle @akanealwcom { import auth - reverse_proxy 192.168.1.4:3005 + reverse_proxy homepage:3005 } } @@ -114,10 +114,18 @@ auth.akanealw.com { @allowed client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 import cloudflare + @checkmk host checkmk.akanealw.com + handle @checkmk { + handle @allowed { + reverse_proxy checkmk:8888 + } + respond "ip range not allowed" + } + @linkwarden host linkwarden.akanealw.com handle @linkwarden { handle @allowed { - reverse_proxy 192.168.1.4:3232 + reverse_proxy linkwarden:3232 } respond "ip range not allowed" } @@ -138,14 +146,6 @@ auth.akanealw.com { respond "ip range not allowed" } - @adguard3 host adguardserver1.akanealw.com - handle @adguard3 { - handle @allowed { - reverse_proxy 192.168.1.4:3000 - } - respond "ip range not allowed" - } - @bale host bale.akanealw.com handle @bale { handle @allowed { @@ -213,7 +213,7 @@ auth.akanealw.com { @proxyserverdockge host proxyserver-dockge.akanealw.com handle @proxyserverdockge { handle @allowed { - reverse_proxy 192.168.1.4:5001 + reverse_proxy dockge:5001 } respond "ip range not allowed" } @@ -221,7 +221,7 @@ auth.akanealw.com { @proxyserverdozzle host proxyserver-dozzle.akanealw.com handle @proxyserverdozzle { handle @allowed { - reverse_proxy 192.168.1.4:8080 + reverse_proxy dozzle:8080 } respond "ip range not allowed" } @@ -408,7 +408,7 @@ auth.akanealw.com { @wireguardui host wireguardui.akanealw.com handle @wireguardui { handle @allowed { - reverse_proxy 192.168.1.4:5000 + reverse_proxy localhost:5000 } respond "ip range not allowed" } @@ -425,7 +425,7 @@ auth.akanealw.com { handle @piholewg { handle @allowed { redir / /admin{uri} - reverse_proxy 192.168.1.4:3000 + reverse_proxy localhost:3000 } respond "ip range not allowed" } @@ -462,11 +462,6 @@ auth.akanealw.com { reverse_proxy 192.168.1.42:8096 } - @whoami host whoami.akanealw.com - handle @whoami { - reverse_proxy whoami:80 - } - # -------------------------------------------------- # external subdomains with authentik # @@ -480,16 +475,28 @@ auth.akanealw.com { # # -------------------------------------------------- + @memos host memos.akanealw.com + handle @memos { + import auth + reverse_proxy memos:5230 + } + + @whoami host whoami.akanealw.com + handle @whoami { + import auth + reverse_proxy whoami:80 + } + @wallos host wallos.akanealw.com handle @wallos { import auth - reverse_proxy 192.168.1.4:8389 + reverse_proxy wallos:8389 } @homepage host www.akanealw.com handle @homepage { import auth - reverse_proxy 192.168.1.4:3005 + reverse_proxy homepage:3005 } @filebrowser host filebrowser.akanealw.com @@ -579,7 +586,7 @@ auth.akanealw.com { @opengist host opengist.akanealw.com handle @opengist { import auth - reverse_proxy 192.168.1.4:6157 + reverse_proxy opengist:6157 } @paperless host paperless.akanealw.com