diff --git a/.env b/.env new file mode 100644 index 0000000..0b37287 --- /dev/null +++ b/.env @@ -0,0 +1,13 @@ +#GLOBAL SETTINGS +COMPOSE_HTTP_TIMEOUT=120 +COMPOSE_IGNORE_ORPHANS=1 +DOCKER_CONFIGS=. +DOCKERGID=999 +DOCKERHOSTNAME=ReverseProxy +DOCKERLOGGING_MAXFILE=10 +DOCKERLOGGING_MAXSIZE=200k +SERVERIP=192.168.1.4 +PGID=1000 +PUID=1000 +UMASK=000 +TZ=America/Chicago diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..30dfa5d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.db +*.sqlite +acme.json \ No newline at end of file diff --git a/authentik/.env b/authentik/.env deleted file mode 100644 index 326fe01..0000000 --- a/authentik/.env +++ /dev/null @@ -1,18 +0,0 @@ -TZ=America/Chicago - -POSTGRES_PASSWORD=nu8Vohx1ot1eesoono5teshu6bohn9eiteich6Bu -AUTHENTIK_SECRET_KEY=7kIHbomK9MV4lEvObyOGGvzF222eLZ1RC6fKn28EDEIB4iF8kC - -# SMTP Host Emails are sent to -AUTHENTIK_EMAIL__HOST=smtp.gmail.com -AUTHENTIK_EMAIL__PORT=587 -# Optionally authenticate (don't add quotation marks to your password) -AUTHENTIK_EMAIL__USERNAME=akanealw@gmail.com -AUTHENTIK_EMAIL__PASSWORD=nhwdzlpwzjjzwchx -# Use StartTLS -AUTHENTIK_EMAIL__USE_TLS=true -# Use SSL -AUTHENTIK_EMAIL__USE_SSL=false -AUTHENTIK_EMAIL__TIMEOUT=10 -# Email address authentik will send from, should have a correct @domain -AUTHENTIK_EMAIL__FROM=akanealw@gmail.com diff --git a/authentik/compose.yml b/authentik/compose.yml deleted file mode 100644 index d3f6680..0000000 --- a/authentik/compose.yml +++ /dev/null @@ -1,108 +0,0 @@ -services: - authentik-server: - image: ghcr.io/goauthentik/server:2025.2.2 - container_name: authentik-server - command: server - environment: - - AUTHENTIK_REDIS__HOST=authentik-redis - - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres - - AUTHENTIK_POSTGRESQL__USER=authentik - - AUTHENTIK_POSTGRESQL__NAME=authentik - - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} - ports: - - 9000:9000 - - 9443:9443 - networks: - - reverseproxy - - authentik - volumes: - - ./media:/media - - ./custom-templates:/templates - depends_on: - - authentik-postgres - - authentik-redis - restart: unless-stopped - - authentik-worker: - image: ghcr.io/goauthentik/server:2025.2.2 - container_name: authentik-worker - command: worker - environment: - - AUTHENTIK_REDIS__HOST=authentik-redis - - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres - - AUTHENTIK_POSTGRESQL__USER=authentik - - AUTHENTIK_POSTGRESQL__NAME=authentik - - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} - networks: - - reverseproxy - - authentik - user: root - volumes: - - /run/docker.sock:/run/docker.sock - - ./media:/media - - ./certs:/certs - - ./custom-templates:/templates - depends_on: - - authentik-postgres - - authentik-redis - restart: unless-stopped - - authentik-redis: - image: docker.io/library/redis:7.4.2 - container_name: authentik-redis - command: --save 60 1 --loglevel warning - healthcheck: - test: ["CMD-SHELL", "redis-cli ping | grep PONG"] - start_period: 20s - interval: 30s - retries: 5 - timeout: 3s - networks: - - authentik - volumes: - - ./redis:/data - restart: unless-stopped - - authentik-postgres: - image: docker.io/library/postgres:17.4 - container_name: authentik-postgres - environment: - - POSTGRES_USER=authentik - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_DB=authentik - - TZ=${TZ} - healthcheck: - test: ['CMD-SHELL', 'pg_isready -U "authentik"'] - start_period: 30s - interval: 10s - timeout: 10s - retries: 5 - networks: - - authentik - volumes: - - ./postgres:/var/lib/postgresql/data - restart: unless-stopped - -networks: - authentik: - name: authentik - reverseproxy: - external: true diff --git a/caddy/.env b/caddy/.env deleted file mode 100644 index 6749891..0000000 --- a/caddy/.env +++ /dev/null @@ -1 +0,0 @@ -CROWDSEC_API_KEY=GIWtpt78Iogley5euk7caGt0RwxAclgW diff --git a/caddy/Dockerfile b/caddy/Dockerfile deleted file mode 100644 index 6b122a5..0000000 --- a/caddy/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -ARG CADDY_VERSION=2 - -FROM caddy:${CADDY_VERSION}-builder-alpine AS builder - -RUN xcaddy build \ - --with github.com/caddy-dns/cloudflare \ - --with github.com/mholt/caddy-l4 \ - --with github.com/caddyserver/transform-encoder \ - --with github.com/hslatman/caddy-crowdsec-bouncer/http@main \ - --with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main - -FROM caddy:${CADDY_VERSION} AS caddy - -WORKDIR / - -COPY --from=builder /usr/bin/caddy /usr/bin/caddy diff --git a/caddy/compose.yml b/caddy/compose.yml deleted file mode 100644 index 01f3d19..0000000 --- a/caddy/compose.yml +++ /dev/null @@ -1,48 +0,0 @@ -services: - caddy: - build: - context: ./ - target: caddy - container_name: caddy - security_opt: - - no-new-privileges=true - environment: - - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} - networks: - - reverseproxy - ports: - - "80:80" - - "443:443" - restart: unless-stopped - volumes: - - ./data:/data - - ./config:/config - - ./logs:/var/log/caddy - - ./etc-caddy:/etc/caddy - - crowdsec: - image: docker.io/crowdsecurity/crowdsec:latest - container_name: crowdsec - security_opt: - - no-new-privileges=true - environment: - - GID=1000 - - COLLECTIONS=crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors - - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY} - networks: - - reverseproxy - restart: unless-stopped - volumes: - - ./crowdsec-db:/var/lib/crowdsec/data/ - - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml - - ./logs:/var/log/caddy:ro - - whoami: - image: traefik/whoami - container_name: whoami - networks: - - reverseproxy - -networks: - reverseproxy: - external: true diff --git a/caddy/crowdsec/acquis.yaml b/caddy/crowdsec/acquis.yaml deleted file mode 100644 index 91c9d1d..0000000 --- a/caddy/crowdsec/acquis.yaml +++ /dev/null @@ -1,4 +0,0 @@ -filenames: - - /var/log/caddy/*.log -labels: - type: caddy diff --git a/caddy/etc-caddy/Caddyfile b/caddy/etc-caddy/Caddyfile deleted file mode 100755 index 8c8559b..0000000 --- a/caddy/etc-caddy/Caddyfile +++ /dev/null @@ -1,95 +0,0 @@ -# -------------------------------------------------- -# global options -# -------------------------------------------------- -{ - acme_ca https://acme-v02.api.letsencrypt.org/directory -# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory - - admin :2019 - log { - output file /var/log/caddy/caddy.log - level info - } - - servers { - trusted_proxies static private_ranges - } - - crowdsec { - api_url http://crowdsec:8080 - api_key {$CROWDSEC_API_KEY} - } -} - -# -------------------------------------------------- -# cloudflare tls snippet for sites -# -------------------------------------------------- - -(cloudflare) { - tls { - dns cloudflare BI5kO2I9fHAqso_OClKxbUM6xTCodH2OfQ60yNp3 - resolvers 1.1.1.1 1.0.0.1 - } -} - -# -------------------------------------------------- -# auth snippet for authentik -# -------------------------------------------------- - -(auth) { - reverse_proxy /outpost.goauthentik.io/* authentik-server:9000 - - forward_auth authentik-server:9000 { - uri /outpost.goauthentik.io/auth/caddy - copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version - } -} - -# -------------------------------------------------- -# akanealw.com root domain -# -------------------------------------------------- - -akanealw.com { - import cloudflare - @akanealwcom host akanealw.com - handle @akanealwcom { - import auth - reverse_proxy 192.168.1.4:3005 - } -} - -# -------------------------------------------------- -# authentik subdomain -# -------------------------------------------------- - -authentik.akanealw.com { - import cloudflare - reverse_proxy authentik-server:9000 -} - -# -------------------------------------------------- -# *.akanealw.com subdomains -# -------------------------------------------------- - -import *.caddy - -# -------------------------------------------------- -# aknlw.com root domain -# -------------------------------------------------- - -aknlw.com { - import cloudflare - @shlink host aknlw.com - handle @shlink { - reverse_proxy 192.168.1.30:8380 - } -} - -# -------------------------------------------------- -# *.aknlw.com subdomains -# -------------------------------------------------- - -repo.aknlw.com { - import cloudflare - reverse_proxy 192.168.1.50:3000 -} diff --git a/caddy/etc-caddy/akanealw-subdomains.caddy b/caddy/etc-caddy/akanealw-subdomains.caddy deleted file mode 100644 index 9c6b5a9..0000000 --- a/caddy/etc-caddy/akanealw-subdomains.caddy +++ /dev/null @@ -1,612 +0,0 @@ -*.akanealw.com { - - # -------------------------------------------------- - # external subdomains without authelia - # - # - # @ host .akanealw.com - # handle @ { - # reverse_proxy 192.168.1. - # } - # - # - # @ host .akanealw.com - # handle @ { - # reverse_proxy https://192.168.1. { - # transport http { - # tls_insecure_skip_verify - # } - # } - # } - # - # - # -------------------------------------------------- - - @internal client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 - @external not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8 - import cloudflare - - - @bitwarden host bitwarden.akanealw.com - handle @bitwarden { - reverse_proxy 192.168.1.4:8089 - } - - @giteadocker host gitea-docker.akanealw.com - handle @giteadocker { - reverse_proxy 192.168.1.4:3001 - } - - @gitea host gitea.akanealw.com - handle @gitea { - reverse_proxy 192.168.1.50:3000 - } - - @jellyfin host jellyfin.akanealw.com - handle @jellyfin { - reverse_proxy 192.168.1.42:8096 - } - - @headscale host headscale.akanealw.com - handle @headscale { - reverse_proxy 192.168.1.95:8888 - } - - # -------------------------------------------------- - # external subdomains with authelia - # - # - # @ host .akanealw.com - # handle @ { - # import auth - # reverse_proxy 192.168.1. - # } - # - # @ host .akanealw.com - # handle @ { - # import auth - # reverse_proxy https://192.168.1. { - # transport http { - # tls_insecure_skip_verify - # } - # } - # } - # - # - # -------------------------------------------------- - - @docmost host docmost.akanealw.com - handle @docmost { - import auth - reverse_proxy 192.168.1.4:3300 - } - - @memos host memos.akanealw.com - handle @memos { - import auth - reverse_proxy 192.168.1.4:5230 - } - - @whoami host whoami.akanealw.com - handle @whoami { - import auth - reverse_proxy localhost:80 - } - - @wallos host wallos.akanealw.com - handle @wallos { - import auth - reverse_proxy 192.168.1.4:8389 - } - - @homepage host www.akanealw.com - handle @homepage { - import auth - reverse_proxy 192.168.1.4:3005 - } - - @filebrowser host filebrowser.akanealw.com - @bypass { - path /share/* - path /static/* - path /api/public/* - } - handle @filebrowser { - handle @bypass { - reverse_proxy 192.168.1.30:8484 - } - import auth - reverse_proxy 192.168.1.30:8484 - } - - - - - - - @archive host archive.akanealw.com - handle @archive { - import auth - reverse_proxy 192.168.1.30:8283 - } - - @archivebox host archivebox.akanealw.com - handle @archivebox { - import auth - reverse_proxy 192.168.1.30:8283 - } - - @codeserver host codeserver.akanealw.com - handle @codeserver { - import auth - reverse_proxy 192.168.1.50:3001 - } - - @freshrss host freshrss.akanealw.com - handle @freshrss { - import auth - reverse_proxy 192.168.1.30:8088 - } - - @jackett host jackett.akanealw.com - handle @jackett { - import auth - reverse_proxy 192.168.1.30:9117 - } - - @jdownloader host jdownloader.akanealw.com - handle @jdownloader { - import auth - reverse_proxy 192.168.1.30:5800 - } - - @jellyseerr host jellyseerr.akanealw.com - handle @jellyseerr { - import auth - reverse_proxy 192.168.1.30:5056 - } - - @kavita host kavita.akanealw.com - handle @kavita { - import auth - reverse_proxy 192.168.1.30:5002 - } - - @lidarr host lidarr.akanealw.com - handle @lidarr { - import auth - reverse_proxy 192.168.1.30:8686 - } - - @metube host metube.akanealw.com - handle @metube { - import auth - reverse_proxy 192.168.1.30:8082 - } - - @mstream host mstream.akanealw.com - handle @mstream { - import auth - reverse_proxy 192.168.1.30:3001 - } - - @nzbhydra host nzbhydra.akanealw.com - handle @nzbhydra { - import auth - reverse_proxy 192.168.1.30:5076 - } - - @olivetin host olivetin.akanealw.com - handle @olivetin { - import auth - reverse_proxy 192.168.1.30:1337 - } - - @opengist host opengist.akanealw.com - handle @opengist { - import auth - reverse_proxy 192.168.1.4:6157 - } - - @paperless host paperless.akanealw.com - handle @paperless { - import auth - reverse_proxy 192.168.1.30:8112 - } - - @prowlarr host prowlarr.akanealw.com - handle @prowlarr { - import auth - reverse_proxy 192.168.1.30:9696 - } - - @qbittorrent host qbittorrent.akanealw.com - handle @qbittorrent { - import auth - reverse_proxy 192.168.1.30:8282 - } - - @radarr host radarr.akanealw.com - handle @radarr { - import auth - reverse_proxy 192.168.1.30:7878 - } - - @sabnzbd host sabnzbd.akanealw.com - handle @sabnzbd { - import auth - reverse_proxy 192.168.1.30:8181 - } - - @shlinkweb host shlink.akanealw.com - handle @shlinkweb { - import auth - reverse_proxy 192.168.1.30:8381 - } - - @sonarr host sonarr.akanealw.com - handle @sonarr { - import auth - reverse_proxy 192.168.1.30:8989 - } - - @spdf host spdf.akanealw.com - handle @spdf { - import auth - reverse_proxy 192.168.1.30:8086 - } - - @ittools host it-tools.akanealw.com - handle @ittools { - import auth - reverse_proxy 192.168.1.30:8383 - } - - @wikidocs host wiki.akanealw.com - handle @wikidocs { - import auth - reverse_proxy 192.168.1.30:8022 - } - - - # -------------------------------------------------- - # internal only subdomains - # - # - # @ host .akanealw.com - # handle @ { - # handle @internal { - # reverse_proxy 192.168.1. - # } - # respond "ip range not allowed" - # } - # - # - # @ host .akanealw.com - # handle @ { - # handle @internal { - # reverse_proxy https://192.168.1. { - # transport http { - # tls_insecure_skip_verify - # } - # } - # } - # respond "ip range not allowed" - # } - # - # - # -------------------------------------------------- - - @checkmk host checkmk.akanealw.com - handle @checkmk { - handle @internal { - reverse_proxy 192.168.1.4:8888 - } - respond "ip range not allowed" - } - - @linkwarden host linkwarden.akanealw.com - handle @linkwarden { - handle @internal { - reverse_proxy 192.168.1.4:3232 - } - respond "ip range not allowed" - } - - @adguardhome host adguardhome.akanealw.com - handle @adguardhome { - handle @internal { - reverse_proxy 192.168.1.1:3000 - } - respond "ip range not allowed" - } - - @adguard1 host adguardserver1.akanealw.com - handle @adguard1 { - handle @internal { - reverse_proxy 192.168.1.2:80 - } - respond "ip range not allowed" - } - - @adguard2 host adguardserver2.akanealw.com - handle @adguard2 { - handle @internal { - reverse_proxy 192.168.1.3:80 - } - respond "ip range not allowed" - } - - @bale host bale.akanealw.com - handle @bale { - handle @internal { - reverse_proxy 192.168.1.51:8080 - } - respond "ip range not allowed" - } - - @cronicle host cronicle.akanealw.com - handle @cronicle { - handle @internal { - reverse_proxy 192.168.1.30:3012 - } - respond "ip range not allowed" - } - - @devdockge host dev-dockge.akanealw.com - handle @devdockge { - handle @internal { - reverse_proxy 192.168.1.35:5001 - } - respond "ip range not allowed" - } - - @devdozzle host dev-dozzle.akanealw.com - handle @devdozzle { - handle @internal { - reverse_proxy 192.168.1.35:8080 - } - respond "ip range not allowed" - } - - @dockerdockge host dockerserver-dockge.akanealw.com - handle @dockerdockge { - handle @internal { - reverse_proxy 192.168.1.30:5001 - } - respond "ip range not allowed" - } - - @dockerdozzle host dockerserver-dozzle.akanealw.com - handle @dockerdozzle { - handle @internal { - reverse_proxy 192.168.1.30:8080 - } - respond "ip range not allowed" - } - - @dockertestdockge host dockerservertest-dockge.akanealw.com - handle @dockertestdockge { - handle @internal { - reverse_proxy 192.168.1.33:5001 - } - respond "ip range not allowed" - } - - @dockertestdozzle host dockerservertest-dozzle.akanealw.com - handle @dockertestdozzle { - handle @internal { - reverse_proxy 192.168.1.33:8080 - } - respond "ip range not allowed" - } - - @proxyserverdockge host proxyserver-dockge.akanealw.com - handle @proxyserverdockge { - handle @internal { - reverse_proxy 192.168.1.4:5001 - } - respond "ip range not allowed" - } - - @proxyserverdozzle host proxyserver-dozzle.akanealw.com - handle @proxyserverdozzle { - handle @internal { - reverse_proxy 192.168.1.4:8080 - } - respond "ip range not allowed" - } - - @files host files.akanealw.com - handle @files { - handle @internal { - redir / /files{uri} - reverse_proxy 192.168.1.50:80 - } - respond "ip range not allowed" - } - - @icons host icons.akanealw.com - handle @icons { - handle @internal { - rewrite * /files/icons{uri} - reverse_proxy 192.168.1.50:80 - } - respond "ip range not allowed" - } - - @peanut host peanut.akanealw.com - handle @peanut { - handle @internal { - reverse_proxy 192.168.1.30:8980 - } - respond "ip range not allowed" - } - - @photoprism host photoprism.akanealw.com - handle @photoprism { - handle @internal { - reverse_proxy 192.168.1.30:2342 - } - respond "ip range not allowed" - } - - @photoprismdadandmom host photos.akanealw.com - handle @photoprismdadandmom { - handle @internal { - reverse_proxy 192.168.1.25:2342 - } - respond "ip range not allowed" - } - - @proxmox1 host proxmox1.akanealw.com - handle @proxmox1 { - handle @internal { - reverse_proxy https://192.168.1.51:8006 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } - - @proxmox2 host proxmox2.akanealw.com - handle @proxmox2 { - handle @internal { - reverse_proxy https://192.168.1.52:8006 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } - - @proxmoxbackup host proxmoxbackup.akanealw.com - handle @proxmoxbackup { - handle @internal { - reverse_proxy https://192.168.1.51:8007 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } - - @router host router.akanealw.com - handle @router { - handle @internal { - reverse_proxy http://192.168.1.1:80 - } - respond "ip range not allowed" - } - - @rssbridge host rss-bridge.akanealw.com - handle @rssbridge { - handle @internal { - reverse_proxy 192.168.1.30:3006 - } - respond "ip range not allowed" - } - - @invidious host invidious.akanealw.com - handle @invidious { - handle @internal { - reverse_proxy 192.168.1.30:3000 - } - respond "ip range not allowed" - } - - @scripts host scripts.akanealw.com - handle @scripts { - handle @internal { - redir / /scripts{uri} - reverse_proxy 192.168.1.50:80 - } - respond "ip range not allowed" - } - - @speedtest host speedtest.akanealw.com - handle @speedtest { - handle @internal { - reverse_proxy 192.168.1.30:8765 - } - respond "ip range not allowed" - } - - @dockersyncthing host dockerserver-syncthing.akanealw.com - handle @dockersyncthing { - handle @internal { - reverse_proxy https://192.168.1.30:8384 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } - - @gamingpcsyncthing host gamingpc-syncthing.akanealw.com - handle @gamingpcsyncthing { - handle @internal { - reverse_proxy https://192.168.1.11:8384 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } - - @laptoppcsyncthing host laptoppc-syncthing.akanealw.com - handle @laptoppcsyncthing { - handle @internal { - reverse_proxy https://192.168.1.12:8384 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } - - @webmin host webmin.akanealw.com - handle @webmin { - handle @internal { - reverse_proxy https://192.168.1.51:10000 { - transport http { - tls_insecure_skip_verify - } - } - } - respond "ip range not allowed" - } - - @wireguardui host wireguardui.akanealw.com - handle @wireguardui { - handle @internal { - reverse_proxy 192.168.1.4:5000 - } - respond "ip range not allowed" - } - - @zabbix host zabbix.akanealw.com - handle @zabbix { - handle @internal { - reverse_proxy 192.168.1.44:8080 - } - respond "ip range not allowed" - } - - @piholewg host pihole-wg.akanealw.com - handle @piholewg { - handle @internal { - redir / /admin{uri} - reverse_proxy 192.168.1.4:3000 - } - respond "ip range not allowed" - } - -} diff --git a/filebrowser/compose.yml b/filebrowser/compose.yml new file mode 100755 index 0000000..c3ba93d --- /dev/null +++ b/filebrowser/compose.yml @@ -0,0 +1,19 @@ +services: + filebrowser: + container_name: filebrowser + image: filebrowser/filebrowser:latest + networks: + - reverse-proxy + ports: + - 8484:80 + restart: always + volumes: + - ${DOCKER_CONFIGS}/config/filebrowser.db:/database/filebrowser.db + - ${DOCKER_CONFIGS}/config/.filebrowser.json:/.filebrowser.json + - ${DOCKER_CONFIGS}/files:/srv + - ${STORAGE_DIR}:/storage + +networks: + reverse-proxy: + name: reverse-proxy + external: true diff --git a/filebrowser/config/.filebrowser.json b/filebrowser/config/.filebrowser.json new file mode 100755 index 0000000..cbcde13 --- /dev/null +++ b/filebrowser/config/.filebrowser.json @@ -0,0 +1,8 @@ +{ + "port": 80, + "baseURL": "/", + "address": "", + "log": "stdout", + "database": "/database/filebrowser.db", + "root": "/storage" + } diff --git a/pangolin b/pangolin new file mode 160000 index 0000000..aeddc11 --- /dev/null +++ b/pangolin @@ -0,0 +1 @@ +Subproject commit aeddc1116be2668325507015d9e216d17e9c80ec