fjeaj
This commit is contained in:
commit
6581fc1187
16 changed files with 452 additions and 0 deletions
31
maj.sh
Executable file
31
maj.sh
Executable file
|
@ -0,0 +1,31 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
services=(nginx-rp nginx-www vw)
|
||||
|
||||
|
||||
if [[ ! $(echo "${services[*]} all" | grep -P "\b$1\b" ) ]]; then
|
||||
echo "Wrong argument."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
rel_path="$(dirname "$0")"
|
||||
|
||||
|
||||
case "$1" in
|
||||
vw|all)
|
||||
sudo "$rel_path/vw/backup.sh" || exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
if [[ "$1" != "all" ]]; then
|
||||
docker-compose -f "$rel_path/$1/docker-compose.yaml" pull
|
||||
docker-compose -f "$rel_path/$1/docker-compose.yaml" up -d
|
||||
else
|
||||
for service in "${services[@]}"; do
|
||||
docker-compose -f "$rel_path/$service/docker-compose.yaml" pull
|
||||
docker-compose -f "$rel_path/$service/docker-compose.yaml" up -d
|
||||
done
|
||||
fi
|
18
nc/docker-compose.yaml
Normal file
18
nc/docker-compose.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
services:
|
||||
nextcloud:
|
||||
image: nextcloud/all-in-one:latest
|
||||
restart: always
|
||||
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
|
||||
environment: # Is needed when using any of the options below
|
||||
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
- APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
|
||||
- NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
|
||||
ports:
|
||||
- 8080:8080
|
||||
volumes:
|
||||
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
|
||||
|
||||
volumes:
|
||||
nextcloud_aio_mastercontainer:
|
||||
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
|
35
nftables.conf
Executable file
35
nftables.conf
Executable file
|
@ -0,0 +1,35 @@
|
|||
#!/usr/sbin/nft -f
|
||||
|
||||
flush ruleset
|
||||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority 0; policy drop;
|
||||
|
||||
iif lo accept
|
||||
ct state established,related accept
|
||||
ct state invalid drop
|
||||
|
||||
# Allow ICMP ping
|
||||
icmp type echo-request limit rate 1/second accept
|
||||
icmpv6 type echo-request limit rate 1/second accept
|
||||
|
||||
# SSH
|
||||
tcp dport 995 limit rate 10/minute accept
|
||||
|
||||
# HTTP
|
||||
tcp dport { http, https } limit rate 5/second accept
|
||||
# udp dport 443 limit rate 5/second accept
|
||||
}
|
||||
|
||||
chain forward {
|
||||
type filter hook forward priority 0; policy accept;
|
||||
|
||||
iif eth0 drop
|
||||
oif eth0 drop
|
||||
}
|
||||
|
||||
chain output {
|
||||
type filter hook output priority 0; policy accept;
|
||||
}
|
||||
}
|
9
nginx-rp/docker-compose.yaml
Normal file
9
nginx-rp/docker-compose.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
services:
|
||||
nginx-rp:
|
||||
image: nginx:latest
|
||||
restart: always
|
||||
container_name: nginx-rp
|
||||
network_mode: host
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/nginx.conf
|
||||
- /etc/letsencrypt/archive/viyurz.fr:/etc/letsencrypt/archive/viyurz.fr
|
182
nginx-rp/nginx.conf
Normal file
182
nginx-rp/nginx.conf
Normal file
|
@ -0,0 +1,182 @@
|
|||
worker_processes auto;
|
||||
worker_cpu_affinity auto;
|
||||
worker_rlimit_nofile 2048;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
charset utf-8;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
gzip off;
|
||||
|
||||
# Hide NGINX version in error messages.
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# Logging
|
||||
log_not_found on;
|
||||
# access_log /var/log/nginx/access.log;
|
||||
# error_log /var/log/nginx/error.log warn;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/archive/viyurz.fr/fullchain1.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/archive/viyurz.fr/privkey1.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/archive/viyurz.fr/chain1.pem;
|
||||
|
||||
# modern configuration
|
||||
ssl_protocols TLSv1.3;
|
||||
|
||||
# intermediate configuration
|
||||
# ssl_protocols TLSv1.2 TLSv1.3;
|
||||
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
|
||||
# ssl_dhparam /path/to/dhparam;
|
||||
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required)
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header Set-Cookie "Path=/; HttpOnly; Secure";
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
resolver 1.1.1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Scheme $scheme;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
|
||||
# Websocket
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
# The `upstream` directives ensure that you have a http/1.1 connection
|
||||
# This enables the keepalive option and better performance
|
||||
#
|
||||
# Define the server IP and ports here.
|
||||
upstream vaultwarden-default {
|
||||
zone vaultwarden-default 64k;
|
||||
server 127.0.0.1:8081;
|
||||
keepalive 2;
|
||||
}
|
||||
|
||||
# Needed to support websocket connections
|
||||
# See: https://nginx.org/en/docs/http/websocket.html
|
||||
# Instead of "close" as stated in the above link we send an empty value.
|
||||
# Else all keepalive connections will not work.
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' "";
|
||||
}
|
||||
|
||||
# Redirect HTTP to HTTPS
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
http2 on;
|
||||
|
||||
server_name _;
|
||||
|
||||
return 308 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
|
||||
http2 on;
|
||||
|
||||
server_name _;
|
||||
server_name_in_redirect off;
|
||||
|
||||
return 404;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
http2 on;
|
||||
|
||||
# http3 on;
|
||||
# quic_retry on;
|
||||
# add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
||||
# listen 443 quic reuseport;
|
||||
# listen [::]:443 quic reuseport;
|
||||
|
||||
server_name nc.viyurz.fr;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:11000;
|
||||
|
||||
add_header Set-Cookie "Path=/; HttpOnly; Secure";
|
||||
|
||||
client_body_buffer_size 512k;
|
||||
proxy_read_timeout 86400s;
|
||||
client_max_body_size 0;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
http2 on;
|
||||
|
||||
server_name vw.viyurz.fr;
|
||||
|
||||
location / {
|
||||
proxy_pass http://vaultwarden-default;
|
||||
|
||||
client_max_body_size 525M;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
http2 on;
|
||||
|
||||
server_name www.viyurz.fr;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8082;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
http2 on;
|
||||
|
||||
server_name viyurz.fr;
|
||||
|
||||
return 308 https://www.viyurz.fr$request_uri;
|
||||
}
|
||||
}
|
10
nginx-www/docker-compose.yaml
Normal file
10
nginx-www/docker-compose.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
nginx-www:
|
||||
image: nginx:latest
|
||||
restart: always
|
||||
container_name: nginx-www
|
||||
ports:
|
||||
- 8082:80
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/nginx.conf
|
||||
- ./index:/mnt/index
|
BIN
nginx-www/index/ark.png
Normal file
BIN
nginx-www/index/ark.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 251 KiB |
BIN
nginx-www/index/favicon.ico
Normal file
BIN
nginx-www/index/favicon.ico
Normal file
Binary file not shown.
After Width: | Height: | Size: 21 KiB |
74
nginx-www/index/index.css
Normal file
74
nginx-www/index/index.css
Normal file
|
@ -0,0 +1,74 @@
|
|||
body {
|
||||
font-weight: bold;
|
||||
font-family: Arial;
|
||||
text-align: center;
|
||||
background-image: url("wallpaper.jpg");
|
||||
background-position: -150px;
|
||||
background-repeat: no-repeat;
|
||||
background-size: cover;
|
||||
min-height: 100vh;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
main {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
min-height: 100vh;
|
||||
}
|
||||
|
||||
a {
|
||||
background: rgba(255, 255, 255, 0.5);
|
||||
border: 2px solid white;
|
||||
border-radius: 8px;
|
||||
padding: 10px;
|
||||
margin: 1.5vh;
|
||||
width: 25vh;
|
||||
height: 25vh;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
justify-content: space-between;
|
||||
align-items: center;
|
||||
transition: all .25s ease-in-out;
|
||||
text-decoration: none;
|
||||
color: black;
|
||||
}
|
||||
|
||||
a:hover {
|
||||
transform: scale(1.1);
|
||||
}
|
||||
|
||||
img {
|
||||
max-height: 20vh;
|
||||
max-width: 20vh;
|
||||
}
|
||||
|
||||
h5 {
|
||||
position: absolute;
|
||||
bottom: 10px;
|
||||
right: 10px;
|
||||
color: rgba(255, 255, 255, 0.5);
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
@media only screen and (orientation: landscape) {
|
||||
body {
|
||||
background-position: center;
|
||||
}
|
||||
|
||||
main {
|
||||
flex-direction: row;
|
||||
}
|
||||
|
||||
a {
|
||||
margin: 1.5vw;
|
||||
min-width: 15vw;
|
||||
min-height: 15vw;
|
||||
}
|
||||
|
||||
img {
|
||||
max-height: 13vw;
|
||||
max-width: 13vw;
|
||||
}
|
||||
}
|
28
nginx-www/index/index.html
Normal file
28
nginx-www/index/index.html
Normal file
|
@ -0,0 +1,28 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<link rel="stylesheet" href="index.css" />
|
||||
<title>Accueil - Viyurz.fr</title>
|
||||
</head>
|
||||
<body>
|
||||
<main>
|
||||
<a href="https://nc.viyurz.fr">
|
||||
<img src="nextcloud.png" />
|
||||
Nextcloud
|
||||
</a>
|
||||
<a href="https://vw.viyurz.fr">
|
||||
<img src="vaultwarden.png" />
|
||||
Vaultwarden
|
||||
</a>
|
||||
<!--
|
||||
<a href='steam://connect/viyurz.fr:27015'>
|
||||
<img src="ark.png" />
|
||||
ARK: Survival Evolved
|
||||
</a>
|
||||
-->
|
||||
<h5>...Azril...is the moon falling...?</h5>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
BIN
nginx-www/index/nextcloud.png
Normal file
BIN
nginx-www/index/nextcloud.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 47 KiB |
BIN
nginx-www/index/vaultwarden.png
Normal file
BIN
nginx-www/index/vaultwarden.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 20 KiB |
BIN
nginx-www/index/wallpaper.jpg
Normal file
BIN
nginx-www/index/wallpaper.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.4 MiB |
35
nginx-www/nginx.conf
Normal file
35
nginx-www/nginx.conf
Normal file
|
@ -0,0 +1,35 @@
|
|||
worker_processes auto;
|
||||
worker_cpu_affinity auto;
|
||||
worker_rlimit_nofile 2048;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
charset utf-8;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
gzip off;
|
||||
|
||||
# Hide NGINX version in error messages.
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
http2 on;
|
||||
|
||||
server_name _;
|
||||
|
||||
root /mnt/index;
|
||||
}
|
||||
}
|
17
vw/backup.sh
Executable file
17
vw/backup.sh
Executable file
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [[ $UID -ne 0 ]]; then
|
||||
echo "Must be run as root."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
backup_date="$(date '+%Y%m%d-%Hh%Mm')"
|
||||
vw_data='/mnt/vwdata'
|
||||
bak_folder="/mnt/backups/vwbackup"
|
||||
|
||||
mkdir -p "$bak_folder"
|
||||
|
||||
# Backup directement vers la storage box marche pas
|
||||
sqlite3 "$vw_data/db.sqlite3" ".backup '$vw_data/db-$backup_date.sqlite3'" && echo "Vaultwarden backup created successfully!"
|
||||
|
||||
mv "$vw_data/db-$backup_date.sqlite3" "$bak_folder" && echo "Successfully moved backup to $bak_folder!"
|
13
vw/docker-compose.yaml
Normal file
13
vw/docker-compose.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
services:
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:latest
|
||||
container_name: vaultwarden
|
||||
restart: always
|
||||
environment:
|
||||
- DOMAIN=https://vw.viyurz.fr # Your domain; vaultwarden needs to know it's https to work properly with attachments
|
||||
- SIGNUPS_ALLOWED=false
|
||||
- INVITATIONS_ALLOWED=false
|
||||
ports:
|
||||
- 8081:80
|
||||
volumes:
|
||||
- /mnt/vwdata:/data
|
Loading…
Reference in a new issue