From 4af96828f00f8bfdcbc528d19e3733ca991aa02a Mon Sep 17 00:00:00 2001 From: Fabian Gerle Date: Tue, 18 Jul 2023 08:52:36 +0100 Subject: [PATCH] add ssh support for gitea --- docker-compose.yaml | 187 +++++++++++++++++++++++++------------------- traefik.yaml | 5 +- 2 files changed, 112 insertions(+), 80 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 387f91b..7b66a6d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -4,7 +4,7 @@ volumes: services: ############################################################################# -##################### MariaDB 1 ##################### +##################### MariaDB Vikunja ##################### ############################################################################# db: container_name: mariadb-vikunja @@ -25,7 +25,7 @@ services: - /etc/localtime:/etc/localtime:ro ############################################################################# -##################### MariaDB 2 ##################### +##################### MariaDB Gitea ##################### ############################################################################# gitdb: container_name: mariadb-git @@ -48,62 +48,79 @@ services: - /etc/localtime:/etc/localtime:ro ############################################################################# -##################### MariaDB 3 ##################### +##################### MariaDB Nextcloud ##################### ############################################################################# - nextcloud-db: - container_name: mariadb-nextcloud - image: tobi312/rpi-mariadb:10.11-alpine -# image: yobasystems/alpine-mariadb:10.5.9 - command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW -# networks: - # ports: - # - "3326:3306" - # - "3327:3307" - restart: unless-stopped - environment: - - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT} - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW} - volumes: - - ./databases/db-nextcloud:/var/lib/mysql - - /etc/localtime:/etc/localtime:ro +# nextcloud-db: +# container_name: mariadb-nextcloud +# image: tobi312/rpi-mariadb:10.11-alpine +# # image: yobasystems/alpine-mariadb:10.5.9 +# command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW +# # networks: +# # ports: +# # - "3326:3306" +# # - "3327:3307" +# restart: unless-stopped +# environment: +# - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT} +# - MYSQL_DATABASE=nextcloud +# - MYSQL_USER=nextcloud +# - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW} +# volumes: +# - ./databases/db-nextcloud:/var/lib/mysql +# - /etc/localtime:/etc/localtime:ro + +############################################################################# +##################### MariaDB Baikal ##################### +############################################################################# + + baikal-db: + container_name: mariadb-baikal + image: tobi312/rpi-mariadb:10.11-alpine + restart: unless-stopped + environment: + - MYSQL_ROOT_PASSWORD=${BAIKAL_DB_ROOT} + - MYSQL_DATABASE=baikal + - MYSQL_USER=baikal + - MYSQL_PASSWORD=${BAIKAL_DB_PW} + volumes: + - ./databases/db-baikal:/var/lib/mysql + - /etc/localtime:/etc/localtime:ro ############################################################################# ##################### Nextcloud ##################### ############################################################################# - nextcloud: - container_name: nextcloud - image: nextcloud:latest - restart: always - links: - - nextcloud-db - volumes: - - ./volumes/nextcloud:/var/www/html - environment: - - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW} - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_HOST=nextcloud-db - - OVERWRITEPROTOCOL=https - - OVERWRITECLIURL=https://cloud.gerle.duckdns.org - - OVERWRITEHOST=cloud.gerle.duckdns.org - networks: - - dockernet - - default - labels: - - 'traefik.enable=true' - - 'traefik.http.routers.nextcloud.rule=Host(`cloud.gerle.duckdns.org`)' - - "traefik.http.routers.nextcloud.entrypoints=websecure" - - "traefik.http.routers.nextcloud.tls=true" - - "traefik.http.routers.nextcloud.tls.certResolver=letsencrypt" - - 'traefik.http.services.nextcloud.loadbalancer.server.port=80' - - "traefik.http.routers.nextcloud.service=nextcloud" -# - "traefik.docker.network=proxy" - - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav" #,default@file" - - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" +# nextcloud: +# container_name: nextcloud +# image: nextcloud:latest +# restart: always +# links: +# - nextcloud-db +# volumes: +# - ./volumes/nextcloud:/var/www/html +# environment: +# - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW} +# - MYSQL_DATABASE=nextcloud +# - MYSQL_USER=nextcloud +# - MYSQL_HOST=nextcloud-db +# - OVERWRITEPROTOCOL=https +# - OVERWRITECLIURL=https://cloud.gerle.duckdns.org +# - OVERWRITEHOST=cloud.gerle.duckdns.org +# networks: +# - dockernet +# - default +# labels: +# - 'traefik.enable=true' +# - 'traefik.http.routers.nextcloud.rule=Host(`cloud.gerle.duckdns.org`)' +# - "traefik.http.routers.nextcloud.entrypoints=websecure" +# - "traefik.http.routers.nextcloud.tls=true" +# - "traefik.http.routers.nextcloud.tls.certResolver=letsencrypt" +# - 'traefik.http.services.nextcloud.loadbalancer.server.port=80' +# - "traefik.http.routers.nextcloud.service=nextcloud" +# # - "traefik.docker.network=proxy" +# - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav" #,default@file" +# - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" +# - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" ############################################################################# ###################### Vikunja Api ##################### @@ -196,6 +213,7 @@ services: - '80:80' - '8080:8080' - '443:443' + - '2222:2222/tcp' volumes: - '/var/run/docker.sock:/var/run/docker.sock:ro' - './traefik.yaml:/traefik.yaml' @@ -244,32 +262,32 @@ services: ############################################################################# ##################### Baikal ##################### ############################################################################# -# baikal: -# container_name: baikal -# image: ckulka/baikal:latest -# restart: always -# labels: -# - 'traefik.enable=true' -# - 'traefik.http.routers.baikal.rule=Host(`baikal.gerle.duckdns.org`)' -# - 'traefik.http.services.baikal.loadbalancer.server.port=80' -# - "traefik.http.routers.baikal.entrypoints=websecure" -# - "traefik.http.routers.baikal.tls.certResolver=letsencrypt" -# # traefik.port: 80 -# # Traefik middleware required for iOS, see https://github.com/ckulka/baikal-docker/issues/37. -# # When using a Traefik provider file (YAML/TOML) instead of these labels, remove the escape -# # character from "*.redirectregex.replacement" - it's only needed in Docker Compose YAML files: -# # redirectRegex: -# # replacement: "https://$1/dav/php/ -# - 'traefik.http.middlewares.baikal-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav' -# - 'traefik.http.middlewares.baikal-dav.redirectregex.replacement=https://$$1/dav.php/' -# - 'traefik.http.middlewares.baikal-dav.redirectregex.permanent=true' -# - 'traefik.http.routers.baikal.middlewares=baikal-dav' -# volumes: -# - ./volumes/baikal-config:/var/www/baikal/config -# - ./volumes/baikal-data:/var/www/baikal/Specific -# networks: -# - dockernet -# - default + baikal: + container_name: baikal + image: ckulka/baikal:latest + restart: always + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.baikal.rule=Host(`baikal.gerle.duckdns.org`)' + - 'traefik.http.services.baikal.loadbalancer.server.port=80' + - "traefik.http.routers.baikal.entrypoints=websecure" + - "traefik.http.routers.baikal.tls.certResolver=letsencrypt" +# traefik.port: 80 + # Traefik middleware required for iOS, see https://github.com/ckulka/baikal-docker/issues/37. + # When using a Traefik provider file (YAML/TOML) instead of these labels, remove the escape + # character from "*.redirectregex.replacement" - it's only needed in Docker Compose YAML files: + # redirectRegex: + # replacement: "https://$1/dav/php/ + - 'traefik.http.middlewares.baikal-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav' + - 'traefik.http.middlewares.baikal-dav.redirectregex.replacement=https://$$1/dav.php/' + - 'traefik.http.middlewares.baikal-dav.redirectregex.permanent=true' + - 'traefik.http.routers.baikal.middlewares=baikal-dav' + volumes: + - ./volumes/baikal-config:/var/www/baikal/config + - ./volumes/baikal-data:/var/www/baikal/Specific + networks: + - dockernet + - default # acmedns: @@ -310,6 +328,10 @@ services: - GITEA__mailer__USER=${MAIL_USER} - GITEA__mailer__PASSWD=${MAIL_PW} - GITEA__server__ROOT_URL="https://git.gerle.duckdns.org" + - GITEA__server__START_SSH_SERVER=true + - GITEA__server__SSH_DOMAIN="git.gerle.duckdns.org" + - GITEA__server__SSH_PORT=22 + - GITEA__server__SSH_LISTEN_PORT=2222 restart: always networks: - gitea @@ -320,9 +342,16 @@ services: - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - - "222:22" +# - "222:22" labels: - 'traefik.enable=true' + # - 'traefik.http.routers.git-ssh.rule=Host(`git.gerle.duckdns.org`)' + # - 'traefik.http.services.git-ssh.loadbalancer.server.port=22' + # - "traefik.http.routers.git-ssh.entrypoints=ssh" + - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`) + - traefik.tcp.routers.gitea-ssh.entrypoints=ssh + - traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc + - traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=2222 - 'traefik.http.routers.git.rule=Host(`git.gerle.duckdns.org`)' - 'traefik.http.services.git.loadbalancer.server.port=3000' - "traefik.http.routers.git.entrypoints=websecure" diff --git a/traefik.yaml b/traefik.yaml index 2aac9a3..7e2e1ce 100644 --- a/traefik.yaml +++ b/traefik.yaml @@ -7,6 +7,9 @@ entryPoints: to: "websecure" scheme: "https" permanent: true + + ssh: + address: ":2222" websecure: @@ -26,7 +29,7 @@ accessLog: log: - level: DEBUG +# level: DEBUG filePath: "/logs/traefik.log" providers: