diff --git a/compose/apps.yml b/compose/apps.yml index e02e368..cc29f3a 100644 --- a/compose/apps.yml +++ b/compose/apps.yml @@ -1,4 +1,5 @@ x-environment: &app-environment + DOMAINNAME: "${DOMAINNAME:-furyhawk.lol}" STREAMLIT_FIN_SERVER_PORT: "8501" GROQ_API_KEY: "${GROQ_API_KEY}" BAI_LOCATION: "" @@ -26,6 +27,7 @@ services: PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" PYTHONPATH: "/pgadmin4" TZ: Asia/Singapore + DOMAINNAME: ${DOMAINNAME} user: "1000:1000" volumes: - pgadmin:/var/lib/pgadmin @@ -36,6 +38,14 @@ services: - 80 networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.adminer.entrypoints=web-secure" + - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAINNAME}`) || Host(`dbadmin.${DOMAINNAME}`)" + - "traefik.http.routers.adminer.middlewares=csrf@file" + - "traefik.http.routers.adminer.tls.certresolver=letsencrypt" + - "traefik.http.routers.adminer.service=adminer_app" + - "traefik.http.services.adminer_app.loadbalancer.server.port=8080" cheatsheets_app: image: furyhawk/cheatsheets:${CHEATSHEETSTAG:-latest} @@ -44,6 +54,14 @@ services: - 80 networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.cheatsheets.entrypoints=web-secure" + - "traefik.http.routers.cheatsheets.rule=Host(`cheat.${DOMAINNAME}`)" + - "traefik.http.routers.cheatsheets.middlewares=csrf@file" + - "traefik.http.routers.cheatsheets.tls.certresolver=letsencrypt" + - "traefik.http.routers.cheatsheets.service=cheatsheets_app" + - "traefik.http.services.cheatsheets_app.loadbalancer.server.port=80" ghost-db: image: mysql:8 @@ -78,22 +96,40 @@ services: database__connection__user: root database__connection__password: ${POSTGRES_PASSWORD} database__connection__database: ghost + DOMAINNAME: ${DOMAINNAME} volumes: - ghost_content:/var/lib/ghost/content expose: - 2368 networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.ghost.entrypoints=web-secure" + - "traefik.http.routers.ghost.rule=Host(`ghost.${DOMAINNAME}`)" + - "traefik.http.routers.ghost.middlewares=csrf@file" + - "traefik.http.routers.ghost.tls.certresolver=letsencrypt" + - "traefik.http.routers.ghost.service=ghost_app" + - "traefik.http.services.ghost_app.loadbalancer.server.port=2368" heynote_app: image: furyhawk/heynote:${HEYNOTETAG:-latest} restart: unless-stopped environment: NODE_ENV: production + DOMAINNAME: ${DOMAINNAME} expose: - 5173 networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.heynote.entrypoints=web-secure" + - "traefik.http.routers.heynote.rule=HostRegexp(`note[0-9]{0,2}.${DOMAINNAME}`) || Host(`pad.${DOMAINNAME}`)" + - "traefik.http.routers.heynote.middlewares=csrf@file" + - "traefik.http.routers.heynote.tls.certresolver=letsencrypt" + - "traefik.http.routers.heynote.service=heynote_app" + - "traefik.http.services.heynote_app.loadbalancer.server.port=5173" jellyfin: image: jellyfin/jellyfin @@ -108,11 +144,20 @@ services: restart: 'unless-stopped' # Optional - alternative address used for autodiscovery environment: - - JELLYFIN_PublishedServerUrl=https://media.furyhawk.lol + - DOMAINNAME=${DOMAINNAME} + - JELLYFIN_PublishedServerUrl=https://media.${DOMAINNAME} expose: - 8096 networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin.entrypoints=web-secure" + - "traefik.http.routers.jellyfin.rule=Host(`media.${DOMAINNAME}`)" + - "traefik.http.routers.jellyfin.middlewares=csrf@file" + - "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt" + - "traefik.http.routers.jellyfin.service=jellyfin_app" + - "traefik.http.services.jellyfin_app.loadbalancer.server.port=8096" meshtastic_web: image: ghcr.io/meshtastic/web @@ -122,6 +167,14 @@ services: - 8443 networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.meshtastic.entrypoints=web-secure" + - "traefik.http.routers.meshtastic.rule=Host(`mesh.${DOMAINNAME}`)" + - "traefik.http.routers.meshtastic.middlewares=csrf@file" + - "traefik.http.routers.meshtastic.tls.certresolver=letsencrypt" + - "traefik.http.routers.meshtastic.service=meshtastic_app" + - "traefik.http.services.meshtastic_app.loadbalancer.server.port=8080" privatebin: image: privatebin/nginx-fpm-alpine:latest @@ -136,6 +189,14 @@ services: restart: unless-stopped networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.privatebin.entrypoints=web-secure" + - "traefik.http.routers.privatebin.rule=Host(`bin.${DOMAINNAME}`) || Host(`paste.${DOMAINNAME}`)" + - "traefik.http.routers.privatebin.middlewares=csrf@file" + - "traefik.http.routers.privatebin.tls.certresolver=letsencrypt" + - "traefik.http.routers.privatebin.service=privatebin_app" + - "traefik.http.services.privatebin_app.loadbalancer.server.port=8080" redlib: image: quay.io/redlib/redlib:latest-arm @@ -156,6 +217,14 @@ services: - 3080 # Specify `127.0.0.1:8080:3080` instead if using a reverse proxy networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.redlib.entrypoints=web-secure" + - "traefik.http.routers.redlib.rule=Host(`redlib.${DOMAINNAME}`)" + - "traefik.http.routers.redlib.middlewares=csrf@file" + - "traefik.http.routers.redlib.tls.certresolver=letsencrypt" + - "traefik.http.routers.redlib.service=redlib_app" + - "traefik.http.services.redlib_app.loadbalancer.server.port=3080" thelounge: image: ghcr.io/thelounge/thelounge:latest @@ -166,6 +235,14 @@ services: - 9000 networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.thelounge.entrypoints=web-secure" + - "traefik.http.routers.thelounge.rule=Host(`irc.${DOMAINNAME}`)" + - "traefik.http.routers.thelounge.middlewares=csrf@file" + - "traefik.http.routers.thelounge.tls.certresolver=letsencrypt" + - "traefik.http.routers.thelounge.service=thelounge_app" + - "traefik.http.services.thelounge_app.loadbalancer.server.port=9000" streamlit-bai: environment: @@ -179,6 +256,14 @@ services: - ${STREAMLIT_BAI_SERVER_PORT} networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.streamlit-bai.entrypoints=web-secure" + - "traefik.http.routers.streamlit-bai.rule=Host(`bai.${DOMAINNAME}`)" + - "traefik.http.routers.streamlit-bai.middlewares=csrf@file" + - "traefik.http.routers.streamlit-bai.tls.certresolver=letsencrypt" + - "traefik.http.routers.streamlit-bai.service=streamlit_bai_app" + - "traefik.http.services.streamlit_bai_app.loadbalancer.server.port=${STREAMLIT_BAI_SERVER_PORT}" streamlit-fin: environment: @@ -189,6 +274,14 @@ services: - ${STREAMLIT_FIN_SERVER_PORT} networks: - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.streamlit-fin.entrypoints=web-secure" + - "traefik.http.routers.streamlit-fin.rule=Host(`fin.${DOMAINNAME}`)" + - "traefik.http.routers.streamlit-fin.middlewares=csrf@file" + - "traefik.http.routers.streamlit-fin.tls.certresolver=letsencrypt" + - "traefik.http.routers.streamlit-fin.service=streamlit_fin_app" + - "traefik.http.services.streamlit_fin_app.loadbalancer.server.port=${STREAMLIT_FIN_SERVER_PORT}" site_server: image: nginx:alpine @@ -198,4 +291,24 @@ services: expose: - 80 networks: - - net \ No newline at end of file + - net + labels: + - "traefik.enable=true" + - "traefik.http.routers.site_server.entrypoints=web-secure" + - "traefik.http.routers.site_server.rule=Host(`${DOMAINNAME}`) || Host(`www.${DOMAINNAME}`) || Host(`info.${DOMAINNAME}`) || Host(`124c41.${DOMAINNAME}`)" + - "traefik.http.routers.site_server.middlewares=csrf@file, no-www@file" + - "traefik.http.routers.site_server.tls.certresolver=letsencrypt" + - "traefik.http.routers.site_server.service=site_server_app" + - "traefik.http.services.site_server_app.loadbalancer.server.port=80" + - "traefik.http.routers.resume_router.entrypoints=web-secure" + - "traefik.http.routers.resume_router.rule=Host(`Host(`resume.${DOMAINNAME}`)" + - "traefik.http.routers.resume_router.middlewares=csrf@file, redirect-resume@file" + - "traefik.http.routers.resume_router.tls.certresolver=letsencrypt" + - "traefik.http.routers.resume_router.service=resume_server" + - "traefik.http.services.resume_server.loadbalancer.server.port=80" + - "traefik.http.routers.blog_router.entrypoints=web-secure" + - "traefik.http.routers.blog_router.rule=Host(`Host(`resume.${DOMAINNAME}`)" + - "traefik.http.routers.blog_router.middlewares=redirect-blog@file" + - "traefik.http.routers.blog_router.tls.certresolver=letsencrypt" + - "traefik.http.routers.blog_router.service=blog_server" + - "traefik.http.services.blog_server.loadbalancer.server.port=80" diff --git a/compose/traefik/traefik.yml b/compose/traefik/traefik.yml index 436712b..8511eca 100644 --- a/compose/traefik/traefik.yml +++ b/compose/traefik/traefik.yml @@ -95,16 +95,6 @@ http: routers: - adminer-router: - entryPoints: - - web-secure - rule: "Host(`adminer.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: adminer_app - chat-router: entryPoints: - web-secure @@ -115,17 +105,6 @@ http: certResolver: letsencrypt service: librechat_app - cheatsheets-router: - entryPoints: - - web-secure - rule: "Host(`cheat.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: cheatsheets_app - - # forum-router: # entryPoints: # - web-secure @@ -136,36 +115,6 @@ http: # tls: # certResolver: letsencrypt # service: forum_server - - ghost-router: - entryPoints: - - web-secure - rule: "Host(`ghost.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: ghost_app - - heynote-router: - entryPoints: - - web-secure - rule: "HostRegexp(`note[0-9]{0,2}.furyhawk.lol`) || Host(`pad.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: heynote_app - - jellyfin-router: - entryPoints: - - web-secure - rule: "Host(`media.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: jellyfin_app # kestra-router: # entryPoints: @@ -177,16 +126,6 @@ http: # certResolver: letsencrypt # service: kestra_app - meshtastic-router: - entryPoints: - - web-secure - rule: "Host(`mesh.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: meshtastic_app - plane-router: entryPoints: - web-secure @@ -197,36 +136,6 @@ http: certResolver: letsencrypt service: plane_app - privatebin-router: - entryPoints: - - web-secure - rule: "Host(`bin.furyhawk.lol`) || Host(`paste.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: bin_app - - redlib-router: - entryPoints: - - web-secure - rule: "Host(`redlib.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: redlib_app - - thelounge-router: - entryPoints: - - web-secure - rule: "Host(`irc.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: thelounge_app - neo4j-router: entryPoints: - web-secure @@ -292,59 +201,16 @@ http: certResolver: letsencrypt service: mqttx-web - bai-router: - entryPoints: - - web-secure - rule: "Host(`bai.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: streamlit_bai_app - - fin-router: - entryPoints: - - web-secure - rule: "Host(`fin.furyhawk.lol`)" - middlewares: - - csrf - tls: - certResolver: letsencrypt - service: streamlit_fin_app - - info-router: - entryPoints: - - web-secure - rule: "Host(`furyhawk.lol`) || Host(`www.furyhawk.lol`) || Host(`info.furyhawk.lol`) || Host(`124c41.furyhawk.lol`)" - middlewares: - - csrf - - no-www - tls: - certResolver: letsencrypt - service: site_server - - resume-router: - entryPoints: - - web-secure - rule: "Host(`resume.furyhawk.lol`)" - # redirect to resume - middlewares: - - csrf - - redirect-resume - tls: - certResolver: letsencrypt - service: resume_server - - blog-router: - entryPoints: - - web-secure - rule: "Host(`blog.furyhawk.lol`)" - # redirect to external blog - middlewares: - - redirect-blog - tls: - certResolver: letsencrypt - service: blog + # blog-router: + # entryPoints: + # - web-secure + # rule: "Host(`blog.furyhawk.lol`)" + # # redirect to external blog + # middlewares: + # - redirect-blog + # tls: + # certResolver: letsencrypt + # service: blog middlewares: auth: @@ -416,38 +282,10 @@ http: services: - adminer_app: - loadBalancer: - servers: - - url: http://adminer:8080 - api_server: - loadBalancer: - servers: - - url: http://api_server:8000 - bin_app: - loadBalancer: - servers: - - url: http://privatebin:8080 - cheatsheets_app: - loadBalancer: - servers: - - url: http://cheatsheets_app:80 # forum_server: # loadBalancer: # servers: # - url: http://flarum-web:80 - ghost_app: - loadBalancer: - servers: - - url: http://ghost-server:2368 - heynote_app: - loadBalancer: - servers: - - url: http://heynote_app:5173 - jellyfin_app: - loadBalancer: - servers: - - url: http://jellyfin:8096 # kestra_app: # loadBalancer: # servers: @@ -456,18 +294,6 @@ http: loadBalancer: servers: - url: http://LibreChat:3080 - redlib_app: - loadBalancer: - servers: - - url: http://redlib:3080 - thelounge_app: - loadBalancer: - servers: - - url: http://thelounge:9000 - meshtastic_app: - loadBalancer: - servers: - - url: http://meshtastic_web:8080 neo4j-browser: loadBalancer: servers: @@ -480,14 +306,6 @@ http: loadBalancer: servers: - url: http://node01:80 - streamlit_bai_app: - loadBalancer: - servers: - - url: http://streamlit-bai:8502 - streamlit_fin_app: - loadBalancer: - servers: - - url: http://streamlit-fin:8501 emqx-mqtt-socket: loadBalancer: servers: @@ -510,18 +328,10 @@ http: loadBalancer: servers: - url: http://mqttx_web:80 - site_server: - loadBalancer: - servers: - - url: http://site_server:80 - resume_server: - loadBalancer: - servers: - - url: http://site_server:80 - blog: - loadBalancer: - servers: - - url: https://furyhawk.github.io/124c41/ + # blog: + # loadBalancer: + # servers: + # - url: https://furyhawk.github.io/124c41/ providers: # https://docs.traefik.io/master/providers/file/