furyhawk/cloudy
1
0
Fork 0
mirror of https://github.com/furyhawk/cloudy.git synced 2026-05-20 15:11:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: furyhawk/cloudy:v0.1
Branches Tags
furyhawk/cloudy:main
furyhawk/cloudy:v0.1.6 furyhawk/cloudy:v0.1.5 furyhawk/cloudy:v0.1.4 furyhawk/cloudy:v0.1.3 furyhawk/cloudy:v0.1.2 furyhawk/cloudy:v0.1.1 furyhawk/cloudy:v0.1
..
compare: furyhawk/cloudy:v0.1.2
Branches Tags
furyhawk/cloudy:main
furyhawk/cloudy:v0.1.6 furyhawk/cloudy:v0.1.5 furyhawk/cloudy:v0.1.4 furyhawk/cloudy:v0.1.3 furyhawk/cloudy:v0.1.2 furyhawk/cloudy:v0.1.1 furyhawk/cloudy:v0.1

71 Commits
v0.1 .. v0.1.2

Author SHA1 Message Date
furyhawk 8820fbe01e Refactor traefik.yml to fix routing rules for resume and blog subdomains 2024-05-29 21:06:46 +08:00
furyhawk 1775c937e6 Refactor traefik.yml to enable routing for info and resume subdomains 2024-05-29 21:02:31 +08:00
furyhawk ee71215ac2 Refactor docker-compose.yml to update API server image and expose port 5432 2024-05-29 20:39:23 +08:00
furyhawk 9819c38624 Refactor docker-compose.yml to update API server image and expose port 5432 2024-05-29 19:38:30 +08:00
furyhawk 6aa7ede93a Refactor docker-compose.yml to expose port 5432 and update API server image 2024-05-29 19:25:24 +08:00
furyhawk c17d692c8a Refactor docker-compose.yml to update API server image to furyhawk/listen:latest 2024-05-29 19:12:06 +08:00
furyhawk e0269dc14b Refactor docker-compose.yml to remove commented out port mapping for PostgreSQL 2024-05-29 19:01:13 +08:00
furyhawk 8d588eafb2 Refactor docker-compose.yml to expose port 5432 and update API server image 2024-05-29 19:00:06 +08:00
furyhawk cf899cd7fd Refactor docker-compose.yml to update API server image to furyhawk/listen:v0.1.8 2024-05-29 17:07:32 +08:00
furyhawk afcfc90cac Refactor docker-compose.yml to update API server image to latest version 2024-05-29 17:00:04 +08:00
furyhawk a29da08055 Refactor docker-compose.yml to update API server image to furyhawk/listen:v0.1.8 2024-05-29 16:56:10 +08:00
furyhawk 9f62b79b6f Refactor docker-compose.yml to remove unused traefik.tcp.middlewares.test-inflightconn.inflightconn.burst label 2024-05-29 16:44:51 +08:00
furyhawk b63e5af186 Refactor docker-compose.yml to expose port 5432 2024-05-29 16:18:12 +08:00
furyhawk 93bbfbbcdd Refactor docker-compose.yml to expose port 5432 and add traefik.tcp.middlewares.test-inflightconn.inflightconn.burst label 2024-05-29 16:17:25 +08:00
furyhawk 4a02eba0e2 Refactor traefik and dozzle service configurations in docker-compose.yml 2024-05-29 16:08:31 +08:00
furyhawk f3d52b27b2 Refactor traefik and dozzle service configurations in docker-compose.yml 2024-05-29 15:59:58 +08:00
furyhawk 59115a58f5 Refactor docker-compose.yml to update traefik and dozzle service configurations 2024-05-29 14:49:45 +08:00
furyhawk 049acd29cb Refactor docker-compose.yml to remove unused DOMAINNAME variable 2024-05-29 14:44:21 +08:00
furyhawk c5c9ee31f4 Refactor docker-compose.yml to remove unused DOMAINNAME variable 2024-05-29 14:44:03 +08:00
furyhawk 0ca80b1741 Refactor traefik and dozzle service configurations in docker-compose.yml 2024-05-29 14:43:35 +08:00
furyhawk 7c4d216817 Refactor traefik and dozzle service configurations in docker-compose.yml 2024-05-29 14:30:09 +08:00
furyhawk 9b1fafa848 Refactor traefik and dozzle service configurations in docker-compose.yml 2024-05-29 14:21:59 +08:00
furyhawk dc55872b5d Refactor traefik and dozzle service configurations in docker-compose.yml 2024-05-29 11:43:34 +08:00
furyhawk 77c90d7823 Refactor docker-compose.yml to update traefik and dozzle service configurations 2024-05-29 11:41:03 +08:00
furyhawk ee7fddeed6 Refactor docker-compose.yml to update traefik and dozzle service configurations 2024-05-29 11:27:46 +08:00
furyhawk 4e64a2b76a Refactor traefik configuration in docker-compose.yml 2024-05-29 11:20:03 +08:00
furyhawk 30cd9df16e Refactor dozzle service configuration in docker-compose.yml 2024-05-29 11:03:03 +08:00
furyhawk 333b00eeef Refactor docker-compose.yml to update dozzle service configuration 2024-05-29 10:33:44 +08:00
furyhawk 6f1d04afc3 Refactor docker-compose.yml to update dozzle service configuration 2024-05-29 09:29:52 +08:00
furyhawk 16310a21ba Refactor dozzle service configuration in docker-compose.yml 2024-05-29 09:18:33 +08:00
furyhawk c14a7ad35e Refactor docker-compose.yml to update dozzle service configuration 2024-05-29 09:17:29 +08:00
furyhawk 47a0e912bb Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 22:44:18 +08:00
furyhawk 7c92ed044b Refactor docker-compose.yml to remove unnecessary dozzle service configuration 2024-05-28 20:05:15 +08:00
furyhawk b64e4984af Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 19:51:30 +08:00
furyhawk 6348bb0fbb Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 17:41:32 +08:00
furyhawk 8e88b8bcbb Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 17:12:25 +08:00
furyhawk 73d0a36254 Refactor docker-compose.yml to remove unnecessary dozzle service configuration 2024-05-28 17:06:53 +08:00
furyhawk b01df6af62 Refactor docker-compose.yml to add command for PostgreSQL service 2024-05-28 17:03:15 +08:00
furyhawk feff445ab3 Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 16:03:29 +08:00
furyhawk ce1cfbf4c7 Refactor Dockerfile to remove unnecessary packages and streamline installation process 2024-05-28 14:53:32 +08:00
furyhawk daa40c6aa4 chore: Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 10:34:46 +08:00
furyhawk 297c05742f Refactor docker-compose.yml to remove unnecessary port mapping for dozzle service 2024-05-28 10:32:21 +08:00
furyhawk 65462229e5 Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 10:26:50 +08:00
furyhawk 1a13d29542 Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 01:03:58 +08:00
furyhawk 110a0dd411 Refactor docker-compose.yml to update dozzle service configuration 2024-05-28 00:52:20 +08:00
furyhawk 1f14327c68 Refactor docker-compose.yml to remove dozzle service configuration 2024-05-28 00:46:26 +08:00
furyhawk cfd4e9150e Refactor docker-compose.yml to add container_name for dozzle service 2024-05-28 00:39:26 +08:00
furyhawk ed57ba4dc4 Refactor docker-compose.yml to update port mapping for dozzle service 2024-05-28 00:27:29 +08:00
furyhawk 522c210f5a Refactor docker-compose.yml to enable TLS for dozzle service in Traefik 2024-05-28 00:24:47 +08:00
furyhawk 5b94503537 Refactor docker-compose.yml to update port mapping for dozzle service 2024-05-28 00:19:50 +08:00
furyhawk 7772353d7c Refactor docker-compose.yml to add container_name for dozzle service 2024-05-28 00:10:15 +08:00
furyhawk 8c2f258d5d Refactor docker-compose.yml to remove unnecessary port mapping for dozzle service 2024-05-28 00:09:04 +08:00
furyhawk 2cdb147b14 Refactor docker-compose.yml to update port mapping for dozzle service 2024-05-28 00:08:00 +08:00
furyhawk 374ca7fb09 Refactor docker-compose.yml to add port mapping for dozzle service 2024-05-28 00:03:57 +08:00
furyhawk 5c54f73210 Refactor docker-compose.yml to enable TLS for dozzle service in Traefik 2024-05-28 00:00:29 +08:00
furyhawk f550849d8e Refactor docker-compose.yml to fix traefik configuration for dozzle service 2024-05-27 23:46:38 +08:00
furyhawk a833562205 Refactor docker-compose.yml to fix traefik configuration for dozzle service 2024-05-27 23:42:40 +08:00
furyhawk 22080087c0 Refactor docker-compose.yml to add dozzle service for log monitoring 2024-05-27 23:24:51 +08:00
furyhawk 2e6c9886be Refactor docker-compose.yml to add dozzle service for log monitoring 2024-05-27 23:23:20 +08:00
furyhawk 5c77d4afa3 Refactor emqx-docker submodule to use updated commit 554e4b1 2024-05-27 21:55:39 +08:00
furyhawk fe0b34a752 Refactor gitignore files to remove unnecessary entries 2024-05-27 21:45:40 +08:00
furyhawk 2c76f7ec39 Refactor docker-compose.yml to update URLs and remove unnecessary network configurations 2024-05-27 21:03:10 +08:00
furyhawk d9f5c2d75e Refactor traefik.yml to update URLs for heynote_app and jellyfin_app 2024-05-27 20:48:02 +08:00
furyhawk f7a6f7c4c6 Refactor docker-compose.yml to update URLs and remove unnecessary network configurations 2024-05-27 20:34:47 +08:00
furyhawk 716b662e4a Refactor docker-compose.yml to remove unnecessary network configurations 2024-05-27 20:26:07 +08:00
furyhawk 8a865c6e38 Refactor docker-compose.yml to update URLs and remove unnecessary network configurations 2024-05-27 20:02:23 +08:00
furyhawk 95d0b36384 Refactor docker-compose.yml to remove unnecessary network configurations 2024-05-27 19:47:42 +08:00
furyhawk 792e6a1a9d Refactor docker-compose.yml to remove unnecessary network configurations 2024-05-27 19:32:06 +08:00
furyhawk 2965012b23 Refactor docker-compose.yml to update URLs and remove unnecessary network configurations 2024-05-27 19:30:14 +08:00
furyhawk 927238f955 Refactor docker-compose.yml to update URLs and remove unnecessary network configurations 2024-05-27 19:13:12 +08:00
furyhawk f74c0b4342 Refactor docker-compose.yml to update URLs and remove unnecessary network configurations 2024-05-27 19:03:22 +08:00
29 changed files with 1823 additions and 967 deletions
Expand all files Collapse all files
.env.example
+9 -8
View File
@@ -1,16 +1,17 @@
# Environment variables for docker-compose.yml
LOG_LEVEL="DEBUG"
PUID=1000
PGID=1000
LOG_LEVEL="INFO"
NETWORK="web"
TZ="Asia/Singapore"
## dashboard configs
HOST="furyhawk.lol"
HOST="localhost"
DOMAINNAME="furyhawk.lol"
HOSTNAME="node00"
DATADIR="/home/furyhawk/media"
# subdomain for dashboard.
DASHBOARD_HOST="dashboard.furyhawk.lol"
# log file path on host machine
LOG_PATH=./logs
## TLS configs
CERT_PATH=./certs
ACME_PATH=./acme.json
@@ -26,8 +27,8 @@ OSRM_ALGORITHM="mld"
OSRM_THREADS=2
OSRM_PORT=5000
OSRM_PROFILE="/opt/car.lua"
OSRM_MAP_NAME=${OSRM_MAP_NAME}
OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
OSRM_MAP_NAME=""
OSRM_GEOFABRIK_PATH=""
# Notify OSRM Manager to restart without stopping container
OSRM_NOTIFY_FILEPATH="/data/osrm_notify.txt"
LibreChat
+1 -1
Submodule LibreChat updated: 9c57a0465d...026961f719
README.md
+8 -7
View File
@@ -20,15 +20,16 @@ This simple project uses Traefik as a reverse proxy to a Streamlit application a
- Build for ARM64 platform
## Production Deployment
1. `git clone
1. `git submodule update --init --recursive`
1. In `compose/traefik/traefik.yml`, change `example@test.com` to your email.
2. In `compose/traefik/traefik.yml`, change `example.com` to your domain.
3. `sudo apt-get install build-essential`
4. `mdkir ~/st-sync`
5. `mdkir ~/.thelounge`
6. `touch cache/bar_cache.sqlite`
7. `touch cache/short_cache.sqlite`
8. `cp .env.example .env`
9. `cp usersfile.example usersfile`
3. `sudo apt-get install build-essential` (if not already installed) to use makefile.
4. `mdkir ~/st-sync` syncthing folder.
5. `cd ~/site` public site folder.
5. `mkdir ./compose/config` to store config.
8. `cp .env.example ./compose/.env`
9. `cp usersfile.example ./compose/usersfile`
10. `make serve`
### Notes:
compose.yml
+18
View File
@@ -0,0 +1,18 @@
networks:
default:
external: true
name: ${NETWORK:-web}
net:
external: true
name: ${NETWORK:-web}
# secrets:
# basic_auth_credentials:
# file: ./secrets/basic_auth_credentials
include:
- compose/base.yml
- compose/services.yml
- compose/apps.yml
- emqx-docker/docker-compose.yml
- LibreChat/docker-compose.yml
compose/apps.yml
+314
View File
@@ -0,0 +1,314 @@
x-environment: &app-environment
DOMAINNAME: "${DOMAINNAME:-furyhawk.lol}"
STREAMLIT_FIN_SERVER_PORT: "8501"
GROQ_API_KEY: "${GROQ_API_KEY}"
BAI_LOCATION: ""
STREAMLIT_BAI_SERVER_PORT: "8502"
volumes:
bai_cache: {}
ghost_content: {}
ghost_mysql: {}
jellyfin_config: {}
jellyfin_cache: {}
pgadmin: {}
privatebin_data: {}
thelounge_data: {}
services:
adminer:
image: adminer
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
PGID: 1000
PUID: 1000
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PYTHONPATH: "/pgadmin4"
TZ: Asia/Singapore
DOMAINNAME: ${DOMAINNAME}
user: "1000:1000"
volumes:
- pgadmin:/var/lib/pgadmin
restart: unless-stopped
depends_on:
- postgres
expose:
- 80
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.entrypoints=web-secure"
- "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAINNAME}`) || Host(`dbadmin.${DOMAINNAME}`)"
- "traefik.http.routers.adminer.middlewares=csrf@file"
- "traefik.http.routers.adminer.tls.certresolver=letsencrypt"
- "traefik.http.routers.adminer.service=adminer_app"
- "traefik.http.services.adminer_app.loadbalancer.server.port=8080"
cheatsheets_app:
image: furyhawk/cheatsheets:${CHEATSHEETSTAG:-latest}
restart: unless-stopped
expose:
- 80
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.cheatsheets.entrypoints=web-secure"
- "traefik.http.routers.cheatsheets.rule=Host(`cheat.${DOMAINNAME}`)"
- "traefik.http.routers.cheatsheets.middlewares=csrf@file"
- "traefik.http.routers.cheatsheets.tls.certresolver=letsencrypt"
- "traefik.http.routers.cheatsheets.service=cheatsheets_app"
- "traefik.http.services.cheatsheets_app.loadbalancer.server.port=80"
ghost-db:
image: mysql:8
container_name: ghost-db
security_opt:
- seccomp:unconfined
restart: always
command: --mysql-native-password=ON
environment:
MYSQL_ROOT_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- ghost_mysql:/var/lib/mysql
expose:
- 3306
networks:
- net
ghost-server:
image: ghost
container_name: ghost_server
cap_add:
- CAP_SYS_NICE
security_opt:
- seccomp:unconfined
restart: always
depends_on:
- ghost-db
environment:
url: https://ghost.furyhawk.lol
database__client: mysql
database__connection__host: ghost-db
database__connection__user: root
database__connection__password: ${POSTGRES_PASSWORD}
database__connection__database: ghost
DOMAINNAME: ${DOMAINNAME}
volumes:
- ghost_content:/var/lib/ghost/content
expose:
- 2368
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.ghost.entrypoints=web-secure"
- "traefik.http.routers.ghost.rule=Host(`ghost.${DOMAINNAME}`)"
- "traefik.http.routers.ghost.middlewares=csrf@file"
- "traefik.http.routers.ghost.tls.certresolver=letsencrypt"
- "traefik.http.routers.ghost.service=ghost_app"
- "traefik.http.services.ghost_app.loadbalancer.server.port=2368"
heynote_app:
image: furyhawk/heynote:${HEYNOTETAG:-latest}
restart: unless-stopped
environment:
NODE_ENV: production
DOMAINNAME: ${DOMAINNAME}
expose:
- 5173
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.heynote.entrypoints=web-secure"
- "traefik.http.routers.heynote.rule=HostRegexp(`note[0-9]{0,2}.${DOMAINNAME}`) || Host(`pad.${DOMAINNAME}`)"
- "traefik.http.routers.heynote.middlewares=csrf@file"
- "traefik.http.routers.heynote.tls.certresolver=letsencrypt"
- "traefik.http.routers.heynote.service=heynote_app"
- "traefik.http.services.heynote_app.loadbalancer.server.port=5173"
jellyfin:
image: jellyfin/jellyfin
user: 1000:1000
volumes:
- jellyfin_config:/config
- jellyfin_cache:/cache
- type: bind
source: ~/media
target: /media
read_only: false
restart: 'unless-stopped'
# Optional - alternative address used for autodiscovery
environment:
- DOMAINNAME=${DOMAINNAME}
- JELLYFIN_PublishedServerUrl=https://media.${DOMAINNAME}
expose:
- 8096
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.entrypoints=web-secure"
- "traefik.http.routers.jellyfin.rule=Host(`media.${DOMAINNAME}`)"
- "traefik.http.routers.jellyfin.middlewares=csrf@file"
- "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
- "traefik.http.routers.jellyfin.service=jellyfin_app"
- "traefik.http.services.jellyfin_app.loadbalancer.server.port=8096"
meshtastic_web:
image: ghcr.io/meshtastic/web
restart: unless-stopped
expose:
- 8080
- 8443
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.meshtastic.entrypoints=web-secure"
- "traefik.http.routers.meshtastic.rule=Host(`mesh.${DOMAINNAME}`)"
- "traefik.http.routers.meshtastic.middlewares=csrf@file"
- "traefik.http.routers.meshtastic.tls.certresolver=letsencrypt"
- "traefik.http.routers.meshtastic.service=meshtastic_app"
- "traefik.http.services.meshtastic_app.loadbalancer.server.port=8080"
privatebin:
image: privatebin/nginx-fpm-alpine:latest
read_only: true
user: "1000:1000"
volumes:
- privatebin_data:/srv/data # data volume for pastes allows pastes
# to persist after container stop or restart
- './config/conf.php:/srv/cfg/conf.php:ro' # second volume for custom configuration file
expose:
- 8080
restart: unless-stopped
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.privatebin.entrypoints=web-secure"
- "traefik.http.routers.privatebin.rule=Host(`bin.${DOMAINNAME}`) || Host(`paste.${DOMAINNAME}`)"
- "traefik.http.routers.privatebin.middlewares=csrf@file"
- "traefik.http.routers.privatebin.tls.certresolver=letsencrypt"
- "traefik.http.routers.privatebin.service=privatebin_app"
- "traefik.http.services.privatebin_app.loadbalancer.server.port=8080"
redlib:
image: quay.io/redlib/redlib:latest-arm
restart: unless-stopped
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
# - seccomp=seccomp-redlib.json
cap_drop:
- ALL
env_file: .env
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://127.0.0.1:3080/settings"]
interval: 5m
timeout: 3s
expose:
- 3080 # Specify `127.0.0.1:8080:3080` instead if using a reverse proxy
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.redlib.entrypoints=web-secure"
- "traefik.http.routers.redlib.rule=Host(`redlib.${DOMAINNAME}`)"
- "traefik.http.routers.redlib.middlewares=csrf@file"
- "traefik.http.routers.redlib.tls.certresolver=letsencrypt"
- "traefik.http.routers.redlib.service=redlib_app"
- "traefik.http.services.redlib_app.loadbalancer.server.port=3080"
thelounge:
image: ghcr.io/thelounge/thelounge:latest
restart: unless-stopped
volumes:
- thelounge_data:/var/opt/thelounge # bind lounge config from the host's file system
expose:
- 9000
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.thelounge.entrypoints=web-secure"
- "traefik.http.routers.thelounge.rule=Host(`irc.${DOMAINNAME}`)"
- "traefik.http.routers.thelounge.middlewares=csrf@file"
- "traefik.http.routers.thelounge.tls.certresolver=letsencrypt"
- "traefik.http.routers.thelounge.service=thelounge_app"
- "traefik.http.services.thelounge_app.loadbalancer.server.port=9000"
streamlit-bai:
environment:
<<: *app-environment
image: furyhawk/beyondallinfo:latest
restart: unless-stopped
command: streamlit run --server.port=$STREAMLIT_BAI_SERVER_PORT --server.address=0.0.0.0 --server.baseUrlPath=$BAI_LOCATION src/app.py
volumes:
- bai_cache:/app/cache
expose:
- ${STREAMLIT_BAI_SERVER_PORT}
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.streamlit-bai.entrypoints=web-secure"
- "traefik.http.routers.streamlit-bai.rule=Host(`bai.${DOMAINNAME}`)"
- "traefik.http.routers.streamlit-bai.middlewares=csrf@file"
- "traefik.http.routers.streamlit-bai.tls.certresolver=letsencrypt"
- "traefik.http.routers.streamlit-bai.service=streamlit_bai_app"
- "traefik.http.services.streamlit_bai_app.loadbalancer.server.port=${STREAMLIT_BAI_SERVER_PORT}"
streamlit-fin:
environment:
<<: *app-environment
image: furyhawk/llama3toolsfin:main
restart: unless-stopped
expose:
- ${STREAMLIT_FIN_SERVER_PORT}
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.streamlit-fin.entrypoints=web-secure"
- "traefik.http.routers.streamlit-fin.rule=Host(`fin.${DOMAINNAME}`)"
- "traefik.http.routers.streamlit-fin.middlewares=csrf@file"
- "traefik.http.routers.streamlit-fin.tls.certresolver=letsencrypt"
- "traefik.http.routers.streamlit-fin.service=streamlit_fin_app"
- "traefik.http.services.streamlit_fin_app.loadbalancer.server.port=${STREAMLIT_FIN_SERVER_PORT}"
site_server:
image: nginx:alpine
restart: unless-stopped
volumes:
- ~/site:/usr/share/nginx/html:ro
expose:
- 80
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.site_server.entrypoints=web-secure"
- "traefik.http.routers.site_server.rule=Host(`${DOMAINNAME}`) || Host(`www.${DOMAINNAME}`) || Host(`info.${DOMAINNAME}`) || Host(`124c41.${DOMAINNAME}`)"
- "traefik.http.routers.site_server.middlewares=csrf@file, no-www@file"
- "traefik.http.routers.site_server.tls.certresolver=letsencrypt"
- "traefik.http.routers.site_server.service=site_server_app"
- "traefik.http.services.site_server_app.loadbalancer.server.port=80"
- "traefik.http.routers.resume_router.entrypoints=web-secure"
- "traefik.http.routers.resume_router.rule=Host(`resume.${DOMAINNAME}`)"
- "traefik.http.routers.resume_router.middlewares=csrf@file, redirect-resume@file"
- "traefik.http.routers.resume_router.tls.certresolver=letsencrypt"
- "traefik.http.routers.resume_router.service=resume_server"
- "traefik.http.services.resume_server.loadbalancer.server.port=80"
- "traefik.http.routers.blog_router.entrypoints=web-secure"
- "traefik.http.routers.blog_router.rule=Host(`blog.${DOMAINNAME}`)"
- "traefik.http.routers.blog_router.middlewares=redirect-blog@file"
- "traefik.http.routers.blog_router.tls.certresolver=letsencrypt"
- "traefik.http.routers.blog_router.service=blog_server"
- "traefik.http.services.blog_server.loadbalancer.server.port=80"
compose/base.yml
+86
View File
@@ -0,0 +1,86 @@
x-environment: &default-environment
LOG_LEVEL: "INFO"
ACME_PATH: "./acme.json"
NETWORK: "${NETWORK:-web}"
DOMAINNAME: "${DOMAINNAME:-furyhawk.lol}"
TZ: "${TZ:-Asia/Singapore}"
FIN_LOCATION: ""
STREAMLIT_FIN_SERVER_PORT: "8501"
GROQ_API_KEY: "${GROQ_API_KEY}"
BAI_LOCATION: ""
STREAMLIT_BAI_SERVER_PORT: "8502"
volumes:
logs: {}
production_traefik: {}
portainer_data: {}
services:
portainer:
image: portainer/portainer-ce:sts
command: -H unix:///var/run/docker.sock
security_opt:
- no-new-privileges:true
environment:
<<: *default-environment
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
expose:
- 8000
- 9000
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=web-secure"
- "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAINNAME}`) || Host(`port.${DOMAINNAME}`)"
- "traefik.http.routers.portainer.middlewares=csrf@file"
- "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
- "traefik.http.routers.portainer.service=portainer_service"
- "traefik.http.services.portainer_service.loadbalancer.server.port=9000"
traefik:
environment:
<<: *default-environment
build:
context: .
dockerfile: ./traefik/Dockerfile
image: traefik_production
security_opt:
- no-new-privileges:true
restart: always
volumes:
- logs:/logs
- production_traefik:/etc/traefik/acme:z
- /var/run/docker.sock:/var/run/docker.sock
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- "7687:7687"
- "8083:8083"
- "8084:8084"
- "8883:8883"
- "5432:5432"
# - "8080:8080"
# - "1883:1883"
# - 18083:18083
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=web-secure"
- "traefik.http.routers.traefik.rule=Host(`dashboard.${DOMAINNAME}`)"
- "traefik.http.routers.traefik.middlewares=auth@file"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
config/certs.toml → compose/config/certs.toml
View File
config/conf.example.php → compose/config/conf.example.php
View File
config/conf.php → compose/config/conf.php
View File
compose/config/postgresql.conf
+842
View File
@@ -0,0 +1,842 @@
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
# name = value
#
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
# "#" anywhere on a line. The complete list of parameter names and allowed
# values can be found in the PostgreSQL documentation.
#
# The commented-out settings shown in this file represent the default values.
# Re-commenting a setting is NOT sufficient to revert it to the default value;
# you need to reload the server.
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect, run "pg_ctl reload", or execute
# "SELECT pg_reload_conf()". Some parameters, which are marked below,
# require a server shutdown and restart to take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
# with the "SET" SQL command.
#
# Memory units: B = bytes Time units: us = microseconds
# kB = kilobytes ms = milliseconds
# MB = megabytes s = seconds
# GB = gigabytes min = minutes
# TB = terabytes h = hours
# d = days
#------------------------------------------------------------------------------
# FILE LOCATIONS
#------------------------------------------------------------------------------
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
#data_directory = 'ConfigDir' # use data in another directory
# (change requires restart)
#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
# (change requires restart)
#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
# (change requires restart)
# If external_pid_file is not explicitly set, no extra PID file is written.
#external_pid_file = '' # write an extra PID file
# (change requires restart)
# - SLRU Buffers (change requires restart) -
#commit_timestamp_buffers = 0 # memory for pg_commit_ts (0 = auto)
#multixact_offset_buffers = 16 # memory for pg_multixact/offsets
#multixact_member_buffers = 32 # memory for pg_multixact/members
#notify_buffers = 16 # memory for pg_notify
#serializable_buffers = 32 # memory for pg_serial
#subtransaction_buffers = 0 # memory for pg_subtrans (0 = auto)
#transaction_buffers = 0 # memory for pg_xact (0 = auto)
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
#port = 5432 # (change requires restart)
#max_connections = 100 # (change requires restart)
#reserved_connections = 0 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '/tmp' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - TCP settings -
# see "man tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
# 0 selects the system default
#client_connection_check_interval = 0 # time between checks for client
# disconnection while running queries;
# 0 for never
# - Authentication -
#authentication_timeout = 1min # 1s-600s
#password_encryption = scram-sha-256 # scram-sha-256 or md5
#scram_iterations = 4096
# GSSAPI using Kerberos
#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
#krb_caseins_users = off
#gss_accept_delegation = off
# - SSL -
#ssl = off
#ssl_ca_file = ''
#ssl_cert_file = 'server.crt'
#ssl_crl_file = ''
#ssl_crl_dir = ''
#ssl_key_file = 'server.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_min_protocol_version = 'TLSv1.2'
#ssl_max_protocol_version = ''
#ssl_dh_params_file = ''
#ssl_passphrase_command = ''
#ssl_passphrase_command_supports_reload = off
#------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#------------------------------------------------------------------------------
# - Memory -
#shared_buffers = 128MB # min 128kB
# (change requires restart)
#huge_pages = try # on, off, or try
# (change requires restart)
#huge_page_size = 0 # zero for system default
# (change requires restart)
#temp_buffers = 8MB # min 800kB
#max_prepared_transactions = 0 # zero disables the feature
# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
#work_mem = 4MB # min 64kB
#hash_mem_multiplier = 2.0 # 1-1000.0 multiplier on hash table work_mem
#maintenance_work_mem = 64MB # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#logical_decoding_work_mem = 64MB # min 64kB
#max_stack_depth = 2MB # min 100kB
#shared_memory_type = mmap # the default is the first option
# supported by the operating system:
# mmap
# sysv
# windows
# (change requires restart)
#dynamic_shared_memory_type = posix # the default is usually the first option
# supported by the operating system:
# posix
# sysv
# windows
# mmap
# (change requires restart)
#min_dynamic_shared_memory = 0MB # (change requires restart)
#vacuum_buffer_usage_limit = 2MB # size of vacuum and analyze buffer access strategy ring;
# 0 to disable vacuum buffer access strategy;
# range 128kB to 16GB
# - Disk -
#temp_file_limit = -1 # limits per-process temp file space
# in kilobytes, or -1 for no limit
#max_notify_queue_pages = 1048576 # limits the number of SLRU pages allocated
# for NOTIFY / LISTEN queue
# - Kernel Resources -
#max_files_per_process = 1000 # min 64
# (change requires restart)
# - Cost-Based Vacuum Delay -
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
#vacuum_cost_page_hit = 1 # 0-10000 credits
#vacuum_cost_page_miss = 2 # 0-10000 credits
#vacuum_cost_page_dirty = 20 # 0-10000 credits
#vacuum_cost_limit = 200 # 1-10000 credits
# - Background Writer -
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
#bgwriter_flush_after = 0 # measured in pages, 0 disables
# - Asynchronous Behavior -
#backend_flush_after = 0 # measured in pages, 0 disables
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
#io_combine_limit = 128kB # usually 1-32 blocks (depends on OS)
#max_worker_processes = 8 # (change requires restart)
#max_parallel_workers_per_gather = 2 # limited by max_parallel_workers
#max_parallel_maintenance_workers = 2 # limited by max_parallel_workers
#max_parallel_workers = 8 # number of max_worker_processes that
# can be used in parallel operations
#parallel_leader_participation = on
#------------------------------------------------------------------------------
# WRITE-AHEAD LOG
#------------------------------------------------------------------------------
# - Settings -
#wal_level = replica # minimal, replica, or logical
# (change requires restart)
#fsync = on # flush data to disk for crash safety
# (turning this off can cause
# unrecoverable data corruption)
#synchronous_commit = on # synchronization level;
# off, local, remote_write, remote_apply, or on
#wal_sync_method = fsync # the default is the first option
# supported by the operating system:
# open_datasync
# fdatasync (default on Linux and FreeBSD)
# fsync
# fsync_writethrough
# open_sync
#full_page_writes = on # recover from partial page writes
#wal_log_hints = off # also do full page writes of non-critical updates
# (change requires restart)
#wal_compression = off # enables compression of full-page writes;
# off, pglz, lz4, zstd, or on
#wal_init_zero = on # zero-fill new WAL files
#wal_recycle = on # recycle WAL files
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
#wal_writer_flush_after = 1MB # measured in pages, 0 disables
#wal_skip_threshold = 2MB
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
# - Checkpoints -
#checkpoint_timeout = 5min # range 30s-1d
#checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0
#checkpoint_flush_after = 0 # measured in pages, 0 disables
#checkpoint_warning = 30s # 0 disables
#max_wal_size = 1GB
#min_wal_size = 80MB
# - Prefetching during recovery -
#recovery_prefetch = try # prefetch pages referenced in the WAL?
#wal_decode_buffer_size = 512kB # lookahead window used for prefetching
# (change requires restart)
# - Archiving -
#archive_mode = off # enables archiving; off, on, or always
# (change requires restart)
#archive_library = '' # library to use to archive a WAL file
# (empty string indicates archive_command should
# be used)
#archive_command = '' # command to use to archive a WAL file
# placeholders: %p = path of file to archive
# %f = file name only
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0 # force a WAL file switch after this
# number of seconds; 0 disables
# - Archive Recovery -
# These are only used in recovery mode.
#restore_command = '' # command to use to restore an archived WAL file
# placeholders: %p = path of file to restore
# %f = file name only
# e.g. 'cp /mnt/server/archivedir/%f %p'
#archive_cleanup_command = '' # command to execute at every restartpoint
#recovery_end_command = '' # command to execute at completion of recovery
# - Recovery Target -
# Set these only when performing a targeted recovery.
#recovery_target = '' # 'immediate' to end recovery as soon as a
# consistent state is reached
# (change requires restart)
#recovery_target_name = '' # the named restore point to which recovery will proceed
# (change requires restart)
#recovery_target_time = '' # the time stamp up to which recovery will proceed
# (change requires restart)
#recovery_target_xid = '' # the transaction ID up to which recovery will proceed
# (change requires restart)
#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
# (change requires restart)
#recovery_target_inclusive = on # Specifies whether to stop:
# just after the specified recovery target (on)
# just before the recovery target (off)
# (change requires restart)
#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
# (change requires restart)
#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
# (change requires restart)
# - WAL Summarization -
#summarize_wal = off # run WAL summarizer process?
#wal_summary_keep_time = '10d' # when to remove old summary files, 0 = never
#------------------------------------------------------------------------------
# REPLICATION
#------------------------------------------------------------------------------
# - Sending Servers -
# Set these on the primary and on any standby that will send replication data.
#max_wal_senders = 10 # max number of walsender processes
# (change requires restart)
#max_replication_slots = 10 # max number of replication slots
# (change requires restart)
#wal_keep_size = 0 # in megabytes; 0 disables
#max_slot_wal_keep_size = -1 # in megabytes; -1 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
# - Primary Server -
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
#standby_slot_names = '' # streaming replication standby server slot names that
# logical walsender processes will wait for
# - Standby Servers -
# These settings are ignored on a primary server.
#primary_conninfo = '' # connection string to sending server
#primary_slot_name = '' # replication slot on sending server
#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
#max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
#wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name
# is not set
#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
#hot_standby_feedback = off # send info from standby to prevent
# query conflicts
#wal_receiver_timeout = 60s # time that receiver waits for
# communication from primary
# in milliseconds; 0 disables
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
#sync_replication_slots = off # enables slot synchronization on the physical standby from the primary
# - Subscribers -
# These settings are ignored on a publisher.
#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
#max_parallel_apply_workers_per_subscription = 2 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------
# QUERY TUNING
#------------------------------------------------------------------------------
# - Planner Method Configuration -
#enable_async_append = on
#enable_bitmapscan = on
#enable_gathermerge = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_incremental_sort = on
#enable_indexscan = on
#enable_indexonlyscan = on
#enable_material = on
#enable_memoize = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_parallel_append = on
#enable_parallel_hash = on
#enable_partition_pruning = on
#enable_partitionwise_join = off
#enable_partitionwise_aggregate = off
#enable_presorted_aggregate = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
#enable_group_by_reordering = on
# - Planner Cost Constants -
#seq_page_cost = 1.0 # measured on an arbitrary scale
#random_page_cost = 4.0 # same scale as above
#cpu_tuple_cost = 0.01 # same scale as above
#cpu_index_tuple_cost = 0.005 # same scale as above
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
#effective_cache_size = 4GB
#jit_above_cost = 100000 # perform JIT compilation if available
# and query more expensive than this;
# -1 disables
#jit_inline_above_cost = 500000 # inline small functions if query is
# more expensive than this; -1 disables
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
# query is more expensive than this;
# -1 disables
# - Genetic Query Optimizer -
#geqo = on
#geqo_threshold = 12
#geqo_effort = 5 # range 1-10
#geqo_pool_size = 0 # selects default based on effort
#geqo_generations = 0 # selects default based on effort
#geqo_selection_bias = 2.0 # range 1.5-2.0
#geqo_seed = 0.0 # range 0.0-1.0
# - Other Planner Options -
#default_statistics_target = 100 # range 1-10000
#constraint_exclusion = partition # on, off, or partition
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
#from_collapse_limit = 8
#jit = on # allow JIT compilation
#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
#plan_cache_mode = auto # auto, force_generic_plan or
# force_custom_plan
#recursive_worktable_factor = 10.0 # range 0.001-1000000
#------------------------------------------------------------------------------
# REPORTING AND LOGGING
#------------------------------------------------------------------------------
# - Where to Log -
#log_destination = 'stderr' # Valid values are combinations of
# stderr, csvlog, jsonlog, syslog, and
# eventlog, depending on platform.
# csvlog and jsonlog require
# logging_collector to be on.
# This is used when logging to stderr:
#logging_collector = off # Enable capturing of stderr, jsonlog,
# and csvlog into log files. Required
# to be on for csvlogs and jsonlogs.
# (change requires restart)
# These are only used if logging_collector is on:
#log_directory = 'log' # directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
#log_file_mode = 0600 # creation mode for log files,
# begin with 0 to use octal notation
#log_rotation_age = 1d # Automatic rotation of logfiles will
# happen after that time. 0 disables.
#log_rotation_size = 10MB # Automatic rotation of logfiles will
# happen after that much log output.
# 0 disables.
#log_truncate_on_rotation = off # If on, an existing log file with the
# same name as the new log file will be
# truncated rather than appended to.
# But such truncation only occurs on
# time-driven rotation, not on restarts
# or size-driven rotation. Default is
# off, meaning append to existing files
# in all cases.
# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
#syslog_sequence_numbers = on
#syslog_split_messages = on
# This is only relevant when logging to eventlog (Windows):
# (change requires restart)
#event_source = 'PostgreSQL'
# - When to Log -
log_min_messages = info # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning default
# error
# log
# fatal
# panic
# log_min_error_statement = error # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error default
# log
# fatal
# panic (effectively off)
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
#log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements
# and their durations, > 0 logs only a sample of
# statements running at least this number
# of milliseconds;
# sample fraction is determined by log_statement_sample_rate
#log_statement_sample_rate = 1.0 # fraction of logged statements exceeding
# log_min_duration_sample to be logged;
# 1.0 logs all such statements, 0.0 never logs
#log_transaction_sample_rate = 0.0 # fraction of transactions whose statements
# are logged regardless of their duration; 1.0 logs all
# statements from all transactions, 0.0 never logs
#log_startup_progress_interval = 10s # Time between progress updates for
# long-running startup operations.
# 0 disables the feature, > 0 indicates
# the interval in milliseconds.
# - What to Log -
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_autovacuum_min_duration = 10min # log autovacuum activity;
# -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
#log_checkpoints = on
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
#log_line_prefix = '%m [%p] ' # special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %b = backend type
# %p = process ID
# %P = process ID of parallel group leader
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %n = timestamp with milliseconds (as a Unix epoch)
# %Q = query ID (0 if none or not computed)
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
#log_lock_waits = off # log lock waits >= deadlock_timeout
#log_recovery_conflict_waits = off # log standby recovery conflict waits
# >= deadlock_timeout
#log_parameter_max_length = -1 # when logging statements, limit logged
# bind-parameter values to N bytes;
# -1 means print in full, 0 disables
#log_parameter_max_length_on_error = 0 # when logging an error, limit logged
# bind-parameter values to N bytes;
# -1 means print in full, 0 disables
#log_statement = 'none' # none, ddl, mod, all
#log_replication_commands = off
#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
#log_timezone = 'GMT'
# - Process Title -
#cluster_name = '' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
#------------------------------------------------------------------------------
# STATISTICS
#------------------------------------------------------------------------------
# - Cumulative Query and Index Statistics -
#track_activities = on
#track_activity_query_size = 1024 # (change requires restart)
#track_counts = on
#track_io_timing = off
#track_wal_io_timing = off
#track_functions = none # none, pl, all
#stats_fetch_consistency = cache # cache, none, snapshot
# - Monitoring -
#compute_query_id = auto
#log_statement_stats = off
#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#------------------------------------------------------------------------------
# AUTOVACUUM
#------------------------------------------------------------------------------
#autovacuum = on # Enable autovacuum subprocess? 'on'
# requires track_counts to also be on.
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
#autovacuum_naptime = 1min # time between autovacuum runs
#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
#autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts
# before vacuum; -1 disables insert
# vacuums
#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
#autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table
# size before insert vacuum
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
#------------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#------------------------------------------------------------------------------
# - Statement Behavior -
#client_min_messages = notice # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# log
# notice
# warning
# error
#search_path = '"$user", public' # schema names
#row_security = on
#default_table_access_method = 'heap'
#default_tablespace = '' # a tablespace name, '' uses the default
#default_toast_compression = 'pglz' # 'pglz' or 'lz4'
#temp_tablespaces = '' # a list of tablespace names, '' uses
# only default tablespace
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#transaction_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#idle_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_table_age = 150000000
#vacuum_freeze_min_age = 50000000
#vacuum_failsafe_age = 1600000000
#vacuum_multixact_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
#vacuum_multixact_failsafe_age = 1600000000
#bytea_output = 'hex' # hex, escape
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_pending_list_limit = 4MB
#createrole_self_grant = '' # set and/or inherit
#event_triggers = on
# - Locale and Formatting -
#datestyle = 'iso, mdy'
#intervalstyle = 'postgres'
#timezone = 'GMT'
#timezone_abbreviations = 'Default' # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
# India
# You can create your own file in
# share/timezonesets/.
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
# selects precise output mode
#client_encoding = sql_ascii # actually, defaults to database
# encoding
# These settings are initialized by initdb, but they can be changed.
#lc_messages = '' # locale for system error message
# strings
#lc_monetary = 'C' # locale for monetary formatting
#lc_numeric = 'C' # locale for number formatting
#lc_time = 'C' # locale for time formatting
#icu_validation_level = warning # report ICU locale validation
# errors at the given level
# default configuration for text search
#default_text_search_config = 'pg_catalog.simple'
# - Shared Library Preloading -
#local_preload_libraries = ''
#session_preload_libraries = ''
#shared_preload_libraries = '' # (change requires restart)
#jit_provider = 'llvmjit' # JIT library to use
# - Other Defaults -
#dynamic_library_path = '$libdir'
#gin_fuzzy_search_limit = 0
#------------------------------------------------------------------------------
# LOCK MANAGEMENT
#------------------------------------------------------------------------------
#deadlock_timeout = 1s
#max_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
# VERSION AND PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------
# - Previous PostgreSQL Versions -
#array_nulls = on
#backslash_quote = safe_encoding # on, off, or safe_encoding
#escape_string_warning = on
#lo_compat_privileges = off
#quote_all_identifiers = off
#standard_conforming_strings = on
#synchronize_seqscans = on
# - Other Platforms and Clients -
#transform_null_equals = off
#allow_alter_system = on
#------------------------------------------------------------------------------
# ERROR HANDLING
#------------------------------------------------------------------------------
#exit_on_error = off # terminate session on any error?
#restart_after_crash = on # reinitialize after backend crash?
#data_sync_retry = off # retry or panic on failure to fsync
# data?
# (change requires restart)
#recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+)
#------------------------------------------------------------------------------
# CONFIG FILE INCLUDES
#------------------------------------------------------------------------------
# These options allow settings to be loaded from files other than the
# default postgresql.conf. Note that these are directives, not variable
# assignments, so they can usefully be given more than once.
#include_dir = '...' # include files ending in '.conf' from
# a directory, e.g., 'conf.d'
#include_if_exists = '...' # include file only if it exists
#include = '...' # include file
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add settings for extensions here
compose/services.yml
+279
View File
@@ -0,0 +1,279 @@
volumes:
minio_data: {}
neo4j_data: {}
neo4j_logs: {}
postgres_data: {}
services:
api_server:
image: furyhawk/listen:latest
restart: always
depends_on:
- postgres
environment:
DATABASE__HOSTNAME: ${DATABASE__HOSTNAME}
DATABASE__USERNAME: ${POSTGRES_USER}
DATABASE__PASSWORD: ${POSTGRES_PASSWORD}
DATABASE__PORT: ${DATABASE__PORT}
DATABASE__DB: ${DATABASE__DB}
SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
DOMAINNAME: ${DOMAINNAME}
ports:
- "8000:8000"
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.api_server.entrypoints=web-secure"
- "traefik.http.routers.api_server.rule=Host(`api.${DOMAINNAME}`)"
- "traefik.http.routers.api_server.middlewares=csrf@file, rate-limit@file"
- "traefik.http.routers.api_server.tls.certresolver=letsencrypt"
- "traefik.http.routers.api_server.service=api_server_service"
- "traefik.http.services.api_server_service.loadbalancer.server.port=8000"
postgres:
image: postgres
container_name: postgres
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
PGDATA: "/var/lib/postgresql/data"
LANG: en_US.utf8
TZ: Asia/Singapore
# DOMAINNAME: ${DOMAINNAME}
command: ["postgres", "-c", "log_connections=on"]
volumes:
- postgres_data:/var/lib/postgresql/data
# - ./config/postgresql.conf:/etc/postgresql.conf
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 30s
timeout: 10s
retries: 10
# ports:
# - "5432:5432"
expose:
- 5432
networks:
- net
labels:
- "traefik.enable=true"
# - "traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10"
- "traefik.tcp.routers.postgres.entrypoints=postgres-socket"
- "traefik.tcp.routers.postgres.rule=HostSNI(`*`)"
- "traefik.tcp.routers.postgres.tls=true"
- "traefik.tcp.routers.postgres.tls.certresolver=letsencrypt"
# - "traefik.tcp.routers.postgres.rule=HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
# - "traefik.tcp.routers.postgres.middlewares=test-inflightconn"
- "traefik.tcp.routers.postgres.service=postgres_service"
- "traefik.tcp.services.postgres_service.loadbalancer.server.port=5432"
# - "traefik.http.routers.postgres.entrypoints=web-secure"
# - "traefik.http.routers.postgres.rule=Host(`db.${DOMAINNAME}`)"
# - "traefik.http.routers.postgres.middlewares=rate-limit@file, csrf@file"
# - "traefik.http.routers.postgres.tls.certresolver=letsencrypt"
# - "traefik.http.routers.postgres.service=postgres_service"
# - "traefik.http.services.postgres_service.loadbalancer.server.port=5432"
osrm-backend:
environment:
# OSRM manager setup
- OSRM_ALGORITHM=mld
- OSRM_THREADS=2
- OSRM_PORT=${OSRM_PORT:-5000}
- OSRM_PROFILE=/opt/car.lua
- OSRM_MAP_NAME=${OSRM_MAP_NAME}
- OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
# Notify OSRM Manager to restart without stopping container
- OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
- DOMAINNAME=${DOMAINNAME}
image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
restart: unless-stopped
expose:
- ${OSRM_PORT:-5000}
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.osrm-backend.entrypoints=web-secure"
- "traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAINNAME}`)"
- "traefik.http.routers.osrm-backend.middlewares=csrf@file"
- "traefik.http.routers.osrm-backend.tls.certresolver=letsencrypt"
- "traefik.http.routers.osrm-backend.service=osrm_backend_service"
- "traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000}"
minio-common:
image: minio/minio:latest
environment:
MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}"
MINIO_OPTS: "--console-address :9001"
MINIO_SERVER_URL: https://drive.furyhawk.lol
DOMAINNAME: ${DOMAINNAME}
# user: "1000:1000"
restart: unless-stopped
command: server /data --address :9000 --console-address :9001
healthcheck:
test: ["CMD", "mc", "ready", "local"]
interval: 60s
timeout: 5s
retries: 5
volumes:
- minio_data:/data
expose:
- 9000
- 9001
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio-router.entrypoints=web-secure"
- "traefik.http.routers.minio-router.rule=Host(`drive.${DOMAINNAME}`) || Host(`storage.${DOMAINNAME}`)"
- "traefik.http.routers.minio-router.middlewares=csrf@file"
- "traefik.http.routers.minio-router.tls.certresolver=letsencrypt"
- "traefik.http.routers.minio-router.service=minio_common_service"
- "traefik.http.services.minio_common_service.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-api-router.entrypoints=web-secure"
- "traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAINNAME}`) || Host(`s3.${DOMAINNAME}`)"
- "traefik.http.routers.minio-api-router.middlewares=csrf@file"
- "traefik.http.routers.minio-api-router.tls.certresolver=letsencrypt"
- "traefik.http.routers.minio-api-router.service=minio_api_service"
- "traefik.http.services.minio_api_service.loadbalancer.server.port=9000"
neo4j_server:
# Docker image to be used
image: ${NEO4J_DOCKER_IMAGE:-neo4j:latest}
container_name: neo4j_server
restart: unless-stopped
# Environment variables
environment:
NEO4J_AUTH: neo4j/${NEO4J_PASSWORD:-12345678}
NEO4J_dbms.default_listen_address: "0.0.0.0"
NEO4J_dbms.default_advertised_address: "neo4j.furyhawk.lol"
NEO4J_dbms.connector.bolt.advertised_address: ":443"
NEO4J_PLUGINS: '["apoc"]'
NEO4J_dbms_security_procedures_unrestricted: "apoc.*"
NEO4J_dbms_security_procedures_allowlist: "apoc.*"
NEO4J_server_memory_pagecache_size: 512M
NEO4J_server_memory_heap_max__size: 2G
user: "1000:1000"
depends_on:
- traefik
volumes:
- neo4j_data:/data
- neo4j_logs:/logs
# Expose ports
expose:
- 7474
- 7687
networks:
- net
syncthing:
image: syncthing/syncthing
environment:
- PUID=1000
- PGID=1000
- DOMAINNAME=${DOMAINNAME}
restart: unless-stopped
volumes:
- ~/st-sync:/var/syncthing
ports:
- "8384:8384" # Web UI
- "22000:22000/tcp" # TCP file transfers
- "22000:22000/udp" # QUIC file transfers
- "21027:21027/udp" # Receive local discovery broadcasts
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.entrypoints=web-secure"
- "traefik.http.routers.syncthing.rule=Host(`sync.${DOMAINNAME}`)"
- "traefik.http.routers.syncthing.middlewares=csrf@file"
- "traefik.http.routers.syncthing.tls.certresolver=letsencrypt"
- "traefik.http.routers.syncthing.service=syncthing_service"
- "traefik.http.services.syncthing_service.loadbalancer.server.port=8384"
dozzle:
image: amir20/dozzle:latest
restart: always
environment:
- DOMAINNAME=${DOMAINNAME}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
expose:
- 8080
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.dozzle.entrypoints=web-secure"
- "traefik.http.routers.dozzle.rule=Host(`log.${DOMAINNAME}`)"
- "traefik.http.routers.dozzle.middlewares=auth@file, csrf@file"
- "traefik.http.routers.dozzle.tls.certresolver=letsencrypt"
- "traefik.http.routers.dozzle.service=dozzle_service"
- "traefik.http.services.dozzle_service.loadbalancer.server.port=8080"
# WhoAmI - For Testing and Troubleshooting
whoami:
image: traefik/whoami
security_opt:
- no-new-privileges:true
restart: unless-stopped
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami-rtr.entrypoints=web-secure"
- "traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAINNAME`)"
- "traefik.http.routers.whoami-rtr.middlewares=csrf@file"
- "traefik.http.routers.whoami-rtr.tls.certresolver=letsencrypt"
- "traefik.http.routers.whoami-rtr.service=whoami-svc"
- "traefik.http.services.whoami-svc.loadbalancer.server.port=80"
# kestra:
# image: kestra/kestra:latest-full
# container_name: kestra
# # pull_policy: always
# # Note that this is meant for development only. Refer to the documentation for production deployments of Kestra which runs without a root user.
# user: "root"
# command: server standalone --worker-thread=128
# environment:
# KESTRA_CONFIGURATION: |
# datasources:
# postgres:
# url: jdbc:postgresql://postgres:5432/kestra
# driverClassName: org.postgresql.Driver
# username: ${POSTGRES_USER}
# password: ${POSTGRES_PASSWORD}
# kestra:
# server:
# basic-auth:
# enabled: true
# username: ${EMAIL_FROM} # it must be a valid email address
# password: ${EMAIL_PASSWORD}
# repository:
# type: postgres
# storage:
# type: local
# local:
# base-path: "/app/storage"
# queue:
# type: postgres
# tasks:
# tmp-dir:
# path: /tmp/kestra-wd/tmp
# url: http://kestra.furyhawk.lol/
# volumes:
# - kestra_data:/app/storage
# - /var/run/docker.sock:/var/run/docker.sock
# # - /tmp/kestra-wd:/tmp/kestra-wd
# depends_on:
# - postgres
# expose:
# - "8080"
# - "8081"
# networks:
# - net
compose/streamlit-fin/Dockerfile
-29
View File
@@ -1,29 +0,0 @@
# base image
FROM python:3.12-slim
#basic build prep
RUN apt-get update && apt-get install -y \
build-essential \
curl \
software-properties-common \
git \
&& rm -rf /var/lib/apt/lists/*
# copy over and install packages
COPY ./src/requirements.txt ./requirements.txt
RUN pip3 install cython
RUN pip3 install -r requirements.txt
# streamlit-specific commands
RUN mkdir -p /root/.streamlit
RUN bash -c 'echo -e "\
[general]\n\
email = \"\"\n\
" > /root/.streamlit/credentials.toml'
# RUN bash -c 'echo -e "\
# [server]\n\
# baseUrlPath = \"/fin\"\n\
# " > /root/.streamlit/config.toml'
# copying everything over
COPY . .
compose/traefik/Dockerfile
+1 -1
View File
@@ -2,5 +2,5 @@ FROM traefik:latest
RUN mkdir -p /etc/traefik/acme \
&& touch /etc/traefik/acme/acme.json \
&& chmod 600 /etc/traefik/acme/acme.json
COPY ./compose/traefik/traefik.yml /etc/traefik
COPY ./traefik/traefik.yml /etc/traefik
COPY usersfile /etc/traefik
compose/traefik/middlewares-basic-auth.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
middlewares-basic-auth:
basicAuth:
# users:
# - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
usersFile: "/run/secrets/basic_auth_credentials"
realm: "Traefik 3 Basic Auth"
compose/traefik/traefik.yml
+79 -316
View File
@@ -1,5 +1,5 @@
log:
level: DEBUG
level: INFO
accessLog: {}
api:
# Dashboard
@@ -36,8 +36,8 @@ entryPoints:
bolt-socket:
address: ":7687"
# osrm:
# address: ":5000"
postgres-socket:
address: ":5432"
certificatesResolvers:
letsencrypt:
@@ -59,16 +59,18 @@ tcp:
certResolver: letsencrypt
service: neo4j-bolt
# emqx-web-socket-router:
# entryPoints:
# - web-socket
# rule: "HostSNI(`*.furyhawk.lol`)"
# service: emqx-web-socket-service
emqx-web-socket-router:
entryPoints:
- web-socket
rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
tls:
certResolver: letsencrypt
service: emqx-web-socket-service
# emqx-web-socket-secure-router:
# entryPoints:
# - web-socket-secure
# rule: "HostSNI(`*.furyhawk.lol`)"
# rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
# service: emqx-web-socket-secure-service
# tls:
# passthrough: true
@@ -90,58 +92,8 @@ tcp:
# - address: "emqx2:8084"
http:
routers:
dashboard:
entryPoints:
- web-secure
rule: "Host(`dashboard.furyhawk.lol`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
middlewares:
- auth
tls:
# https://docs.traefik.io/master/routing/routers/#certresolver
certResolver: letsencrypt
service: api@internal
portainer-router:
entryPoints:
- web-secure
rule: "Host(`portainer.furyhawk.lol`) || Host(`port.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: portainer_service
edge-router:
entryPoints:
- web-secure
rule: "Host(`edge.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: edge_service
adminer-router:
entryPoints:
- web-secure
rule: "Host(`adminer.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: adminer_app
api-router:
entryPoints:
- web-secure
rule: "Host(`api.furyhawk.lol`)"
middlewares:
- auth
- csrf
tls:
certResolver: letsencrypt
service: api_server
chat-router:
entryPoints:
@@ -153,16 +105,6 @@ http:
certResolver: letsencrypt
service: librechat_app
cheatsheets-router:
entryPoints:
- web-secure
rule: "Host(`cheat.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: cheatsheets_app
# forum-router:
# entryPoints:
# - web-secure
@@ -173,36 +115,6 @@ http:
# tls:
# certResolver: letsencrypt
# service: forum_server
ghost-router:
entryPoints:
- web-secure
rule: "Host(`ghost.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: ghost_app
heynote-router:
entryPoints:
- web-secure
rule: "Host(`note.furyhawk.lol`) || Host(`pad.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: heynote_app
jellyfin-router:
entryPoints:
- web-secure
rule: "Host(`media.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: jellyfin_app
# kestra-router:
# entryPoints:
@@ -214,16 +126,6 @@ http:
# certResolver: letsencrypt
# service: kestra_app
meshtastic-router:
entryPoints:
- web-secure
rule: "Host(`mesh.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: meshtastic_app
plane-router:
entryPoints:
- web-secure
@@ -234,56 +136,6 @@ http:
certResolver: letsencrypt
service: plane_app
privatebin-router:
entryPoints:
- web-secure
rule: "Host(`bin.furyhawk.lol`) || Host(`paste.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: bin_app
redlib-router:
entryPoints:
- web-secure
rule: "Host(`redlib.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: redlib_app
thelounge-router:
entryPoints:
- web-secure
rule: "Host(`irc.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: thelounge_app
minio-router:
entryPoints:
- web-secure
rule: "Host(`drive.furyhawk.lol`) || Host(`storage.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: minio_server
minio-api-router:
entryPoints:
- web-secure
rule: "Host(`minio.furyhawk.lol`) || Host(`s3.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: minio_service
neo4j-router:
entryPoints:
- web-secure
@@ -349,80 +201,39 @@ http:
certResolver: letsencrypt
service: mqttx-web
osrm-router:
entryPoints:
- "web-secure"
rule: "Host(`osrm.furyhawk.lol`)"
# - "osrm"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: osrm_service
# info-router:
# entryPoints:
# - web-secure
# rule: "Host(`furyhawk.lol`) || Host(`www.furyhawk.lol`) || Host(`info.furyhawk.lol`) || Host(`124c41.furyhawk.lol`)"
# middlewares:
# - csrf
# - no-www
# tls:
# certResolver: letsencrypt
# service: site_server
syncthing-router:
entryPoints:
- web-secure
rule: "Host(`sync.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: syncthing_app
# resume-router:
# entryPoints:
# - web-secure
# rule: "Host(`resume.furyhawk.lol`)"
# # redirect to resume
# middlewares:
# - csrf
# - redirect-resume
# tls:
# certResolver: letsencrypt
# service: resume_server
bai-router:
entryPoints:
- web-secure
rule: "Host(`bai.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: streamlit_bai_app
fin-router:
entryPoints:
- web-secure
rule: "Host(`fin.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: streamlit_fin_app
info-router:
entryPoints:
- web-secure
rule: "Host(`furyhawk.lol`) || Host(`www.furyhawk.lol`) || Host(`info.furyhawk.lol`) || Host(`124c41.furyhawk.lol`)"
middlewares:
- csrf
- no-www
tls:
certResolver: letsencrypt
service: site_server
resume-router:
entryPoints:
- web-secure
rule: "Host(`resume.furyhawk.lol`)"
# redirect to resume
middlewares:
- csrf
- redirect-resume
tls:
certResolver: letsencrypt
service: resume_server
blog-router:
entryPoints:
- web-secure
rule: "Host(`blog.furyhawk.lol`)"
# redirect to external blog
middlewares:
- redirect-blog
tls:
certResolver: letsencrypt
service: blog
# blog-router:
# entryPoints:
# - web-secure
# rule: "Host(`blog.furyhawk.lol`)"
# # redirect to external blog
# middlewares:
# - redirect-blog
# tls:
# certResolver: letsencrypt
# service: blog
middlewares:
auth:
@@ -445,6 +256,12 @@ http:
replacement: https://${1}
permanent: true
rate-limit:
rateLimit:
average: 384
burst: 128
period: 10s
# redirect to resume
redirect-resume:
redirectRegex:
@@ -464,52 +281,34 @@ http:
stripprefix:
prefixes:
- "/neo4j"
secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- "X-Forwarded-Host"
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
# forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works.
customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: "same-origin"
permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," # disable search engines from indexing home server
server: "" # hide server info from visitors
services:
portainer_service:
loadBalancer:
servers:
- url: http://portainer:9000
edge_service:
loadBalancer:
servers:
- url: http://portainer:8000
osrm_service:
loadBalancer:
servers:
- url: http://osrm_backend:5000
adminer_app:
loadBalancer:
servers:
- url: http://adminer:8080
api_server:
loadBalancer:
servers:
- url: http://api_server:8000
bin_app:
loadBalancer:
servers:
- url: http://privatebin:8080
cheatsheets_app:
loadBalancer:
servers:
- url: http://cheatsheets_app:80
# forum_server:
# loadBalancer:
# servers:
# - url: http://flarum-web:80
ghost_app:
loadBalancer:
servers:
- url: http://ghost-server:2368
heynote_app:
loadBalancer:
servers:
- url: http://heynote_app:5173
jellyfin_app:
loadBalancer:
servers:
- url: http://jellyfin:8096
# kestra_app:
# loadBalancer:
# servers:
@@ -518,26 +317,6 @@ http:
loadBalancer:
servers:
- url: http://LibreChat:3080
redlib_app:
loadBalancer:
servers:
- url: http://redlib:3080
thelounge_app:
loadBalancer:
servers:
- url: http://thelounge:9000
meshtastic_app:
loadBalancer:
servers:
- url: http://meshtastic_web:8080
minio_server:
loadBalancer:
servers:
- url: http://minio_server:9001
minio_service:
loadBalancer:
servers:
- url: http://minio_server:9000
neo4j-browser:
loadBalancer:
servers:
@@ -550,14 +329,6 @@ http:
loadBalancer:
servers:
- url: http://node01:80
streamlit_bai_app:
loadBalancer:
servers:
- url: http://streamlit-bai:8502
streamlit_fin_app:
loadBalancer:
servers:
- url: http://streamlit-fin:8501
emqx-mqtt-socket:
loadBalancer:
servers:
@@ -580,22 +351,14 @@ http:
loadBalancer:
servers:
- url: http://mqttx_web:80
syncthing_app:
loadBalancer:
servers:
- url: http://syncthing:8384
site_server:
loadBalancer:
servers:
- url: http://site_server:80
resume_server:
loadBalancer:
servers:
- url: http://site_server:80
blog:
loadBalancer:
servers:
- url: https://furyhawk.github.io/124c41/
# resume_server:
# loadBalancer:
# servers:
# - url: http://site_server:80
# blog:
# loadBalancer:
# servers:
# - url: https://furyhawk.github.io/124c41/
providers:
# https://docs.traefik.io/master/providers/file/
config/.gitignore
-4
View File
@@ -1,4 +0,0 @@
*
!.gitignore
!certs.toml
!conf.example.php
docker-compose.yml
-442
View File
@@ -1,442 +0,0 @@
x-environment: &default-environment
LOG_LEVEL: "DEBUG"
LOG_PATH: "./logs"
ACME_PATH: "./acme.json"
NETWORK: "${NETWORK:-host}"
FIN_LOCATION: ""
STREAMLIT_FIN_SERVER_PORT: "8501"
GROQ_API_KEY: "${GROQ_API_KEY}"
BAI_LOCATION: ""
STREAMLIT_BAI_SERVER_PORT: "8502"
volumes:
bai_cache: {}
ghost_content: {}
ghost_mysql: {}
jellyfin_config: {}
jellyfin_cache: {}
kestra_data: {}
minio_data: {}
neo4j_data: {}
neo4j_logs: {}
pgadmin: {}
privatebin_data: {}
production_traefik: {}
postgres_data: {}
portainer_data: {}
thelounge_data: {}
services:
postgres:
image: postgres
container_name: postgres
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
PGDATA: "/var/lib/postgresql/data"
LANG: en_US.utf8
TZ: Asia/Singapore
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 30s
timeout: 10s
retries: 10
ports:
- "5432:5432"
networks:
- net
- default
api_server:
image: furyhawk/listen:latest
container_name: api_server
restart: always
depends_on:
- postgres
environment:
DATABASE__HOSTNAME: ${DATABASE__HOSTNAME}
DATABASE__USERNAME: ${POSTGRES_USER}
DATABASE__PASSWORD: ${POSTGRES_PASSWORD}
DATABASE__PORT: ${DATABASE__PORT}
DATABASE__DB: ${DATABASE__DB}
SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
ports:
- "8000:8000"
networks:
- net
- default
osrm-backend:
environment:
# OSRM manager setup
- OSRM_ALGORITHM=mld
- OSRM_THREADS=2
- OSRM_PORT=${OSRM_PORT:-5000}
- OSRM_PROFILE=/opt/car.lua
- OSRM_MAP_NAME=${OSRM_MAP_NAME}
- OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
# Notify OSRM Manager to restart without stopping container
- OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
container_name: osrm_backend
restart: unless-stopped
expose:
- ${OSRM_PORT:-5000}
networks:
- net
- default
minio-common:
image: minio/minio:latest
container_name: minio_server
environment:
MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}"
MINIO_OPTS: "--console-address :9001"
MINIO_SERVER_URL: https://drive.furyhawk.lol
# user: "1000:1000"
restart: unless-stopped
command: server /data --address :9000 --console-address :9001
healthcheck:
test: ["CMD", "mc", "ready", "local"]
interval: 65s
timeout: 5s
retries: 5
volumes:
- minio_data:/data
expose:
- 9000
- 9001
networks:
- net
- default
neo4j_server:
# Docker image to be used
image: ${NEO4J_DOCKER_IMAGE:-neo4j:latest}
container_name: neo4j_server
restart: unless-stopped
# Environment variables
environment:
NEO4J_AUTH: neo4j/${NEO4J_PASSWORD:-12345678}
NEO4J_dbms.default_listen_address: "0.0.0.0"
NEO4J_dbms.default_advertised_address: "neo4j.furyhawk.lol"
NEO4J_dbms.connector.bolt.advertised_address: ":443"
NEO4J_PLUGINS: '["apoc"]'
NEO4J_dbms_security_procedures_unrestricted: "apoc.*"
NEO4J_dbms_security_procedures_allowlist: "apoc.*"
NEO4J_server_memory_pagecache_size: 512M
NEO4J_server_memory_heap_max__size: 2G
user: "1000:1000"
depends_on:
- traefik
volumes:
- neo4j_data:/data
- neo4j_logs:/logs
# Expose ports
expose:
- 7474
- 7687
networks:
- net
- default
syncthing:
image: syncthing/syncthing
container_name: syncthing
environment:
- PUID=1000
- PGID=1000
restart: unless-stopped
volumes:
- ~/st-sync:/var/syncthing
ports:
- "8384:8384" # Web UI
- "22000:22000/tcp" # TCP file transfers
- "22000:22000/udp" # QUIC file transfers
- "21027:21027/udp" # Receive local discovery broadcasts
networks:
- net
- default
# kestra:
# image: kestra/kestra:latest-full
# container_name: kestra
# # pull_policy: always
# # Note that this is meant for development only. Refer to the documentation for production deployments of Kestra which runs without a root user.
# user: "root"
# command: server standalone --worker-thread=128
# environment:
# KESTRA_CONFIGURATION: |
# datasources:
# postgres:
# url: jdbc:postgresql://postgres:5432/kestra
# driverClassName: org.postgresql.Driver
# username: ${POSTGRES_USER}
# password: ${POSTGRES_PASSWORD}
# kestra:
# server:
# basic-auth:
# enabled: true
# username: ${EMAIL_FROM} # it must be a valid email address
# password: ${EMAIL_PASSWORD}
# repository:
# type: postgres
# storage:
# type: local
# local:
# base-path: "/app/storage"
# queue:
# type: postgres
# tasks:
# tmp-dir:
# path: /tmp/kestra-wd/tmp
# url: http://kestra.furyhawk.lol/
# volumes:
# - kestra_data:/app/storage
# - /var/run/docker.sock:/var/run/docker.sock
# # - /tmp/kestra-wd:/tmp/kestra-wd
# depends_on:
# - postgres
# expose:
# - "8080"
# - "8081"
# networks:
# - net
adminer:
image: adminer
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
PGID: 1000
PUID: 1000
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PYTHONPATH: "/pgadmin4"
TZ: Asia/Singapore
user: "1000:1000"
volumes:
- pgadmin:/var/lib/pgadmin
restart: unless-stopped
depends_on:
- postgres
expose:
- 80
networks:
- net
cheatsheets-app:
image: furyhawk/cheatsheets:${CHEATSHEETSTAG:-latest}
restart: unless-stopped
expose:
- 80
networks:
- net
ghost-db:
image: mysql:8
container_name: ghost-db
security_opt:
- seccomp:unconfined
restart: always
command: --mysql-native-password=ON
environment:
MYSQL_ROOT_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- ghost_mysql:/var/lib/mysql
expose:
- 3306
networks:
- net
ghost-server:
image: ghost
container_name: ghost_server
cap_add:
- CAP_SYS_NICE
security_opt:
- seccomp:unconfined
restart: always
depends_on:
- ghost-db
environment:
url: https://ghost.furyhawk.lol
database__client: mysql
database__connection__host: ghost-db
database__connection__user: root
database__connection__password: ${POSTGRES_PASSWORD}
database__connection__database: ghost
volumes:
- ghost_content:/var/lib/ghost/content
expose:
- 2368
networks:
- net
heynote-app:
image: furyhawk/heynote:${HEYNOTETAG:-latest}
restart: unless-stopped
environment:
NODE_ENV: production
expose:
- 5173
networks:
- net
jellyfin:
image: jellyfin/jellyfin
user: 1000:1000
volumes:
- jellyfin_config:/config
- jellyfin_cache:/cache
- type: bind
source: ~/media
target: /media
read_only: false
restart: 'unless-stopped'
# Optional - alternative address used for autodiscovery
environment:
- JELLYFIN_PublishedServerUrl=https://media.furyhawk.lol
expose:
- 8096
networks:
- net
meshtastic_web:
image: ghcr.io/meshtastic/web
restart: unless-stopped
expose:
- 8080
- 8443
networks:
- net
privatebin:
image: privatebin/nginx-fpm-alpine:latest
read_only: true
user: "1000:1000"
volumes:
- privatebin_data:/srv/data # data volume for pastes allows pastes
# to persist after container stop or restart
- './config/conf.php:/srv/cfg/conf.php:ro' # second volume for custom configuration file
expose:
- 8080
restart: unless-stopped
networks:
- net
redlib:
image: quay.io/redlib/redlib:latest-arm
restart: unless-stopped
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
# - seccomp=seccomp-redlib.json
cap_drop:
- ALL
env_file: .env
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://127.0.0.1:3080/settings"]
interval: 5m
timeout: 3s
expose:
- 3080 # Specify `127.0.0.1:8080:3080` instead if using a reverse proxy
networks:
- net
thelounge:
image: ghcr.io/thelounge/thelounge:latest
restart: unless-stopped
volumes:
- thelounge_data:/var/opt/thelounge # bind lounge config from the host's file system
expose:
- 9000
networks:
- net
streamlit-bai:
environment:
<<: *default-environment
image: furyhawk/beyondallinfo:latest
restart: unless-stopped
command: streamlit run --server.port=$STREAMLIT_BAI_SERVER_PORT --server.address=0.0.0.0 --server.baseUrlPath=$BAI_LOCATION src/app.py
volumes:
- bai_cache:/app/cache
expose:
- ${STREAMLIT_BAI_SERVER_PORT}
networks:
- net
streamlit-fin:
environment:
<<: *default-environment
image: furyhawk/llama3toolsfin:main
restart: unless-stopped
expose:
- ${STREAMLIT_FIN_SERVER_PORT}
networks:
- net
site_server:
image: nginx:alpine
restart: unless-stopped
volumes:
- ./site:/usr/share/nginx/html:ro
expose:
- 80
networks:
- net
portainer:
image: portainer/portainer-ce:sts
command: -H unix:///var/run/docker.sock
container_name: portainer
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
expose:
- 8000
- 9000
networks:
- net
- default
traefik:
environment:
<<: *default-environment
build:
context: .
dockerfile: ./compose/traefik/Dockerfile
image: traefik_production
container_name: traefik
restart: always
volumes:
- "${LOG_PATH:-./logs}:/logs"
- production_traefik:/etc/traefik/acme:z
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# extra_hosts:
# - "host.docker.internal:host-gateway"
ports:
- "80:80"
- "443:443"
- "7687:7687"
- "8083:8083"
- "8084:8084"
- "8883:8883"
# - "1883:1883"
# - 18083:18083
networks:
- net
- default
networks:
net:
external: true
name: ${NETWORK:-web}
emqx-docker
+1 -1
Submodule emqx-docker updated: 3709f3f65d...554e4b1872
jellyfin-cache/.gitignore
-2
View File
@@ -1,2 +0,0 @@
*
!.gitignore
jellyfin-config/.gitignore
-2
View File
@@ -1,2 +0,0 @@
*
!.gitignore
librechat.yaml
-144
View File
@@ -1,144 +0,0 @@
# For more information, see the Configuration Guide:
# https://docs.librechat.ai/install/configuration/custom_config.html
# Configuration version (required)
version: 1.0.6
# Cache settings: Set to true to enable caching
cache: true
# Custom nterface configuration
interface:
# Privacy policy settings
privacyPolicy:
externalUrl: 'https://librechat.ai/privacy-policy'
openNewTab: true
# Terms of service
termsOfService:
externalUrl: 'https://librechat.ai/tos'
openNewTab: true
# Example Registration Object Structure (optional)
registration:
socialLogins: ['github', 'google', 'discord', 'openid', 'facebook']
# allowedDomains:
# - "gmail.com"
# rateLimits:
# fileUploads:
# ipMax: 100
# ipWindowInMinutes: 60 # Rate limit window for file uploads per IP
# userMax: 50
# userWindowInMinutes: 60 # Rate limit window for file uploads per user
# Definition of custom endpoints
endpoints:
# assistants:
# disableBuilder: false # Disable Assistants Builder Interface by setting to `true`
# pollIntervalMs: 750 # Polling interval for checking assistant updates
# timeoutMs: 180000 # Timeout for assistant operations
# # Should only be one or the other, either `supportedIds` or `excludedIds`
# supportedIds: ["asst_supportedAssistantId1", "asst_supportedAssistantId2"]
# # excludedIds: ["asst_excludedAssistantId"]
# # (optional) Models that support retrieval, will default to latest known OpenAI models that support the feature
# retrievalModels: ["gpt-4-turbo-preview"]
# # (optional) Assistant Capabilities available to all users. Omit the ones you wish to exclude. Defaults to list below.
# capabilities: ["code_interpreter", "retrieval", "actions", "tools", "image_vision"]
custom:
# Groq Example
- name: 'groq'
apiKey: '${GROQ_API_KEY}'
baseURL: 'https://api.groq.com/openai/v1/'
models:
default: [
"llama3-70b-8192",
"llama3-8b-8192",
"llama2-70b-4096",
"mixtral-8x7b-32768",
"gemma-7b-it",
]
fetch: false
titleConvo: true
titleModel: 'mixtral-8x7b-32768'
modelDisplayLabel: 'groq'
# # Mistral AI Example
# - name: 'Mistral' # Unique name for the endpoint
# # For `apiKey` and `baseURL`, you can use environment variables that you define.
# # recommended environment variables:
# apiKey: '${MISTRAL_API_KEY}'
# baseURL: 'https://api.mistral.ai/v1'
# # Models configuration
# models:
# # List of default models to use. At least one value is required.
# default: ['mistral-tiny', 'mistral-small', 'mistral-medium']
# # Fetch option: Set to true to fetch models from API.
# fetch: true # Defaults to false.
# # Optional configurations
# # Title Conversation setting
# titleConvo: true # Set to true to enable title conversation
# # Title Method: Choose between "completion" or "functions".
# # titleMethod: "completion" # Defaults to "completion" if omitted.
# # Title Model: Specify the model to use for titles.
# titleModel: 'mistral-tiny' # Defaults to "gpt-3.5-turbo" if omitted.
# # Summarize setting: Set to true to enable summarization.
# # summarize: false
# # Summary Model: Specify the model to use if summarization is enabled.
# # summaryModel: "mistral-tiny" # Defaults to "gpt-3.5-turbo" if omitted.
# # Force Prompt setting: If true, sends a `prompt` parameter instead of `messages`.
# # forcePrompt: false
# # The label displayed for the AI model in messages.
# modelDisplayLabel: 'Mistral' # Default is "AI" when not set.
# # Add additional parameters to the request. Default params will be overwritten.
# # addParams:
# # safe_prompt: true # This field is specific to Mistral AI: https://docs.mistral.ai/api/
# # Drop Default params parameters from the request. See default params in guide linked below.
# # NOTE: For Mistral, it is necessary to drop the following parameters or you will encounter a 422 Error:
# dropParams: ['stop', 'user', 'frequency_penalty', 'presence_penalty']
# # OpenRouter Example
# - name: 'OpenRouter'
# # For `apiKey` and `baseURL`, you can use environment variables that you define.
# # recommended environment variables:
# # Known issue: you should not use `OPENROUTER_API_KEY` as it will then override the `openAI` endpoint to use OpenRouter as well.
# apiKey: '${OPENROUTER_KEY}'
# baseURL: 'https://openrouter.ai/api/v1'
# models:
# default: ['gpt-3.5-turbo']
# fetch: true
# titleConvo: true
# titleModel: 'gpt-3.5-turbo'
# # Recommended: Drop the stop parameter from the request as Openrouter models use a variety of stop tokens.
# dropParams: ['stop']
# modelDisplayLabel: 'OpenRouter'
# fileConfig:
# endpoints:
# assistants:
# fileLimit: 5
# fileSizeLimit: 10 # Maximum size for an individual file in MB
# totalSizeLimit: 50 # Maximum total size for all files in a single request in MB
# supportedMimeTypes:
# - "image/.*"
# - "application/pdf"
# openAI:
# disabled: true # Disables file uploading to the OpenAI endpoint
# default:
# totalSizeLimit: 20
# YourCustomEndpointName:
# fileLimit: 2
# fileSizeLimit: 5
# serverFileSizeLimit: 100 # Global server file size limit in MB
# avatarSizeLimit: 2 # Limit for user avatar image size in MB
# See the Custom Configuration Guide for more information:
# https://docs.librechat.ai/install/configuration/custom_config.html
makefile
+3 -2
View File
@@ -5,10 +5,11 @@
# Commands
serve: down
@echo "Serving the project..."
docker compose -f docker-compose.yml -f ./emqx-docker/docker-compose.yml -f ./LibreChat/docker-compose.yml -f ./LibreChat/docker-compose.override.yml up --build -d
docker compose -f compose.yml up -d --build traefik
docker compose -f compose.yml up -d
down: pull
@echo "Stopping the project..."
docker compose -f docker-compose.yml -f ./emqx-docker/docker-compose.yml -f ./LibreChat/docker-compose.yml -f ./LibreChat/docker-compose.override.yml down --remove-orphans
docker compose -f compose.yml down --remove-orphans
pull:
@echo "Pulling the project..."
neo4j/.gitignore
-2
View File
@@ -1,2 +0,0 @@
*
!.gitignore
pgadmin/.gitignore
-2
View File
@@ -1,2 +0,0 @@
*
!.gitignore
postgres-data/.gitignore
-2
View File
@@ -1,2 +0,0 @@
*
!.gitignore
site/.gitignore
-2
View File
@@ -1,2 +0,0 @@
*
!.gitignore
test/baby.yml
+92
View File
@@ -0,0 +1,92 @@
services:
# Traefik 3 - Reverse Proxy
traefik:
container_name: traefik
image: traefik:latest
security_opt:
- no-new-privileges:true
restart: unless-stopped
# profiles: ["core", "all"]
networks:
t3_proxy:
ipv4_address: 192.168.90.254 # You can specify a static IP
socket_proxy:
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.traefik.address=:8080
- --entrypoints.websecure.http.tls=true
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --api=true
- --api.dashboard=true
# - --api.insecure=true
#- --serversTransport.insecureSkipVerify=true
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- --entrypoints.websecure.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
- --log=true
- --log.filePath=/logs/traefik.log
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/logs/access.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=204-299,400-499,500-599
- --providers.docker=true
# - --providers.docker.endpoint=unix:///var/run/docker.sock # Disable for Socket Proxy. Enable otherwise.
- --providers.docker.endpoint=tcp://socket-proxy:2375 # Enable for Socket Proxy. Disable otherwise.
- --providers.docker.exposedByDefault=false
- --providers.docker.network=t3_proxy
# - --providers.docker.swarmMode=false # Traefik v2 Swarm
# - --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm
- --entrypoints.websecure.http.tls.options=tls-opts@file
# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
- --entrypoints.websecure.http.tls.certresolver=dns-cloudflare
- --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME_1
- --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME_1
# - --entrypoints.websecure.http.tls.domains[1].main=$DOMAINNAME_2 # Pulls main cert for second domain
# - --entrypoints.websecure.http.tls.domains[1].sans=*.$DOMAINNAME_2 # Pulls wildcard cert for second domain
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
- --providers.file.watch=true # Only works on top level files in the rules folder
- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
# - target: 8080 # need to enable --api.insecure=true
# published: 8085
# protocol: tcp
# mode: host
volumes:
- $DOCKERDIR/appdata/traefik3/rules/$HOSTNAME:/rules # Dynamic File Provider directory
# - /var/run/docker.sock:/var/run/docker.sock:ro # Enable if not using Socket Proxy
- $DOCKERDIR/appdata/traefik3/acme/acme.json:/acme.json # Certs File
- $DOCKERDIR/logs/$HOSTNAME/traefik:/logs # Traefik logs
environment:
- TZ=$TZ
- CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token
- HTPASSWD_FILE=/run/secrets/basic_auth_credentials # HTTP Basic Auth Credentials
- DOMAINNAME_1 # Passing the domain name to traefik container to be able to use the variable in rules.
secrets:
- cf_dns_api_token
- basic_auth_credentials
labels:
- "traefik.enable=true"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=websecure"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_1`)"
# Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
# Middlewares
- "traefik.http.routers.traefik-rtr.middlewares=middlewares-basic-auth@file" # For Basic HTTP Authentication
test/core.yml
+57
View File
@@ -0,0 +1,57 @@
services:
reverse-proxy:
image: traefik:latest
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
# - "8080:8080"
# - "443:443"
volumes:
- ./traefik.yml:/traefik.yml:ro
- /var/run/docker.sock:/var/run/docker.sock
# - tls:/tls
dozzle:
container_name: dozzle
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- "8081:8080"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dozzle.entrypoints=web"
- "traefik.http.routers.dozzle.rule=Host(`$HOSTNAME`) && PathPrefix(`/dozzle`)"
- "traefik.http.services.dozzle.loadbalancer.server.port=8081"
# Homepage - Application Dashboard
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
security_opt:
- no-new-privileges:true
restart: unless-stopped
ports:
- "3000:3000"
# volumes:
# - $DOCKERDIR/appdata/homepage:/app/config
environment:
TZ: $TZ
PUID: $PUID
PGID: $PGID
labels:
- "traefik.enable=true"
# HTTP Routers
- "traefik.http.routers.homepage-rtr.entrypoints=web"
- "traefik.http.routers.homepage-rtr.rule=Host(`$HOSTNAME`) && PathPrefix(`/home`)" # Both domain.com and www.domain.com
# HTTP Services
- "traefik.http.routers.homepage-rtr.service=homepage-svc"
- "traefik.http.services.homepage-svc.loadbalancer.server.port=3000"
# volumes:
# tls:
test/traefik.yml
+25
View File
@@ -0,0 +1,25 @@
api:
insecure: true
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
# ssh:
# address: ":222"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
certificatesResolver:
letsEncrypt:
acme:
email: wteckmeng@outlook.com
storage: /tls/acme.json
httpChallenge:
entryPoint: web