Added seafile config.

2024-08-27 09:42:18 +02:00 · 2024-08-27 09:42:18 +02:00 · 570bfd4c29
commit 570bfd4c29
parent 19d3d161a8
4 changed files with 306 additions and 0 deletions
--- a/config/nginx/forgejo.conf
+++ b/config/nginx/forgejo.conf
@ -0,0 +1,64 @@
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid /tmp/nginx.pid;
+
+
+events
+{
+        worker_connections 1024;
+}
+
+
+http
+{
+        proxy_temp_path /tmp/proxy_temp;
+        client_body_temp_path /tmp/client_temp;
+        fastcgi_temp_path /tmp/fastcgi_temp;
+        uwsgi_temp_path /tmp/uwsgi_temp;
+        scgi_temp_path /tmp/scgi_temp;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+        '$status $body_bytes_sent "$http_referer" '
+        '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log /var/log/nginx/access.log main;
+
+        sendfile on;
+        #tcp_nopush     on;
+
+        keepalive_timeout 65;
+
+        #gzip  on;
+
+        include /etc/nginx/conf.d/*.conf;
+
+
+        server
+        {
+                listen 8443 ssl;
+                listen [::]:8443 ssl;
+                ssl_certificate /etc/nginx/ssl/cert.pem;
+                ssl_certificate_key /etc/nginx/ssl/key.pem;
+                server_name forgejoever.homelab0ne.xyz;
+                location / 
+                {
+                       proxy_pass http://forgejoever:3000;
+                       proxy_set_header X-Forwarded-For $remote_addr;
+                       proxy_set_header X-Forwarded-Proto $scheme;
+                       proxy_set_header Host $host;
+
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+                       client_max_body_size 50M;
+                       proxy_http_version 1.1;
+                }
+
+
+        }
+
+
+}
--- a/config/nginx/seafile.conf
+++ b/config/nginx/seafile.conf
@ -0,0 +1,65 @@
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid /tmp/nginx.pid;
+
+
+events
+{
+        worker_connections 1024;
+}
+
+
+http
+{
+        proxy_temp_path /tmp/proxy_temp;
+        client_body_temp_path /tmp/client_temp;
+        fastcgi_temp_path /tmp/fastcgi_temp;
+        uwsgi_temp_path /tmp/uwsgi_temp;
+        scgi_temp_path /tmp/scgi_temp;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+        '$status $body_bytes_sent "$http_referer" '
+        '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log /var/log/nginx/access.log main;
+
+        sendfile on;
+        #tcp_nopush     on;
+
+        keepalive_timeout 65;
+
+        #gzip  on;
+
+        include /etc/nginx/conf.d/*.conf;
+
+
+        server
+        {
+                listen 8443 ssl;
+                listen [::]:8443 ssl;
+                ssl_certificate /etc/nginx/ssl/cert.pem;
+                ssl_certificate_key /etc/nginx/ssl/key.pem;
+                server_name localhost seafile.homelab0ne.xyz;
+                location / 
+                {
+                       proxy_pass http://seafile:80;
+                       proxy_set_header X-Forwarded-For $remote_addr;
+                       proxy_set_header X-Forwarded-Proto $scheme;
+                       proxy_set_header Host $host;
+                       proxy_set_header Origin 'https://seafile.homelab0ne.xyz';
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+                       client_max_body_size 50M;
+                       proxy_http_version 1.1;
+                }
+
+
+        }
+
+
+}
+
--- a/docker-compose-forgejo.yaml
+++ b/docker-compose-forgejo.yaml
@ -0,0 +1,103 @@
+services:
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:8-rootless
+    container_name: forgejo
+    secrets:
+      - forgejo_internal_token
+      - forgejo_root_password
+      - forgejo_secret_key
+      - lfs_jwt_secret
+      - oauth_jwt_secret
+      - postgres_user_password
+    env_file:
+      - ./.secrets/forgejo.env
+      - ./config/forgejo/forgejo.env
+    environment: 
+      USER_UID: 1000
+      USER_GID: 1000
+ #     FORGEJO__database__NAME: forgejodb
+  #    FORGEJO__database__USER: forgejo
+   #   FORGEJO__database__HOST: postgres:5432
+#      FORGEJO__database__PASSWD_FILE: /run/secrets/postgres_user_password
+#      FORGEJO__database__PASSWD: "${FORGEJO__database__PASSWD}"
+ #     FORGEJO__server__LFS_JWT_SECRET: "${FORGEJO__server__LFS_JWT_SECRET}"
+  #    FORGEJO__security__SECRET_KEY: "${FORGEJO__security__SECRET_KEY}"
+   #   FORGEJO__security__INTERNAL_TOKEN: "${FORGEJO__security__INTERNAL_TOKEN}"
+    #  FORGEJO__oauth2__JWT_SECRET: "${FORGEJO__oauth2__JWT_SECRET}" 
+      ROOT_PASSWORD_FILE: /run/secrets/forgejo_root_password    
+    restart: always
+    networks:
+      forgejo:
+        aliases:
+          - forgejoever  
+    volumes:
+      - ./data/forgejo:/var/lib/gitea:Z
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports: 
+      - "3000:3000"
+      - "30022:30022"
+    depends_on:
+      - postgres
+  reverse-proxy:
+    image: ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
+    container_name: reverse_proxy
+    restart: always
+    ports:
+      - "443:8443"
+    volumes: 
+     - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+     - ./config/nginx/tls.conf:/etc/nginx/conf.d/tls.conf:ro
+     - ./data/certs:/etc/nginx/ssl:ro
+    networks:
+     - forgejo
+     - frontend
+  acme.sh:
+    command:
+      - daemon
+    container_name: acme.sh
+    env_file:
+      - ./.secrets/acme.env
+#    environment:
+#      DEDYN_TOKEN: "${DEDYN_TOKEN}"
+    image: 'ghcr.io/polarix-containers/acme.sh:latest'
+    restart: always
+    volumes:
+      - ./data/acme.sh:/acme.sh:Z
+      - ./data/certs:/certs:z
+  postgres:
+    container_name: postgres
+    image: cgr.dev/chainguard/postgres:latest
+    volumes:
+      - ./data/postgres:/var/lib/postgresql/data:Z
+    restart: unless-stopped 
+    ports:
+      - 5432:5432 
+    env_file:
+      - ./.secrets/acme.env
+#    environment:
+#      POSTGRES_USER: "forgejo"
+#      POSTGRES_DB: "forgejodb"
+#      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
+    networks:
+      forgejo:
+        aliases:  
+        - db
+networks:
+  forgejo:
+      external: false
+  frontend:
+      driver: bridge
+secrets:
+  forgejo_internal_token:
+    file: ./.secrets/forgejo_internal_token
+  forgejo_root_password:
+    file: ./.secrets/forgejo_root_password
+  forgejo_secret_key:
+    file: ./.secrets/forgejo_secret_key
+  lfs_jwt_secret:
+    file: ./.secrets/lfs_jwt_secret
+  oauth_jwt_secret:
+    file: ./.secrets/oauth_jwt_secret
+  postgres_user_password:
+    file: ./.secrets/postgres_user_password
--- a/docker-compose-seafile.yaml
+++ b/docker-compose-seafile.yaml
@ -0,0 +1,74 @@
+services:
+    acme.sh:
+      command:
+        - daemon
+      container_name: acme.sh
+      env_file:
+        - ./.secrets/acme.sh.env
+      image: 'ghcr.io/polarix-containers/acme.sh:latest'
+      restart: always
+      volumes:
+        - ./data/acme.sh:/acme.sh:Z
+        - ./data/certs:/certs:z
+    reverse-proxy:
+      image: ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
+      container_name: reverse_proxy
+      restart: always
+      ports:
+        - "443:8443"
+      volumes: 
+        - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+        - ./config/nginx/tls.conf:/etc/nginx/conf.d/tls.conf:ro
+        - ./data/certs:/etc/nginx/ssl:ro
+      networks:
+        - frontend
+      depends_on:
+        - seafile
+    db:
+      restart: always
+      image: cgr.dev/chainguard/mariadb #mariadb:10.11
+      container_name: seafile-mysql
+      env_file:
+        - ./.secrets/seafile.env 
+      environment:
+        - MYSQL_LOG_CONSOLE=true
+        - MARIADB_AUTO_UPGRADE=1
+      volumes:
+        - ./data/seafile-mysql/db:/var/lib/mysql  
+      networks:
+        - seafile-net
+    memcached:
+      restart: always
+      image: memcached:latest  ##:1.6.18
+      container_name: seafile-memcached
+      entrypoint: memcached -m 256
+      networks:
+        - seafile-net
+    seafile:
+      restart: always
+      image: seafileltd/seafile-mc:11.0-latest
+      container_name: seafile
+      volumes:
+        - ./data/seafile-data:/shared  # Required, specifies the path to Seafile data persistent store.
+      env_file:
+        - ./.secrets/seafile.env
+      environment:
+        - DB_HOST=db
+        - TIME_ZONE=Etc/GMT+2  # Optional, default is UTC. Should be uncomment and set to your local time zone.
+        - SEAFILE_SERVER_HOSTNAME=seafile.homelab0ne.xyz # Specifies your host name if https is enabled.
+        - NON_ROOT=true
+      depends_on:
+        - db
+        - memcached
+      networks:
+        seafile-net:
+        frontend:
+          aliases:
+            - seafile  
+
+networks:
+  joplin:
+      external: false
+  frontend:
+      driver: bridge
+  seafile-net: