mirror of
https://github.com/StepanovPlaton/HomeServerServices.git
synced 2026-04-03 12:20:43 +04:00
merge
This commit is contained in:
@@ -1,3 +1,2 @@
|
||||
REGRU_LOGIN=login
|
||||
REGRU_PASSWORD=password
|
||||
CROWDSEC_API_KEY=api_key
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
filenames:
|
||||
- /var/log/nginx/*.log
|
||||
labels:
|
||||
type: nginx
|
||||
@@ -2,6 +2,6 @@ domain.ru
|
||||
@
|
||||
www
|
||||
git
|
||||
disk
|
||||
cloud
|
||||
matrix
|
||||
chat
|
||||
chat
|
||||
|
||||
@@ -1,18 +1,16 @@
|
||||
services:
|
||||
nginx-proxy:
|
||||
image: nginx:alpine
|
||||
image: docker.io/nginx:alpine
|
||||
container_name: nginx-proxy
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 8080:80
|
||||
- 8443:443
|
||||
volumes:
|
||||
- ./nginx/conf.d:/etc/nginx/conf.d:ro
|
||||
# Папки для SSL сертификатов
|
||||
- ./ssl/conf:/etc/letsencrypt:ro
|
||||
- ./ssl/www:/var/www/certbot:ro
|
||||
# Логи для канали CrowdSec
|
||||
- ./nginx/logs:/var/log/nginx
|
||||
# Подхватываем новые ssl сертификаты
|
||||
command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
|
||||
deploy:
|
||||
@@ -28,43 +26,10 @@ services:
|
||||
- cloud_network
|
||||
- matrix_network
|
||||
|
||||
crowdsec:
|
||||
image: crowdsecurity/crowdsec:latest
|
||||
container_name: crowdsec
|
||||
restart: always
|
||||
environment:
|
||||
# Какие коллекции правил установить сразу
|
||||
COLLECTIONS: "crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
|
||||
# Чтобы не захламлять вывод, можно включить только ошибки
|
||||
# LEVEL_TRACE: "false"
|
||||
volumes:
|
||||
# Читаем логи Nginx
|
||||
- ./nginx/logs:/var/log/nginx:ro
|
||||
# Конфигурация и база данных
|
||||
- ./crowdsec/config:/etc/crowdsec
|
||||
- ./crowdsec/data:/var/lib/crowdsec/data
|
||||
ports:
|
||||
- 8081:8080
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.5'
|
||||
memory: 256M
|
||||
|
||||
dashboard:
|
||||
image: crowdsecurity/dashboard
|
||||
container_name: crowdsec-dashboard
|
||||
restart: always
|
||||
environment:
|
||||
- MB_DB_FILE=/data/metabase.db
|
||||
volumes:
|
||||
- ./crowdsec/data:/data
|
||||
ports:
|
||||
- 3001:3000
|
||||
|
||||
certbot:
|
||||
image: certbot/certbot
|
||||
image: docker.io/certbot/certbot
|
||||
container_name: certbot
|
||||
restart: always
|
||||
volumes:
|
||||
- ./ssl/conf:/etc/letsencrypt
|
||||
- ./ssl/www:/var/www/certbot
|
||||
|
||||
@@ -17,11 +17,11 @@ services:
|
||||
memory: 64M
|
||||
|
||||
nginx-proxy:
|
||||
image: nginx:alpine
|
||||
image: docker.io/nginx:alpine
|
||||
container_name: nginx-proxy
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 8080:80
|
||||
volumes:
|
||||
- ./nginx/init:/etc/nginx/conf.d:ro
|
||||
# Папки для SSL сертификатов
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
curl -s https://api.github.com/repos/crowdsecurity/cs-firewall-bouncer/releases/latest | grep browser_download_url | grep linux-amd64 | cut -d '"' -f 4 | wget -qi -
|
||||
tar xzvf crowdsec-firewall-bouncer-linux-amd64.tgz
|
||||
cd crowdsec-firewall-bouncer-v*/
|
||||
# Выбираем nftables
|
||||
sudo ./install.sh
|
||||
|
||||
# Получаем API KEY
|
||||
sudo docker exec crowdsec cscli bouncers add firewall-bouncer
|
||||
|
||||
# Прописываем ключ в конфиге
|
||||
sudo nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
|
||||
# Указваем так же API_URL (см docker-compose.yml, по умолчанию меняем на 8081)
|
||||
# В разделе nftables ipv4 (и ipv6) добавляем параметр hook: prerouting
|
||||
|
||||
# nftables:
|
||||
# ipv4:
|
||||
# enabled: true
|
||||
# set-only: false
|
||||
# table: crowdsec
|
||||
# chain: crowdsec-chain
|
||||
# priority: -10
|
||||
# hook: prerouting
|
||||
# ipv6:
|
||||
# enabled: true
|
||||
# set-only: false
|
||||
# table: crowdsec6
|
||||
# chain: crowdsec6-chain
|
||||
# priority: -10
|
||||
# hook: prerouting
|
||||
|
||||
# Создаём список исключений
|
||||
sudo docker exec crowdsec cscli allowlists create my_vps -d "Allow list for my vps"
|
||||
# Добавляем туда IP нашего VPS сервера для AutoSSH сервиса
|
||||
sudo docker exec crowdsec cscli allowlists add my_vps 1.2.3.4
|
||||
@@ -4,9 +4,6 @@ server {
|
||||
listen [::]:80 default_server;
|
||||
server_name domain.ru www.domain.ru git.domain.ru cloud.domain.ru m.domain.ru chat.domain.ru;
|
||||
|
||||
access_log /var/log/nginx/http_access.log main;
|
||||
error_log /var/log/nginx/http_error.log;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
@@ -26,9 +23,6 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/root_access.log main;
|
||||
error_log /var/log/nginx/root_error.log;
|
||||
|
||||
location / {
|
||||
charset utf-8;
|
||||
default_type text/plain;
|
||||
@@ -44,9 +38,6 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/git.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/git_access.log main;
|
||||
error_log /var/log/nginx/git_error.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://gitea:3000;
|
||||
proxy_set_header Host $host;
|
||||
@@ -64,13 +55,10 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/cloud.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/cloud.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/cloud_access.log main;
|
||||
error_log /var/log/nginx/cloud_error.log;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
location / {
|
||||
proxy_pass http://filebrowser;
|
||||
proxy_pass http://filebrowser:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -86,9 +74,6 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/m.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/m.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/matrix_synapse_access.log main;
|
||||
error_log /var/log/nginx/matrix_synapse_error.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://matrix-synapse:8008;
|
||||
proxy_set_header Host $host;
|
||||
@@ -98,17 +83,6 @@ server {
|
||||
|
||||
client_max_body_size 50M;
|
||||
}
|
||||
|
||||
#location /.well-known/matrix/server {
|
||||
# return 200 '{"m.server": "matrix.domain.ru:443"}';
|
||||
# add_header Content-Type application/json;
|
||||
#}
|
||||
|
||||
#location /.well-known/matrix/client {
|
||||
# return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.ru"}}';
|
||||
# add_header Content-Type application/json;
|
||||
# add_header Access-Control-Allow-Origin *;
|
||||
#}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
@@ -117,11 +91,8 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/chat.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/chat.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/matrix_element_access.log main;
|
||||
error_log /var/log/nginx/matrix_element_error.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://matrix-element;
|
||||
proxy_pass http://matrix-element:8083;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
Reference in New Issue
Block a user