From a6ec3b9cc41d83c51fe0af711fb92a58f9f9b132 Mon Sep 17 00:00:00 2001 From: StepanovPlaton Date: Sun, 4 Jan 2026 06:56:55 -0600 Subject: [PATCH] Add basic proxy --- .gitignore | 4 ++ proxy/.env.example | 4 ++ proxy/create-first-cert-example.sh | 8 ++++ proxy/docker-compose.yml | 37 +++++++++++++++++++ proxy/init-compose.yml | 23 ++++++++++++ proxy/nginx/conf.d/default.conf.example | 26 +++++++++++++ proxy/nginx/init/default.conf.example | 12 ++++++ proxy/ssl/conf/.keep | 0 proxy/ssl/www/.keep | 0 proxy/update_dns.sh | 49 +++++++++++++++++++++++++ samba/docker-compose.yml | 3 ++ 11 files changed, 166 insertions(+) create mode 100644 proxy/.env.example create mode 100644 proxy/create-first-cert-example.sh create mode 100644 proxy/docker-compose.yml create mode 100644 proxy/init-compose.yml create mode 100644 proxy/nginx/conf.d/default.conf.example create mode 100644 proxy/nginx/init/default.conf.example create mode 100644 proxy/ssl/conf/.keep create mode 100644 proxy/ssl/www/.keep create mode 100755 proxy/update_dns.sh diff --git a/.gitignore b/.gitignore index c381b3c..c43887c 100644 --- a/.gitignore +++ b/.gitignore @@ -3,5 +3,9 @@ syncthing/config/* transmission/config/* +proxy/nginx/init/default.conf +proxy/nginx/conf.d/default.conf +proxy/ssl/conf/* +proxy/ssl/www/* !.keep diff --git a/proxy/.env.example b/proxy/.env.example new file mode 100644 index 0000000..60fa8e9 --- /dev/null +++ b/proxy/.env.example @@ -0,0 +1,4 @@ +# Используется https://cloud.alviy.com/ddns + +DDNS_TOKEN=token +DDNS_DOMAINS=domain.dynnamn.ru diff --git a/proxy/create-first-cert-example.sh b/proxy/create-first-cert-example.sh new file mode 100644 index 0000000..f72d1d2 --- /dev/null +++ b/proxy/create-first-cert-example.sh @@ -0,0 +1,8 @@ +docker compose -f init-compose.yml up -d + +docker compose run --rm certbot certonly --webroot \ + --webroot-path=/var/www/certbot \ + --email your-email@gmail.com \ + --agree-tos \ + --no-eff-email \ + -d domain.com diff --git a/proxy/docker-compose.yml b/proxy/docker-compose.yml new file mode 100644 index 0000000..bd406e6 --- /dev/null +++ b/proxy/docker-compose.yml @@ -0,0 +1,37 @@ +services: + ddns-updater: + image: alpine:latest + container_name: ddns-updater + env_file: .env + volumes: + - ./update_dns.sh:/update_dns.sh:ro + entrypoint: ["/bin/sh", "-c"] + command: + - | + apk add --no-cache curl bash + /bin/bash /update_dns.sh + restart: "no" + + nginx-proxy: + image: nginx:alpine + container_name: nginx-proxy + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - ./nginx/conf.d:/etc/nginx/conf.d:ro + # Папки для SSL сертификатов + - ./ssl/conf:/etc/letsencrypt:ro + - ./ssl/www:/var/www/certbot:ro + # Подхватываем новые ssl сертификаты + command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'" + + certbot: + image: certbot/certbot + container_name: certbot + volumes: + - ./ssl/conf:/etc/letsencrypt + - ./ssl/www:/var/www/certbot + # Проверяет сертификаты дважды в сутки. Если осталось менее 30 дней - обновляем + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" diff --git a/proxy/init-compose.yml b/proxy/init-compose.yml new file mode 100644 index 0000000..abdbc7e --- /dev/null +++ b/proxy/init-compose.yml @@ -0,0 +1,23 @@ +services: + ddns-updater: + image: alpine:latest + container_name: ddns-updater + env_file: .env + volumes: + - ./update_dns.sh:/update_dns.sh:ro + entrypoint: ["/bin/sh", "-c"] + command: + - | + apk add --no-cache curl bash + /bin/bash /update_dns.sh + restart: "no" + + nginx-proxy: + image: nginx:alpine + container_name: nginx-proxy + restart: always + ports: + - 80:80 + volumes: + - ./nginx/init:/etc/nginx/conf.d:ro + diff --git a/proxy/nginx/conf.d/default.conf.example b/proxy/nginx/conf.d/default.conf.example new file mode 100644 index 0000000..5921cc6 --- /dev/null +++ b/proxy/nginx/conf.d/default.conf.example @@ -0,0 +1,26 @@ +server { + listen 80; + server_name domain.dynnamn.ru domain2.dynnamn.ru; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name domain.dynnamn.ru; + + ssl_certificate /etc/letsencrypt/live/domain.dynnamn.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/domain.dynnamn.ru/privkey.pem; + + location / { + return 200 "Hello world!"; + # proxy_pass http://your_app_container:port; + # proxy_set_header Host $host; + } +} diff --git a/proxy/nginx/init/default.conf.example b/proxy/nginx/init/default.conf.example new file mode 100644 index 0000000..8ba809d --- /dev/null +++ b/proxy/nginx/init/default.conf.example @@ -0,0 +1,12 @@ +server { + listen 80; + server_name domain.dynnamn.ru domain2.dynnamn.ru; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 200 "Hello HTTP!"; + } +} diff --git a/proxy/ssl/conf/.keep b/proxy/ssl/conf/.keep new file mode 100644 index 0000000..e69de29 diff --git a/proxy/ssl/www/.keep b/proxy/ssl/www/.keep new file mode 100644 index 0000000..e69de29 diff --git a/proxy/update_dns.sh b/proxy/update_dns.sh new file mode 100755 index 0000000..7171ac1 --- /dev/null +++ b/proxy/update_dns.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Проверяем наличие необходимых переменных +if [ -z "$DDNS_TOKEN" ] || [ -z "$DDNS_DOMAINS" ]; then + echo "Ошибка: Переменные DDNS_TOKEN или DDNS_DOMAINS не заданы." + exit 1 +fi + +while true; do + echo "Определяем внешний IPv4..." + CURRENT_IP=$(curl -s https://ifconfig.me) + + if [ -z "$CURRENT_IP" ]; then + echo "Не удалось получить IP. Повтор через 30 секунд..." + sleep 30 + continue + fi + + echo "Ваш IP: $CURRENT_IP. Начинаем обновление доменов..." + + ALL_SUCCESS=true + + for DOMAIN in $DDNS_DOMAINS; do + echo "Обновляю домен: $DOMAIN" + + # Выполняем запрос PUT согласно вашему формату + RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \ + -X 'PUT' "https://cloud.alviy.com/api/v1/ddns/domain/$DOMAIN" \ + -H 'accept: application/json' \ + -H "Authorization: Bearer $DDNS_TOKEN" \ + -H 'Content-Type: application/json' \ + -d "{ \"ipv4\": [ \"$CURRENT_IP\" ] }") + + if [ "$RESPONSE" == "200" ]; then + echo "Успешно обновлено: $DOMAIN" + else + echo "Ошибка обновления $DOMAIN. Код ответа: $RESPONSE" + ALL_SUCCESS=false + fi + done + + if [ "$ALL_SUCCESS" = true ]; then + echo "Все задачи выполнены успешно. Завершаю работу контейнера." + exit 0 + else + echo "Некоторые домены не обновились. Повторная попытка через 60 секунд..." + sleep 60 + fi +done diff --git a/samba/docker-compose.yml b/samba/docker-compose.yml index 4aa3f66..753e31c 100644 --- a/samba/docker-compose.yml +++ b/samba/docker-compose.yml @@ -17,3 +17,6 @@ services: -u "${SMB_USER:?};${SMB_PASSWORD:?}" -s "${READONLY_NET_NAME:?};/mnt/shared;yes;yes;yes" -s "${NET_NAME:?};/mnt/shared;yes;no;no;${SMB_USER:?}" + -g "acl allow execute always = yes" + -g "map archive = yes" + -g "client max protocol = SMB3"