Add basic proxy

2026-04-03 20:30:44 +04:00 · 2026-01-04 06:56:55 -06:00
parent 65d8337742
commit a6ec3b9cc4
11 changed files with 166 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,9 @@

 syncthing/config/*
 transmission/config/*
+proxy/nginx/init/default.conf
+proxy/nginx/conf.d/default.conf
+proxy/ssl/conf/*
+proxy/ssl/www/*

 !.keep
--- a/proxy/.env.example
+++ b/proxy/.env.example
@@ -0,0 +1,4 @@
+# Используется https://cloud.alviy.com/ddns
+
+DDNS_TOKEN=token
+DDNS_DOMAINS=domain.dynnamn.ru
--- a/proxy/create-first-cert-example.sh
+++ b/proxy/create-first-cert-example.sh
@@ -0,0 +1,8 @@
+docker compose -f init-compose.yml up -d
+
+docker compose run --rm certbot certonly --webroot \
+  --webroot-path=/var/www/certbot \
+  --email your-email@gmail.com \
+  --agree-tos \
+  --no-eff-email \
+  -d domain.com
--- a/proxy/docker-compose.yml
+++ b/proxy/docker-compose.yml
@@ -0,0 +1,37 @@
+services:
+  ddns-updater:
+    image: alpine:latest
+    container_name: ddns-updater
+    env_file: .env
+    volumes:
+      - ./update_dns.sh:/update_dns.sh:ro
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        apk add --no-cache curl bash
+        /bin/bash /update_dns.sh
+    restart: "no"
+
+  nginx-proxy:
+    image: nginx:alpine
+    container_name: nginx-proxy
+    restart: always
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+      # Папки для SSL сертификатов
+      - ./ssl/conf:/etc/letsencrypt:ro
+      - ./ssl/www:/var/www/certbot:ro
+    # Подхватываем новые ssl сертификаты
+    command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
+
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes:
+      - ./ssl/conf:/etc/letsencrypt
+      - ./ssl/www:/var/www/certbot
+    # Проверяет сертификаты дважды в сутки. Если осталось менее 30 дней - обновляем
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
--- a/proxy/init-compose.yml
+++ b/proxy/init-compose.yml
@@ -0,0 +1,23 @@
+services:
+  ddns-updater:
+    image: alpine:latest
+    container_name: ddns-updater
+    env_file: .env
+    volumes:
+      - ./update_dns.sh:/update_dns.sh:ro
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        apk add --no-cache curl bash
+        /bin/bash /update_dns.sh
+    restart: "no"
+
+  nginx-proxy:
+    image: nginx:alpine
+    container_name: nginx-proxy
+    restart: always
+    ports:
+      - 80:80
+    volumes:
+      - ./nginx/init:/etc/nginx/conf.d:ro
+
--- a/proxy/nginx/conf.d/default.conf.example
+++ b/proxy/nginx/conf.d/default.conf.example
@@ -0,0 +1,26 @@
+server {
+    listen 80;
+    server_name domain.dynnamn.ru domain2.dynnamn.ru;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name domain.dynnamn.ru;
+
+    ssl_certificate /etc/letsencrypt/live/domain.dynnamn.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/domain.dynnamn.ru/privkey.pem;
+
+    location / {
+        return 200 "Hello world!";
+        # proxy_pass http://your_app_container:port;
+        # proxy_set_header Host $host;
+    }
+}
--- a/proxy/nginx/init/default.conf.example
+++ b/proxy/nginx/init/default.conf.example
@@ -0,0 +1,12 @@
+server {
+    listen 80;
+    server_name domain.dynnamn.ru domain2.dynnamn.ru;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+	return 200 "Hello HTTP!";
+    }
+}
--- a/proxy/ssl/conf/.keep
+++ b/proxy/ssl/conf/.keep
--- a/proxy/ssl/www/.keep
+++ b/proxy/ssl/www/.keep
--- a/proxy/update_dns.sh
+++ b/proxy/update_dns.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Проверяем наличие необходимых переменных
+if [ -z "$DDNS_TOKEN" ] || [ -z "$DDNS_DOMAINS" ]; then
+    echo "Ошибка: Переменные DDNS_TOKEN или DDNS_DOMAINS не заданы."
+    exit 1
+fi
+
+while true; do
+    echo "Определяем внешний IPv4..."
+    CURRENT_IP=$(curl -s https://ifconfig.me)
+
+    if [ -z "$CURRENT_IP" ]; then
+        echo "Не удалось получить IP. Повтор через 30 секунд..."
+        sleep 30
+        continue
+    fi
+
+    echo "Ваш IP: $CURRENT_IP. Начинаем обновление доменов..."
+    
+    ALL_SUCCESS=true
+
+    for DOMAIN in $DDNS_DOMAINS; do
+        echo "Обновляю домен: $DOMAIN"
+        
+        # Выполняем запрос PUT согласно вашему формату
+        RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \
+            -X 'PUT' "https://cloud.alviy.com/api/v1/ddns/domain/$DOMAIN" \
+            -H 'accept: application/json' \
+            -H "Authorization: Bearer $DDNS_TOKEN" \
+            -H 'Content-Type: application/json' \
+            -d "{ \"ipv4\": [ \"$CURRENT_IP\" ] }")
+
+        if [ "$RESPONSE" == "200" ]; then
+            echo "Успешно обновлено: $DOMAIN"
+        else
+            echo "Ошибка обновления $DOMAIN. Код ответа: $RESPONSE"
+            ALL_SUCCESS=false
+        fi
+    done
+
+    if [ "$ALL_SUCCESS" = true ]; then
+        echo "Все задачи выполнены успешно. Завершаю работу контейнера."
+        exit 0
+    else
+        echo "Некоторые домены не обновились. Повторная попытка через 60 секунд..."
+        sleep 60
+    fi
+done
--- a/samba/docker-compose.yml
+++ b/samba/docker-compose.yml
@@ -17,3 +17,6 @@ services:
      -u "${SMB_USER:?};${SMB_PASSWORD:?}"
      -s "${READONLY_NET_NAME:?};/mnt/shared;yes;yes;yes"
      -s "${NET_NAME:?};/mnt/shared;yes;no;no;${SMB_USER:?}"
+      -g "acl allow execute always = yes"
+      -g "map archive = yes"
+      -g "client max protocol = SMB3"