Migrate to podman

proxy/.env.example

@@ -1,3 +1,2 @@
 REGRU_LOGIN=login
 REGRU_PASSWORD=password
-CROWDSEC_API_KEY=api_key

proxy/crowdsec/config/acquis.yaml

@@ -1,4 +0,0 @@
-filenames:
-  - /var/log/nginx/*.log
-labels:
-  type: nginx

proxy/ddns/domains.txt.example

@@ -2,6 +2,6 @@ domain.ru
 @
 www
 git
-disk
+cloud
 matrix
-chat
+chat

proxy/docker-compose.yml

@@ -1,18 +1,16 @@
 services:
   nginx-proxy:
-    image: nginx:alpine
+    image: docker.io/nginx:alpine
     container_name: nginx-proxy
     restart: always
     ports:
-      - 80:80
-      - 443:443
+      - 8080:80
+      - 8443:443
     volumes:
       - ./nginx/conf.d:/etc/nginx/conf.d:ro
       # Папки для SSL сертификатов
       - ./ssl/conf:/etc/letsencrypt:ro
       - ./ssl/www:/var/www/certbot:ro
-      # Логи для канали CrowdSec
-      - ./nginx/logs:/var/log/nginx
     # Подхватываем новые ssl сертификаты
     command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
     deploy:
@@ -28,43 +26,10 @@ services:
       - cloud_network
       - matrix_network
 
-  crowdsec:
-    image: crowdsecurity/crowdsec:latest
-    container_name: crowdsec
-    restart: always
-    environment:
-      # Какие коллекции правил установить сразу
-      COLLECTIONS: "crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
-      # Чтобы не захламлять вывод, можно включить только ошибки
-      # LEVEL_TRACE: "false"
-    volumes:
-      # Читаем логи Nginx
-      - ./nginx/logs:/var/log/nginx:ro
-      # Конфигурация и база данных
-      - ./crowdsec/config:/etc/crowdsec
-      - ./crowdsec/data:/var/lib/crowdsec/data
-    ports:
-      - 8081:8080
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-
-  dashboard:
-    image: crowdsecurity/dashboard
-    container_name: crowdsec-dashboard
-    restart: always
-    environment:
-      - MB_DB_FILE=/data/metabase.db
-    volumes:
-      - ./crowdsec/data:/data
-    ports:
-      - 3001:3000
-
   certbot:
-    image: certbot/certbot
+    image: docker.io/certbot/certbot
     container_name: certbot
+    restart: always
     volumes:
       - ./ssl/conf:/etc/letsencrypt
       - ./ssl/www:/var/www/certbot

proxy/init-compose.yml

@@ -17,11 +17,11 @@ services:
           memory: 64M
 
   nginx-proxy:
-    image: nginx:alpine
+    image: docker.io/nginx:alpine
     container_name: nginx-proxy
     restart: always
     ports:
-      - 80:80
+      - 8080:80
     volumes:
       - ./nginx/init:/etc/nginx/conf.d:ro
       # Папки для SSL сертификатов

proxy/install-bouncer.sh

@@ -1,12 +0,0 @@
-curl -s https://api.github.com/repos/crowdsecurity/cs-firewall-bouncer/releases/latest | grep browser_download_url | grep linux-amd64 | cut -d '"' -f 4 | wget -qi -
-tar xzvf crowdsec-firewall-bouncer-linux-amd64.tgz
-cd crowdsec-firewall-bouncer-v*/
-sudo ./install.sh
-
-# Получаем API KEY
-sudo docker exec crowdsec cscli bouncers add firewall-bouncer
-
-
-# Прописываем ключ в конфиге
-# Указваем так же API_URL (см docker-compose.yml, по умолчанию меняем на 8081)
-sudo nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml

proxy/nginx/conf.d/default.conf.example

@@ -4,9 +4,6 @@ server {
     listen [::]:80 default_server;
     server_name domain.ru www.domain.ru git.domain.ru cloud.domain.ru m.domain.ru chat.domain.ru;
 
-    access_log /var/log/nginx/http_access.log main;
-    error_log /var/log/nginx/http_error.log;
-
     location /.well-known/acme-challenge/ {
         root /var/www/certbot;
     }
@@ -26,9 +23,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/root_access.log main;
-    error_log /var/log/nginx/root_error.log;
-
     location / {
         charset utf-8;
         default_type text/plain;
@@ -44,9 +38,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/git.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/git.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/git_access.log main;
-    error_log /var/log/nginx/git_error.log;
-
     location / {
         proxy_pass http://gitea:3000;
         proxy_set_header Host $host;
@@ -64,13 +55,10 @@ server {
     ssl_certificate /etc/letsencrypt/live/cloud.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/cloud.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/cloud_access.log main;
-    error_log /var/log/nginx/cloud_error.log;
-
     client_max_body_size 0;
 
     location / {
-        proxy_pass http://filebrowser;
+        proxy_pass http://filebrowser:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -86,9 +74,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/m.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/m.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/matrix_synapse_access.log main;
-    error_log /var/log/nginx/matrix_synapse_error.log;
-
     location / {
         proxy_pass http://matrix-synapse:8008;
         proxy_set_header Host $host;
@@ -98,17 +83,6 @@ server {
 
         client_max_body_size 50M;
     }
-
-    #location /.well-known/matrix/server {
-    #    return 200 '{"m.server": "matrix.domain.ru:443"}';
-    #    add_header Content-Type application/json;
-    #}
-
-    #location /.well-known/matrix/client {
-    #    return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.ru"}}';
-    #    add_header Content-Type application/json;
-    #    add_header Access-Control-Allow-Origin *;
-    #}
 }
 server {
     listen 443 ssl;
@@ -117,11 +91,8 @@ server {
     ssl_certificate /etc/letsencrypt/live/chat.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/chat.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/matrix_element_access.log main;
-    error_log /var/log/nginx/matrix_element_error.log;
-
     location / {
-        proxy_pass http://matrix-element;
+        proxy_pass http://matrix-element:8083;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;