colin
/
lan-to-nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

This commit is contained in:
root 2023-11-03 19:54:58 +00:00
parent 53783f238e
commit 6271c37603
4 changed files with 93 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.woodpecker.yml Normal file
View File

@ -0,0 +1,19 @@
# woodpecker.yml
labels:
hostname: "macmini7"
clone:
git:
image: woodpeckerci/plugin-git
settings:
partial: false
depth: 1
steps:
deploy:
name: deploy
image: docker:latest
secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
# - docker login -u $${REGISTRY_USER} -p $${REGISTRY_PASSWORD} git.nixc.us
- docker stack deploy --with-registry-auth -c ./truenas.yml truenas

1
Dockerfile
View File

@ -4,7 +4,6 @@ FROM nginx:alpine
# Copy our custom Nginx configuration and script
COPY nginx.conf /etc/nginx/nginx.conf.template
COPY docker-entrypoint.sh /docker-entrypoint.sh
COPY matomo.js /matomo.js.template
# Make the script executable
RUN chmod +x /docker-entrypoint.sh

12
nginx.conf
View File

@ -10,7 +10,9 @@ http {
server {
listen 80;
add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * data:;";
# add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://ack.nixc.us; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self';";
# Define MIME type
types {
text/html html htm shtml;
@ -33,16 +35,10 @@ http {
sub_filter_once off;
# Inject the Matomo content just before </head>
# sub_filter '</head>' '<script src="/matomo.js"></script></head>';
sub_filter '</head>' '<!-- Matomo --><script>var _paq = window._paq = window._paq || [];_paq.push(["setDocumentTitle", document.domain + "/" + document.title]);_paq.push(["setCookieDomain", "*.nixc.us"]);_paq.push(["setDomains", ["*.nixc.us"]]);_paq.push(["setDoNotTrack", true]);_paq.push(["disableCookies"]);_paq.push(["trackPageView"]);_paq.push(["enableLinkTracking"]);(function() {var u="//m.nixc.us/";_paq.push(["setTrackerUrl", u+"matomo.php"]);_paq.push(["setSiteId", "1"]);var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);})();</script><noscript><p><img src="//m.nixc.us/matomo.php?idsite=1&amp;rec=1" style="border:0;" alt="" /></p></noscript><!-- End Matomo Code --></head>';
sub_filter '</body>' '<script async src="https://ack.nixc.us/tracker.js" data-ackee-server="https://ack.nixc.us" data-ackee-domain-id="9608c1ff-b08c-4781-ae7e-cee6eb415bf3"></script></body>';
sub_filter_types application/xml application/json text/css text/javascript application/javascript text/plain;
}
# location /matomo.js {
# alias /matomo.js;
# types { application/javascript js; } # Explicitly set the MIME type for .js files
# default_type application/javascript; # Setting default MIME type for this location block
# }
}
}

77
truenas.yml
View File

@ -23,11 +23,74 @@ services:
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.truenas-proxy.tls=true"
- "traefik.http.services.truenas-proxy.loadbalancer.server.port=80"
- "traefik.http.routers.truenas-proxy.rule=Host(`truenas.nixc.us`)"
- "traefik.http.routers.truenas-proxy.entrypoints=websecure"
- "traefik.http.routers.truenas-proxy.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.truenas-proxy.service=truenas-proxy"
- "traefik.http.routers.truenas-truenas.tls=true"
- "traefik.http.services.truenas-truenas.loadbalancer.server.port=80"
- "traefik.http.routers.truenas-truenas.rule=Host(`truenas.nixc.us`)"
- "traefik.http.routers.truenas-truenas.entrypoints=websecure"
- "traefik.http.routers.truenas-truenas.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.truenas-truenas.service=truenas-truenas"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.truenas-proxy.middlewares=authelia_authelia@docker'
- 'traefik.http.routers.truenas-truenas.middlewares=authelia_authelia@docker'
logging:
driver: "gelf"
options:
gelf-address: "udp://log.nixc.us:15124"
tag: "truenas_truenas"
minio-api:
image: codeberg.org/iridium-net/lan-to-nginx:truenas
environment:
- BACKEND_ADDRESS=192.168.8.47
- BACKEND_PORT=9000
- PROTOCOL=http
networks:
- traefik
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini7
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.truenas-minio-api.tls=true"
- "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
- "traefik.http.routers.truenas-minio.rule=Host(`minio.nixc.us`)"
- "traefik.http.routers.truenas-minio.entrypoints=websecure"
- "traefik.http.routers.truenas-minio.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.truenas-minio.service=truenas-minio"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.truenas-minio.middlewares=authelia_authelia@docker'
logging:
driver: "gelf"
options:
gelf-address: "udp://log.nixc.us:15124"
tag: "truenas_minio"
minio-api:
image: codeberg.org/iridium-net/lan-to-nginx:truenas
environment:
- BACKEND_ADDRESS=192.168.8.47
- BACKEND_PORT=9002
- PROTOCOL=http
networks:
- traefik
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini7
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.truenas-minio-api.tls=true"
- "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
- "traefik.http.routers.truenas-minio-api.rule=Host(`minio-api.nixc.us`)"
- "traefik.http.routers.truenas-minio-api.entrypoints=websecure"
- "traefik.http.routers.truenas-minio-api.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.truenas-minio-api.service=truenas-minio-api"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.truenas-minio-api.middlewares=authelia_authelia@docker'
logging:
driver: "gelf"
options:
gelf-address: "udp://log.nixc.us:15124"
tag: "truenas_minio-api"