version: '3'
services:
nginx-proxy:
build: ./nginx
# TODO: Note that this is built with ultimate-bad-bot-blocker scripts
# that currently need to be run manually to update
# (with the possibility that the bots.d folder has to be blown away first - not sure)
# Eventually, this needs to be checked and put on a chron job
# docker exec -t nginx-proxy bash
# /usr/local/sbin/setup-ngxblocker -x
# /usr/local/sbin/update-ngxblocker -x email
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
restart: always
#environment:
# - HTTPS_METHOD=noredirect
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/vhost.d:/etc/nginx/vhost.d
- ./nginx/bots.d:/etc/nginx/bots.d
- ./nginx/certs:/etc/nginx/certs:rw
- nginx:/usr/share/nginx/html
#- nginx:/app/nginx.tmpl
- /var/run/docker.sock:/tmp/docker.sock:ro
#- ./nginx/htpasswd:/etc/nginx/htpasswd
acme-companion:
image: nginxproxy/acme-companion:2.2
container_name: nginx-proxy-acme
environment:
- DEFAULT_EMAIL=${EMAIL}
# Uncomment this for testing
#- LETSENCRYPT_TEST=true
volumes_from:
- nginx-proxy
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/vhost.d:/etc/nginx/vhost.d
- ./nginx/certs:/etc/nginx/certs:rw
- nginx:/usr/share/nginx/html
- acme:/etc/acme.sh
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- nginx-proxy
restart: always
portfolio:
# TODO: This will eventually be rewritten with something like VUE
container_name: portfolio
build: ./portfolio
# To just server running the following command
#command: bash -c "npm run serve"
# To reinstall the packages run the following command instead
command: bash -c "npm install && npm run serve"
volumes:
- portfolio:/src/node_modules
- ./portfolio/src:/src
environment:
- VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
#- VIRTUAL_PATH=/
# For subdirectory baseURL needs to be set in app.js for static files and routes
- VIRTUAL_PATH=/legacy
- VIRTUAL_DEST=/legacy
- VIRTUAL_PORT=3000
#- LETSENCRYPT_HOST=${DOMAIN},www.${DOMAIN},gitea.${DOMAIN} #this last one is for legacy support
#- LETSENCRYPT_EMAIL=${EMAIL}
ports:
- "3000:3000"
restart: always
depends_on:
mongo:
condition: service_healthy
#restheart:
#nginx-proxy:
#labels:
# com.github.nginx-proxy.nginx-proxy.keepalive: "64"
portfolio-nuxt:
# NOTE: This is the rewrite of the frontend
# NOTE: The build process for nuxt seems to require that sharp be reinstalled in the .output folder
container_name: portfolio-nuxt
build: ./portfolio-nuxt
# To rebuild the site and the server run this
command: bash -c "npm run build && node .output/server/index.mjs"
# To just start the server run this
#command: bash -c "node .output/server/index.mjs"
# To start the server in dev mode
#command: bash -c "npm run dev -o"
volumes:
- portfolio-nuxt:/src/node_modules
- ./portfolio-nuxt:/src
environment:
- VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
- VIRTUAL_PATH=/
#- VIRTUAL_DEST=/dev
# For subdirectory baseURL needs to be set in nuxt config
#- VIRTUAL_PATH=/dev
#- VIRTUAL_DEST=/dev
- VIRTUAL_PORT=5000
- LETSENCRYPT_HOST=${DOMAIN},www.${DOMAIN},gitea.${DOMAIN} #this last one is for legacy support
- LETSENCRYPT_EMAIL=${EMAIL}
ports:
- "5000:5000"
restart: always
depends_on:
- restheart
- nginx-proxy
#labels:
# com.github.nginx-proxy.nginx-proxy.keepalive: "64"
mongo:
container_name: mongo
# using mongo4 or mongo5 as opposed to mongo:6 for server status in mongo-express and because of bugs
# mongo 5 requires avx support so if the machine is not capable of avx support use mongo4
# NOTE: mongo 4 shell uses mongo and mongo 5 uses mongosh!
# These need to be changed accordingly in the health check and the mongosetup.sh file for the container mongo-init
image: mongo:5
#image: mongo:4
restart: always
environment:
- MONGO_INITDB_ROOT_USERNAME=${USER}
- MONGO_INITDB_ROOT_PASSWORD=${PASSWORD}
- MONGO_INITDB_DATABASE=portfolio
command: ["--keyFile", "/auth/keyfile", "--replSet", "rs0", "--bind_ip_all"]
# NOTE: If starting from scracth, create key for mongo then put it in ./mongo/auth/
# openssl rand -base64 756 > keyfile
# chmod 600 keyfile
# sudo chown 999 keyfile
# sudo chgrp 999 keyfile
# NOTE: If you tar archive the site and move it without retaining permissions,
# you will need to run the last 3 lines on the file to make it work
ports:
- 27017:27017
volumes:
- ./portfolio/mongo/data/db:/data/db
- ./portfolio/mongo/data/configdb:/data/configdb
- ./portfolio/mongo/auth/keyfile:/auth/keyfile
- ./portfolio/mongo/db_backups:/db_backups
healthcheck:
# mongo 5
test: echo 'rs.status().ok' | mongosh --host mongo:27017 -u $${MONGO_INITDB_ROOT_USERNAME} -p $${MONGO_INITDB_ROOT_PASSWORD} --quiet | grep 1
# mongo 4
#test: echo 'rs.status().ok' | mongo --host mongo:27017 -u $${MONGO_INITDB_ROOT_USERNAME} -p $${MONGO_INITDB_ROOT_PASSWORD} --quiet | grep 1
interval: 15s
start_period: 20s
mongo-init:
container_name: mongo-init
# using mongo5 as opposed to mongo:6 for server status in mongo-express and because of bugs
image: mongo:5
restart: on-failure
volumes:
# mongo 5
- ./portfolio/mongo/scripts/mongo5setup.sh:/scripts/mongo5setup.sh
# mongo 4
#- ./portfolio/mongo/scripts/mongo4setup.sh:/scripts/mongo4setup.sh
# these two are necessary otherwise they get created again as anonymous volumes
- ./portfolio/mongo/data/db:/data/db
- ./portfolio/mongo/data/configdb:/data/configdb
# mongo 5
entrypoint: ["bash", "/scripts/mongo5setup.sh" ]
# mongo 4
#entrypoint: ["bash", "/scripts/mongo4setup.sh" ]
environment:
- MONGO_INITDB_ROOT_USERNAME=${USER}
- MONGO_INITDB_ROOT_PASSWORD=${PASSWORD}
depends_on:
mongo:
condition: service_started
mongo-express:
# using mongo-express:0.54 as opposed to mongo-express:1 for server status and because of bugs
image: mongo-express:0.54
container_name: mongo-express
restart: always
environment:
- ME_CONFIG_MONGODB_URL=mongodb://${USER}:${PASSWORD}@mongo:27017/?replicaSet=rs0
- ME_CONFIG_MONGODB_ADMINUSERNAME=${USER}
- ME_CONFIG_MONGODB_ADMINPASSWORD=${PASSWORD}
- ME_CONFIG_MONGODB_ENABLE_ADMIN=true
- ME_CONFIG_BASICAUTH_USERNAME=${USER}
- ME_CONFIG_BASICAUTH_PASSWORD=${PASSWORD}
- ME_CONFIG_SITE_BASEURL=/admin
- ME_CONFIG_SITE_GRIDFS_ENABLED=true
- VIRTUAL_HOST=${DOMAIN},admin.${DOMAIN}
- VIRTUAL_PATH=/admin/
- VIRTUAL_PORT=8081
#volumes:
# - ./nginx/certs:/etc/nginx/certs:ro
depends_on:
mongo:
condition: service_healthy
ports:
- "8081:8081"
restheart:
image: softinstigate/restheart:7
container_name: restheart
# NOTE: the api_admin endpoint only works locally
environment:
- RHO=
/mongo/mongo-mounts[1]->{'where':'/api','what':'portfolio'};
/mongo/mongo-mounts[2]->{'where':'/api_admin','what':'restheart'};
/mclient/connection-string->'mongodb://${USER}:${PASSWORD}@mongo:27017/?replicaSet=rs0';
/http-listener/host->'0.0.0.0';
# NOTE: If starting from scratch use must set admin password!
# curl -u admin:secret -X PATCH localhost:8080/api_admin/users/admin -H "Content-Type: application/json" -d '{ "password": "my-strong-password" }'
# NOTE: An ACL entry to allow unaunthenticated users to perform gets must be added
# For now, it was added to the restheart db manually
# by adding the following to the acl collection with curl or using mongo-express
# {
# predicate: 'path-prefix[/api] and method[GET]',
# roles: ['$unauthenticated'],
# priority: 50
# }
# This does not seem to do anything but should somehow use a file for the realm creations
#/fileRealmAuthenticator/users[userid='admin']/password->'${PASSWORD}';
- VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
- VIRTUAL_PATH=/api/
- VIRTUAL_DEST=/api/
- VIRTUAL_PORT=8080
depends_on:
mongo:
condition: service_healthy
#command: ["--envFile", "/opt/restheart/etc/default.properties"]
ports:
- "8080:8080"
restart: always
#volumes:
# - ./restheart:/opt/restheart/etc:ro
gitea:
image: gitea/gitea:1
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=mysql-gitea
- GITEA__database__NAME=gitea
- GITEA__database__USER=${USER}
- GITEA__database__PASSWD=${PASSWORD}
- GITEA__server__LANDING_PAGE=/${USER}
- GITEA__attachment__MAX_SIZE=5000
#- GITEA__repository.upload__FILE_MAX_SIZE=5000
# NOTE: This next line can be commented out if you want to run the wizard locally
# But it needs to be set properly as the base url to work remotely
# no matter how you run the wizard
- GITEA__server__ROOT_URL=https://${DOMAIN}/code/
- HTTP_PORT=4000
- LFS_START_SERVER=true
- DISABLE_REGISTRATION=true
- RUN_MODE=prod
- VIRTUAL_HOST=${DOMAIN},www.${DOMAIN},gitea.${DOMAIN} # this last one is for legacy support
- VIRTUAL_PORT=4000
- VIRTUAL_PATH=/code/
- VIRTUAL_DEST=/
restart: always
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "4000:4000"
- "222:22"
depends_on:
mysql-gitea:
condition: service_healthy
mysql-gitea:
image: mariadb:10
container_name: mysql-gitea
restart: always
environment:
- MYSQL_ROOT_PASSWORD=${PASSWORD}
- MYSQL_PASSWORD=${PASSWORD}
- MYSQL_DATABASE=gitea
- MYSQL_USER=${USER}
volumes:
- ./gitea/mysql:/var/lib/mysql
#- ./mysql_gitea/etc:/etc/mysql/conf.d
#- ./mysql_gitea/init:/docker-entrypoint-initdb.d
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
interval: 15s
start_period: 20s
nextcloud:
image: nextcloud:25
container_name: nextcloud
restart: always
volumes:
#- ./nextcloud/data:/var/www/html/data
#- nextcloud:/var/www/html
- ./nextcloud/html:/var/www/html
environment:
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=${USER}
- MYSQL_PASSWORD=${PASSWORD}
- MYSQL_HOST=mysql-nextcloud
- NEXTCLOUD_ADMIN_USER=${USER}
- NEXTCLOUD_ADMIN_PASSWORD=${PASSWORD}
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN} www.${DOMAIN}
#- NEXTCLOUD_INIT_LOCK=true
- APACHE_DISABLE_REWRITE_IP=1
- TRUSTED_PROXIES=nginx-proxy
- OVERWRITEHOST=${DOMAIN}
- OVERWRITEWEBROOT=/cloud
- OVERWRITEPROTOCOL=https
#- OVERWRITECLIURL=http://localhost/
- OVERWRITECLIURL=https://unboundedpress.org
# NOTE: These configurations above make it work with the subdirectory
# but you cannot set VIRTUAL_PORT
# for reasons I have no idea
- VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
- VIRTUAL_PATH=/cloud/
- VIRTUAL_DEST=/
# TODO: add redis and chron
#- REDIS_HOST=redis
depends_on:
mysql-nextcloud:
condition: service_healthy
#redis:
ports:
- 8888:80
collabora:
image: collabora/code:22.05.14.3.1
container_name: collabora
depends_on:
- nextcloud
cap_add:
- MKNOD
environment:
- username=${USER}
- password=${PASSWORD}
- domain=${DOMAIN}
- VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
- VIRTUAL_PATH=/collab/
- VIRTUAL_DEST=/
# Extra parameters to Collabora, see also
# https://www.collaboraoffice.com/code/nginx-reverse-proxy/:
# SSL terminates at the proxy
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
# NOTE: The file nginx/vhosts.d/unboundedpress.org handles
# routing for collabora on production only
ports:
- 9980:9980
cron-nextcloud:
image: nextcloud:25
container_name: cron-nextcloud
restart: always
volumes:
- ./nextcloud/html:/var/www/html
entrypoint: /cron.sh
depends_on:
mysql-nextcloud:
condition: service_healthy
#redis:
mysql-nextcloud:
image: mariadb:10
container_name: mysql-nextcloud
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
environment:
- MYSQL_ROOT_PASSWORD=${PASSWORD}
- MYSQL_PASSWORD=${PASSWORD}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=${USER}
volumes:
- ./nextcloud/mysql:/var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
interval: 15s
start_period: 20s
volumes:
nginx:
#nextcloud:
acme:
portfolio:
portfolio-nuxt: