STI
/
myos
3
2
Fork 1
Code Issues 3 Pull Requests Projects Releases Wiki Activity

make player 

user + mail = user_domain
This commit is contained in:
Yann Autissier 2022-12-19 02:48:40 +00:00
parent 1d1b5156bc
commit 2dec68807e
25 changed files with 92 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env.dist
View File

@ -1,2 +0,0 @@
DOMAIN=localhost
STACK=

13
docker/nginx/nginx_default_location
View File

@ -1,19 +1,6 @@
index index.php index.html index.htm;
try_files $uri $uri/ index.php$uri =404;
location ~ ^(.+\.php)(.*)$ {
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include fastcgi_params;
try_files $uri index.php =404;
}
location ~ /\.ht {
deny all;
}
location ~ /ip(f|n)s {
proxy_pass http://$host:8080;
}

2
make/apps/common.mk
View File

@ -27,7 +27,7 @@ bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd
# target bootstrap-stack: Call bootstrap target of each stack
.PHONY: bootstrap-stack
bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(stack)) debug-$(stack))
bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(firstword $(subst :, ,$(stack)))) debug-$(firstword $(subst :, ,$(stack))))
# target build: Build application docker images to run
# on local host

2
make/apps/def.docker.mk
View File

@ -45,7 +45,7 @@ DOCKER_PLUGIN_S3FS_OPTIONS ?= allow_other,nonempty,use_path_request_style,u
DOCKER_PLUGIN_S3FS_SECRETKEY ?= $(AWS_SECRET_ACCESS_KEY)
DOCKER_PLUGIN_S3FS_REGION ?= eu-west-1
DOCKER_PLUGIN_VARS ?= S3FS_ACCESSKEY S3FS_OPTIONS S3FS_SECRETKEY S3FS_REGION
DOCKER_REGISTRY ?= $(DOMAIN)
DOCKER_REGISTRY ?= $(DOMAINNAME)
DOCKER_REGISTRY_USERNAME ?= $(USER)
DOCKER_REGISTRY_REPOSITORY ?= $(addsuffix /,$(DOCKER_REGISTRY))$(subst $(USER),$(DOCKER_REGISTRY_USERNAME),$(DOCKER_REPOSITORY))
DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME)))

4
make/apps/def.mk
View File

@ -29,11 +29,11 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime
NFS_HOST ?= host.docker.internal
SERVICES ?= $(DOCKER_SERVICES)
tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),auth proto)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2))))
tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),allow auth deny preprend proto register strip)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2))))
envprefix = $(foreach env,$(3),$(if $($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))),$(env)=$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))))
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$(if $(3),$($(1)_SERVICE_$(env)_$(3)),$($(1)_SERVICE_$(2)_$(env))))
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(APP_URIS)))
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(or $(3),$(APP_URIS))))
url_suffix = *
urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1)$(url_suffix) $(2),$(or $(3),$(APP_URIS))))
urlprefixs = $(strip $(call urlprefix,$(firstword $(1)),$(wordlist 2,16,$(1)))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(firstword $(prefix)),$(wordlist 2,16,$(prefix))))))

4
make/apps/def.ufw.mk
View File

@ -7,7 +7,7 @@ ifeq ($(SETUP_UFW),true)
define ufw
$(call INFO,ufw,$(1)$(comma))
$(call app-bootstrap,ufw-docker)
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
$(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1))
endef
@ -15,7 +15,7 @@ endef
define ufw-docker
$(call INFO,ufw-docker,$(1)$(comma))
$(call app-bootstrap,ufw-docker)
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
$(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1))
endef

2
make/apps/docker.mk
View File

@ -56,7 +56,7 @@ docker-compose-exec:
# target docker-compose-logs: Call docker-compose logs SERVICE
.PHONY: docker-compose-logs
docker-compose-logs:
$(call docker-compose,logs -f --tail=100 $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE))) || true
$(call docker-compose,logs -f --tail=100 $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE)))
# target docker-compose-ps: Call docker-compose ps
.PHONY: docker-compose-ps

6
make/def.docker.mk
View File

@ -25,11 +25,11 @@ HOST_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(HOST_COMPOSE_PROJEC
HOST_DOCKER_VOLUME ?= $(HOST_COMPOSE_PROJECT_NAME)
HOST_GID ?= 100
HOST_UID ?= 123
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME)))
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(USER_COMPOSE_PROJECT_NAME))
STACK_HOST ?= $(filter host,$(firstword $(subst /, ,$(STACK))))
STACK_USER ?= $(filter User,$(firstword $(subst /, ,$(STACK))))
USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU))
USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME)))
USER_COMPOSE_PROJECT_NAME ?= $(subst .,-,$(RESU))
USER_COMPOSE_SERVICE_NAME ?= $(USER_COMPOSE_PROJECT_NAME)
USER_DOCKER_IMAGE ?= $(USER_DOCKER_REPOSITORY):${DOCKER_IMAGE_TAG}
USER_DOCKER_NAME ?= $(USER_COMPOSE_PROJECT_NAME)
USER_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER)))

28
make/def.mk
View File

@ -43,7 +43,8 @@ CONTEXT ?= ENV $(shell awk 'BEGIN {FS="="}; $$1 !~ /^(\#
CONTEXT_DEBUG ?= MAKEFILE_LIST DOCKER_ENV_ARGS ENV_ARGS APPS GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MAKE_DIR MAKE_SUBDIRS MAKE_CMD_ARGS MAKE_ENV_ARGS UID USER
DEBUG ?=
DOCKER ?= $(shell type -p docker)
DOMAIN ?= localhost
DOMAIN ?= $(or $(shell dnsdomainname 2>/dev/null),$(shell hostname -d 2>/dev/null),$(shell hostname -f | sed -n 's/[^\.]*\.\([^/ ]*\).*/\1/p'), localhost)
DOMAINNAME ?= $(firstword $(DOMAIN))
DRONE ?= false
DRYRUN ?= false
DRYRUN_RECURSIVE ?= false
@ -53,10 +54,10 @@ ENV_ARGS ?= $(env_args)
ENV_FILE ?= $(wildcard $(if $(filter-out myos,$(MYOS)),$(MONOREPO_DIR)/.env) $(CONFIG)/$(ENV)/$(APP)/.env .env)
ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null)
ENV_RESET ?= false
ENV_VARS ?= APP BRANCH DOMAIN ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MAIL MONOREPO MONOREPO_DIR TAG UID USER VERSION
ENV_VARS ?= APP BRANCH DOMAIN DOMAINNAME ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MAIL MONOREPO MONOREPO_DIR TAG UID USER VERSION
GID ?= $(shell id -g 2>/dev/null)
GIDS ?= $(shell id -G 2>/dev/null)
GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@$(DOMAIN))
GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@$(DOMAINNAME))
GIT_AUTHOR_NAME ?= $(or $(shell git config user.name 2>/dev/null),$(USER))
GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
GIT_COMMIT ?= $(shell git rev-parse $(BRANCH) 2>/dev/null)
@ -68,7 +69,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO
GIT_USER ?= $(USER)
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
GROUP ?= $(shell id -ng 2>/dev/null)
HOST ?= $(HOSTNAME).$(DOMAIN)
HOST ?= $(patsubst %,$(HOSTNAME).%,$(DOMAIN))
HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
IGNORE_DRYRUN ?= false
IGNORE_VERBOSE ?= false
@ -171,21 +172,22 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
# macro RESU: Print USER associated to MAIL
RESU = $(strip \
$(if $(findstring @,$(MAIL)), \
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
$(if $(domain), \
$(eval mail := $(MAIL)) \
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
$(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
$(eval resu_niamod := $(niamod).$(resu)) \
$(eval resu_path := $(subst .,/,$(resu_niamod))) \
$(eval user_domain := $(user).$(domain)) \
$(resu_niamod) \
$(eval mail := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(MAIL))))) \
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
$(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
$(eval resu.niamod := $(niamod).$(resu)) \
$(eval resu.path := $(subst .,/,$(resu_niamod))) \
$(eval user.domain := $(user).$(domain)) \
$(user.domain) \
, $(USER) \
) \
, $(USER) \
) \
)
# macro TIME: Print time elapsed since unixtime 1
TIME = awk '{printf "%02d:%02d:%02d\n",int($$1/3600),int(($$1%3600)/60),int($$1%60)}' \
<<< $(shell awk 'BEGIN {current=$(or $(2),$(MAKE_UNIXTIME_CURRENT)); start=$(or $(1),$(MAKE_UNIXTIME_START)); print (current - start)}' 2>/dev/null)

16
stack/User/User.mk
View File

@ -1,6 +1,20 @@
ENV_VARS += USER_DOMAIN user_domain
MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
USER_DOMAIN ?= $(USER).$(DOMAIN)
USER_DOMAIN ?= $(patsubst %,$(USER).%,$(DOMAIN))
USER_HOST ?= $(patsubst %,$(USER).%,$(HOST))$(USER_HOST_LB)
USER_HOST_RESU ?= $(patsubst %,$(RESU).%,$(USER_HOST))
USER_HOST_LB ?= $(if $(USER_LB),$(space)$(HOST)$(if $(HOST_LB),$(space)$(DOMAIN)),$(if $(HOST_LB),$(space)$(USER_DOMAIN)))
USER_PATH ?= $(USER_PATH_PREFIX)
USER_PATH_RESU ?= $(USER_PATH)$(RESU)/
USER_URIS ?= $(patsubst %,%/$(USER_PATH),$(USER_HOST))
ifneq ($(RESU),)
ifeq ($(USER_RESU_HOST),true)
USER_HOST := $(USER_HOST_RESU)
else ifeq ($(USER_RESU_PATH),true)
USER_PATH := $(USER_PATH_RESU)
endif
endif
# target start-stack-User: Fire ssh-add
.PHONY: start-stack-User

10
stack/User/ipfs.mk
View File

@ -2,6 +2,12 @@ ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGI
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
USER_IPFS_SERVICE_NAME ?= ipfs
USER_IPFS_SERVICE_5001_PATH ?= api/
USER_IPFS_SERVICE_5001_TAGS ?= $(strip $(filter %.localhost/api/$(url_suffix),$(call tagprefix,USER_IPFS,5001)) $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,ipfs)
USER_IPFS_SERVICE_5001_TAGS ?= $(or $(USER_IPFS_SERVICE_5001_TAGS_LOCALHOST),$(USER_IPFS_SERVICE_5001_TAGS_URIS),$(USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP))
USER_IPFS_SERVICE_5001_TAGS_LOCALHOST ?= $(filter %.localhost/$(USER_PATH)$(USER_IPFS_SERVICE_5001_PATH)$(url_suffix),$(call tagprefix,USER_IPFS,5001))
USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP ?= $(call patsublist,%,urlprefix-% proxy=tcp,$(USER_IPFS_SERVICE_PROXY_TCP))
USER_IPFS_SERVICE_5001_TAGS_URIS ?= $(strip $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,USER_IPFS,5001,$(USER_URIS))
USER_IPFS_SERVICE_8080_OPTS ?= $(patsubst %/,%,$(if $(USER_PATH),strip=/$(USER_PATH)))
USER_IPFS_SERVICE_8080_PATH ?= ip(f|n)s/
USER_IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,USER_IPFS,8080)
USER_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,USER_IPFS,8080,$(USER_URIS))

2
stack/host/autoheal.yml
View File

@ -3,9 +3,9 @@ version: '3.6'
services:
autoheal:
container_name: ${HOST_COMPOSE_PROJECT_NAME}-autoheal
image: willfarrell/autoheal:latest
environment:
- AUTOHEAL_CONTAINER_LABEL=all
image: willfarrell/autoheal:latest
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock

5
stack/host/certbot.yml
View File

@ -9,6 +9,11 @@ services:
dockerfile: docker/certbot/Dockerfile
command: start
container_name: ${HOST_COMPOSE_PROJECT_NAME}-certbot
domainname: ${DOMAINNAME}
extra_hosts:
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
hostname: ${HOSTNAME}
image: ${HOST_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG}
network_mode: host
restart: always

15
stack/host/consul.yml
View File

@ -9,23 +9,26 @@ services:
context: ../..
dockerfile: docker/consul/Dockerfile
container_name: ${HOST_COMPOSE_PROJECT_NAME}-consul
image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG}
domainname: ${DOMAINNAME}
environment:
CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}'
CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}'
CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN}'
CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE:-eth0}'
CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE:-eth0}'
CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}'
CONSUL_LOCAL_CONFIG: '{ "log_level": "warn"
, "enable_script_checks": true
, "acl": { "enabled": true
, "default_policy": "deny"
, "down_policy": "extend-cache"
, "enable_token_persistence": true
, "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER}"
, "agent": "${HOST_CONSUL_HTTP_TOKEN}"
, "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER:-01234567-89ab-cdef-0123-456789abcdef}"
, "agent": "${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}"
}
}
}'
extra_hosts:
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
hostname: ${HOSTNAME}
image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG}
labels:
- SERVICE_8300_IGNORE=true
- SERVICE_8301_IGNORE=true

10
stack/host/fabio.mk
View File

@ -1,5 +1,13 @@
ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS
ENV_VARS += HOST_FABIO_PROXY_ADDR HOST_FABIO_PROXY_CS HOST_FABIO_SERVICE_9998_TAGS HOST_FABIO_VERSION
HOST_FABIO_PROXY_ADDR ?= $(call subst,$(space),$(comma),$(HOST_FABIO_SERVICE_PROXY_ADDR))
HOST_FABIO_SERVICE_HTTP_ADDR ?= :80
HOST_FABIO_SERVICE_HTTPS_ADDR ?= :443;cs=certs
HOST_FABIO_SERVICE_PROXY_ADDR ?= $(call servicenvs,HOST_FABIO,PROXY,ADDR)
HOST_FABIO_SERVICE_PROXY_ENVS ?= http https tcp
HOST_FABIO_SERVICE_TCP_ADDR ?= $(foreach port,$(HOST_FABIO_SERVICE_TCP_PORT),:$(port);proto=tcp)
HOST_FABIO_SERVICE_TCP_PORT ?=
HOST_FABIO_SERVICE_9998_NAME ?= fabio
HOST_FABIO_SERVICE_9998_AUTH ?= default
HOST_FABIO_SERVICE_9998_TAGS ?= $(call tagprefix,HOST_FABIO,9998)
HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp
HOST_FABIO_VERSION ?= 1.6.3

20
stack/host/fabio.yml
View File

@ -7,17 +7,19 @@ services:
- DOCKER_BUILD_DIR=docker/fabio
- DOCKER_MACHINE=${DOCKER_MACHINE}
- DOCKER_SYSTEM=${DOCKER_SYSTEM}
- FABIO_VERSION=1.6.2
- FABIO_VERSION=${HOST_FABIO_VERSION:-${FABIO_VERSION:-1.6.0}}
context: ../..
dockerfile: docker/fabio/Dockerfile
command: -log.level "${HOST_FABIO_LOG_LEVEL:-INFO}" -proxy.addr "${HOST_FABIO_PROXY_ADDR:-:80,:443;cs=certs}" -proxy.auth "${HOST_FABIO_PROXY_AUTH:-name=default;type=basic;file=/host/htpasswd/default.htpasswd}" -proxy.cs "${HOST_FABIO_PROXY_CS:-cs=local;type=file;cert=/host/live/localhost/fullchain.pem;key=/host/live/localhost/privkey.pem,cs=certs;type=path;cert=/host/certs}" -proxy.matcher "${HOST_FABIO_PROXY_MATCHER:-glob}" -registry.backend "${HOST_FABIO_REGISTRY_BACKEND:-consul}" -registry.consul.addr "${HOST_FABIO_REGISTRY_CONSUL_ADDR:-consul:8500}" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}"
container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
command: -proxy.addr ":80,:443;cs=certs" -proxy.auth "name=default;type=basic;file=/host/htpasswd/default.htpasswd;" -proxy.cs "cs=local;type=file;cert=/host/live/${DOMAIN}/fullchain.pem;key=/host/live/${DOMAIN}/privkey.pem,cs=certs;type=path;cert=/host/certs" -proxy.matcher "glob" -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}"
domainname: ${DOMAINNAME}
depends_on:
- consul
extra_hosts:
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
hostname: ${HOSTNAME}
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
labels:
- SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-80
@ -27,12 +29,7 @@ services:
- SERVICE_9998_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-9998
- SERVICE_9998_TAGS=${HOST_FABIO_SERVICE_9998_TAGS}
- SERVICE_9999_IGNORE=true
ports:
- 80:80/tcp
- 443:443/tcp
- 9998/tcp
networks:
- public
network_mode: host
restart: always
volumes:
- host:/host:ro
@ -41,8 +38,3 @@ volumes:
host:
external: true
name: ${HOST_DOCKER_VOLUME}
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

6
stack/host/host.mk
View File

@ -26,13 +26,13 @@ host-ssl-certs:
; [ -f /host/htpasswd/default.htpasswd ] \
|| echo "default:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \
; for domain in ${DOMAIN}; do \
[ -f /host/live/\$${domain}/fullchain.pem -a -f /host/live/\$${domain}/privkey.pem ] \
[ -f /host/live/\$${domain}/privkey.pem ] \
&& openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \
&& cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \
&& cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \
; if [ ! -f /host/certs/\$${domain}-cert.pem -o ! -f /host/certs/\$${domain}-key.pem ]; then \
; if [ ! -f /host/certs/\$${domain}-key.pem ]; then \
apk --no-cache add openssl \
&& { [ -f /host/certs/\$${domain}-priv.pem ] || openssl genrsa -out /host/certs/\$${domain}-key.pem 2048; } \
&& openssl genrsa -out /host/certs/\$${domain}-key.pem 2048 \
&& openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \
-addext extendedKeyUsage=serverAuth \
-addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \

2
stack/host/mail/mailserver.yml
View File

@ -6,7 +6,7 @@ services:
- NET_ADMIN
container_name: ${HOST_COMPOSE_PROJECT_NAME}-mailserver
cpus: 0.5
domainname: ${DOMAIN}
domainname: ${DOMAINNAME}
environment:
- OVERRIDE_HOSTNAME=${HOST_MAILSERVER_OVERRIDE_HOSTNAME:-}
- DMS_DEBUG=${HOST_MAILSERVER_DMS_DEBUG:-0}

2
stack/host/nginx.yml
View File

@ -33,7 +33,7 @@ services:
restart: unless-stopped
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
- certs:/etc/nginx/certs
- html:/usr/share/nginx/html
- htpasswd:/etc/nginx/htpasswd
- log:/var/log/nginx

2
stack/host/php.yml
View File

@ -2,10 +2,10 @@ version: '3.6'
services:
php:
image: php:fpm-alpine
environment:
- VIRTUAL_HOST=php
- VIRTUAL_PROTO=fastcgi
image: php:fpm-alpine
networks:
- public
volumes:

11
stack/host/registrator.yml
View File

@ -9,23 +9,20 @@ services:
- GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
context: ../..
dockerfile: docker/registrator/Dockerfile
container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator
image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG}
command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator
depends_on:
- consul
domainname: ${DOMAINNAME}
environment:
- CONSUL_HTTP_TOKEN=${HOST_CONSUL_HTTP_TOKEN}
- GL_DISABLE_VERSION_CHECK=true
extra_hosts:
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
hostname: ${HOSTNAME}
image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG}
network_mode: host
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

2
stack/host/static.yml
View File

@ -2,8 +2,8 @@ version: '3.6'
services:
static:
image: nginx:alpine
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
image: nginx:alpine
labels:
- SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-static-80

3
stack/host/volumes.log.local.yml
View File

@ -4,5 +4,6 @@ volumes:
log:
driver: local
driver_opts:
type: none
device: /var/log
o: bind
type: none

2
stack/host/volumes.www.local.yml
View File

@ -4,6 +4,6 @@ volumes:
www:
driver: local
driver_opts:
type: none
device: /var/www
o: bind
type: none

1
stack/ipfs/ipfs.mk
View File

@ -7,7 +7,6 @@ IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,ipfs,5001)
IPFS_SERVICE_8080_CHECK_HTTP ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,ipfs,8080)
IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080
IPFS_VERSION ?= 0.16.0
.PHONY: bootstrap-stack-ipfs