ipfs network mode host

2023-03-21 10:06:08 +01:00 · 2023-03-21 10:06:08 +01:00 · be9cb1ea30
parent 4cc840d392
commit be9cb1ea30
14 changed files with 72 additions and 37 deletions
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@ -7,3 +7,10 @@ map $host $host_dir {
  ~(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd};
  ~(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom};
 }
+
+set_real_ip_from  192.168.0.0/16;
+set_real_ip_from  172.16.0.0/12;
+set_real_ip_from  10.0.0.0/8;
+set_real_ip_from  2001:0db8::/32;
+real_ip_header    X-Forwarded-For;
+real_ip_recursive on;
--- a/make/apps/myos/setup.mk
+++ b/make/apps/myos/setup.mk
@ -39,14 +39,7 @@ endif

 # target setup-ufw: Install ufw-docker
 .PHONY: setup-ufw
-setup-ufw: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)
-setup-ufw: DOCKER_RUN_NETWORK   :=
-setup-ufw: DOCKER_RUN_OPTIONS   := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
-setup-ufw:
+setup-ufw: ufw-install ufw-bootstrap ufw-build ufw-up
 ifeq ($(SETUP_UFW),true)
-	$(call app-install,$(SETUP_UFW_REPOSITORY))
-	$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
-	$(call app-build)
-	$(call app-up)
 	$(call ufw-docker,install)
 endif
--- a/make/apps/ufw.mk
+++ b/make/apps/ufw.mk
@ -3,6 +3,14 @@
 ufw:
 	$(call ufw,$(ARGS))

+# target ufw-bootstrap: Eval ufw-docker app variables
+ufw-bootstrap:
+	$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
+
+# target ufw-build: Build ufw-docker docker
+ufw-build:
+	$(call app-build)
+
 # target ufw-delete: Fire ufw-update UFW_DELETE=true
 .PHONY: ufw-delete
 ufw-delete: UFW_DELETE := true
@ -13,7 +21,18 @@ ufw-delete: ufw-update
 ufw-docker:
 	$(call ufw-docker,$(ARGS))

-# target ufw-docker: Call ufw and ufw-docker foreach service UFW_UPDATE
+# target ufw-install: Download ufw-docker application
+ufw-install:
+	$(call app-install,$(SETUP_UFW_REPOSITORY))
+
+# target ufw-up: Start ufw-docker docker
+ufw-up: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)
+ufw-up: DOCKER_RUN_NETWORK   :=
+ufw-up: DOCKER_RUN_OPTIONS   := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
+ufw-up:
+	$(call app-up)
+
+# target ufw-update: Call ufw and ufw-docker foreach service UFW_UPDATE
 .PHONY: ufw-update
 ufw-update: debug-UFW_UPDATE
 	$(eval name := $(COMPOSE_PROJECT_NAME))
@ -28,8 +47,9 @@ ufw-update: debug-UFW_UPDATE
 	  ) \
 	)

+# target ufw-%: Call ufw target for specific stack
 ## ex: ufw-host-update will update ufw rules for stack host
-.PHONY: stack-%
+.PHONY: ufw-%
 ufw-%:
 	$(eval stack   := $(subst -$(lastword $(subst -, ,$*)),,$*))
 	$(eval command := $(lastword $(subst -, ,$*)))
--- a/stack/host/apache/php5.www.yml
+++ b/stack/host/apache/php5.www.yml
@ -6,12 +6,7 @@ services:
    - DOCUMENT_ROOT=/var/www
    volumes:
    - www:/var/www
-  nginx:
-    volumes:
-    - www:/var/www
-  php:
-    volumes:
-    - www:/var/www

 volumes:
  www:
+
--- a/stack/host/ipfs.mk
+++ b/stack/host/ipfs.mk
@ -6,5 +6,5 @@ HOST_IPFS_SERVICE_5001_PATH               ?= api/
 HOST_IPFS_SERVICE_5001_TAGS               ?= $(call tagprefix,HOST_IPFS,5001)
 HOST_IPFS_SERVICE_8080_ENVS               ?= host
 HOST_IPFS_SERVICE_8080_TAGS               ?= $(call urlprefix,,,$(HOST_IPFS_SERVICE_8080_URIS) $(call servicenvs,HOST_IPFS,8080,URIS))
-HOST_IPFS_SERVICE_8080_URIS               ?= $(call uriprefix,*ipfs *ipns)
-HOST_IPFS_UFW_DOCKER                      ?= 4001/tcp 4001/udp 8080
+HOST_IPFS_SERVICE_8080_URIS               ?= $(call uriprefix,ipfs *.ipns)
+HOST_IPFS_UFW_UPDATE                      ?= 4001/tcp 4001/udp 8080
--- a/stack/host/ipfs.yml
+++ b/stack/host/ipfs.yml
@ -61,6 +61,8 @@ services:
    - IPFS_SWARM_RELAYCLIENT_ENABLED=${HOST_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
    - IPFS_SWARM_RELAYSERVICE_ENABLED=${HOST_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
    - IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${HOST_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
+    healthcheck:
+      timeout: 5s
    image: ${HOST_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
    labels:
    - SERVICE_4001_CHECK_TCP=true
@ -73,27 +75,15 @@ services:
    - SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-8080
    - SERVICE_8080_TAGS=${HOST_IPFS_SERVICE_8080_TAGS:-}
    - SERVICE_8081_IGNORE=true
-    networks:
-    - public
-    ports:
-    - 4001:4001/tcp
-    - 4001:4001/udp
-    - 5001:5001/tcp
-    - 8080:8080/tcp
+    network_mode: host
    restart: always
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    volumes:
-    - home:/home:delegated
    - ipfs:/data/ipfs:delegated

 volumes:
-  home:
  ipfs:

-networks:
-  public:
-    external: true
-    name: ${DOCKER_NETWORK_PUBLIC}
--- a/stack/host/volumes.dns.yml
+++ b/stack/host/volumes.dns.yml
@ -6,9 +6,7 @@ services:
    - DEFAULT=default_dns
    volumes:
    - dns:/dns
-  php:
-    volumes:
-    - dns:/dns

 volumes:
  dns:
+
--- a/stack/host/nginx.www.yml
+++ b/stack/host/nginx.www.yml
@ -0,0 +1,10 @@
+version: '3.6'
+
+services:
+  nginx:
+    volumes:
+    - www:/var/www
+
+volumes:
+  www:
+
--- a/stack/host/php.dns.yml
+++ b/stack/host/php.dns.yml
@ -0,0 +1,10 @@
+version: '3.6'
+
+services:
+  php:
+    volumes:
+    - dns:/dns
+
+volumes:
+  dns:
+
--- a/stack/host/php.www.yml
+++ b/stack/host/php.www.yml
@ -0,0 +1,10 @@
+version: '3.6'
+
+services:
+  php:
+    volumes:
+    - www:/var/www
+
+volumes:
+  www:
+
--- a/stack/host/php.yml
+++ b/stack/host/php.yml
@ -13,6 +13,7 @@ services:
    image: php:fpm-alpine
    networks:
    - public
+    restart: always

 networks:
  public:
--- a/stack/ipfs/ipfs.mk
+++ b/stack/ipfs/ipfs.mk
@ -5,8 +5,8 @@ IPFS_SERVICE_NAME                         ?= ipfs
 IPFS_SERVICE_5001_PATH                    ?= api/
 IPFS_SERVICE_5001_TAGS                    ?= $(call tagprefix,ipfs,5001)
 IPFS_SERVICE_8080_CHECK_HTTP              ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
-IPFS_SERVICE_8080_TAGS                    ?= $(call tagprefix,ipfs,8080)
-IPFS_SERVICE_8080_URIS                    ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
+IPFS_SERVICE_8080_TAGS                    ?= $(call urlprefix,,,$(IPFS_SERVICE_8080_URIS))
+IPFS_SERVICE_8080_URIS                    ?= $(call uriprefix,ipfs *.ipns)
 IPFS_VERSION                              ?= 0.16.0

 .PHONY: bootstrap-stack-ipfs
--- a/stack/postgres/postgres.latest.yml
+++ b/stack/postgres/postgres.latest.yml
@ -2,4 +2,4 @@ version: '3.6'

 services:
  postgres:
-    image: postgres:latest
+    image: postgres:alpine
--- a/stack/postgres/postgres.yml
+++ b/stack/postgres/postgres.yml
@ -4,6 +4,7 @@ services:
  postgres:
    environment:
    - POSTGRES_DB=${POSTGRES_DB:-postgres}
+    - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
    - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
    - POSTGRES_USER=${POSTGRES_USER:-postgres}
    labels: