Merge branch 'master' of https://gitea.sporada.eu/sporada/selfhosted-traefik

Add nextcloud service

nextcloud/collabora/loolwsd.xml.tpl

@@ -142,7 +142,7 @@
     <storage desc="Backend storage">
         <filesystem allow="false" />
         <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
-            <host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud\\.domain\\.com</host>
+            <host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud\.domain\.com</host>
             <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
             <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
             <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>

nextcloud/docker-compose.yml

@@ -37,7 +37,6 @@ services:
       - ${NEXTCLOUD_ROOT}/redis:/data
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
-      
 
   nextcloud-app:
     depends_on:
@@ -147,5 +146,3 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
       - ./collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml
-  
-  

nextcloud/live.env.tpl

@@ -14,14 +14,13 @@ REDIS_HOST_PASSWORD=password_redis
 NEXTCLOUD_ROOT=/home/compute/services/nextcloud
 NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
 NEXTCLOUD_FQDN=your_nextcloud_sub_domain.domain.com
-# This is the IP of the Trafik container. This changes if the traefik container restarts. If it is not the current traefik container IP collabora does not work. Check the current traefik container IP with: docker inspect traefik and get the IP from the Networks -> traefik_default -> IPAddress section
-TRAEFIK_CONTAINER_IP=172.27.0.16
+TRAEFIK_CONTAINER_IP=172.27.0.100 # This is the traefik container ip in the traefik_default network. I configured the traefik container with a static IP so this does not have to be changed anymore.
 PHP_MEMORY_LIMIT=2048M
 PHP_UPLOAD_LIMIT=8G
 
 # Collabora
 COLLABORA_FQDN=collabora.domain.com
-COLLABORA_DOMAIN=nextcloud_sub_domain\\.domain\\.com # This is the domain which the collabora server is requests accepting from.
+COLLABORA_DOMAIN=nextcloud_sub_domain\.domain\.com # This is the domain which the collabora server is requests accepting from.
 COLLABORA_USERNAME=username
 COLLABORA_PASSWORD=password_collabora
 

osp/README.md

@@ -0,0 +1,5 @@
+https://openstreamingplatform.com/
+
+Open Streaming Platform (OSP) is an open-source, RTMP streamer software front-end for Arut's Nginx-RTMP Module. OSP was designed as a self-hosted alternative to services such as Twitch.tv, Ustream.tv, Mixer, and Youtube Live. 
+
+This service is based on an older software version beta6d and not on the current version 0.8.8 because an docker image ist not available for it right now.

osp/docker-compose.yml

@@ -0,0 +1,72 @@
+version: '3.5'
+
+networks:
+  default:
+    external:
+      name: traefik_default
+
+services:
+  osp-app:
+    depends_on:
+      - osp-db
+      - osp-redis
+    container_name: osp-app
+    entrypoint: ["/opt/osp/setup/docker/wait-for-it.sh", "osp-db:3306", "--strict", "-t", "60", "--", "/opt/osp/setup/docker/entrypoint.sh"]
+    env_file: live.env
+    environment:
+      - DB_URL=mysql+pymysql://${MYSQL_USER}:${MYSQL_PASSWORD}@${MYSQL_HOST}:3306/${MYSQL_DATABASE}
+    image: deamos/openstreamingplatform:latest
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Routes
+      - "traefik.enable=true"
+      - "traefik.http.routers.osp.entrypoints=websecure"
+      - "traefik.http.routers.osp.rule=Host(`osp.${DOMAIN}`)"
+      - "traefik.http.routers.osp.tls=true"
+      - "traefik.http.routers.osp.tls.certresolver=myresolver"
+      - "traefik.http.services.osp.loadbalancer.server.port=80"
+      # RTMP specific
+      - "traefik.tcp.routers.rtmpcast.entrypoints=rtmp"
+      - "traefik.tcp.routers.rtmpcast.rule=HostSNI(`osp.${DOMAIN}`)"
+      - "traefik.tcp.routers.rtmpcast.service=rtmpcast"
+      - "traefik.tcp.routers.rtmpcast.tls=true"
+      - "traefik.tcp.routers.rtmpcast.tls.certresolver=myresolver"
+      - "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935"
+    networks:
+      - default
+    restart: unless-stopped
+    volumes:
+      - ${OSP_ROOT}/data:/var/www
+      - ${OSP_ROOT}/data/nginx/conf:/usr/local/nginx/conf
+
+  osp-db:
+    image: mariadb:10
+    container_name: osp-db
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    restart: unless-stopped
+    env_file: live.env
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - default
+    volumes:
+      - /etc/localtime:/etc/localtime:ro  
+      - /etc/timezone:/etc/timezone:ro
+      - ${OSP_ROOT}/db:/var/lib/mysql
+
+  osp-redis:
+    image: redis:6-alpine
+    container_name: osp-redis
+    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - default
+    restart: unless-stopped
+    volumes:
+      - ${OSP_ROOT}/redis:/data
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+

osp/live.env.tpl

@@ -0,0 +1,21 @@
+# MariaDB settings
+MYSQL_ROOT_PASSWORD=password_db_root
+MYSQL_DATABASE=osp
+MYSQL_USER=osp
+MYSQL_PASSWORD=password_db
+MYSQL_HOST=osp-db
+
+# Redis
+REDIS_HOST=osp-redis
+REDIS_HOST_PASSWORD=password_redis
+
+# osp
+OSP_ROOT=/home/compute/services/osp
+FLASK_SECRET=very_secret_key_change_me
+FLASK_SALT=very_secret_salt_key_change_me
+REDIS_PASSWORD=password_redis
+OSP_ALLOWREGISTRATION=False
+OSP_REQUIREVERIFICATION=False
+
+# Traefik
+DOMAIN=domain.com

owncast/README.md

@@ -0,0 +1,3 @@
+RTMPS traefik config inspired by this example:
+
+https://github.com/owncast/owncast/commit/b7ef15471577c5de0491995bb5e0f08a43bb2bb3

owncast/docker-compose.yml

@@ -0,0 +1,31 @@
+version: '3.5'
+
+networks:
+  default:
+    external:
+      name: traefik_default
+
+services:
+  owncast:
+    image: gabekangas/owncast:latest
+    restart: unless-stopped
+    container_name: owncast-app
+    env_file: live.env
+    networks:
+      - default
+    ports:
+      - "8080:8080"
+    volumes:
+      - ${OWNCAST_ROOT}/db:/db # Remove if you don't want chat persistant
+    command: /app/owncast -configFile=config.yaml -database=/db/chat.db
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.owncast.rule=Host(`watch.${DOMAIN}`)"
+      - "traefik.http.routers.owncast.entrypoints=websecure"
+      - "traefik.http.routers.owncast.tls.certresolver=myresolver"
+      - "traefik.tcp.routers.rtmpcast.entrypoints=rtmp"
+      - "traefik.tcp.routers.rtmpcast.rule=HostSNI(`watch.${DOMAIN}`)"
+      - "traefik.tcp.routers.rtmpcast.service=rtmpcast"
+      - "traefik.tcp.routers.rtmpcast.tls=true"
+      - "traefik.tcp.routers.rtmpcast.tls.certresolver=myresolver"
+      - "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935"

traefik/docker-compose.yml

@@ -3,10 +3,11 @@ version: '3.5'
 networks:
   default:
     driver: bridge
+    ipam:
+      config:
+        - subnet: 172.27.0.0/24
   socket_proxy:
-    external:
       name: socket_proxy
-  
 
 services:
   # Only accept needed incoming docker API calls
@@ -92,8 +93,9 @@ services:
     # The official v2 Traefik docker image
     image: traefik:v2.3
     networks:
-      - socket_proxy
-      - default
+      default:
+        ipv4_address: 172.27.0.100
+      socket_proxy: null
     env_file: live.env
     container_name: "traefik"
     # Enables the web UI and tells Traefik to listen to docker
@@ -103,7 +105,7 @@ services:
       - "--log.level=DEBUG"
       # API and Dashboard
       #- "--api.insecure=true"
-      - "--api=true"      
+      - "--api=true"
       - "--api.dashboard=true"
       # Docker as provider
       - "--providers.docker=true"
@@ -115,6 +117,8 @@ services:
       # TS3 entrypoints
       - "--entrypoints.ts-udp.address=:9987/udp"
       - "--entrypoints.ts-tcp.address=:30033"
+      # OSP rtmp entrypoints
+      - "--entrypoints.rtmp.address=:1935"
       # Use this CA server for testing
       # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
       - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
@@ -150,8 +154,10 @@ services:
       #- "8080:8080"
       # TS3 ports
       - "9987:9987/udp"
-      - "10011:10011"
+      #- "10011:10011"
       - "30033:30033"
+      # OSP rtmp ports
+      - "1935:1935"
     volumes:
       # For certificate
       - "./volumes/letsencrypt/acme.json:/letsencrypt/acme.json"

ts3/README.md

@@ -1,2 +1,2 @@
-This is now routed via traefik. 
-Still checking performance if working it is.
+This is now routed via traefik.
+Still checking performance if there is no package loss.

ts3/docker-compose.yml

@@ -26,7 +26,9 @@ services:
       - "traefik.tcp.routers.teamspeak-tcp.entrypoints=ts-tcp"
       - "traefik.tcp.routers.teamspeak-tcp.service=teamspeak-tcp"
       - "traefik.tcp.routers.teamspeak-tcp.rule=HostSNI(`ts3.${DOMAIN}`)"
-      - "traefik.tcp.services.teamspeak-tcp.loadbalancer.server.port=30033"      
+      - "traefik.tcp.routers.teamspeak-tcp.tls=true"
+      - "traefik.tcp.routers.teamspeak-tcp.tls.certresolver=myresolver"
+      - "traefik.tcp.services.teamspeak-tcp.loadbalancer.server.port=30033"
       # udp
       - "traefik.udp.routers.teamspeak-udp.entrypoints=ts-udp"
       - "traefik.udp.routers.teamspeak-udp.service=teamspeak-udp"
@@ -40,4 +42,4 @@ services:
     container_name: ts3-db
     restart: unless-stopped
     volumes:
-      - ./db:/var/lib/mysql
+    - ./db:/var/lib/mysql