Compare commits

...

109 Commits

Author SHA1 Message Date
compute
29713c9680 Update nextcloud docker-compose.yaml with:
- Update network settings
- Set file permissions on start for better migration
- some clean up
2024-04-28 11:26:02 +00:00
compute
2faad67b5c Update docker-compose files for new docker compose cli usage 2024-04-28 11:25:43 +00:00
compute
80478083d7 Update docker-compose files for new docker compose cli usage 2024-04-28 11:24:42 +00:00
compute
a7d42662db update .gitignore 2024-04-28 11:23:18 +00:00
compute
0f24a55811 Update traefik with some changes. Delete unused stuff add comments etc. 2024-04-21 18:46:57 +00:00
Stephan Porada
438ad328dc Update traefik, watchtower and docker-socket-proxy images 2024-02-24 14:50:36 +01:00
Stephan Porada
1985229e25 Update wordpress service 2024-02-24 14:31:47 +01:00
Stephan Porada
e365379c05 Explicitly use mariadb 10.11 LTS 2024-02-24 14:03:59 +01:00
Stephan Porada
c57924cb9e Explicitly use mariadb 10.11 LTS 2024-02-24 14:02:33 +01:00
Stephan Porada
16679fc78a Update nextcloud service 2024-02-24 14:00:12 +01:00
Stephan Porada
d2098f25b2 Add valheim server service 2024-02-24 13:27:25 +01:00
Stephan Porada
dc145c3375 Update .gitignore 2024-02-24 13:26:30 +01:00
Stephan Porada
fbd4cd674f Update docker-compose.yml of grocy 2023-10-29 08:41:49 +01:00
Stephan Porada
16b4231cdc Update Nexctloud to 27 2023-10-29 08:05:54 +01:00
Stephan Porada
8010a7e820 Remove old loolwsd.xml docker config as it is now coolwsd.xml and is correctly populated by the env file. 2022-09-02 20:29:36 +02:00
Stephan Porada
3955d121fc Update to nextcloud 24 2022-09-02 19:11:20 +02:00
Stephan Porada
f90b45116c add gorcy config.php 2022-03-13 11:10:40 +01:00
Stephan Porada
2cf9d1047d Edit .gitignore 2022-03-13 10:54:55 +01:00
Stephan Porada
3857df3f03 Add grocy and remove unused services 2022-03-13 10:51:30 +01:00
Stephan Porada
cebcda3bb1 Update nextcloud image to major version 23 2021-12-18 10:42:58 +01:00
Stephan Porada
650014a432 Edit live.env.tpl 2021-12-05 14:08:54 +01:00
Stephan Porada
dc501f2f2f Add Firefly III. 2021-12-05 14:00:05 +01:00
Stephan Porada
3de9dad43f Add silverstrike. 2021-10-31 11:36:37 +01:00
Stephan Porada
56a72a55e0 Use official coturn docker image.
Update nextcloud app to 22.
2021-10-31 10:36:33 +01:00
Stephan Porada
1d3a6792b3 Update nextcloud image to version 22
Update collabora version to 6.4.13.3
2021-10-31 10:06:55 +01:00
Stephan Porada
63a3247889 Remove .env syntax breaking file comment 2021-07-14 22:23:39 +02:00
Stephan Porada
2766dfc39a Downgrade maraiadb tag 10 to 10.5 2021-07-14 22:22:04 +02:00
3863722189 Update 'wordpress/live.env.tpl' 2021-05-11 15:35:36 +02:00
Stephan Porada
3022888213 Merge branch 'master' of https://gitea.sporada.eu/sporada/selfhosted-traefik 2021-05-09 08:46:16 +02:00
Stephan Porada
dd3e8c6dd5 Kind of working commit... 2021-05-09 08:44:58 +02:00
88ae9801bc Add 'owncast/README.md' 2021-05-08 09:51:21 +02:00
Stephan Porada
c1fcd9d7b1 Remove config.yaml 2021-05-06 12:15:50 +02:00
Stephan Porada
d5915f7f61 Add owncast and fix rtmp routes 2021-05-06 12:14:28 +02:00
Stephan Porada
5116449f7e Fix live.env.tpl with new static ip 2021-05-03 12:26:05 +02:00
Stephan Porada
d206507924 Merge branch 'master' of https://gitea.sporada.eu/sporada/selfhosted-traefik 2021-05-03 12:23:31 +02:00
Stephan Porada
ca84d8174b Configure traefik and nextcloud to use a static IP for collabora 2021-05-03 12:19:55 +02:00
1febed0fec Update 'nextcloud/collabora/loolwsd.xml.tpl' 2021-05-02 14:27:11 +02:00
b725a62c4a Update 'nextcloud/live.env.tpl' 2021-05-02 14:26:05 +02:00
Stephan Porada
5b80f9091c Change lables 2021-05-02 14:24:19 +02:00
Stephan Porada
88fed56f9c Update some things 2021-05-01 10:41:26 +02:00
Stephan Porada
698cef6d3d Add rtmp stuff 2021-04-30 18:35:00 +02:00
Stephan Porada
995262ebb2 Fix typo 2021-04-30 16:17:18 +02:00
Stephan Porada
d573b93f10 Fix database connection 2021-04-30 15:48:17 +02:00
Stephan Porada
849a45a24d Merge branch 'master' of https://gitea.sporada.eu/sporada/selfhosted-traefik 2021-04-30 15:06:23 +02:00
Stephan Porada
61307150e5 Add some volumes 2021-04-30 15:05:53 +02:00
67ec78b44e Update 'osp/docker-compose.yml' 2021-04-30 15:05:17 +02:00
0d926c760b Update 'osp/live.env.tpl' 2021-04-30 14:26:36 +02:00
23b5979b43 Update 'osp/live.env.tpl' 2021-04-30 14:21:16 +02:00
5859a66110 Update 'osp/live.env.tpl' 2021-04-30 14:16:39 +02:00
54106dc484 Update 'osp/live.env.tpl' 2021-04-30 14:13:19 +02:00
f7545b7ce6 Update 'osp/docker-compose.yml' 2021-04-30 14:08:48 +02:00
ae0c70f1d2 Update 'osp/live.env.tpl' 2021-04-30 14:06:34 +02:00
34322b44f2 Change ts3 data folder name to data as name 2021-04-30 13:59:13 +02:00
62f3bc7e25 Update 'osp/live.env.tpl' 2021-04-30 13:56:57 +02:00
29fbb35699 Update 'osp/live.env.tpl' 2021-04-30 13:55:02 +02:00
d13f9848b9 Add 'osp/live.env.tpl' 2021-04-30 13:48:59 +02:00
b451f1794c Add docker-compose.yml 2021-04-30 13:46:37 +02:00
b7cb95cacb Add folder and Readme for Open Streaming Paltform 2021-04-30 13:31:03 +02:00
af4f411222 Update 'ts3/docker-compose.yml' 2021-04-29 11:42:39 +02:00
52951c909a Update 'ts3/docker-compose.yml' 2021-04-29 11:40:24 +02:00
2401458db3 Update 'ts3/docker-compose.yml' 2021-04-29 11:37:49 +02:00
91451e2fd5 Remove clutter 2021-04-29 11:26:15 +02:00
3fa7f9e930 Delete 'nextcloud/collabora/loolwsd.xml' 2021-04-29 11:15:23 +02:00
8ffa30b17d Merge branches 'master' and 'remote_setup' of https://gitea.sporada.eu/sporada/selfhosted-traefik 2021-04-29 11:11:57 +02:00
ca3a126691 Update 'nextcloud/README.md' 2021-04-29 09:55:40 +02:00
79061ab73e Update 'nextcloud/README.md' 2021-04-29 09:54:16 +02:00
c2c08401cc Update 'nextcloud/README.md' 2021-04-29 09:52:39 +02:00
d39c11cb89 Update 'nextcloud/README.md' 2021-04-29 09:41:13 +02:00
232cb23bf9 Update 'nextcloud/README.md' 2021-04-28 09:16:15 +02:00
f3f1ef7b87 Update 'README.md' 2021-04-26 10:16:54 +02:00
42ac20d0a5 Update 'nextcloud/README.md' 2021-04-26 10:14:18 +02:00
ede5d30aab Update 'nextcloud/README.md' 2021-04-26 10:13:10 +02:00
6ea492244a Update 'README.md' 2021-04-26 10:10:26 +02:00
f8fda83d3e Update 'README.md' 2021-04-22 21:47:34 +02:00
981993197b Add .gitignore add traefik/README.md 2021-04-22 21:44:36 +02:00
51e31ed336 Add .gitignore add README.md 2021-04-22 21:42:20 +02:00
bbd2680e24 Add 'traefik/RE' 2021-04-22 21:39:34 +02:00
c9d0988954 Update 'gitea/docker-compose.yml' 2021-04-22 21:38:02 +02:00
3e2e267b63 Update 'traefik/docker-compose.yml' 2021-04-22 21:03:31 +02:00
e35f58ed06 Update 'ts3/live.env.tpl' 2021-04-22 16:35:29 +02:00
7ffd6b8638 Update 'ts3/docker-compose.yml' 2021-04-22 16:32:44 +02:00
c1995fb9b6 Update 'traefik/docker-compose.yml' 2021-04-22 16:27:11 +02:00
c3213609a2 Update 'nextcloud/mariadb-conf/docker.cnf' 2021-04-22 10:39:27 +02:00
dc18e19d2d Update 'nextcloud/mariadb-conf/docker.cnf' 2021-04-22 10:32:54 +02:00
a8d5d30860 Update 'nextcloud/mariadb-conf/docker.cnf' 2021-04-22 09:44:19 +02:00
f801da71f0 remove mariadb folder 2021-04-22 09:14:45 +02:00
81e972fe38 Replace mariadb and files within with mariadb-conf 2021-04-22 09:12:03 +02:00
d36559a730 Fix folder name 2021-04-22 09:09:41 +02:00
9d77dbd852 Fix mistake from commit before 2021-04-22 09:07:49 +02:00
6313799d56 update docker-compose to use mariadb docker.cnf for custom settings 2021-04-22 09:06:50 +02:00
a8e15141e7 Add 'nextcloud/mariadb/docker.cnf' 2021-04-22 09:04:01 +02:00
e504002bd2 Update 'nextcloud/README.md' 2021-04-22 08:30:13 +02:00
b3441aa8a9 Update 'nextcloud/README.md' 2021-04-21 11:32:48 +02:00
742807c77f Update nextcloud image to version 21 ( CRON and App) 2021-04-21 11:12:59 +02:00
d8ff0b67f3 Update nextcloud image to version 21 2021-04-21 11:11:43 +02:00
4bef286f43 Update 'nextcloud/live.env.tpl' 2021-04-21 10:05:19 +02:00
e6a53c0f90 „nextcloud/README.md“ ändern 2021-04-21 09:34:52 +02:00
4e90038674 „README.md“ ändern 2021-03-25 14:53:01 +01:00
36aab6d41a Add WIP setup guide 2021-03-25 14:50:47 +01:00
4116f9fc1d Dateien hochladen nach „wordpress“ 2021-03-25 14:45:24 +01:00
66ed1f76d9 Add ts3 service 2021-03-25 14:44:49 +01:00
3c7b1b29c1 Add traefik 2021-03-25 14:44:16 +01:00
994324d812 Add nginx-rtmp 2021-03-25 14:43:37 +01:00
e3fbe0d281 „nextcloud/README.md“ ändern 2021-03-25 14:42:45 +01:00
8a6433406d „nextcloud/README.md“ hinzufügen 2021-03-25 14:42:10 +01:00
434e66c95e Add collabora config 2021-03-25 14:39:33 +01:00
d66f34936b Dateien hochladen nach „nextcloud“
Add nextcloud service
2021-03-25 14:37:52 +01:00
6105b70fbf Dateien hochladen nach „gitea“
Add Gite service
2021-03-25 14:37:10 +01:00
51db14c505 Initial commit 2021-03-25 14:02:37 +01:00
22 changed files with 850 additions and 252 deletions

4
.gitignore vendored
View File

@ -12,3 +12,7 @@ loolwsd.xml
**/redis/
**/html/
**/volumes/
**/config/
# tar files
*.tar

View File

@ -0,0 +1,47 @@
networks:
default:
name: traefik_default
external: true
services:
firefly-app:
image: fireflyiii/core:latest
restart: unless-stopped
container_name: firefly-app
networks:
- default
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.firefly.entrypoints=websecure"
- "traefik.http.routers.firefly.rule=Host(`firefly.${DOMAIN}`)"
- "traefik.http.routers.firefly.tls=true"
- "traefik.http.routers.firefly.tls.certresolver=myresolver"
# - "traefik.http.services.firefly.loadbalancer.server.port=3000"
volumes:
- ${FIREFLY_ROOT}/data:/var/www/html/storage/upload
env_file: live.env
# ports:
# - 80:8080
depends_on:
- firefly-db
firefly-db:
image: mariadb
container_name: firefly-db
restart: unless-stopped
networks:
- default
labels:
- "com.centurylinklabs.watchtower.enable=true"
env_file:
- live.env
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
- MYSQL_USER=${DB_USERNAME}
- MYSQL_PASSWORD=${DB_PASSWORD}
- MYSQL_DATABASE=${DB_DATABASE}
volumes:
- ${FIREFLY_ROOT}/db:/var/lib/mysql

316
firefly/live.env.tpl Normal file
View File

@ -0,0 +1,316 @@
# Custom variables
FIREFLY_ROOT=/home/compute/services/firefly
DOMAIN=domain.com
# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".
APP_ENV=local
# Set to true if you want to see debug information in error screens.
APP_DEBUG=false
# This should be your email address.
# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
SITE_OWNER=porada@posteo.de
# The encryption key for your sessions. Keep this very secure.
# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
APP_KEY=superSecretKeyWith32CharsChangeMe
# Firefly III will launch using this language (for new users and unauthenticated visitors)
# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
#
# If text is still in English, remember that not everything may have been translated.
DEFAULT_LANGUAGE=en_US
# The locale defines how numbers are formatted.
# by default this value is the same as whatever the language is.
DEFAULT_LOCALE=de_DE
# Change this value to your preferred time zone.
# Example: Europe/Amsterdam
# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Europe/Amsterdam
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
# Set it to ** and reverse proxies work just fine.
TRUSTED_PROXIES=**
# The log channel defines where your log entries go to.
# Several other options exist. You can use 'single' for one big fat error log (not recommended).
# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
# A cool option is 'papertrail' for cloud logging
# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
LOG_CHANNEL=stack
#
# Used when logging to papertrail:
#
PAPERTRAIL_HOST=
PAPERTRAIL_PORT=
# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.
APP_LOG_LEVEL=notice
# Audit log level.
# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise.
AUDIT_LOG_LEVEL=info
# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
# Use "pgsql" for PostgreSQL
# Use "mysql" for MySQL and MariaDB.
# Use "sqlite" for SQLite.
DB_CONNECTION=mysql
DB_HOST=firefly-db
DB_PORT=3306
DB_DATABASE=fireflydb
DB_USERNAME=fireflyuser
DB_PASSWORD=passwordChangeMe
# MySQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MYSQL_USE_SSL=false
MYSQL_SSL_VERIFY_SERVER_CERT=true
# You need to set at least of these options
MYSQL_SSL_CAPATH=/etc/ssl/certs/
MYSQL_SSL_CA=
MYSQL_SSL_CERT=
MYSQL_SSL_KEY=
MYSQL_SSL_CIPHER=
# PostgreSQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
PGSQL_SSL_MODE=prefer
PGSQL_SSL_ROOT_CERT=null
PGSQL_SSL_CERT=null
PGSQL_SSL_KEY=null
PGSQL_SSL_CRL_FILE=null
# If you're looking for performance improvements, you could install memcached or redis
CACHE_DRIVER=file
SESSION_DRIVER=file
# If you set either of the options above to 'redis', you might want to update these settings too
# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
# REDIS_PORT_FILE to set the value from a file instead of from an environment variable
# can be tcp, unix or http
REDIS_SCHEME=tcp
# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
REDIS_PATH=
# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
REDIS_PASSWORD=null
# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
REDIS_DB="0"
REDIS_CACHE_DB="1"
# Cookie settings. Should not be necessary to change these.
# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
# the value from a file instead of from an environment variable
# Setting samesite to "strict" may give you trouble logging in.
COOKIE_PATH="/"
COOKIE_DOMAIN=
COOKIE_SECURE=false
COOKIE_SAMESITE=lax
# If you want Firefly III to email you, update these settings
# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAIL_MAILER=log
MAIL_HOST=null
MAIL_PORT=2525
MAIL_FROM=changeme@example.com
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
# Other mail drivers:
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAILGUN_DOMAIN=
MAILGUN_SECRET=
# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net
# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
MAILGUN_ENDPOINT=api.mailgun.net
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MANDRILL_SECRET=
SPARKPOST_SECRET=
# Firefly III can send you the following messages.
SEND_REGISTRATION_MAIL=true
SEND_ERROR_MESSAGE=true
SEND_LOGIN_NEW_IP_WARNING=true
# These messages contain (sensitive) transaction information:
SEND_REPORT_JOURNALS=true
# Set this value to true if you want to set the location
# of certain things, like transactions. Since this involves an external service, it's optional
# and disabled by default.
ENABLE_EXTERNAL_MAP=false
# The map will default to this location:
MAP_DEFAULT_LAT=51.983333
MAP_DEFAULT_LONG=5.916667
MAP_DEFAULT_ZOOM=6
#
# Firefly III authentication settings
#
#
# Firefly III supports a few authentication methods:
# - 'web' (default, uses built in DB)
# - 'ldap'
# - 'remote_user_guard' for Authelia etc
# Read more about these settings in the documentation.
# https://docs.firefly-iii.org/advanced-installation/authentication
AUTHENTICATION_GUARD=web
#
# Your LDAP server may speak a dialect. You can choose between 'OpenLDAP' and 'ActiveDirectory'
# Anything else defaults to 'ActiveDirectory'
#
LDAP_DIALECT=OpenLDAP
#
# LDAP connection settings:
#
LDAP_HOST=ldap.yourserver.com
LDAP_PORT=389
LDAP_TIMEOUT=5
LDAP_SSL=false
LDAP_TLS=false
LDAP_BASE_DN="o=something,dc=site,dc=com"
LDAP_USERNAME="uid=X,ou=,o=,dc=something,dc=com"
LDAP_PASSWORD=super_secret
LDAP_AUTH_FIELD=uid
#
# If you wish to only authenticate users from a specific group, use the base DN above.
#
# If you require extra/special filters please use the LDAP_EXTRA_FILTER with a valid DN.
#
# The extra filter will only be applied after the user is authenticated.
#
LDAP_EXTRA_FILTER=
#
# Remote user guard settings
#
AUTHENTICATION_GUARD_HEADER=REMOTE_USER
AUTHENTICATION_GUARD_EMAIL=
#
# Extra authentication settings
#
CUSTOM_LOGOUT_URL=
# You can disable the X-Frame-Options header if it interferes with tools like
# Organizr. This is at your own risk. Applications running in frames run the risk
# of leaking information to their parent frame.
DISABLE_FRAME_HEADER=false
# You can disable the Content Security Policy header when you're using an ancient browser
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
# This is at your own risk.
DISABLE_CSP_HEADER=false
# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
# Do not prepend the TRACKER_URL with http:// or https://
# The only tracker supported is Matomo.
# You can set the following variables from a file by appending them with _FILE:
TRACKER_SITE_ID=
TRACKER_URL=
#
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
#
ALLOW_WEBHOOKS=false
#
# The static cron job token can be useful when you use Docker and wish to manage cron jobs.
# 1. Set this token to any 32-character value (this is important!).
# 2. Use this token in the cron URL instead of a user's command line token.
#
# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/
#
STATIC_CRON_TOKEN=
# You can fine tune the start-up of a Docker container by editing these environment variables.
# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data.
# However if you know what you're doing you can significantly speed up container start times.
# Set each value to true to enable, or false to disable.
# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
# Won't significantly speed up things.
DKR_CHECK_SQLITE=true
# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
# and is up to date.
DKR_RUN_MIGRATION=true
# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
# with the latest fixes (outside of migrations!)
DKR_RUN_UPGRADE=true
# Verify database integrity. Includes all data checks and verifications.
# Disabling this makes Firefly III assume your DB is intact.
DKR_RUN_VERIFY=true
# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
DKR_RUN_REPORT=true
# Generate OAuth2 keys.
# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
# you had previously generated keys already and they're stored in your database for restoration.
DKR_RUN_PASSPORT_INSTALL=true
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
APP_NAME=FireflyIII
ADLDAP_CONNECTION=default
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
CACHE_PREFIX=firefly
PUSHER_KEY=
IPINFO_TOKEN=
PUSHER_SECRET=
PUSHER_ID=
DEMO_USERNAME=
DEMO_PASSWORD=
IS_HEROKU=false
FIREFLY_III_LAYOUT=v1
#
# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
# This configuration value WILL NOT HELP.
#
# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff.
#
# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
# So when configuring anything WEB related this variable doesn't do anything. Nothing
#
# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
#
APP_URL=http://localhost

View File

@ -1,13 +1,11 @@
version: '3.5'
networks:
default:
external:
name: traefik_default
name: traefik_default
external: true
services:
gitea-db:
image: mariadb:10
image: mariadb:10.11
container_name: gitea-db
restart: unless-stopped
env_file: live.env

211
grocy/data/data/config.php Normal file
View File

@ -0,0 +1,211 @@
<?php
// Settings can also be overwritten in two ways:
//
// First priority:
// A .txt file with the same name as the setting in /data/settingoverrides
// the content of the file is used as the setting value
//
// Second priority:
// An environment variable with the same name as the setting and prefix "GROCY_"
// so for example "GROCY_BASE_URL"
//
// Third priority:
// The settings defined here below
// Either "production", "dev", "demo" or "prerelease"
// When not "production", authentication will be disabled and
// demo data will be populated during database migrations
Setting('MODE', 'production');
// The directory name of one of the available localization folders
// in the "/localization" directory (e.g. "en" or "de")
Setting('DEFAULT_LOCALE', 'de');
// This is used to define the first day of a week for calendar views,
// leave empty to use the locale default
// Needs to be a number where Sunday = 0, Monday = 1 and so forth
Setting('CALENDAR_FIRST_DAY_OF_WEEK', '');
// If calendars should show week numbers
Setting('CALENDAR_SHOW_WEEK_OF_YEAR', true);
// Set this if you want to have a different start day for the weekly meal plan view,
// leave empty to use CALENDAR_FIRST_DAY_OF_WEEK (see above)
// Needs to be a number where Sunday = 0, Monday = 1 and so forth
Setting('MEAL_PLAN_FIRST_DAY_OF_WEEK', '');
// To keep it simple: grocy does not handle any currency conversions,
// this here is used to format all money values,
// so doesn't really matter, but needs to be the
// ISO 4217 code of the currency ("USD", "EUR", "GBP", etc.)
Setting('CURRENCY', 'EUR');
// When running grocy in a subdirectory, this should be set to the relative path, otherwise empty
// It needs to be set to the part (of the URL) AFTER the document root,
// if URL rewriting is disabled, including index.php
// Example with URL Rewriting support:
// Root URL = https://example.com/grocy
// => BASE_PATH = /grocy
// Example without URL Rewriting support:
// Root URL = https://example.com/grocy/public/index.php/
// => BASE_PATH = /grocy/public/index.php
Setting('BASE_PATH', '');
// The base URL of your installation,
// should be just "/" when running directly under the root of a (sub)domain
// or for example "https://example.com/grocy" when using a subdirectory
Setting('BASE_URL', '/');
// The plugin to use for external barcode lookups,
// must be the filename (folder /data/plugins) without the .php extension,
// see /data/plugins/DemoBarcodeLookupPlugin.php for an example implementation
Setting('STOCK_BARCODE_LOOKUP_PLUGIN', 'DemoBarcodeLookupPlugin');
// If, however, your webserver does not support URL rewriting, set this to true
Setting('DISABLE_URL_REWRITING', false);
// Specify an custom homepage if desired, by default the homepage will be set to the stock overview page
// This needs to be one of the following values:
// stock, shoppinglist, recipes, chores, tasks, batteries, equipment, calendar, mealplan
Setting('ENTRY_PAGE', 'stock');
// Set this to true if you want to disable authentication / the login screen,
// places where user context is needed will then use the default (first existing) user
Setting('DISABLE_AUTH', false);
// Either "Grocy\Middleware\DefaultAuthMiddleware", "Grocy\Middleware\ReverseProxyAuthMiddleware"
// or any class that implements Grocy\Middleware\AuthMiddleware
Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
// Options when using ReverseProxyAuthMiddleware
Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER'); // The name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
Setting('REVERSE_PROXY_AUTH_USE_ENV', false); // Set to true if the username is passed as environment variable
// Options when using LdapAuthMiddleware
Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
Setting('LDAP_BASE_DN', ''); // Example value "DC=local,DC=berrnd,DC=net"
Setting('LDAP_BIND_DN', ''); // Example value "CN=grocy_bind_account,OU=service_accounts,DC=local,DC=berrnd,DC=net"
Setting('LDAP_BIND_PW', ''); // Password for the above account
Setting('LDAP_USER_FILTER', ''); // Example value "(OU=grocy_users)"
Setting('LDAP_UID_ATTR', ''); // Windows AD: "sAMAccountName", OpenLDAP: "uid", GLAuth: "cn"
// Default permissions for new users
// the array needs to contain the technical/constant names
// See the file controllers/Users/User.php for possible values
Setting('DEFAULT_PERMISSIONS', ['ADMIN']);
// "1D" (=> Code128) or "2D" (=> DataMatrix)
Setting('GROCYCODE_TYPE', '1D');
// Label printer settings
Setting('LABEL_PRINTER_WEBHOOK', ''); // The URI that grocy will POST to when asked to print a label
Setting('LABEL_PRINTER_RUN_SERVER', true); // Whether the webhook will be called server- or client-side
Setting('LABEL_PRINTER_PARAMS', ['font_family' => 'Source Sans Pro (Regular)']); // Additional parameters supplied to the webhook
Setting('LABEL_PRINTER_HOOK_JSON', false); // TRUE to use JSON or FALSE to use normal POST request variables
// Thermal printer options
// Thermal printers are receipt printers, not regular printers,
// the printer must support the ESC/POS protocol, see https://github.com/mike42/escpos-php
Setting('TPRINTER_IS_NETWORK_PRINTER', false); // Set to true if it's a network printer
Setting('TPRINTER_PRINT_QUANTITY_NAME', true); // Set to false if you do not want to print the quantity names (related to the shopping list)
Setting('TPRINTER_PRINT_NOTES', true); // Set to false if you do not want to print notes (related to the shopping list)
Setting('TPRINTER_IP', '127.0.0.1'); // IP of the network printer (does only matter if it's a network printer)
Setting('TPRINTER_PORT', 9100); // Port of the network printer (does only matter if it's a network printer)
Setting('TPRINTER_CONNECTOR', '/dev/usb/lp0'); // Printer device (does only matter if you use a locally attached printer)
// For USB on Linux this is often '/dev/usb/lp0', for serial printers it could be similar to '/dev/ttyS0'
// Make sure that the user that runs the webserver has permissions to write to the printer - on Linux add your webserver user to the LP group with usermod -a -G lp www-data
// Feature flags
// Here you can disable the parts which you don't need to have a less cluttered UI
// (set the setting to "false" to disable the corresponding part, which should be self explanatory)
Setting('FEATURE_FLAG_STOCK', true);
Setting('FEATURE_FLAG_SHOPPINGLIST', true);
Setting('FEATURE_FLAG_RECIPES', true);
Setting('FEATURE_FLAG_CHORES', true);
Setting('FEATURE_FLAG_TASKS', true);
Setting('FEATURE_FLAG_BATTERIES', true);
Setting('FEATURE_FLAG_EQUIPMENT', true);
Setting('FEATURE_FLAG_CALENDAR', true);
Setting('FEATURE_FLAG_LABEL_PRINTER', false);
// Sub feature flags
Setting('FEATURE_FLAG_STOCK_PRICE_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_LOCATION_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING', true);
Setting('FEATURE_FLAG_STOCK_PRODUCT_FREEZING', true);
Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD', true); // Activate the number pad in due date fields on (supported) mobile browsers
Setting('FEATURE_FLAG_SHOPPINGLIST_MULTIPLE_LISTS', true);
Setting('FEATURE_FLAG_CHORES_ASSIGNMENTS', true);
Setting('FEATURE_FLAG_THERMAL_PRINTER', false);
// Feature settings
Setting('FEATURE_FLAG_DISABLE_BROWSER_BARCODE_CAMERA_SCANNING', false); // Set this to true if you want to disable the ability to scan a barcode via the device camera (Browser API)
Setting('FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA', true); // Enables the torch automatically (if the device has one)
// Default user settings
// These settings can be changed per user, below here are the defaults
// which are used when the user has not changed the setting so far
// Night mode related
DefaultUserSetting('night_mode_enabled', false); // If night mode is enabled always
DefaultUserSetting('auto_night_mode_enabled', false); // If night mode is enabled automatically when inside a given time range (see the two settings below)
DefaultUserSetting('auto_night_mode_time_range_from', '20:00'); // Format HH:mm
DefaultUserSetting('auto_night_mode_time_range_to', '07:00'); // Format HH:mm
DefaultUserSetting('auto_night_mode_time_range_goes_over_midnight', true); // If the time range above goes over midnight
// Generic settings
DefaultUserSetting('auto_reload_on_db_change', false); // If the page should be automatically reloaded when there was an external change
DefaultUserSetting('show_clock_in_header', false); // Show a clock in the header next to the logo or not
DefaultUserSetting('keep_screen_on', false); // If the screen should always be kept on
DefaultUserSetting('keep_screen_on_when_fullscreen_card', false); // If the screen should be kept on when a "fullscreen-card" is displayed
// Stock settings
DefaultUserSetting('product_presets_location_id', -1); // Default location id for new products (-1 means no location is preset)
DefaultUserSetting('product_presets_product_group_id', -1); // Default product group id for new products (-1 means no product group is preset)
DefaultUserSetting('product_presets_qu_id', -1); // Default quantity unit id for new products (-1 means no quantity unit is preset)
DefaultUserSetting('product_presets_default_due_days', 0); // Default due days for new products (-1 means that the product will be never overdue)
DefaultUserSetting('product_presets_treat_opened_as_out_of_stock', true); // Default "Treat opened as out of stock" option for new products
DefaultUserSetting('stock_decimal_places_amounts', 4); // Default decimal places allowed for amounts
DefaultUserSetting('stock_decimal_places_prices', 2); // Default decimal places allowed for prices
DefaultUserSetting('stock_auto_decimal_separator_prices', false); // If the decimal separator should be set automatically for amount inputs
DefaultUserSetting('stock_due_soon_days', 5); // The "expiring soon" days
DefaultUserSetting('stock_default_purchase_amount', 0); // The default amount prefilled on the purchase page
DefaultUserSetting('stock_default_consume_amount', 1); // The default amount prefilled on the consume page
DefaultUserSetting('stock_default_consume_amount_use_quick_consume_amount', false); // If the products quick consume amount should be prefilled on the consume page
DefaultUserSetting('scan_mode_consume_enabled', false); // If scan mode on the consume page is enabled
DefaultUserSetting('scan_mode_purchase_enabled', false); // If scan mode on the purchase page is enabled
DefaultUserSetting('show_icon_on_stock_overview_page_when_product_is_on_shopping_list', true); // When enabled, an icon is shown on the stock overview page (next to the product name) when the prodcut is currently on a shopping list
DefaultUserSetting('show_purchased_date_on_purchase', false); // Whether the purchased date should be editable on purchase (defaults to today otherwise)
DefaultUserSetting('show_warning_on_purchase_when_due_date_is_earlier_than_next', true); // Show a warning on purchase when the due date of the purchased product is earlier than the next due date in stock
// Shopping list settings
DefaultUserSetting('shopping_list_to_stock_workflow_auto_submit_when_prefilled', false); // Automatically do the booking using the last price and the amount of the shopping list item, if the product has "Default due days" set
DefaultUserSetting('shopping_list_show_calendar', false); // When enabled, a small (month view) calendar will be shown on the shopping list page
// Recipe settings
DefaultUserSetting('recipe_ingredients_group_by_product_group', false); // Group recipe ingredients by their product group
DefaultUserSetting('recipes_show_list_side_by_side', true); // If the recipe should be displayed next to recipe list on the recipes page
// Chores settings
DefaultUserSetting('chores_due_soon_days', 5); // The "due soon" days
// Batteries settings
DefaultUserSetting('batteries_due_soon_days', 5); // The "due soon" days
// Tasks settings
DefaultUserSetting('tasks_due_soon_days', 5); // The "due soon" days
// Component configuration for Quagga2 - read https://github.com/ericblade/quagga2#configobject for details
// Below is a generic good configuration,
// for an iPhone 7 Plus, halfsample = true, patchsize = small, frequency = 5 yields very good results
DefaultUserSetting('quagga2_numofworkers', 4);
DefaultUserSetting('quagga2_halfsample', false);
DefaultUserSetting('quagga2_patchsize', 'medium');
DefaultUserSetting('quagga2_frequency', 10);
DefaultUserSetting('quagga2_debug', true);

33
grocy/docker-compose.yml Normal file
View File

@ -0,0 +1,33 @@
networks:
default:
name: traefik_default
external: true
services:
grocy-frontend:
image: lscr.io/linuxserver/grocy:latest
container_name: grocy-app
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ${GROCY_ROOT}/data:/config
environment:
- USER_UID=1000
- USER_GID=1000
- TZ=CET
env_file: live.env
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.grocy.entrypoints=websecure"
- "traefik.http.routers.grocy.rule=Host(`grocy.${DOMAIN}`)"
- "traefik.http.routers.grocy.tls=true"
- "traefik.http.routers.grocy.tls.certresolver=myresolver"
networks:
- default
ports:
- 9283:80

50
grocy/live.env.tpl Normal file
View File

@ -0,0 +1,50 @@
# Grocy Environment Variables
# These environment variables affect PHP and the grocy application
# For a full list of grocy settings, see config-dist.php in the main grocy repo:
#
# https://github.com/grocy/grocy/blob/master/config-dist.php
#
# Grocy application settings must be prefixed with 'GROCY_'.
#
# For example, if we'd like to configure grocy to use Euros (EUR):
#
# Setting('CURRENCY', 'USD');
#
# Then we would set GROCY_CURRENCY=EUR
## User-supplied Variables
# These are environment variables that may be supplied by the user
# No values are supplied for these as part of this distribution
# When you're ready to deploy grocy in production, set GROCY_MODE=production
# to enable user authentication
GROCY_MODE=production
## Distribution-supplied Variables
# These are 'sensible defaults' provided as part of the grocy-docker
# distribution.
# GROCY_CULTURE configures localization of the grocy application
# Supported locales: https://github.com/grocy/grocy/tree/master/localization
GROCY_CULTURE=de
GROCY_CURRENCY=EUR
GROCY_DEFAULT_LOCALE=de
# Grocy Mode
GROCY_MODE=production
# PHP Environment variables
MAX_UPLOAD=50M
PHP_MAX_FILE_UPLOAD=200
PHP_MAX_POST=100M
PHP_MEMORY_LIMIT=512M
#Custom Settings
GROCY_ROOT=/home/compute/services/grocy
DOMAIN=domain.com

View File

@ -1,183 +0,0 @@
<config>
<!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
<!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->
<allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
<sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
<child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
<mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
<server_name desc="External hostname:port of the server running loolwsd. If empty, it's derived from the request (please set it if this doesn't work). Must be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">collabora.domain.com</server_name>
<file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet." type="path" relative="true" default="loleaflet/../"></file_server_root_path>
<memproportion desc="The maximum percentage of system memory consumed by all of the Collabora Online Development Edition, after which we start cleaning up idle documents" type="double" default="80.0"></memproportion>
<num_prespawn_children desc="Number of child processes to keep started in advance and waiting for new clients." type="uint" default="1">1</num_prespawn_children>
<per_document desc="Document-specific settings, including LO Core settings.">
<max_concurrency desc="The maximum number of threads to use while processing a document." type="uint" default="4">4</max_concurrency>
<batch_priority desc="A (lower) priority for use by batch eg. convert-to processes to avoid starving interactive ones" type="uint" default="5">5</batch_priority>
<document_signing_url desc="The endpoint URL of signing server, if empty the document signing is disabled" type="string" default=""></document_signing_url>
<redlining_as_comments desc="If true show red-lines as comments" type="bool" default="false">false</redlining_as_comments>
<idle_timeout_secs desc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour." type="uint" default="3600">3600</idle_timeout_secs>
<!-- Idle save and auto save are checked every 30 seconds -->
<!-- They are disabled when the value is zero or negative. -->
<idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved. Defaults to 30 seconds." type="int" default="30">30</idlesave_duration_secs>
<autosave_duration_secs desc="The number of seconds after which document, if modified, should be saved. Defaults to 5 minutes." type="int" default="300">300</autosave_duration_secs>
<always_save_on_exit desc="On exiting the last editor, always perform the save, even if the document is not modified." type="bool" default="false">false</always_save_on_exit>
<limit_virt_mem_mb desc="The maximum virtual memory allowed to each document process. 0 for unlimited." type="uint">0</limit_virt_mem_mb>
<limit_stack_mem_kb desc="The maximum stack size allowed to each document process. 0 for unlimited." type="uint">8000</limit_stack_mem_kb>
<limit_file_size_mb desc="The maximum file size allowed to each document process to write. 0 for unlimited." type="uint">0</limit_file_size_mb>
<limit_num_open_files desc="The maximum number of files allowed to each document process to open. 0 for unlimited." type="uint">0</limit_num_open_files>
<limit_load_secs desc="Maximum number of seconds to wait for a document load to succeed. 0 for unlimited." type="uint" default="100">100</limit_load_secs>
<limit_convert_secs desc="Maximum number of seconds to wait for a document conversion to succeed. 0 for unlimited." type="uint" default="100">100</limit_convert_secs>
<cleanup desc="Checks for resource consuming (bad) documents and kills associated kit process. A document is considered resource consuming (bad) if is in idle state for idle_time_secs period and memory usage passed limit_dirty_mem_mb or CPU usage passed limit_cpu_per" enable="false">
<cleanup_interval_ms desc="Interval between two checks" type="uint" default="10000">10000</cleanup_interval_ms>
<bad_behavior_period_secs desc="Minimum time period for a document to be in bad state before associated kit process is killed. If in this period the condition for bad document is not met once then this period is reset" type="uint" default="60">60</bad_behavior_period_secs>
<idle_time_secs desc="Minimum idle time for a document to be candidate for bad state" type="uint" default="300">300</idle_time_secs>
<limit_dirty_mem_mb desc="Minimum memory usage for a document to be candidate for bad state" type="uint" default="3072">3072</limit_dirty_mem_mb>
<limit_cpu_per desc="Minimum CPU usage for a document to be candidate for bad state" type="uint" default="85">85</limit_cpu_per>
</cleanup>
</per_document>
<per_view desc="View-specific settings.">
<out_of_focus_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 120 seconds." type="uint" default="120">120</out_of_focus_timeout_secs>
<idle_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes." type="uint" default="900">900</idle_timeout_secs>
</per_view>
<loleaflet_html desc="Allows UI customization by replacing the single endpoint of loleaflet.html" type="string" default="loleaflet.html">loleaflet.html</loleaflet_html>
<logging>
<color type="bool">true</color>
<level type="string" desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">warning</level>
<protocol type="bool" desc="Enable minimal client-site JS protocol logging from the start">false</protocol>
<!-- lokit_sal_log example: Log WebDAV-related messages, that is interesting for debugging Insert - Image operation: "+TIMESTAMP+INFO.ucb.ucp.webdav+WARN.ucb.ucp.webdav"
See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
<lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
<file enable="false">
<!-- If you use other path than /var/log and you run loolwsd from systemd, make sure that you enable that path in loolwsd.service (ReadWritePaths). -->
<property name="path" desc="Log file path.">/var/log/loolwsd.log</property>
<property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
<property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
<property name="compress" desc="Enable/disable log file compression.">true</property>
<property name="purgeAge" desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
<property name="purgeCount" desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
<property name="rotateOnOpen" desc="Enable/disable log file rotation on opening.">true</property>
<property name="flush" desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
</file>
<anonymize>
<anonymize_user_data type="bool" desc="Enable to anonymize/obfuscate of user-data in logs. If default is true, it was forced at compile-time and cannot be disabled." default="false">false</anonymize_user_data>
<anonymization_salt type="uint" desc="The salt used to anonymize/obfuscate user-data in logs. Use a secret 64-bit random number." default="82589933">82589933</anonymization_salt>
</anonymize>
</logging>
<loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
<filter>
<message desc="Regex pattern of messages to exclude"></message>
</filter>
<outgoing>
<record desc="Whether or not to record outgoing messages" default="false">false</record>
</outgoing>
</trace>
<net desc="Network settings">
<!-- On systems where localhost resolves to IPv6 [::1] address first, when net.proto is all and net.listen is loopback, loolwsd unexpectedly listens on [::1] only.
You need to change net.proto to IPv4, if you want to use 127.0.0.1. -->
<proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
<listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
<service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
<proxy_prefix type="bool" default="false" desc="Enable a ProxyPrefix to be passed int through which to redirect requests"></proxy_prefix>
<post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
<host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
<host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
<host desc="The IPv4 private 172.17.0.0/16 subnet (Docker).">172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
</post_allow>
<frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
<connection_timeout_secs desc="Specifies the connection, send, recv timeout in seconds for connections initiated by loolwsd (such as WOPI connections)." type="int" default="30"></connection_timeout_secs>
</net>
<ssl desc="SSL settings">
<enable type="bool" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
<cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
<hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
<report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
<pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
<pin></pin>
</pins>
</hpkp>
</ssl>
<security desc="Altering these defaults potentially opens you to significant risk">
<seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
<capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
</security>
<watermark>
<opacity desc="Opacity of on-screen watermark from 0.0 to 1.0" type="double" default="0.2"></opacity>
<text desc="Watermark text to be displayed on the document if entered" type="string"></text>
</watermark>
<welcome>
<enable type="bool" desc="Controls whether the welcome screen should be shown to the users on new install and updates." default="true">true</enable>
<enable_button type="bool" desc="Controls whether the welcome screen should have an explanatory button instead of an X button to close the dialog." default="false">false</enable_button>
<path desc="Path to 'welcome-$lang.html' files served on first start or when the version changes. When empty, defaults to the Release notes." type="path" relative="true" default="loleaflet/welcome"></path>
</welcome>
<user_interface>
<mode type="string" desc="Controls the user interface style (classic|notebookbar)" default="classic">classic</mode>
</user_interface>
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud\\.domain\\.com</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
<reuse_cookies desc="When enabled, cookies from the browser will be captured and set on WOPI requests." type="bool" default="false">false</reuse_cookies>
<locking desc="Locking settings">
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking>
</wopi>
<webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
<host desc="Hostname to allow" allow="false">nextcloud.domain.com</host>
</webdav>
<ssl desc="SSL settings">
<as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
<enable type="bool" desc="If as_scheme is false or not set, this can be set to force SSL encryption between storage and loolwsd. When empty this defaults to following the ssl.enable setting"></enable>
<cert_file_path desc="Path to the cert file" relative="false"></cert_file_path>
<key_file_path desc="Path to the key file" relative="false"></key_file_path>
<ca_file_path desc="Path to the ca file. If this is not empty, then SSL verification will be strict, otherwise cert of storage (WOPI-like host) will not be verified." relative="false"></ca_file_path>
<cipher_list desc="List of OpenSSL ciphers to accept. If empty the defaults are used. These can be overriden only if absolutely needed."></cipher_list>
</ssl>
</storage>
<tile_cache_persistent desc="Should the tiles persist between two editing sessions of the given document?" type="bool" default="true">true</tile_cache_persistent>
<admin_console desc="Web admin console settings.">
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled.">username</username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">test</password>
</admin_console>
<monitors desc="Addresses of servers we connect to on start for monitoring">
</monitors>
</config>

View File

@ -1,14 +1,12 @@
version: '3.5'
networks:
default:
external:
name: traefik_default
name: traefik_default
external: true
services:
nextcloud-db:
env_file: live.env
image: mariadb:10
image: mariadb:10.11
container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
labels:
@ -38,19 +36,21 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
nextcloud-app:
depends_on:
- nextcloud-db
- nextcloud-redis
container_name: nextcloud-app
command: >
bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
env_file: live.env
environment:
- NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}'
- NEXTCLOUD_DATA_DIR='${NEXTCLOUD_DATA_DIR}'
extra_hosts:
- "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
- "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
image: nextcloud:21
image: nextcloud:28
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
@ -78,17 +78,19 @@ services:
restart: unless-stopped
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
- ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
nextcloud-cron:
image: nextcloud:21
image: nextcloud:28
container_name: nextcloud-cron
command: >
bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
- ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
entrypoint: /cron.sh
depends_on:
- nextcloud-db
@ -96,7 +98,7 @@ services:
- nextcloud-collabora
nextcloud-coturn:
image: instrumentisto/coturn
image: coturn/coturn:4
container_name: nextcloud-coturn
restart: unless-stopped
ports:
@ -114,7 +116,7 @@ services:
- --static-auth-secret=${COTURN_SECRET}
nextcloud-collabora:
image: collabora/code:6.4.2.2
image: collabora/code:23.05.9.1.1
container_name: nextcloud-collabora
env_file: live.env
extra_hosts:
@ -141,11 +143,11 @@ services:
- username=${COLLABORA_USERNAME}
- password=${COLLABORA_PASSWORD}
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
- VIRTUAL_PROTO=https
- VIRTUAL_PORT=9980
- VIRTUAL_HOST=${COLLABORA_FQDN}
cap_add:
- MKNOD
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml

View File

@ -14,14 +14,13 @@ REDIS_HOST_PASSWORD=password_redis
NEXTCLOUD_ROOT=/home/compute/services/nextcloud
NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
NEXTCLOUD_FQDN=your_nextcloud_sub_domain.domain.com
# This is the IP of the Trafik container. This changes if the traefik container restarts. If it is not the current traefik container IP collabora does not work. Check the current traefik container IP with: docker inspect traefik and get the IP from the Networks -> traefik_default -> IPAddress section
TRAEFIK_CONTAINER_IP=172.27.0.16
TRAEFIK_CONTAINER_IP=172.27.0.100
PHP_MEMORY_LIMIT=2048M
PHP_UPLOAD_LIMIT=8G
# Collabora
COLLABORA_FQDN=collabora.domain.com
COLLABORA_DOMAIN=nextcloud_sub_domain\\.domain\\.com # This is the domain which the collabora server is requests accepting from.
COLLABORA_DOMAIN=nextcloud_sub_domain\.domain\.com # This is the domain which the collabora server is requests accepting from.
COLLABORA_USERNAME=username
COLLABORA_PASSWORD=password_collabora

View File

@ -1 +0,0 @@
Not Traefik ready!

View File

@ -1,8 +0,0 @@
version: "3.7"
services:
streaming:
image: tiangolo/nginx-rtmp
container_name: nginx-rtmp
ports:
- "1935:1935"
restart: unless-stopped

5
osp/README.md Normal file
View File

@ -0,0 +1,5 @@
https://openstreamingplatform.com/
Open Streaming Platform (OSP) is an open-source, RTMP streamer software front-end for Arut's Nginx-RTMP Module. OSP was designed as a self-hosted alternative to services such as Twitch.tv, Ustream.tv, Mixer, and Youtube Live.
This service is based on an older software version beta6d and not on the current version 0.8.8 because an docker image ist not available for it right now.

70
osp/docker-compose.yml Normal file
View File

@ -0,0 +1,70 @@
networks:
default:
name: traefik_default
external: true
services:
osp-app:
depends_on:
- osp-db
- osp-redis
container_name: osp-app
entrypoint: ["/opt/osp/setup/docker/wait-for-it.sh", "osp-db:3306", "--strict", "-t", "60", "--", "/opt/osp/setup/docker/entrypoint.sh"]
env_file: live.env
environment:
- DB_URL=mysql+pymysql://${MYSQL_USER}:${MYSQL_PASSWORD}@${MYSQL_HOST}:3306/${MYSQL_DATABASE}
image: deamos/openstreamingplatform:latest
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.osp.entrypoints=websecure"
- "traefik.http.routers.osp.rule=Host(`osp.${DOMAIN}`)"
- "traefik.http.routers.osp.tls=true"
- "traefik.http.routers.osp.tls.certresolver=myresolver"
- "traefik.http.services.osp.loadbalancer.server.port=80"
# RTMP specific
- "traefik.tcp.routers.rtmpcast.entrypoints=rtmp"
- "traefik.tcp.routers.rtmpcast.rule=HostSNI(`osp.${DOMAIN}`)"
- "traefik.tcp.routers.rtmpcast.service=rtmpcast"
- "traefik.tcp.routers.rtmpcast.tls=true"
- "traefik.tcp.routers.rtmpcast.tls.certresolver=myresolver"
- "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935"
networks:
- default
restart: unless-stopped
volumes:
- ${OSP_ROOT}/data:/var/www
- ${OSP_ROOT}/data/nginx/conf:/usr/local/nginx/conf
osp-db:
image: mariadb:10
container_name: osp-db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: unless-stopped
env_file: live.env
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
networks:
- default
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ${OSP_ROOT}/db:/var/lib/mysql
osp-redis:
image: redis:6-alpine
container_name: osp-redis
command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
- default
restart: unless-stopped
volumes:
- ${OSP_ROOT}/redis:/data
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro

21
osp/live.env.tpl Normal file
View File

@ -0,0 +1,21 @@
# MariaDB settings
MYSQL_ROOT_PASSWORD=password_db_root
MYSQL_DATABASE=osp
MYSQL_USER=osp
MYSQL_PASSWORD=password_db
MYSQL_HOST=osp-db
# Redis
REDIS_HOST=osp-redis
REDIS_HOST_PASSWORD=password_redis
# osp
OSP_ROOT=/home/compute/services/osp
FLASK_SECRET=very_secret_key_change_me
FLASK_SALT=very_secret_salt_key_change_me
REDIS_PASSWORD=password_redis
OSP_ALLOWREGISTRATION=False
OSP_REQUIREVERIFICATION=False
# Traefik
DOMAIN=domain.com

View File

@ -1,13 +1,12 @@
version: '3.5'
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.27.0.0/24
socket_proxy:
external:
name: socket_proxy
services:
# Only accept needed incoming docker API calls
socket-proxy:
@ -52,7 +51,7 @@ services:
# DELETE Options
- CONTAINERS_DELETE=1 # WatchTower
- IMAGES_DELETE=1 # WatchTower
image: fluencelabs/docker-socket-proxy
image: tecnativa/docker-socket-proxy:latest
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
@ -76,7 +75,7 @@ services:
WATCHTOWER_NO_STARTUP_MESSAGE: "false"
WATCHTOWER_SCHEDULE: "0 30 12 * * *" # Everyday at 12:30
DOCKER_HOST: tcp://socket-proxy:2375
image: containrrr/watchtower
image: containrrr/watchtower:latest
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
@ -89,19 +88,20 @@ services:
- watchtower
# Always restart also at boot unless manually stopped
restart: unless-stopped
# The official v2 Traefik docker image
image: traefik:v2.3
# The official v3 Traefik docker image
image: traefik:3.0
networks:
- socket_proxy
- default
default:
ipv4_address: 172.27.0.100
socket_proxy: null
env_file: live.env
container_name: "traefik"
# Enables the web UI and tells Traefik to listen to docker
command:
# logging
- "--log.filePath=/logs/traefik.log"
- "--log.level=DEBUG"
# API and Dashboard
# logging settings
# - "--log.filePath=/logs/traefik.log"
# - "--log.format=json"
- "--log.level=ERROR"
# Enable API and Dashboard access
#- "--api.insecure=true"
- "--api=true"
- "--api.dashboard=true"
@ -117,6 +117,7 @@ services:
- "--entrypoints.ts-tcp.address=:30033"
# Use this CA server for testing
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
# production Lets encrypt settings
- "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
@ -126,7 +127,7 @@ services:
labels:
# enable watchtower for traefik
- "com.centurylinklabs.watchtower.enable=true"
# Dashboard stuff
# Dashboard basic auth and routing
- "traefik.enable=true"
- "traefik.http.routers.traefik-https.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik-https.entrypoints=websecure"
@ -135,7 +136,7 @@ services:
- "traefik.http.routers.traefik-https.tls=true"
- "traefik.http.routers.traefik-https.tls.certresolver=myresolver"
- "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD_HASH}"
# http to https redirect
# http to https redirect for all incoming http requests
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
- "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
@ -150,10 +151,21 @@ services:
#- "8080:8080"
# TS3 ports
- "9987:9987/udp"
- "10011:10011"
- "30033:30033"
volumes:
# For certificate
- "./volumes/letsencrypt/acme.json:/letsencrypt/acme.json"
- "./data/letsencrypt:/letsencrypt"
# For logging
- "./volumes/logs/traefik.log:/logs/traefik.log"
- "./data/logs:/logs"
# Docker socket
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# Test container
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"

View File

@ -1,2 +1,2 @@
This is now routed via traefik.
Still checking performance if working it is.
Still checking performance if there is no package loss.

View File

@ -1,9 +1,7 @@
version: '3.5'
networks:
default:
external:
name: traefik_default
name: traefik_default
external: true
services:
teamspeak-app:
@ -26,6 +24,8 @@ services:
- "traefik.tcp.routers.teamspeak-tcp.entrypoints=ts-tcp"
- "traefik.tcp.routers.teamspeak-tcp.service=teamspeak-tcp"
- "traefik.tcp.routers.teamspeak-tcp.rule=HostSNI(`ts3.${DOMAIN}`)"
- "traefik.tcp.routers.teamspeak-tcp.tls=true"
- "traefik.tcp.routers.teamspeak-tcp.tls.certresolver=myresolver"
- "traefik.tcp.services.teamspeak-tcp.loadbalancer.server.port=30033"
# udp
- "traefik.udp.routers.teamspeak-udp.entrypoints=ts-udp"
@ -35,9 +35,9 @@ services:
teamspeak-db:
networks:
- default
image: mariadb:10
image: mariadb:10.11
env_file: live.env
container_name: ts3-db
restart: unless-stopped
volumes:
- ./db:/var/lib/mysql
- ./db:/var/lib/mysql

View File

@ -0,0 +1,15 @@
services:
valheim:
image: clarkent86/valheim-server
cap_add:
- sys_nice
volumes:
- ./config:/config
- ./data:/opt/valheim
ports:
- "2456-2458:2456-2458/udp"
- "9001:9001/tcp"
env_file:
- ./valheim.env
restart: always
stop_grace_period: 2m

View File

@ -0,0 +1,6 @@
SERVER_NAME=YOUR_SERVER_NAME
WORLD_NAME=Dedicated
SERVER_PASS=YOUR_PASSWORD
SERVER_PUBLIC=true
VALHEIM_PLUS=false
BEPINEX=true

View File

@ -1,14 +1,12 @@
version: '3.5'
networks:
default:
external:
name: traefik_default
name: traefik_default
external: true
services:
wordpress:
env_file: live.env
image: wordpress
image: wordpress:6.4.3
container_name: wordpress-app
restart: unless-stopped
labels:
@ -23,6 +21,9 @@ services:
- "traefik.http.routers.wordpress.tls.certresolver=myresolver"
#- "traefik.http.routers.wordpress.tls.options=intermediate@file"
### </https> ###
# multi wordpress instances useage
links:
- db:db_s1
networks:
- default
volumes:
@ -33,7 +34,7 @@ services:
db:
env_file: live.env
image: mysql:5.7
image: mariadb:10.11
restart: unless-stopped
container_name: wordpress-db
labels:

View File

@ -12,4 +12,4 @@ WORDPRESS_DB_NAME=wordpress
MYSQL_DATABASE=wordpress
MYSQL_USER=username
MYSQL_PASSWORD=password_db
MYSQL_RANDOM_ROOT_PASSWORD=password_db_root
MYSQL_RANDOM_ROOT_PASSWORD=yes