norbert/docker
norbert/docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Norbert Tretkowski 2025-05-22 06:54:23 +02:00
commit 7954ae4bd3
Signed by: norbert
GPG key ID: EAA31A3693AAB231
7 changed files with 367 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.env

57
gotosocial/docker-compose.yml Normal file
View file

@ -0,0 +1,57 @@
services:
traefik:
image: "traefik:v3.3"
container_name: "traefik"
restart: always
command:
- "--api.insecure=false"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=norbert@tretkowski.de"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "./traefik/letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- gotosocial
gotosocial:
image: superseriousbusiness/gotosocial:latest
container_name: gotosocial
user: 1000:1000
restart: always
networks:
- gotosocial
environment:
GTS_HOST: social.tretkowski.de
GTS_DB_TYPE: sqlite
GTS_DB_ADDRESS: /gotosocial/storage/sqlite.db
GTS_LETSENCRYPT_ENABLED: "false"
GTS_WAZERO_COMPILATION_CACHE: /gotosocial/.cache
GTS_ADVANCED_RATE_LIMIT_REQUESTS: "0"
TZ: Europe/Berlin
ports:
- "127.0.0.1:8080:8080"
volumes:
- "./gotosocial/data:/gotosocial/storage"
- "./gotosocial/cache:/gotosocial/.cache"
labels:
- "traefik.enable=true"
- "traefik.http.routers.gotosocial.rule=Host(`social.tretkowski.de`)"
- "traefik.http.routers.gotosocial.entrypoints=websecure"
- "traefik.http.routers.gotosocial.tls.certresolver=myresolver"
networks:
gotosocial:
ipam:
driver: default
config:
- subnet: "172.18.1.0/24"
gateway: "172.18.1.1"

55
mollysocket/docker-compose.yml Normal file
View file

@ -0,0 +1,55 @@
services:
certbot:
restart: "no"
image: certbot/certbot:v3.1.0
command: certonly --standalone --noninteractive --email norbert@tretkowski.de --agree-tos --domains mollysocket.tretkowski.de
volumes:
- $PWD/certs:/etc/letsencrypt
ports:
- "80:80"
- "443:443"
networks:
- external
- internal
nginx:
image: nginx:1.27.3-alpine-slim
restart: unless-stopped
depends_on:
- mollysocket
volumes:
- $PWD/certs:/etc/letsencrypt:ro
- $PWD/nginx.conf:/etc/nginx/nginx.conf:ro
ports:
- "80:80"
- "443:443"
networks:
- external
- internal
mollysocket:
image: ghcr.io/mollyim/mollysocket:1.6.0-alpine
container_name: mollysocket
restart: always
volumes:
- ./data:/data
working_dir: /data
command: server
environment:
- MOLLY_DB="/data/mollysocket.db"
- MOLLY_ALLOWED_ENDPOINTS=["https://up.conversations.im/","https://ntfy.sh/"]
- MOLLY_ALLOWED_UUIDS=["7d6ffb3e-6a0d-4335-8e6e-7acee0d20d34"]
#- MOLLY_VAPID_PRIVKEY="paste output of `docker compose run mollysocket vapid gen` here"
- MOLLY_HOST=0.0.0.0
- MOLLY_PORT=8020
- RUST_LOG=info
ports:
- "127.0.0.1:8020:8020"
networks:
- external
- internal
networks:
external:
internal:
internal: true

34
mollysocket/nginx.conf Normal file
View file

@ -0,0 +1,34 @@
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name mollysocket.tretkowski.de;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mollysocket.tretkowski.de;
ssl_certificate /etc/letsencrypt/live/mollysocket.tretkowski.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mollysocket.tretkowski.de/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://mollysocket:8020;
}
}
}

105
nextcloud/docker-compose.yaml Normal file
View file

@ -0,0 +1,105 @@
services:
caddy:
image: lucaslorentz/caddy-docker-proxy:ci-alpine
container_name: reverse-proxy
ports:
- 80:80
- 443:443
environment:
- CADDY_INGRESS_NETWORKS=nextcloud_network
networks:
- nextcloud_network
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- caddy_data:/data
restart: unless-stopped
web:
image: nginx:alpine
container_name: nextcloud-web
networks:
- nextcloud_network
links:
- nextcloud
labels:
caddy: share.inittab.de
caddy.reverse_proxy: "{{upstreams}}"
caddy.header: /*
caddy.header.Strict-Transport-Security: '"max-age=15552000;"'
caddy.rewrite_0: /.well-known/carddav /remote.php/dav
caddy.rewrite_1: /.well-known/caldav /remote.php/dav
caddy.rewrite_2: /.well-known/webfinger /index.php/.well-known/webfinger
caddy.rewrite_3: /.well-known/nodeinfo /index.php/.well-known/nodeinfo
volumes:
- nextcloud_data:/var/www/html:z,ro
- ./nginx.conf:/etc/nginx/nginx.conf:ro
restart: unless-stopped
db:
image: mariadb:lts
container_name: mariadb-database
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
networks:
- nextcloud_network
volumes:
- db_data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_DATABASE
restart: unless-stopped
redis:
image: redis:alpine
container_name: redis-dbcache
networks:
- nextcloud_network
restart: unless-stopped
nextcloud:
image: nextcloud:stable-fpm
container_name: nextcloud-app
networks:
- nextcloud_network
volumes:
- nextcloud_data:/var/www/html:z
- ./php-fpm-www.conf:/usr/local/etc/php-fpm.d/www.conf:ro
environment:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_DATABASE
- MYSQL_HOST
- REDIS_HOST
- OVERWRITEPROTOCOL
- OVERWRITEHOST
- TRUSTED_PROXIES
- APACHE_DISABLE_REWRITE_IP
restart: unless-stopped
depends_on:
- caddy
- db
- redis
cron:
image: nextcloud:stable-fpm
container_name: nextcloud-cron
networks:
- nextcloud_network
volumes:
- nextcloud_data:/var/www/html:z
entrypoint: /cron.sh
restart: unless-stopped
depends_on:
- db
- redis
networks:
nextcloud_network:
external: true
volumes:
caddy_data: {}
db_data: {}
nextcloud_data: {}

108
nextcloud/nginx.conf Normal file
View file

@ -0,0 +1,108 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server nextcloud:9000;
}
server {
listen 80;
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
fastcgi_hide_header X-Powered-By;
root /var/www/html;
index index.php index.html /index.php$request_uri;
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
location ~ \.php(?:$|/) {
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M;
access_log off;
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d;
access_log off;
}
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}

7
nextcloud/php-fpm-www.conf Normal file
View file

@ -0,0 +1,7 @@
user = www-data
group = www-data
pm = dynamic
pm.max_children = 281
pm.start_servers = 140
pm.min_spare_servers = 93
pm.max_spare_servers = 187