diff --git a/docker-compose.yml b/docker-compose.yml
index a4d0627..94c61e6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,8 +14,7 @@ version: "3"
# - https://git.kirsle.lh for Gitea
#
# Exported ports:
-# - 80 (nginx)
-# - 443 (nginx)
+# - 444 (nginx SSL port 443)
# - 22 (gitea-ssh)
# Define named networks to isolate the apps from each other. Each app will
@@ -23,12 +22,10 @@ version: "3"
networks:
default:
driver: bridge
- redis:
- driver: bridge
- blog:
- driver: bridge
gitea:
driver: bridge
+ nextcloud:
+ driver: bridge
# Named volumes to let the apps store their own data persistently on disk
# between reboots. They end up somewhere at /var/lib/docker/volumes on the
@@ -38,7 +35,9 @@ volumes:
driver: local
gitea-data:
driver: local
- redis-data:
+ nextcloud-db:
+ driver: local
+ nextcloud-data:
driver: local
services:
@@ -48,46 +47,25 @@ services:
image: nginx
restart: always
ports:
- - "80:80"
- - "443:443"
+ - "444:443" # SSL port, my router won't forward 443 inbound =(
volumes:
- "./nginx/sites-enabled:/etc/nginx/sites-enabled:z"
- "./nginx/nginx.conf:/etc/nginx/nginx.conf:z"
- "./nginx/ssl_params:/etc/nginx/ssl_params:z"
+ - "./nginx/dhparam.pem:/etc/nginx/dhparam.pem:z"
- "./ssl/snakeoil.key:/etc/nginx/certs/privkey.pem:z"
- "./ssl/snakeoil.pem:/etc/nginx/certs/fullchain.pem:z"
+ - "./nginx/default-www:/var/www/html:z"
networks:
- default
- - blog
- gitea
-
- # shared Redis cache for various apps
- redis:
- image: redis
- restart: always
- expose:
- - 6379
- volumes:
- - "redis-data:/data"
- networks:
- - redis
-
- # My custom Go web blog for kirsle.net
- # https://github.com/kirsle/blog/blob/master/Dockerfile
- blog:
- build: /home/kirsle/go/src/github.com/kirsle/blog
- restart: always
- expose:
- - 80
- volumes:
- - "./www:/data/www:z"
- networks:
- - blog
- - redis
+ links:
+ - gitea
+ - nextcloud
# Postgres DB for gitea.
gitea-postgres:
- image: postgres:10.5
+ image: postgres:11.5
restart: always
environment:
- "POSTGRES_USER=gitea"
@@ -101,6 +79,7 @@ services:
# Gitea git server.
gitea:
image: gitea/gitea:latest
+ hostname: gitea
restart: always
volumes:
- "gitea-data:/data"
@@ -114,4 +93,30 @@ services:
- DISABLE_REGISTRATION=true
depends_on:
- gitea-postgres
- - nginx
+
+ # MariaDB for Nextcloud.
+ nextcloud-db:
+ image: mariadb
+ networks:
+ - nextcloud
+ volumes:
+ - "nextcloud-db:/var/lib/mysql"
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - MYSQL_ROOT_PASSWORD=ncrootpw
+ - MYSQL_PASSWORD=mysql
+ - MYSQL_DATABASE=nextcloud
+ - MYSQL_USER=nextcloud
+ restart: unless-stopped
+
+ # Nextcloud
+ nextcloud:
+ image: nextcloud:fpm
+ hostname: nextcloud
+ networks:
+ - nextcloud
+ depends_on:
+ - nextcloud-db
+ volumes:
+ - "nextcloud-data:/var/www/html"
+ restart: unless-stopped
diff --git a/nginx/default-www/index.html b/nginx/default-www/index.html
new file mode 100644
index 0000000..806a969
--- /dev/null
+++ b/nginx/default-www/index.html
@@ -0,0 +1,9 @@
+
+
+
+ ckir.net
+
+
+ ckir.net
+
+
diff --git a/nginx/dhparam.pem b/nginx/dhparam.pem
new file mode 100644
index 0000000..af38991
--- /dev/null
+++ b/nginx/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA90S5Kj7Lh0cHAY7OQVd498FhpumbKudj6O7wkR4AthSm/NMM3s37
+tfq3zNj/aoEXTkqx5IaiHwHSOgW+H3kJF9t5HqoGa76dWRnFXKZMNdXdVNll0Ajw
+k2KAU2KtKusxFPIQmquuF/FClWfw961HRulhksNqOYzguIex29FS5UOQOlvs+Pc0
+kb6TJ8MxNdMZx4W/0JYDvojAbZx64wn2Jlb5CxYhpTKtG4OYkr1F6DBBRpaDw6fM
+JFSgdw6EjO4/ZxrcSHrcrXyKBk1sSBbHTXjTAgFMr0yi9wChrCqKhRDTfWOe1XtP
+BtZFdtctJsu2MlEWNRgeYUdt9qhqn/ydqwIBAg==
+-----END DH PARAMETERS-----
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 6e57ea9..778d60d 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,3 +1,5 @@
+# vim:ft=nginx
+
user www-data;
worker_processes auto;
pid /run/nginx.pid;
@@ -67,17 +69,17 @@ http {
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-#
+#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
-#
+#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
-#
+#
# server {
# listen localhost:143;
# protocol imap;
diff --git a/nginx/sites-enabled/blog b/nginx/sites-enabled/blog
deleted file mode 100644
index bfd5180..0000000
--- a/nginx/sites-enabled/blog
+++ /dev/null
@@ -1,18 +0,0 @@
-server {
- server_name blog.kirsle.lh;
- listen 80;
- listen [::]:80;
- listen 443 ssl;
- listen [::]:443 ssl;
-
- access_log /var/log/nginx/blog.access;
- error_log /var/log/nginx/blog.error;
-
- ssl_certificate /etc/nginx/certs/fullchain.pem;
- ssl_certificate_key /etc/nginx/certs/privkey.pem;
- include ssl_params;
-
- location / {
- proxy_pass http://blog/;
- }
-}
diff --git a/nginx/sites-enabled/default b/nginx/sites-enabled/default
index df2fbb6..fdfdee3 100644
--- a/nginx/sites-enabled/default
+++ b/nginx/sites-enabled/default
@@ -14,9 +14,6 @@
# Default server configuration
#
server {
- listen 80 default_server;
- listen [::]:80 default_server;
-
# SSL configuration
#
listen 443 ssl default_server;
diff --git a/nginx/sites-enabled/gitea b/nginx/sites-enabled/gitea
index b0de7c0..196a0f1 100644
--- a/nginx/sites-enabled/gitea
+++ b/nginx/sites-enabled/gitea
@@ -1,9 +1,9 @@
+# vim:ft=nginx
+
server {
- server_name git.kirsle.lh;
- listen 80;
- listen [::]:80;
- listen 443 ssl;
- listen [::]:443 ssl;
+ server_name git.ckir.net git.caskir.com;
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
access_log /var/log/nginx/gitea.access;
error_log /var/log/nginx/gitea.error;
diff --git a/nginx/sites-enabled/nextcloud b/nginx/sites-enabled/nextcloud
new file mode 100644
index 0000000..8a42ebe
--- /dev/null
+++ b/nginx/sites-enabled/nextcloud
@@ -0,0 +1,18 @@
+# vim:ft=nginx
+
+server {
+ server_name cloud.ckir.net cloud.caskir.com;
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ access_log /var/log/nginx/gitea.access;
+ error_log /var/log/nginx/gitea.error;
+
+ ssl_certificate /etc/nginx/certs/fullchain.pem;
+ ssl_certificate_key /etc/nginx/certs/privkey.pem;
+ include ssl_params;
+
+ location / {
+ proxy_pass http://nextcloud:9000;
+ }
+}