mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
add bootstrap compose and init scrypt
This commit is contained in:
@@ -0,0 +1,13 @@
|
||||
# Cloudflare (создайте Scoped API Token c правами Zone:Read + DNS:Edit
|
||||
# для зоны nothing.help — не используйте глобальный API‑ключ!)
|
||||
CF_API_TOKEN=jRq98TKXi2rYYtG42x9w1M8EOElt5V5BOkA4TBoY
|
||||
|
||||
# Секрет для cookie (ровно 32 латинских буквы/цифры)
|
||||
# openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32
|
||||
TINYAUTH_SECRET=TtbYjkb1ZfzyXG7D6Q3FR6Ri8Pw2K98i
|
||||
|
||||
# Пользователи Tinyauth (формат для docker/compose!)
|
||||
# Пример с одним юзером admin:
|
||||
# admin:$2a$10$yVb0... (bcrypt)
|
||||
# Если несколько — через запятую.
|
||||
TINYAUTH_USERS='deadcxap:$$2a$$10$$5x5iG8uDD/A.zxTCr14iUuLS1d8FgEiH8oi1de6pF2Nl/iZNDBEvG'
|
||||
@@ -0,0 +1,7 @@
|
||||
FROM caddy:2-builder AS builder
|
||||
RUN xcaddy build \
|
||||
--with github.com/lucaslorentz/caddy-docker-proxy/v2 \
|
||||
--with github.com/caddy-dns/cloudflare
|
||||
|
||||
FROM caddy:2
|
||||
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
|
||||
@@ -0,0 +1,72 @@
|
||||
services:
|
||||
caddy:
|
||||
build:
|
||||
context: ./caddy-labeled
|
||||
dockerfile: Dockerfile
|
||||
container_name: caddy
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "443:443/udp" # HTTP/3
|
||||
environment:
|
||||
- CADDY_INGRESS_NETWORKS=proxy
|
||||
- CF_API_TOKEN=${CF_API_TOKEN}
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- caddy_data:/data
|
||||
networks: [proxy]
|
||||
# Глобальные настройки + сниппет для forward_auth (Tinyauth)
|
||||
labels:
|
||||
caddy.email: dead@cxap.space
|
||||
caddy.acme_dns: "cloudflare {env.CF_API_TOKEN}"
|
||||
# сниппет аутентификации
|
||||
caddy: (tinyauth_forwarder)
|
||||
caddy.forward_auth: tinyauth:3000
|
||||
caddy.forward_auth.uri: /api/auth/caddy
|
||||
caddy.forward_auth.copy_headers: Remote-User Remote-Name Remote-Email Remote-Groups
|
||||
command: ["caddy","docker-proxy","--watch","--docker-host","unix:///var/run/docker.sock"]
|
||||
|
||||
tinyauth:
|
||||
image: ghcr.io/steveiliop56/tinyauth:v3
|
||||
container_name: tinyauth
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- APP_URL=https://auth.realy.nothing.help
|
||||
- SECRET=${TINYAUTH_SECRET}
|
||||
- USERS=${TINYAUTH_USERS}
|
||||
- COOKIE_SECURE=true
|
||||
- DISABLE_CONTINUE=true
|
||||
- APP_TITLE="Оставь надежду, всяк сюда входящий..."
|
||||
- FORGOT_PASSWORD_MESSAGE="Штош, сочувствую, но нчием помочь не могу."
|
||||
expose: ["3000"]
|
||||
networks: [proxy]
|
||||
labels:
|
||||
caddy: auth.realy.nothing.help
|
||||
caddy.encode: zstd gzip
|
||||
caddy.reverse_proxy: "{{upstreams 3000}}"
|
||||
|
||||
portainer:
|
||||
image: portainer/portainer-ce:latest
|
||||
container_name: portainer
|
||||
restart: always
|
||||
expose:
|
||||
- "9000" # HTTP UI внутрь докера
|
||||
- "8000" # Edge (если нужен: лучше через NetBird; иначе публикуйте отдельно с FW)
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- portainer_data:/data
|
||||
networks: [proxy]
|
||||
labels:
|
||||
caddy: port.realy.nothing.help
|
||||
caddy.encode: zstd gzip
|
||||
caddy.import: tinyauth_forwarder *
|
||||
caddy.reverse_proxy: "{{upstreams 9000}}"
|
||||
|
||||
volumes:
|
||||
caddy_data:
|
||||
portainer_data:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
Reference in New Issue
Block a user