From ce4c60ed020676605a77bd84ee7d3d4ad3b4bf4c Mon Sep 17 00:00:00 2001 From: deadcxap Date: Sun, 24 Aug 2025 03:02:41 +0300 Subject: [PATCH] add node dir - node init compose rename core.sh to setup.sh --- node.sh | 0 node/bootstrap/.env | 14 +++++++ node/bootstrap/docker-compose.yml | 67 +++++++++++++++++++++++++++++++ node/bootstrap/init.sh | 4 ++ node/bootstrap/nginx.conf | 32 +++++++++++++++ core.sh => setup.sh | 0 6 files changed, 117 insertions(+) delete mode 100644 node.sh create mode 100644 node/bootstrap/.env create mode 100644 node/bootstrap/docker-compose.yml create mode 100644 node/bootstrap/init.sh create mode 100644 node/bootstrap/nginx.conf rename core.sh => setup.sh (100%) mode change 100755 => 100644 diff --git a/node.sh b/node.sh deleted file mode 100644 index e69de29..0000000 diff --git a/node/bootstrap/.env b/node/bootstrap/.env new file mode 100644 index 0000000..9d322cf --- /dev/null +++ b/node/bootstrap/.env @@ -0,0 +1,14 @@ +APP_PORT= +SSL_CERT= +NODE_DOMAIN= + +TZ=Europe/Moscow +CW_CLIENT_FILE_UPDATE_TIME_START='04:30' +CW_CLIENT_FILE_UPDATE_TIME_END='05:45' +CW_CLIENT_FILE_UPDATE_DAYS_OF_WEEK='Wed Thu' +CW_CLIENT_RESTART_DOCKER_CONTAINER0='remnawave-nginx' +CW_CLIENT_SERVER_ADDRESS='https://cert.realy.nothing.help' + +CW_CLIENT_AES_KEY_BASE64= +CW_CLIENT_KEY_APIKEY= +CW_CLIENT_CERT_APIKEY= \ No newline at end of file diff --git a/node/bootstrap/docker-compose.yml b/node/bootstrap/docker-compose.yml new file mode 100644 index 0000000..38d45be --- /dev/null +++ b/node/bootstrap/docker-compose.yml @@ -0,0 +1,67 @@ +services: + remnawave-nginx: + image: nginx:1.26 + container_name: remnawave-nginx + hostname: remnawave-nginx + restart: always + volumes: + - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro + - /etc/certwardenclient/certchain.pem:/etc/nginx/ssl/node/fullchain.pem:ro + - /etc/certwardenclient/key.pem:/etc/nginx/ssl/node/privkey.pem:ro + - /dev/shm:/dev/shm:rw + - /var/www/html:/var/www/html:ro + command: sh -c 'rm -f /dev/shm/nginx.sock && nginx -g "daemon off;"' + networks: [node] + depends_on: + - remnanode + logging: + driver: 'json-file' + options: + max-size: '30m' + max-file: '5' + + remnanode: + image: remnawave/node:latest + container_name: remnanode + hostname: remnanode + restart: always + networks: [node] + ports: + - "443:443" + - "443:443/udp" # HTTP/3 + env_file: + - .env + volumes: + - /dev/shm:/dev/shm:rw + - /var/log/remnanode:/var/log/remnanode + logging: + driver: 'json-file' + options: + max-size: '30m' + max-file: '5' + + certwardenclient: + image: ghcr.io/gregtwallace/certwarden-client:latest + container_name: certwardenclient + hostname: certwardenclient + restart: always + networks: [node] + ports: + - "5055:5055" + env_file: + - .env + environment: + - CW_CLIENT_CERT_NAME=${NODE_DOMAIN} + - CW_CLIENT_KEY_NAME=${NODE_DOMAIN} + volumes: + - /etc/certwardenclient:/opt/certwarden/certs + - /var/run/docker.sock:/var/run/docker.sock + logging: + driver: 'json-file' + options: + max-size: '30m' + max-file: '5' + +networks: + node: + external: true \ No newline at end of file diff --git a/node/bootstrap/init.sh b/node/bootstrap/init.sh new file mode 100644 index 0000000..8bb5adc --- /dev/null +++ b/node/bootstrap/init.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +N=$(awk '/^networks:/,/^[^[:space:]]/{if($1=="name:"){print $2; exit}}' docker-compose.yml); N=${N:-proxy} +docker network inspect "$N" >/dev/null 2>&1 || docker network create --driver bridge "$N" +docker compose up -d \ No newline at end of file diff --git a/node/bootstrap/nginx.conf b/node/bootstrap/nginx.conf new file mode 100644 index 0000000..a2b66d8 --- /dev/null +++ b/node/bootstrap/nginx.conf @@ -0,0 +1,32 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + "" close; +} + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ecdh_curve X25519:prime256v1:secp384r1; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; +ssl_prefer_server_ciphers on; +ssl_session_timeout 1d; +ssl_session_cache shared:MozSSL:10m; +ssl_session_tickets off; + +server { + server_name app.cxap.quest; + listen unix:/dev/shm/nginx.sock ssl proxy_protocol; + http2 on; + + ssl_certificate "/etc/nginx/ssl/node/fullchain.pem"; + ssl_certificate_key "/etc/nginx/ssl/node/privkey.pem"; + ssl_trusted_certificate "/etc/nginx/ssl/node/fullchain.pem"; + + root /var/www/html; + index index.html; +} + +server { + listen unix:/dev/shm/nginx.sock ssl proxy_protocol default_server; + server_name _; + ssl_reject_handshake on; + return 444; +} diff --git a/core.sh b/setup.sh old mode 100755 new mode 100644 similarity index 100% rename from core.sh rename to setup.sh