mirror of
https://github.com/deadcxap/init_scripts.git
synced 2026-07-02 05:43:40 +03:00
add node dir - node init compose
rename core.sh to setup.sh
This commit is contained in:
@@ -0,0 +1,14 @@
|
|||||||
|
APP_PORT=
|
||||||
|
SSL_CERT=
|
||||||
|
NODE_DOMAIN=
|
||||||
|
|
||||||
|
TZ=Europe/Moscow
|
||||||
|
CW_CLIENT_FILE_UPDATE_TIME_START='04:30'
|
||||||
|
CW_CLIENT_FILE_UPDATE_TIME_END='05:45'
|
||||||
|
CW_CLIENT_FILE_UPDATE_DAYS_OF_WEEK='Wed Thu'
|
||||||
|
CW_CLIENT_RESTART_DOCKER_CONTAINER0='remnawave-nginx'
|
||||||
|
CW_CLIENT_SERVER_ADDRESS='https://cert.realy.nothing.help'
|
||||||
|
|
||||||
|
CW_CLIENT_AES_KEY_BASE64=
|
||||||
|
CW_CLIENT_KEY_APIKEY=
|
||||||
|
CW_CLIENT_CERT_APIKEY=
|
||||||
@@ -0,0 +1,67 @@
|
|||||||
|
services:
|
||||||
|
remnawave-nginx:
|
||||||
|
image: nginx:1.26
|
||||||
|
container_name: remnawave-nginx
|
||||||
|
hostname: remnawave-nginx
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
||||||
|
- /etc/certwardenclient/certchain.pem:/etc/nginx/ssl/node/fullchain.pem:ro
|
||||||
|
- /etc/certwardenclient/key.pem:/etc/nginx/ssl/node/privkey.pem:ro
|
||||||
|
- /dev/shm:/dev/shm:rw
|
||||||
|
- /var/www/html:/var/www/html:ro
|
||||||
|
command: sh -c 'rm -f /dev/shm/nginx.sock && nginx -g "daemon off;"'
|
||||||
|
networks: [node]
|
||||||
|
depends_on:
|
||||||
|
- remnanode
|
||||||
|
logging:
|
||||||
|
driver: 'json-file'
|
||||||
|
options:
|
||||||
|
max-size: '30m'
|
||||||
|
max-file: '5'
|
||||||
|
|
||||||
|
remnanode:
|
||||||
|
image: remnawave/node:latest
|
||||||
|
container_name: remnanode
|
||||||
|
hostname: remnanode
|
||||||
|
restart: always
|
||||||
|
networks: [node]
|
||||||
|
ports:
|
||||||
|
- "443:443"
|
||||||
|
- "443:443/udp" # HTTP/3
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
volumes:
|
||||||
|
- /dev/shm:/dev/shm:rw
|
||||||
|
- /var/log/remnanode:/var/log/remnanode
|
||||||
|
logging:
|
||||||
|
driver: 'json-file'
|
||||||
|
options:
|
||||||
|
max-size: '30m'
|
||||||
|
max-file: '5'
|
||||||
|
|
||||||
|
certwardenclient:
|
||||||
|
image: ghcr.io/gregtwallace/certwarden-client:latest
|
||||||
|
container_name: certwardenclient
|
||||||
|
hostname: certwardenclient
|
||||||
|
restart: always
|
||||||
|
networks: [node]
|
||||||
|
ports:
|
||||||
|
- "5055:5055"
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
environment:
|
||||||
|
- CW_CLIENT_CERT_NAME=${NODE_DOMAIN}
|
||||||
|
- CW_CLIENT_KEY_NAME=${NODE_DOMAIN}
|
||||||
|
volumes:
|
||||||
|
- /etc/certwardenclient:/opt/certwarden/certs
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
logging:
|
||||||
|
driver: 'json-file'
|
||||||
|
options:
|
||||||
|
max-size: '30m'
|
||||||
|
max-file: '5'
|
||||||
|
|
||||||
|
networks:
|
||||||
|
node:
|
||||||
|
external: true
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
N=$(awk '/^networks:/,/^[^[:space:]]/{if($1=="name:"){print $2; exit}}' docker-compose.yml); N=${N:-proxy}
|
||||||
|
docker network inspect "$N" >/dev/null 2>&1 || docker network create --driver bridge "$N"
|
||||||
|
docker compose up -d
|
||||||
@@ -0,0 +1,32 @@
|
|||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
"" close;
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ecdh_curve X25519:prime256v1:secp384r1;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m;
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name app.cxap.quest;
|
||||||
|
listen unix:/dev/shm/nginx.sock ssl proxy_protocol;
|
||||||
|
http2 on;
|
||||||
|
|
||||||
|
ssl_certificate "/etc/nginx/ssl/node/fullchain.pem";
|
||||||
|
ssl_certificate_key "/etc/nginx/ssl/node/privkey.pem";
|
||||||
|
ssl_trusted_certificate "/etc/nginx/ssl/node/fullchain.pem";
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
index index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen unix:/dev/shm/nginx.sock ssl proxy_protocol default_server;
|
||||||
|
server_name _;
|
||||||
|
ssl_reject_handshake on;
|
||||||
|
return 444;
|
||||||
|
}
|
||||||
Executable → Regular
Reference in New Issue
Block a user