From 29f31783f58c50cd54c67db123bd15493ed5ca8d Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Sat, 6 Aug 2022 02:05:08 +0200 Subject: [PATCH] Add watchtower, fixes and prepare for new caddy handling --- gitea/docker-compose.yml | 10 +++++ monitoring/docker-compose.yml | 13 +++++- nginx_proxy_manager/docker-compose.yml | 14 ------ synapse/docker-compose.yml | 21 ++++++--- tandoor/docker-compose.yml | 18 +++++++- tt-rss/.env | 2 - tt-rss/docker-compose.yml | 25 ++++++++++- tt-rss/nginx.conf | 61 ++++++++++++++++++++++++++ umami/docker-compose.yml | 18 +++++--- watchtower/.env | 11 +++++ watchtower/docker-compose.yml | 11 +++++ webdis/docker-compose.yml | 17 ++++--- wiki-js/docker-compose.yml | 14 ++++-- woodpecker/docker-compose.yml | 20 +++++++-- 14 files changed, 213 insertions(+), 42 deletions(-) delete mode 100644 nginx_proxy_manager/docker-compose.yml create mode 100644 tt-rss/nginx.conf create mode 100644 watchtower/.env create mode 100644 watchtower/docker-compose.yml diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index 5ae4aea..e159fc1 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -4,6 +4,8 @@ services: server: image: gitea/gitea:1.17 container_name: gitea + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env @@ -16,6 +18,14 @@ services: - "3000:3000" - "3022:22" - "22:22" + networks: + services: + aliases: + - gitea volumes: data: + +networks: + services: + external: true diff --git a/monitoring/docker-compose.yml b/monitoring/docker-compose.yml index 1d6e177..3dda1f7 100644 --- a/monitoring/docker-compose.yml +++ b/monitoring/docker-compose.yml @@ -2,8 +2,10 @@ version: '3' services: grafana: - image: grafana/grafana + image: grafana/grafana:latest restart: always + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env @@ -12,5 +14,14 @@ services: user: "104" ports: - 3001:3000/tcp + networks: + services: + aliases: + - grafana + volumes: grafana-data: + +networks: + services: + external: true diff --git a/nginx_proxy_manager/docker-compose.yml b/nginx_proxy_manager/docker-compose.yml deleted file mode 100644 index 26723ba..0000000 --- a/nginx_proxy_manager/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: '3' -services: - app: - image: 'jc21/nginx-proxy-manager:latest' - restart: unless-stopped - ports: - - '80:80' - - '443:443' - - '81:81' - volumes: - - data:/data - - /etc/letsencrypt:/etc/letsencrypt -volumes: - data: diff --git a/synapse/docker-compose.yml b/synapse/docker-compose.yml index da02808..e3beba6 100644 --- a/synapse/docker-compose.yml +++ b/synapse/docker-compose.yml @@ -5,20 +5,31 @@ services: synapse: image: docker.io/matrixdotorg/synapse:latest restart: always + labels: + com.centurylinklabs.watchtower.enable: true environment: - SYNAPSE_CONFIG_PATH=/data/ volumes: - ./data:/data - media_store:/media_store - ports: - - 8008:8008/tcp + networks: + services: + aliases: + - synapse synapse-admin: image: awesometechnologies/synapse-admin:latest restart: always - ports: - - "8009:80" - restart: always + labels: + com.centurylinklabs.watchtower.enable: true + networks: + services: + aliases: + - synapse-admin volumes: media_store: + +networks: + services: + external: true diff --git a/tandoor/docker-compose.yml b/tandoor/docker-compose.yml index 85ea917..bdc60ee 100644 --- a/tandoor/docker-compose.yml +++ b/tandoor/docker-compose.yml @@ -3,6 +3,8 @@ services: web_recipes: image: vabene1111/recipes restart: always + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env @@ -10,12 +12,14 @@ services: - staticfiles:/opt/recipes/staticfiles - nginx_config:/opt/recipes/nginx/conf.d - mediafiles:/opt/recipes/mediafiles + networks: + tandoor: nginx_recipes: image: nginx:mainline-alpine restart: always - ports: - - 3017:80 + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env @@ -25,8 +29,18 @@ services: - nginx_config:/etc/nginx/conf.d:ro - staticfiles:/static - mediafiles:/media + networks: + tandoor: + services: + aliases: + - tandoor volumes: nginx_config: staticfiles: mediafiles: + +networks: + tandoor: + services: + external: true diff --git a/tt-rss/.env b/tt-rss/.env index 5762018..f2a2804 100644 --- a/tt-rss/.env +++ b/tt-rss/.env @@ -13,5 +13,3 @@ TTRSS_SELF_URL_PATH=https://rss.serguzim.me/tt-rss/ # TTRSS_SESSION_COOKIE_LIFETIME=2592000 # TTRSS_FORCE_ARTICLE_PURGE=30 # etc, etc. - -HTTP_PORT=8280 diff --git a/tt-rss/docker-compose.yml b/tt-rss/docker-compose.yml index c7cc6b5..71514ce 100644 --- a/tt-rss/docker-compose.yml +++ b/tt-rss/docker-compose.yml @@ -4,15 +4,23 @@ services: app: image: cthulhoo/ttrss-fpm-pgsql-static restart: always + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env volumes: - app:/var/www/html + networks: + tt-rss: + aliases: + - tt-rss-app updater: image: cthulhoo/ttrss-fpm-pgsql-static restart: always + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env @@ -21,16 +29,29 @@ services: depends_on: - app command: /opt/tt-rss/updater.sh + networks: + tt-rss: web-nginx: image: cthulhoo/ttrss-web-nginx restart: always - ports: - - ${HTTP_PORT}:80 + labels: + com.centurylinklabs.watchtower.enable: true volumes: - app:/var/www/html:ro + - ./nginx.conf:/etc/nginx/nginx.conf depends_on: - app + networks: + tt-rss: + services: + aliases: + - tt-rss volumes: app: + +networks: + tt-rss: + services: + external: true diff --git a/tt-rss/nginx.conf b/tt-rss/nginx.conf new file mode 100644 index 0000000..78518bb --- /dev/null +++ b/tt-rss/nginx.conf @@ -0,0 +1,61 @@ +worker_processes auto; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/stdout; + error_log /dev/stderr warn; + + sendfile on; + + index index.php; + + upstream app { + server tt-rss-app:9000; + } + + server { + listen 80; + listen [::]:80; + + root /var/www/html; + + location /tt-rss/cache { + aio threads; + internal; + } + + location /tt-rss/backups { + internal; + } + + location ~ \.php$ { + # regex to split $uri to $fastcgi_script_name and $fastcgi_path + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + + # Check that the PHP script exists before passing it + try_files $fastcgi_script_name =404; + + # Bypass the fact that try_files resets $fastcgi_path_info + # see: http://trac.nginx.org/nginx/ticket/321 + set $path_info $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; + + fastcgi_index index.php; + include fastcgi.conf; + + fastcgi_pass app; + } + + location / { + try_files $uri $uri/ =404; + } + + } +} diff --git a/umami/docker-compose.yml b/umami/docker-compose.yml index e30bb4d..3abf191 100644 --- a/umami/docker-compose.yml +++ b/umami/docker-compose.yml @@ -1,10 +1,18 @@ version: '3' services: - umami: - image: ghcr.io/mikecao/umami:postgresql-latest - ports: - - "3013:3000" + app: + image: docker.umami.is/umami-software/umami:postgresql-latest + restart: always + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env - restart: always + networks: + services: + aliases: + - umami + +networks: + services: + external: true diff --git a/watchtower/.env b/watchtower/.env new file mode 100644 index 0000000..69988a5 --- /dev/null +++ b/watchtower/.env @@ -0,0 +1,11 @@ +WATCHTOWER_LABEL_ENABLE=true +WATCHTOWER_CLEANUP=true + +WATCHTOWER_NOTIFICATIONS=email +WATCHTOWER_NOTIFICATION_EMAIL_FROM=watchtower@serguzim.me +WATCHTOWER_NOTIFICATION_EMAIL_TO=tobias@msrg.cc +WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.serguzim.me +WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 +WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=watchtower@serguzim.me +WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD= +WATCHTOWER_NOTIFICATION_EMAIL_DELAY=5 diff --git a/watchtower/docker-compose.yml b/watchtower/docker-compose.yml new file mode 100644 index 0000000..4aadc16 --- /dev/null +++ b/watchtower/docker-compose.yml @@ -0,0 +1,11 @@ +version: "3" + +services: + watchtower: + image: containrrr/watchtower + restart: always + env_file: + - .env + - .secret.env + volumes: + - /var/run/docker.sock:/var/run/docker.sock diff --git a/webdis/docker-compose.yml b/webdis/docker-compose.yml index b2f02a5..45c4df4 100644 --- a/webdis/docker-compose.yml +++ b/webdis/docker-compose.yml @@ -2,21 +2,28 @@ services: webdis: image: nicolas/webdis:latest restart: always + labels: + com.centurylinklabs.watchtower.enable: true command: /usr/local/bin/webdis /config/webdis.json volumes: - ./webdis.json:/config/webdis.json networks: - - shared + local-net: + services: + aliases: + - webdis depends_on: - redis - ports: - - "127.0.0.1:7379:7379" redis: image: redis:6.2.6 restart: always + labels: + com.centurylinklabs.watchtower.enable: true networks: - - shared + local-net: networks: - shared: + local-net: + services: + external: true diff --git a/wiki-js/docker-compose.yml b/wiki-js/docker-compose.yml index d7a2f4f..eeb8ced 100644 --- a/wiki-js/docker-compose.yml +++ b/wiki-js/docker-compose.yml @@ -1,11 +1,19 @@ version: '3' services: - wiki-js: + app: image: requarks/wiki restart: always + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env - ports: - - 3003:3000/tcp + networks: + services: + aliases: + - wiki-js + +networks: + services: + external: true diff --git a/woodpecker/docker-compose.yml b/woodpecker/docker-compose.yml index 18edb9b..a66e6db 100644 --- a/woodpecker/docker-compose.yml +++ b/woodpecker/docker-compose.yml @@ -4,16 +4,23 @@ services: woodpecker-server: image: woodpeckerci/woodpecker-server:latest restart: always + labels: + com.centurylinklabs.watchtower.enable: true env_file: - .env - .secret.env - ports: - - 3500:8000 + networks: + local-net: + services: + aliases: + - woodpecker woodpecker-agent: image: woodpeckerci/woodpecker-agent:latest - command: agent restart: always + labels: + com.centurylinklabs.watchtower.enable: true + command: agent env_file: - .env - .secret.env @@ -23,3 +30,10 @@ services: - /var/run/docker.sock:/var/run/docker.sock environment: WOODPECKER_SERVER: "woodpecker-server:9000" + networks: + local-net: + +networks: + local-net: + services: + external: true