From 65fa0410620d8f4df942ad77429976272e437b48 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 00:00:30 -0500 Subject: [PATCH 001/262] Initial testing version --- templates/WordPress/0/README.md | 1 + templates/WordPress/0/docker-compose.yml | 61 +++++++++++++++++++++ templates/WordPress/0/rancher-compose.yml | 64 +++++++++++++++++++++++ templates/WordPress/config.yml | 8 +++ 4 files changed, 134 insertions(+) create mode 100644 templates/WordPress/0/README.md create mode 100644 templates/WordPress/0/docker-compose.yml create mode 100644 templates/WordPress/0/rancher-compose.yml create mode 100644 templates/WordPress/config.yml diff --git a/templates/WordPress/0/README.md b/templates/WordPress/0/README.md new file mode 100644 index 0000000..c2a2e73 --- /dev/null +++ b/templates/WordPress/0/README.md @@ -0,0 +1 @@ +# WordPress \ No newline at end of file diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml new file mode 100644 index 0000000..d280c94 --- /dev/null +++ b/templates/WordPress/0/docker-compose.yml @@ -0,0 +1,61 @@ +version: '2' + +services: + nextcloud: + image: wordpress:latest + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + WORDPRESS_DB_HOST: mysql + WORDPRESS_DB_USER: wordpress_user + WORDPRESS_DB_PASSWORD: ${DB_USER_PASS} + WORDPRESS_DB_NAME: wordpress + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.frontend.entryPoints: http #,https + # traefik.frontend.headers.forceSTSHeader: true + # traefik.frontend.headers.SSLRedirect: true + # traefik.frontend.headers.STSPreload: true + # traefik.frontend.headers.STSSeconds: 15552000 + traefik.port: "80" + {{- else}} + traefik.enable: false + {{- end}} + links: + - mysql + networks: + - public-proxy + ports: + - "${WEB_PORT}:80" + restart: on-failure + volumes: + - /RancherCattleData/${DATA_DIR}/Application:/var/www/html + mysql: + image: mysql:5 + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + MYSQL_DATABASE: wordpress + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: wordpress_user + MYSQL_PASSWORD: ${DB_USER_PASS} + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + restart: on-failure + volumes: + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/WordPress/0/rancher-compose.yml b/templates/WordPress/0/rancher-compose.yml new file mode 100644 index 0000000..4bd2961 --- /dev/null +++ b/templates/WordPress/0/rancher-compose.yml @@ -0,0 +1,64 @@ +version: '2' +catalog: + name: WordPress + version: latest + # description: + # minimum_rancher_version: + # maximum_rancher_version: + # upgrade_from: + questions: + + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Label Key/Value pair on the host which containers should be deployed + default: "host.id=Host1" + required: false + type: string + + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string + + - variable: "WEB_PORT" + label: "Web Port" + description: | + The port to locally access the web interface on. + default: "10600" + required: true + type: string + + - variable: "DB_ROOT_PASS" + label: "MySQL Root Password" + description: | + A secure password to be used by the "root" MySQL user. + # default: + required: true + type: password + + - variable: "DB_USER_PASS" + label: "MySQL User Password" + description: | + A secure password to be used by the "wordpress_user" MySQL user. + # default: + required: true + type: password + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/Wordpress" + required: true + type: string + +services: + wordpress: + scale: 1 + mysql: + scale: 1 \ No newline at end of file diff --git a/templates/WordPress/config.yml b/templates/WordPress/config.yml new file mode 100644 index 0000000..20330bb --- /dev/null +++ b/templates/WordPress/config.yml @@ -0,0 +1,8 @@ +name: WordPress +description: | + Status: EXPERIMENTAL +version: latest +# category: +maintainer: WilliamMiceli +# license: +# projectURL: \ No newline at end of file From 08890568807ce01c548a27ececd11b6aebb756a4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 00:21:16 -0500 Subject: [PATCH 002/262] Changed service name --- templates/WordPress/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index d280c94..1b5a257 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: - nextcloud: + wordpress: image: wordpress:latest dns: - 1.1.1.1 From be0bdbb013147cc1ccf3122f7dc1cfef2b7aff6b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 00:47:27 -0500 Subject: [PATCH 003/262] Added HTTPS --- templates/WordPress/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index 1b5a257..ef937d3 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -19,9 +19,9 @@ services: {{- if .Values.TRAEFIK_HOST}} traefik.enable: true traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.frontend.entryPoints: http #,https + traefik.frontend.entryPoints: http,https # traefik.frontend.headers.forceSTSHeader: true - # traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.SSLRedirect: true # traefik.frontend.headers.STSPreload: true # traefik.frontend.headers.STSSeconds: 15552000 traefik.port: "80" From d7f0512b093651d334536e808a06e4bde567d5b4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 01:07:29 -0500 Subject: [PATCH 004/262] Added STS headers --- templates/WordPress/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index ef937d3..7c077d6 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -20,10 +20,10 @@ services: traefik.enable: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.frontend.entryPoints: http,https - # traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.forceSTSHeader: true traefik.frontend.headers.SSLRedirect: true - # traefik.frontend.headers.STSPreload: true - # traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 traefik.port: "80" {{- else}} traefik.enable: false From f4af177a693c215226815ff025b97494a6ddff12 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 15:41:43 -0500 Subject: [PATCH 005/262] Experimental setup with dedicated httpd service --- templates/Nextcloud/0/docker-compose.yml | 70 +++++++++++++++-------- templates/Nextcloud/0/rancher-compose.yml | 10 +--- 2 files changed, 47 insertions(+), 33 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 3e6b8b5..2617cb0 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -1,8 +1,48 @@ version: '2' services: + httpd: + image: httpd:alpine + dns: + - 1.1.1.1 + - 1.0.0.1 + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.frontend.entryPoints: http # ,https + # traefik.frontend.headers.forceSTSHeader: true + # traefik.frontend.headers.SSLRedirect: true + # traefik.frontend.headers.STSPreload: true + # traefik.frontend.headers.STSSeconds: 15552000 + traefik.port: "80" + {{- else}} + traefik.enable: false + {{- end}} + links: + - mysql + - nextcloud + {{- if eq .Values.REDIS "true"}} + - redis + {{- end}} + networks: + - public-proxy + ports: + - "${WEB_PORT}:80" + restart: on-failure + volumes: + - /RancherCattleData/${DATA_DIR}/Application:/usr/local/apache2/htdocs + - /RancherCattleConfig/${DATA_DIR}/httpd:/usr/local/apache2/conf + - /RancherCattleData/${DATA_DIR}/Application:/var/www/html + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattleData/${DATA_DIR}/UserData:/var/www/html/data + nextcloud: - image: nextcloud:stable-apache + image: nextcloud:fpm-alpine dns: - 1.1.1.1 - 1.0.0.1 @@ -18,31 +58,11 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} - traefik.enable: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.frontend.entryPoints: http,https - traefik.frontend.headers.forceSTSHeader: true - traefik.frontend.headers.SSLRedirect: true - traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "80" - {{- else}} - traefik.enable: false - {{- end}} - links: - - mysql - {{- if eq .Values.REDIS "true"}} - - redis - {{- end}} networks: - public-proxy - ports: - - "${WEB_PORT}:80" restart: on-failure - volumes: - - /RancherCattleData/${DATA_DIR}/Application:/var/www/html - - /RancherCattleData/${DATA_DIR}/UserData:/var/www/html/data + volumes-from: + - httpd mysql: image: mysql:5 dns: @@ -60,7 +80,9 @@ services: {{- end}} restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + + volumes-from: + - httpd {{- if eq .Values.REDIS "true"}} redis: image: redis:latest diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index caa7a47..0f52a7b 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -77,20 +77,12 @@ catalog: label: "Data Directory" description: | The directory to store persistent data for the stack. - default: "Personal/Nextcloud" + default: "Personal/Nextcloud-Experimental" required: true type: string services: nextcloud: scale: 1 -# health_check: -# port: ${HOST_HTTP_PORT} -# request_line: GET /healthcheck HTTP/1.0 -# interval: 5000 -# response_timeout: 2000 -# healthy_threshold: 2 -# unhealthy_threshold: 3 -# strategy: none mysql: scale: 1 \ No newline at end of file From 9c569fb8f2ebb3ed14a55506ebd72be092c1453c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 15:52:07 -0500 Subject: [PATCH 006/262] Fixed volumes config --- templates/Nextcloud/0/docker-compose.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 2617cb0..7e52263 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -38,9 +38,7 @@ services: - /RancherCattleData/${DATA_DIR}/Application:/usr/local/apache2/htdocs - /RancherCattleConfig/${DATA_DIR}/httpd:/usr/local/apache2/conf - /RancherCattleData/${DATA_DIR}/Application:/var/www/html - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql - /RancherCattleData/${DATA_DIR}/UserData:/var/www/html/data - nextcloud: image: nextcloud:fpm-alpine dns: @@ -80,9 +78,7 @@ services: {{- end}} restart: on-failure volumes: - - volumes-from: - - httpd + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} redis: image: redis:latest From 1f43a8bf061cd9fd7568bc33be9645bb2c87021a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 16:10:07 -0500 Subject: [PATCH 007/262] Fixed volumes_from and ports --- templates/Nextcloud/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 7e52263..23aae6e 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -19,7 +19,7 @@ services: # traefik.frontend.headers.SSLRedirect: true # traefik.frontend.headers.STSPreload: true # traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "80" + traefik.port: "9000" {{- else}} traefik.enable: false {{- end}} @@ -32,7 +32,7 @@ services: networks: - public-proxy ports: - - "${WEB_PORT}:80" + - "${WEB_PORT}:9000" restart: on-failure volumes: - /RancherCattleData/${DATA_DIR}/Application:/usr/local/apache2/htdocs @@ -59,7 +59,7 @@ services: networks: - public-proxy restart: on-failure - volumes-from: + volumes_from: - httpd mysql: image: mysql:5 From 79f02f75c28473129170c15f977cbfaf6ae9d3a4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 16:15:51 -0500 Subject: [PATCH 008/262] Added sidekicks label --- templates/Nextcloud/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 23aae6e..c28258e 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -11,6 +11,7 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + io.rancher.sidekicks: nextcloud {{- if .Values.TRAEFIK_HOST}} traefik.enable: true traefik.frontend.rule: Host:${TRAEFIK_HOST} From 6d00a8667bf20b9125fa6b7dda2bfd480ff856d7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 16:27:20 -0500 Subject: [PATCH 009/262] Use default httpd.conf --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index c28258e..1e54d59 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -37,7 +37,7 @@ services: restart: on-failure volumes: - /RancherCattleData/${DATA_DIR}/Application:/usr/local/apache2/htdocs - - /RancherCattleConfig/${DATA_DIR}/httpd:/usr/local/apache2/conf +# - /RancherCattleConfig/${DATA_DIR}/httpd:/usr/local/apache2/conf - /RancherCattleData/${DATA_DIR}/Application:/var/www/html - /RancherCattleData/${DATA_DIR}/UserData:/var/www/html/data nextcloud: From 6bf6daa2a32ffefe51755df824da7b5ae82aca4e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 16:38:31 -0500 Subject: [PATCH 010/262] Trying different port --- templates/Nextcloud/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 1e54d59..27650ee 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -20,7 +20,7 @@ services: # traefik.frontend.headers.SSLRedirect: true # traefik.frontend.headers.STSPreload: true # traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "9000" + traefik.port: "80" {{- else}} traefik.enable: false {{- end}} @@ -33,7 +33,7 @@ services: networks: - public-proxy ports: - - "${WEB_PORT}:9000" + - "${WEB_PORT}:80" restart: on-failure volumes: - /RancherCattleData/${DATA_DIR}/Application:/usr/local/apache2/htdocs From a1a044e5fbf1aa238e7a71b5a0821ba0e64e144d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 17:33:09 -0500 Subject: [PATCH 011/262] Added exposed port to test PHP-FPM --- templates/Nextcloud/0/docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 27650ee..7efe1c7 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -52,6 +52,8 @@ services: MYSQL_PASSWORD: ${DB_USER_PASS} NEXTCLOUD_ADMIN_USER: ${NC_ADMIN} NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS} + expose: + - "9000" labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} From 84ffae0ff15b9332830fe15e4fde5d678eca4db0 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 18:51:02 -0500 Subject: [PATCH 012/262] Added Traefik integration --- templates/Snipe-IT/0/docker-compose.yml | 22 ++++++++++++++++++++-- templates/Snipe-IT/0/rancher-compose.yml | 13 +++++++------ 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index f39a920..9811cb8 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,7 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${URL}:${WEB_PORT} + APP_URL: ${TRAEFIK_HOST}:${WEB_PORT} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit @@ -22,8 +22,22 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.port: "80" + {{- else}} + traefik.enable: false + {{- end}} links: - mysql + networks: + - public-proxy ports: - "${WEB_PORT}:80" restart: on-failure @@ -46,4 +60,8 @@ services: {{- end}} restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql \ No newline at end of file + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index e4d0e0c..5e4be4f 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -1,6 +1,6 @@ version: '2' catalog: - name: SnipeIT + name: Snipe-IT version: latest # description: # minimum_rancher_version: @@ -16,12 +16,13 @@ catalog: required: false type: string - - variable: "URL" - label: "URL" + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" description: | - The domain or hostname the service can be accessed at. - default: "http://localhost" - required: true + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false type: string - variable: "WEB_PORT" From 2c963613a68e406fe6e4cf93b0442207970ef408 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 15:52:00 -0500 Subject: [PATCH 013/262] WEB_PORT not used on Traefik --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 9811cb8..1745652 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,7 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${TRAEFIK_HOST}:${WEB_PORT} + APP_URL: ${TRAEFIK_HOST}:80 APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit From 9206795fd4fc86f6b136df4a37504e0010815d69 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:03:02 -0500 Subject: [PATCH 014/262] Testing without any port --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 1745652..6525bbb 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,7 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${TRAEFIK_HOST}:80 + APP_URL: ${TRAEFIK_HOST} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit From 457cabf0cf9c97e314dc2d12b4595943ab9cdde9 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:08:51 -0500 Subject: [PATCH 015/262] Port seemingly required. Added URL without traefik --- templates/Snipe-IT/0/docker-compose.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 6525bbb..a940553 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,11 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${TRAEFIK_HOST} + {{- if .Values.TRAEFIK_HOST}} + APP_URL: ${TRAEFIK_HOST}:80 + {{- else}} + APP_URL: localhost:${WEB_PORT} + {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit From da029ccab7182a20da092c60b37e2c60800236ac Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:11:42 -0500 Subject: [PATCH 016/262] Added label to forward headers --- templates/Snipe-IT/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index a940553..87d7f25 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,6 +28,7 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true + traefik.frontend.auth.forward.trustForwardHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true From 575284f3fc7ab23bb0595eb52b5b413a4d7867eb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:17:47 -0500 Subject: [PATCH 017/262] Testing without --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 87d7f25..1264299 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,7 +28,7 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - traefik.frontend.auth.forward.trustForwardHeader: true + # traefik.frontend.auth.forward.trustForwardHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true From 9a74e12a81bb48f65ee34f5c712a25519948985d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:45:24 -0500 Subject: [PATCH 018/262] Trying different header --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 1264299..5106026 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,12 +28,12 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - # traefik.frontend.auth.forward.trustForwardHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.SSLProxyHeaders: X-Forwarded-Proto:https traefik.frontend.headers.STSSeconds: 15552000 traefik.port: "80" {{- else}} From e2935e698fb5821f7e2d42ffe0ec0424d5bf3dbb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:53:21 -0500 Subject: [PATCH 019/262] Added volume to directly access in-app backups --- templates/Snipe-IT/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 5106026..3647602 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -48,6 +48,7 @@ services: restart: on-failure volumes: - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit + - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: image: mysql:5 dns: From e4bb26a8d0235aa1810aac71479af3235a1e0921 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 17:38:11 -0500 Subject: [PATCH 020/262] Allowed disabling of local access --- templates/Snipe-IT/0/docker-compose.yml | 5 +++++ templates/Snipe-IT/0/rancher-compose.yml | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 3647602..66cbb76 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -43,8 +43,13 @@ services: - mysql networks: - public-proxy + {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" + {{- else}} + expose: + - "80" + {{- end}} restart: on-failure volumes: - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 5e4be4f..05a87e5 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -29,8 +29,9 @@ catalog: label: "Local Web Port" description: | The port to locally access the web interface on. + Leaving this empty will not expose a any port on the host system, disabling local access outside of it's Rancher network. default: "10300" - required: true + required: false type: string - variable: "DATA_DIR" From 4390817f89b93d22db37e327d41dcc5e57dd3f76 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 19 Nov 2018 17:26:49 -0500 Subject: [PATCH 021/262] Added option for service to use host's time --- templates/Snipe-IT/0/docker-compose.yml | 3 +++ templates/Snipe-IT/0/rancher-compose.yml | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 66cbb76..b11284c 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -52,6 +52,9 @@ services: {{- end}} restart: on-failure volumes: + {{- if eq .Values.HOST_TIME "true"}} + - /etc/localtime:/etc/localtime:ro + {{- end}} - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 05a87e5..72086d7 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -63,4 +63,12 @@ catalog: description: | A random 32-Character string which will be used for encryption. required: true - type: password \ No newline at end of file + type: password + + - variable: "HOST_TIME" + label: "Use Host's Date/Time" + description: | + Use the host's date and time for the container. + default: true + required: true + type: boolean \ No newline at end of file From eb61b571013bb0f5799282b7cb7788c8bf142cc3 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 15:20:03 -0500 Subject: [PATCH 022/262] First test setup of PHPMyAdmin --- templates/PHPMyAdmin/0/README.md | 3 ++ templates/PHPMyAdmin/0/docker-compose.yml | 39 ++++++++++++++++++++++ templates/PHPMyAdmin/0/rancher-compose.yml | 35 +++++++++++++++++++ templates/PHPMyAdmin/config.yml | 8 +++++ 4 files changed, 85 insertions(+) create mode 100644 templates/PHPMyAdmin/0/README.md create mode 100644 templates/PHPMyAdmin/0/docker-compose.yml create mode 100644 templates/PHPMyAdmin/0/rancher-compose.yml create mode 100644 templates/PHPMyAdmin/config.yml diff --git a/templates/PHPMyAdmin/0/README.md b/templates/PHPMyAdmin/0/README.md new file mode 100644 index 0000000..d2230bd --- /dev/null +++ b/templates/PHPMyAdmin/0/README.md @@ -0,0 +1,3 @@ +# PHPMyAdmin + +https://hub.docker.com/r/phpmyadmin/phpmyadmin/ \ No newline at end of file diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml new file mode 100644 index 0000000..90a4ef4 --- /dev/null +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -0,0 +1,39 @@ +version: '2' + +services: + ghost: + image: phpmyadmin/phpmyadmin:latest + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + PMA_ARBITRARY: true + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.web.frontend.entryPoints: http,https + traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.redirect.entryPoint: https + traefik.web.frontend.redirect.permanent: true + traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.port: "80" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + networks: + - db-admin + ports: + - "${WEB_PORT}:80" + restart: on-failure + +networks: + db-admin: \ No newline at end of file diff --git a/templates/PHPMyAdmin/0/rancher-compose.yml b/templates/PHPMyAdmin/0/rancher-compose.yml new file mode 100644 index 0000000..47a8778 --- /dev/null +++ b/templates/PHPMyAdmin/0/rancher-compose.yml @@ -0,0 +1,35 @@ +version: '2' +catalog: + name: PHPMyAdmin + version: latest + # description: + # minimum_rancher_version: + # maximum_rancher_version: + # upgrade_from: + # uuid: + questions: + + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Key/Value pair on the host which the stack should be deployed. + default: "host.id=Host1" + required: false + type: string + + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string + + - variable: "WEB_PORT" + label: "Local Web Port" + description: | + The port to locally access the web interface on. + default: "10700" + required: true + type: string \ No newline at end of file diff --git a/templates/PHPMyAdmin/config.yml b/templates/PHPMyAdmin/config.yml new file mode 100644 index 0000000..bd27073 --- /dev/null +++ b/templates/PHPMyAdmin/config.yml @@ -0,0 +1,8 @@ +name: PHPMyAdmin +description: | + Status: NOT READY +version: latest +category: Database Administration +maintainer: WilliamMiceli +# license: +# projectURL: \ No newline at end of file From 471c366cf0209a2c6ca0d17e4f17b8e34a8953af Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 15:24:55 -0500 Subject: [PATCH 023/262] Renamed service --- templates/PHPMyAdmin/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index 90a4ef4..bccd911 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: - ghost: + phpmyadmin: image: phpmyadmin/phpmyadmin:latest dns: - 1.1.1.1 From d8381eae9784c8e7044234167c01fc2eca4236c8 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 15:29:45 -0500 Subject: [PATCH 024/262] Testing if "1" is necessary --- templates/PHPMyAdmin/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index bccd911..8c62149 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -7,7 +7,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - PMA_ARBITRARY: true + PMA_ARBITRARY: 1 labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -30,7 +30,7 @@ services: traefik.enable: false {{- end}} networks: - - db-admin + - db-admin # Used to be able to make secure, direct connections to other services in other stacks ports: - "${WEB_PORT}:80" restart: on-failure From 42e509c5e7fb23654d11a316e44a5c90d108381e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 15:35:58 -0500 Subject: [PATCH 025/262] "1" was necessary. Added comments. Fixed name. Ready. --- templates/PHPMyAdmin/0/README.md | 2 +- templates/PHPMyAdmin/0/docker-compose.yml | 2 +- templates/PHPMyAdmin/config.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/PHPMyAdmin/0/README.md b/templates/PHPMyAdmin/0/README.md index d2230bd..91e65fb 100644 --- a/templates/PHPMyAdmin/0/README.md +++ b/templates/PHPMyAdmin/0/README.md @@ -1,3 +1,3 @@ -# PHPMyAdmin +# phpMyAdmin https://hub.docker.com/r/phpmyadmin/phpmyadmin/ \ No newline at end of file diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index 8c62149..531b3ec 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -7,7 +7,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - PMA_ARBITRARY: 1 + PMA_ARBITRARY: 1 # Allows the user to specify any arbitrary server using address/hostname and port labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} diff --git a/templates/PHPMyAdmin/config.yml b/templates/PHPMyAdmin/config.yml index bd27073..78a316b 100644 --- a/templates/PHPMyAdmin/config.yml +++ b/templates/PHPMyAdmin/config.yml @@ -1,6 +1,6 @@ -name: PHPMyAdmin +name: phpMyAdmin description: | - Status: NOT READY + A free and open source administration tool for MySQL and MariaDB. version: latest category: Database Administration maintainer: WilliamMiceli From 0cdc0df11f5e0263d37ae43fd67c2976ecc0bb31 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 17:28:33 -0500 Subject: [PATCH 026/262] Somewhat basic setup. Still incomplete. --- templates/Guacamole/0/README.md | 5 +- templates/Guacamole/0/docker-compose.yml | 115 +++++++++++++--------- templates/Guacamole/0/rancher-compose.yml | 84 +++++----------- 3 files changed, 92 insertions(+), 112 deletions(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index b891d90..7ae68c2 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -1 +1,4 @@ -# Guacamole \ No newline at end of file +# Guacamole + +### To-do List +* Allow LDAP authentication in place of MySQL authentication \ No newline at end of file diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 8dd69b7..e051432 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -1,49 +1,66 @@ -database-data: - image: busybox - labels: - io.rancher.container.start_once: 'true' - net: none - entrypoint: /bin/true - volumes: - - /var/lib/mysql - - /docker-entrypoint-initdb.d -database: - image: mariadb - environment: - MYSQL_DATABASE: ${guacamole_db} - MYSQL_ONETIME_PASSWORD: 'true' - MYSQL_PASSWORD: ${guacamole_password} - MYSQL_RANDOM_ROOT_PASSWORD: 'true' - MYSQL_USER: ${guacamole_user} - volumes_from: - - database-data - labels: - io.rancher.sidekicks: setup-get-db-script, database-data -setup-get-db-script: - image: glyptodon/guacamole:0.9.10-incubating - net: none - volumes_from: - - database-data - command: - - bash - - -c - - /opt/guacamole/bin/initdb.sh --mysql > /docker-entrypoint-initdb.d/initdb.sql - labels: - io.rancher.container.start_once: 'true' -guacd: - image: glyptodon/guacd:0.9.10-incubating -guacamole: - image: glyptodon/guacamole:0.9.10-incubating - environment: - MYSQL_DATABASE: ${guacamole_db} - MYSQL_HOSTNAME: database - MYSQL_PASSWORD: ${guacamole_password} - MYSQL_USER: ${guacamole_user} - links: - - guacd:guacd - ports: - - ${public_port}:8080/tcp - command: - - /bin/bash - - -c - - cd /usr/local/tomcat/webapps;rm -rf ROOT/; ln -s guacamole.war ROOT.war; /opt/guacamole/bin/start.sh; \ No newline at end of file +version: '2' + +services: + guacamole: + image: guacamole/guacamole + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.web.frontend.entryPoints: http,https + traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.redirect.entryPoint: https + traefik.web.frontend.redirect.permanent: true + traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.port: "8080" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + links: + - guacd + - mysql + networks: + - public-proxy + ports: + - "${WEB_PORT}:8080" + restart: on-failure + guacd: + image: guacamole/guacd + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + labels: + networks: + ports: + restart: on-failure + mysql: + image: + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + MYSQL_DATABASE: guacamole_db + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: password + labels: + networks: + ports: + restart: on-failure + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 32c9fd9..4c51c82 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -6,70 +6,30 @@ catalog: # minimum_rancher_version: # maximum_rancher_version: # upgrade_from: + # uuid: questions: - - variable: "guacamole_db" - label: "MySQL Database Name" - description: "Your MYSQL guacamole database name" - default: "guacamole_db" - required: true - type: "string" + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Key/Value pair on the host which the stack should be deployed. + default: "host.id=Host1" + required: false + type: string - - variable: "guacamole_user" - label: "MySQL Database User" - description: "Your MYSQL guacamole user name" - required: true - default: "guacamole_user" - type: "string" + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string - - variable: "guacamole_password" - label: "MySQL Database Password" - description: "Your MYSQL guacamole user password. Defaults to \"guacamole_password\"" + - variable: "WEB_PORT" + label: "Local Web Port" + description: | + The port to locally access the web interface on. + default: "10700" required: true - default: "guacamole_password" - type: "password" - - - variable: "public_port" - label: "Public Port" - description: "The public port that Guacamole listens on, defaults to 8080" - required: true - default: 8080 - type: "int" - -services: - guacamole: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 8080 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - request_line: GET "/guacamole" "HTTP/1.0" - reinitializing_timeout: 60000 - guacd: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 4822 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - reinitializing_timeout: 60000 - setup-get-db-script: - scale: 1 - database: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 3306 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - reinitializing_timeout: 60000 \ No newline at end of file + type: string \ No newline at end of file From 63f0fd2fd38d3cad3b33e0f7a2ac55c1ec5acc3b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 17:31:36 -0500 Subject: [PATCH 027/262] Added public-proxy for Traefik Not sure if it actually makes a difference that it's listed, but I'll continue going with it until I know for sure. --- templates/PHPMyAdmin/0/docker-compose.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index 531b3ec..f7832ff 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -31,9 +31,12 @@ services: {{- end}} networks: - db-admin # Used to be able to make secure, direct connections to other services in other stacks + - public-proxy # Used for the connection to the Traefik container for public access ports: - "${WEB_PORT}:80" restart: on-failure networks: - db-admin: \ No newline at end of file + db-admin: + public-proxy: + external: true \ No newline at end of file From d56255a21a19b875fcf07c8ca8976133cc61e65e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:16:09 -0500 Subject: [PATCH 028/262] Completed configuration, now to test --- templates/Guacamole/0/docker-compose.yml | 24 ++++++++++++++++++----- templates/Guacamole/0/rancher-compose.yml | 24 +++++++++++++++++++++++ 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index e051432..7e2c1c6 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -44,23 +44,37 @@ services: - 1.0.0.1 environment: labels: - networks: - ports: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} restart: on-failure mysql: - image: + image: mysql:latest dns: - 1.1.1.1 - 1.0.0.1 environment: + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_DATABASE: guacamole_db MYSQL_USER: guacamole_user - MYSQL_PASSWORD: password + MYSQL_PASSWORD: ${DB_USER_PASS} labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} networks: - ports: + db-admin: + aliases: + - guacamole restart: on-failure + volumes: + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql # MySQL Database to be persistent networks: + db-admin: + external: true public-proxy: external: true \ No newline at end of file diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 4c51c82..4ec108d 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -32,4 +32,28 @@ catalog: The port to locally access the web interface on. default: "10700" required: true + type: string + + - variable: "DB_ROOT_PASS" + label: "MySQL Root Password" + description: | + A secure password to be used by the "root" MySQL user. + # default: + required: true + type: password + + - variable: "DB_USER_PASS" + label: "MySQL User Password" + description: | + A secure password to be used by the "nextcloud_user" MySQL user. + # default: + required: true + type: password + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/Nextcloud" + required: true type: string \ No newline at end of file From fb29548894071093eba0017a07d62ecbc4ad6c85 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:22:05 -0500 Subject: [PATCH 029/262] Updated names --- templates/Guacamole/0/rancher-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 4ec108d..bf0f58e 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -45,7 +45,7 @@ catalog: - variable: "DB_USER_PASS" label: "MySQL User Password" description: | - A secure password to be used by the "nextcloud_user" MySQL user. + A secure password to be used by the "guacamole_user" MySQL user. # default: required: true type: password @@ -54,6 +54,6 @@ catalog: label: "Data Directory" description: | The directory to store persistent data for the stack. - default: "Personal/Nextcloud" + default: "Personal/Guacamole" required: true type: string \ No newline at end of file From 70b81ccf072ac58e637ef3cca0ba6a0102c3aaa1 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:23:05 -0500 Subject: [PATCH 030/262] Set default version --- templates/Guacamole/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/config.yml b/templates/Guacamole/config.yml index 0082952..95762a4 100644 --- a/templates/Guacamole/config.yml +++ b/templates/Guacamole/config.yml @@ -1,7 +1,7 @@ name: Apache Guacamole description: | Status: NOT READY -# version: +version: latest #category: maintainer: WilliamMiceli # license: From 63f3b26d307c4f165fcda0cc0c79d7e61cc6e9df Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:26:08 -0500 Subject: [PATCH 031/262] Slight cleanup --- templates/Guacamole/0/docker-compose.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 7e2c1c6..60d8cc9 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -6,8 +6,6 @@ services: dns: - 1.1.1.1 - 1.0.0.1 - environment: - labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -42,7 +40,6 @@ services: dns: - 1.1.1.1 - 1.0.0.1 - environment: labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} From 38c9bed6afc17025a9b9e594403cca06d753c3b3 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:31:24 -0500 Subject: [PATCH 032/262] Added tags and updated README --- templates/Guacamole/0/README.md | 5 +++++ templates/Guacamole/0/docker-compose.yml | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 7ae68c2..484b4e9 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -1,4 +1,9 @@ # Guacamole +Using official images only: +* guacamole/guacamole:latest +* guacamole/guacd:latest +* mysql:latest + ### To-do List * Allow LDAP authentication in place of MySQL authentication \ No newline at end of file diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 60d8cc9..c165832 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: guacamole: - image: guacamole/guacamole + image: guacamole/guacamole:latest dns: - 1.1.1.1 - 1.0.0.1 @@ -36,7 +36,7 @@ services: - "${WEB_PORT}:8080" restart: on-failure guacd: - image: guacamole/guacd + image: guacamole/guacd:latest dns: - 1.1.1.1 - 1.0.0.1 From 976eaf0dc9360a6f39baa1b36233efe2abfd1b1e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:33:41 -0500 Subject: [PATCH 033/262] Sync host timezone --- templates/Nextcloud/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 7efe1c7..c7cdd69 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -81,6 +81,7 @@ services: {{- end}} restart: on-failure volumes: + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} redis: From f3515a843c982669cc92151f0db7192450962185 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:34:50 -0500 Subject: [PATCH 034/262] Sync host timezone --- templates/Snipe-IT/0/docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index b11284c..c0012db 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -53,7 +53,7 @@ services: restart: on-failure volumes: {{- if eq .Values.HOST_TIME "true"}} - - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system {{- end}} - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups @@ -74,6 +74,7 @@ services: {{- end}} restart: on-failure volumes: + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql networks: From c8de0ea099fb0ae490b09ba78ad5b389ad6b76fd Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:37:19 -0500 Subject: [PATCH 035/262] Sync time and timezone with host --- templates/WordPress/0/docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index 7c077d6..223b839 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -54,6 +54,8 @@ services: {{- end}} restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql networks: From 723e57e88abb089de557a0b95c78c063db2e6712 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:39:06 -0500 Subject: [PATCH 036/262] Sync time and timezone with host --- templates/Traefik/0/docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/Traefik/0/docker-compose.yml b/templates/Traefik/0/docker-compose.yml index 1f74b51..05ce5bc 100644 --- a/templates/Traefik/0/docker-compose.yml +++ b/templates/Traefik/0/docker-compose.yml @@ -25,6 +25,8 @@ services: restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleConfig/${DATA_DIR}/traefik.toml:/traefik.toml - /RancherCattleConfig/${DATA_DIR}/acme:/etc/traefik/acme # For Let's Encrypt certificates - /RancherCattleConfig/${DATA_DIR}/logs:/external/logs From 9341fcc27ce15637530c73739013ad054fa64786 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:40:33 -0500 Subject: [PATCH 037/262] Sync time and timezone with host --- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- templates/Snipe-IT/0/rancher-compose.yml | 10 +--------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index c0012db..758e9bd 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -52,9 +52,8 @@ services: {{- end}} restart: on-failure volumes: - {{- if eq .Values.HOST_TIME "true"}} + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - {{- end}} - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: @@ -74,6 +73,7 @@ services: {{- end}} restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 72086d7..05a87e5 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -63,12 +63,4 @@ catalog: description: | A random 32-Character string which will be used for encryption. required: true - type: password - - - variable: "HOST_TIME" - label: "Use Host's Date/Time" - description: | - Use the host's date and time for the container. - default: true - required: true - type: boolean \ No newline at end of file + type: password \ No newline at end of file From 99592b61e3a1c0f1be44544ef7406f0a7629afb1 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:42:27 -0500 Subject: [PATCH 038/262] Sync time and timezone with host --- templates/Nextcloud/0/docker-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index c7cdd69..78d3022 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -36,6 +36,8 @@ services: - "${WEB_PORT}:80" restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Application:/usr/local/apache2/htdocs # - /RancherCattleConfig/${DATA_DIR}/httpd:/usr/local/apache2/conf - /RancherCattleData/${DATA_DIR}/Application:/var/www/html @@ -81,6 +83,7 @@ services: {{- end}} restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} From 556325c20293105b1fc583f7b0a0278cf465177a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:43:14 -0500 Subject: [PATCH 039/262] Also sync time with host --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index c165832..035c8e1 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -67,6 +67,7 @@ services: - guacamole restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql # MySQL Database to be persistent From c1555a13b8bdf9c1ebaefb37909bc684d200d998 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:47:28 -0500 Subject: [PATCH 040/262] Added required environment variables --- templates/Guacamole/0/docker-compose.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 035c8e1..1b6867e 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -6,6 +6,11 @@ services: dns: - 1.1.1.1 - 1.0.0.1 + environment: + MYSQL_HOSTNAME: mysql + MYSQL_DATABASE: guacamole_db + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} From ea160ec2fe31b4fd698e103c62fbd76a8a2a45d7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 23:00:59 -0500 Subject: [PATCH 041/262] Updated ToDos --- templates/Guacamole/0/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 484b4e9..6eb7b41 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -6,4 +6,5 @@ Using official images only: * mysql:latest ### To-do List -* Allow LDAP authentication in place of MySQL authentication \ No newline at end of file +* Allow LDAP authentication in place of MySQL authentication +* Make database initialization automatic, or provide instructions for it \ No newline at end of file From 81f9135af26b19c750404eb4e4bb147284006a52 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Thu, 6 Dec 2018 15:41:17 -0500 Subject: [PATCH 042/262] Added time sync and nginx:alpine tag, fixed questions --- templates/InvoiceNinja/0/docker-compose.yml | 6 +++++- templates/InvoiceNinja/0/rancher-compose.yml | 16 ++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index b105eb3..7e506ec 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -14,6 +14,8 @@ services: - mysql restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleConfig/${DATA_DIR}/.env:/var/www/app/.env - /RancherCattleData/${DATA_DIR}/Logo:/var/www/app/public/logo - /RancherCattleData/${DATA_DIR}/Storage:/var/www/app/storage @@ -60,9 +62,11 @@ services: traefik.enable: false restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql nginx: - image: nginx + image: nginx:alpine dns: - 1.1.1.1 - 1.0.0.1 diff --git a/templates/InvoiceNinja/0/rancher-compose.yml b/templates/InvoiceNinja/0/rancher-compose.yml index 84aed42..3711750 100644 --- a/templates/InvoiceNinja/0/rancher-compose.yml +++ b/templates/InvoiceNinja/0/rancher-compose.yml @@ -33,6 +33,22 @@ catalog: required: true type: string + - variable: "DB_ROOT_PASS" + label: "MySQL Root Password" + description: | + A secure password to be used by the "root" MySQL user. + # default: + required: true + type: password + + - variable: "DB_USER_PASS" + label: "MySQL User Password" + description: | + A secure password to be used by the "ninja" MySQL user. + # default: + required: true + type: password + - variable: DATA_DIR label: "Data Directory" description: | From 99b8ad5a92f8351a6a229a9e434987aef04af7dd Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Thu, 6 Dec 2018 15:52:17 -0500 Subject: [PATCH 043/262] Testing not on alpine --- templates/InvoiceNinja/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index 7e506ec..d0c48ec 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -66,7 +66,7 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql nginx: - image: nginx:alpine + image: nginx dns: - 1.1.1.1 - 1.0.0.1 From 8e03b5e3d1d2ae97228f915eecb6ba0d99e18ce9 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Thu, 6 Dec 2018 16:03:45 -0500 Subject: [PATCH 044/262] Made comments for later --- templates/InvoiceNinja/0/README.md | 5 ++++- templates/InvoiceNinja/0/docker-compose.yml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/templates/InvoiceNinja/0/README.md b/templates/InvoiceNinja/0/README.md index c7073b9..6c21e7f 100644 --- a/templates/InvoiceNinja/0/README.md +++ b/templates/InvoiceNinja/0/README.md @@ -22,4 +22,7 @@ Google Maps: Get an API Key [Here](https://developers.google.com/maps/documentation/javascript/get-api-key) first. Then add GOOGLE_MAPS_API_KEY= in your .env file. -If using without HTTPS (like using the direct IP instead of through Traefik), please take out the line: "fastcgi_param HTTPS 1;" from your nginx.conf \ No newline at end of file +If using without HTTPS (like using the direct IP instead of through Traefik), please take out the line: "fastcgi_param HTTPS 1;" from your nginx.conf + +### To-Do List +* Add documentation for easier adding environment variables, and see if there's a better way to do so \ No newline at end of file diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index d0c48ec..a6d99cf 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -66,7 +66,7 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql nginx: - image: nginx + image: nginx # Alpine does not work (last checked 6 December 2018) dns: - 1.1.1.1 - 1.0.0.1 From c2d07e10c89da1d9ee26011a5d5ea6a4bf31a322 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Thu, 6 Dec 2018 20:17:14 -0500 Subject: [PATCH 045/262] Set referrer-policy header As per Nextcloud official recommendations --- templates/Nextcloud/0/docker-compose.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 3e6b8b5..92440c8 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -20,13 +20,16 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} + ### Start Web Segment traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.port: "80" + ### End Web Segment {{- else}} traefik.enable: false {{- end}} From a83fd33a9603a8b7747a5d6dbffd94889060c0cf Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Thu, 6 Dec 2018 23:36:42 -0500 Subject: [PATCH 046/262] Added Nextcloud security checker --- templates/Nextcloud/0/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 5a626c5..e0ece46 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -1 +1,4 @@ -# Nextcloud \ No newline at end of file +# Nextcloud + +### Security Check +https://scan.nextcloud.com/ \ No newline at end of file From 723a1c5b74b6bdd3a619b5a58dd84327b46a8460 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 00:15:14 -0500 Subject: [PATCH 047/262] First complete configuration for testing --- templates/OpenProject/0/README.md | 8 ++- templates/OpenProject/0/docker-compose.yml | 72 +++++++++++++++------ templates/OpenProject/0/rancher-compose.yml | 52 +++++++++++---- 3 files changed, 101 insertions(+), 31 deletions(-) diff --git a/templates/OpenProject/0/README.md b/templates/OpenProject/0/README.md index 8c69a0c..7924210 100644 --- a/templates/OpenProject/0/README.md +++ b/templates/OpenProject/0/README.md @@ -1 +1,7 @@ -# OpenProject \ No newline at end of file +# OpenProject + +https://github.com/opf/openproject/blob/dev/docs/configuration/configuration.md + +##### Default admin login +User: admin +Pass: admin \ No newline at end of file diff --git a/templates/OpenProject/0/docker-compose.yml b/templates/OpenProject/0/docker-compose.yml index 684e2df..9a3a82c 100644 --- a/templates/OpenProject/0/docker-compose.yml +++ b/templates/OpenProject/0/docker-compose.yml @@ -1,23 +1,59 @@ version: '2' + services: - openproject: - image: openproject/community:7 - volumes_from: - - openproject-data - ports: - - ${OPENPROJECT_PORT}:80 + memcached: + image: memcached:latest + dns: + - 1.1.1.1 + - 1.0.0.1 labels: io.rancher.container.pull_image: always - io.rancher.sidekicks: openproject-data - io.rancher.container.hostname_override: container_name - openproject-data: - image: openproject/community:7 - entrypoint: - - /bin/true - volumes: - - /var/lib/postgresql/9.4/main - - /var/log/supervisor - - /var/db/openproject + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + restart: on-failure + openproject: + image: openproject/community:latest + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + CACHE_MEMCACHE_SERVER: memcached + CACHE_NAMESPACE: openproject + SECRET_KEY_BASE: ${SECRET_KEY} labels: - io.rancher.container.start_once: 'true' - io.rancher.container.hostname_override: container_name \ No newline at end of file + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.web.frontend.entryPoints: http,https + traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.redirect.entryPoint: https + traefik.web.frontend.redirect.permanent: true + traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.port: "80" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + links: + - memcached + networks: + - public-proxy # Used for the connection to the Traefik container for public access + ports: + - "${WEB_PORT}:80" + restart: on-failure + volumes: + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/postgresql/9.6/main + - /RancherCattleData/${DATA_DIR}/Logs:/var/log/supervisor + - /RancherCattleData/${DATA_DIR}/Static:/var/db/openproject + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/OpenProject/0/rancher-compose.yml b/templates/OpenProject/0/rancher-compose.yml index b6ede9a..8591abc 100644 --- a/templates/OpenProject/0/rancher-compose.yml +++ b/templates/OpenProject/0/rancher-compose.yml @@ -6,18 +6,46 @@ catalog: # minimum_rancher_version: # maximum_rancher_version: # upgrade_from: + # uuid: questions: - - variable: OPENPROJECT_PORT - label: Port - default: 80 - required: true - type: int + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Key/Value pair on the host which the stack should be deployed. + default: "host.id=Host1" + required: false + type: string -services: - openproject: - scale: 1 - start_on_create: true - openproject-data: - scale: 1 - start_on_create: true \ No newline at end of file + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string + + - variable: "WEB_PORT" + label: "Local Web Port" + description: | + The port to locally access the web interface on. + default: "10800" + required: true + type: string + + - variable: "SECRET_KEY" + label: "Secret Key Base" + description: | + A randomly generated string for encryption purposes + # default: + required: true + type: password + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/OpenProject" + required: true + type: string \ No newline at end of file From a00db682a9f4a6fcd92f41c90d9999306c04c245 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 01:08:57 -0500 Subject: [PATCH 048/262] Works as well as it can --- templates/OpenProject/0/README.md | 4 +++- templates/OpenProject/config.yml | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/templates/OpenProject/0/README.md b/templates/OpenProject/0/README.md index 7924210..81ec5d7 100644 --- a/templates/OpenProject/0/README.md +++ b/templates/OpenProject/0/README.md @@ -4,4 +4,6 @@ https://github.com/opf/openproject/blob/dev/docs/configuration/configuration.md ##### Default admin login User: admin -Pass: admin \ No newline at end of file +Pass: admin + +Please make sure to set "https" mode within system settings after setup is completed. \ No newline at end of file diff --git a/templates/OpenProject/config.yml b/templates/OpenProject/config.yml index b175b2e..f65e6ba 100644 --- a/templates/OpenProject/config.yml +++ b/templates/OpenProject/config.yml @@ -1,7 +1,7 @@ name: OpenProject description: | - Status: NOT READY -# version: + A web-based project management system for location-independent team collaboration. +version: latest category: Productivity maintainer: WilliamMiceli # license: From ffe2a4795098f1231eea3d955f8304218f5d5ecb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 14:16:24 -0500 Subject: [PATCH 049/262] Will continue in the future --- templates/Httpd/0/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 templates/Httpd/0/README.md diff --git a/templates/Httpd/0/README.md b/templates/Httpd/0/README.md new file mode 100644 index 0000000..852140b --- /dev/null +++ b/templates/Httpd/0/README.md @@ -0,0 +1,5 @@ +# httpd + +### Will work on this in the future + +https://docs.docker.com/samples/library/httpd/ \ No newline at end of file From de3ad4102dbbdf3a350fa249220e4e2acd9def52 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 14:35:38 -0500 Subject: [PATCH 050/262] Will continue in the future --- templates/Nginx/0/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 templates/Nginx/0/README.md diff --git a/templates/Nginx/0/README.md b/templates/Nginx/0/README.md new file mode 100644 index 0000000..f23bc92 --- /dev/null +++ b/templates/Nginx/0/README.md @@ -0,0 +1,5 @@ +# Nginx + +### Will continue this in the future + +https://store.docker.com/_/nginx \ No newline at end of file From a4f0ecf8f9ea7d6028df2a1e0382daee4a5f2869 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 14:55:57 -0500 Subject: [PATCH 051/262] Will continue this later --- templates/XWiki/0/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 templates/XWiki/0/README.md diff --git a/templates/XWiki/0/README.md b/templates/XWiki/0/README.md new file mode 100644 index 0000000..9bea272 --- /dev/null +++ b/templates/XWiki/0/README.md @@ -0,0 +1,5 @@ +# XWiki + +### Will continue this later + +https://store.docker.com/_/xwiki \ No newline at end of file From 50528b4f1f89557aed4d51725be9d5cdf2eceb20 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 19:32:13 -0500 Subject: [PATCH 052/262] Added protocol --- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 758e9bd..2cdb2df 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -12,9 +12,9 @@ services: APP_ENV: production APP_DEBUG: false {{- if .Values.TRAEFIK_HOST}} - APP_URL: ${TRAEFIK_HOST}:80 + APP_URL: https://${TRAEFIK_HOST}:80 {{- else}} - APP_URL: localhost:${WEB_PORT} + APP_URL: http://localhost:${WEB_PORT} {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql From 7bf444951c98cb7a0c9a7acf7dd85b6b3288b5ed Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 19:41:50 -0500 Subject: [PATCH 053/262] Testing without port --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 2cdb2df..c663a30 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -12,7 +12,7 @@ services: APP_ENV: production APP_DEBUG: false {{- if .Values.TRAEFIK_HOST}} - APP_URL: https://${TRAEFIK_HOST}:80 + APP_URL: https://${TRAEFIK_HOST} {{- else}} APP_URL: http://localhost:${WEB_PORT} {{- end}} From 6dbeeee728ee488f5f4ddc05b856fa9d263aad89 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 19:51:29 -0500 Subject: [PATCH 054/262] Fully functional --- templates/Snipe-IT/0/docker-compose.yml | 2 +- templates/Snipe-IT/config.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index c663a30..91a856b 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -14,7 +14,7 @@ services: {{- if .Values.TRAEFIK_HOST}} APP_URL: https://${TRAEFIK_HOST} {{- else}} - APP_URL: http://localhost:${WEB_PORT} + APP_URL: http://localhost {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql diff --git a/templates/Snipe-IT/config.yml b/templates/Snipe-IT/config.yml index dd7c4a0..9cfc723 100644 --- a/templates/Snipe-IT/config.yml +++ b/templates/Snipe-IT/config.yml @@ -1,6 +1,6 @@ name: Snipe-IT description: | - Status: NOT READY + Free, open source IT asset and license management system. version: latest category: Asset Management maintainer: WilliamMiceli From 41a85f72daa2099087c9c81611e5f2c4a7060b8e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 20:06:57 -0500 Subject: [PATCH 055/262] Enabled debug mode --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 91a856b..6989c2e 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -10,7 +10,7 @@ services: - 1.0.0.1 environment: APP_ENV: production - APP_DEBUG: false + APP_DEBUG: true {{- if .Values.TRAEFIK_HOST}} APP_URL: https://${TRAEFIK_HOST} {{- else}} From 69a99043106711b045716b1675345aa1c48cab8f Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 20:09:14 -0500 Subject: [PATCH 056/262] Downgraded environment --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 6989c2e..c52b5d3 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -9,7 +9,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - APP_ENV: production + APP_ENV: development # "development" or "production" APP_DEBUG: true {{- if .Values.TRAEFIK_HOST}} APP_URL: https://${TRAEFIK_HOST} From 3353a63c94c90317ec6f8e3e3be78bf00ce97523 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 20:27:58 -0500 Subject: [PATCH 057/262] Changed database and user name --- templates/Snipe-IT/0/docker-compose.yml | 8 ++++---- templates/Snipe-IT/0/rancher-compose.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index c52b5d3..b7afc9c 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -18,8 +18,8 @@ services: {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql - MYSQL_DATABASE: snipeit - MYSQL_USER: snipe_user + MYSQL_DATABASE: snipeit_db + MYSQL_USER: snipeit_user MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always @@ -62,9 +62,9 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DATABASE: snipeit + MYSQL_DATABASE: snipeit_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} - MYSQL_USER: snipe_user + MYSQL_USER: snipeit_user MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 05a87e5..984c242 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -53,7 +53,7 @@ catalog: - variable: "DB_USER_PASS" label: "MySQL User Password" description: | - A secure password to be used by the "snipe_user" MySQL user. + A secure password to be used by the "snipeit_user" MySQL user. # default: required: true type: password From 69643cf5f3840a963e5f48e927f9944a0e9bda44 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 20:28:14 -0500 Subject: [PATCH 058/262] Updated Encryption Key description for later --- templates/Snipe-IT/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 984c242..9b8ec41 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -61,6 +61,6 @@ catalog: - variable: "APP_KEY" label: "Encryption Key" description: | - A random 32-Character string which will be used for encryption. + See README. required: true type: password \ No newline at end of file From ebb534908a4bd25e2c582757b0abdb6b76c4d4e3 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 20:28:25 -0500 Subject: [PATCH 059/262] Removed unneeded header --- templates/Snipe-IT/0/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index b7afc9c..683e7ac 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -33,7 +33,6 @@ services: traefik.frontend.headers.forceSTSHeader: true traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.SSLProxyHeaders: X-Forwarded-Proto:https traefik.frontend.headers.STSSeconds: 15552000 traefik.port: "80" {{- else}} From 812afe1511feafe64482e430edf3cfa6c8938fe4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 20:29:37 -0500 Subject: [PATCH 060/262] Added db-admin network to mysql service --- templates/Snipe-IT/0/docker-compose.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 683e7ac..3d2c061 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -70,6 +70,10 @@ services: {{- if (.Values.HOST_LABEL)}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + networks: + db-admin: + aliases: + - snipe-it restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system @@ -77,5 +81,7 @@ services: - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql networks: + db-admin: + external: true public-proxy: external: true \ No newline at end of file From e8667b552a8d6f13bdc5ad3de9d8fd45b0e28dab Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 20:48:55 -0500 Subject: [PATCH 061/262] Added comment about external access using hostname --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 3d2c061..98f468a 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -73,7 +73,7 @@ services: networks: db-admin: aliases: - - snipe-it + - snipe-it # This should allow access from "mysql.snipe-it.rancher.internal" restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system From 91e28906759d0fe3406277c57038bdeb2bee4fa2 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 21:13:43 -0500 Subject: [PATCH 062/262] Added small bit of info about upgrading --- templates/Snipe-IT/0/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/README.md b/templates/Snipe-IT/0/README.md index 50931e0..b575cf8 100644 --- a/templates/Snipe-IT/0/README.md +++ b/templates/Snipe-IT/0/README.md @@ -4,4 +4,8 @@ ### Generate Your App Key Using: `php artisan key:generate` -https://snipe-it.readme.io/docs/generate-your-app-key \ No newline at end of file +https://snipe-it.readme.io/docs/generate-your-app-key + + +### After upgrading to a later version, use: +`php artisan migrate` \ No newline at end of file From 5ed01f7645676917b4c53054711459a75e006026 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 21:16:54 -0500 Subject: [PATCH 063/262] Back to production and added some comments --- templates/Snipe-IT/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 98f468a..98b2ad9 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -9,10 +9,10 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - APP_ENV: development # "development" or "production" - APP_DEBUG: true + APP_ENV: production # "development" or "production" + APP_DEBUG: false {{- if .Values.TRAEFIK_HOST}} - APP_URL: https://${TRAEFIK_HOST} + APP_URL: https://${TRAEFIK_HOST} # No port number needed {{- else}} APP_URL: http://localhost {{- end}} From b561066946ab32d5057797dd780f6a13ac64cb9e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 21:17:10 -0500 Subject: [PATCH 064/262] Added comments about disabling local access --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 98b2ad9..c9bac60 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -42,7 +42,7 @@ services: - mysql networks: - public-proxy - {{- if .Values.WEB_PORT}} + {{- if .Values.WEB_PORT}} # Allows for local access to be disabled ports: - "${WEB_PORT}:80" {{- else}} From 8f3daa003fd760ce8abc5a31b1aa80d1e4efdda4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 21:17:21 -0500 Subject: [PATCH 065/262] Testing over port 443 --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index c9bac60..37c5530 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -34,7 +34,7 @@ services: traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "80" + traefik.port: "443" {{- else}} traefik.enable: false {{- end}} From 3ab0bfb3bece54317db54cea1d7953aa928bcad5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 21:24:25 -0500 Subject: [PATCH 066/262] Added passTLSCert label, use port 80 and reordered labels --- templates/Snipe-IT/0/docker-compose.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 37c5530..da0a6df 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,13 +28,16 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.frontend.entryPoints: http,https - traefik.frontend.headers.forceSTSHeader: true - traefik.frontend.headers.SSLRedirect: true - traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "443" + ### Start Web Segment + traefik.web.frontend.entryPoints: http,https + traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.passTLSCert: true + traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.port: "80" + ### End Web Segment {{- else}} traefik.enable: false {{- end}} From 9dd6724cb13d7352bba00a323d9101f69cea8ed9 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 21:30:07 -0500 Subject: [PATCH 067/262] Removed passTLSCert label --- templates/Snipe-IT/0/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index da0a6df..abae525 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -34,7 +34,6 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.passTLSCert: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment From 5e98c3acebe649645bd5f248a084f5289c9454e6 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 13:25:41 -0500 Subject: [PATCH 068/262] First complete configuration test --- templates/{Httpd => HTTPD1}/0/README.md | 0 templates/HTTPD1/0/docker-compose.yml | 40 +++++++++++++++++++++++ templates/HTTPD1/0/rancher-compose.yml | 42 +++++++++++++++++++++++++ templates/HTTPD1/config.yml | 8 +++++ 4 files changed, 90 insertions(+) rename templates/{Httpd => HTTPD1}/0/README.md (100%) create mode 100644 templates/HTTPD1/0/docker-compose.yml create mode 100644 templates/HTTPD1/0/rancher-compose.yml create mode 100644 templates/HTTPD1/config.yml diff --git a/templates/Httpd/0/README.md b/templates/HTTPD1/0/README.md similarity index 100% rename from templates/Httpd/0/README.md rename to templates/HTTPD1/0/README.md diff --git a/templates/HTTPD1/0/docker-compose.yml b/templates/HTTPD1/0/docker-compose.yml new file mode 100644 index 0000000..f5a7162 --- /dev/null +++ b/templates/HTTPD1/0/docker-compose.yml @@ -0,0 +1,40 @@ +version: '2' + +services: + httpd: + image: httpd:alpine + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "80" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + networks: + - public-proxy + ports: + - "${WEB_PORT}:80" + restart: on-failure + volumes: + - /RancherCattleData/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/HTTPD1/0/rancher-compose.yml b/templates/HTTPD1/0/rancher-compose.yml new file mode 100644 index 0000000..1a644b7 --- /dev/null +++ b/templates/HTTPD1/0/rancher-compose.yml @@ -0,0 +1,42 @@ +version: '2' +catalog: + name: Apache httpd + version: latest + # description: + # minimum_rancher_version: + # maximum_rancher_version: + # upgrade_from: + questions: + + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Label Key/Value pair on the host which containers should be deployed + default: "host.id=Host1" + required: false + type: string + + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string + + - variable: "WEB_PORT" + label: "Web Port" + description: | + The port to locally access the web interface on. + default: "10100" + required: true + type: string + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/httpd" + required: true + type: string \ No newline at end of file diff --git a/templates/HTTPD1/config.yml b/templates/HTTPD1/config.yml new file mode 100644 index 0000000..bbde47f --- /dev/null +++ b/templates/HTTPD1/config.yml @@ -0,0 +1,8 @@ +name: Apache httpd +description: | + Status: NOT READY +version: latest +# category: +maintainer: WilliamMiceli +# license: +# projectURL: \ No newline at end of file From de385d6cd6cd4faa11d73cd1fff6d9c4904219bc Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 13:26:52 -0500 Subject: [PATCH 069/262] Finished folder rename --- templates/{HTTPD1 => HTTPD}/0/README.md | 0 templates/{HTTPD1 => HTTPD}/0/docker-compose.yml | 0 templates/{HTTPD1 => HTTPD}/0/rancher-compose.yml | 2 +- templates/{HTTPD1 => HTTPD}/config.yml | 0 4 files changed, 1 insertion(+), 1 deletion(-) rename templates/{HTTPD1 => HTTPD}/0/README.md (100%) rename templates/{HTTPD1 => HTTPD}/0/docker-compose.yml (100%) rename templates/{HTTPD1 => HTTPD}/0/rancher-compose.yml (97%) rename templates/{HTTPD1 => HTTPD}/config.yml (100%) diff --git a/templates/HTTPD1/0/README.md b/templates/HTTPD/0/README.md similarity index 100% rename from templates/HTTPD1/0/README.md rename to templates/HTTPD/0/README.md diff --git a/templates/HTTPD1/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml similarity index 100% rename from templates/HTTPD1/0/docker-compose.yml rename to templates/HTTPD/0/docker-compose.yml diff --git a/templates/HTTPD1/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml similarity index 97% rename from templates/HTTPD1/0/rancher-compose.yml rename to templates/HTTPD/0/rancher-compose.yml index 1a644b7..fd762d4 100644 --- a/templates/HTTPD1/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -37,6 +37,6 @@ catalog: label: "Data Directory" description: | The directory to store persistent data for the stack. - default: "Personal/httpd" + default: "Personal/HTTPD" required: true type: string \ No newline at end of file diff --git a/templates/HTTPD1/config.yml b/templates/HTTPD/config.yml similarity index 100% rename from templates/HTTPD1/config.yml rename to templates/HTTPD/config.yml From ff3847ce628d005adeb5523ffe1c41d3a80ae037 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 13:31:34 -0500 Subject: [PATCH 070/262] Set default port to 10900 --- templates/HTTPD/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/HTTPD/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml index fd762d4..cf0c08a 100644 --- a/templates/HTTPD/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -29,7 +29,7 @@ catalog: label: "Web Port" description: | The port to locally access the web interface on. - default: "10100" + default: "10900" required: true type: string From 946a0b8c62b15a187d0a841881839aa3efe9cf29 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 13:32:14 -0500 Subject: [PATCH 071/262] Removed environment section --- templates/HTTPD/0/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index f5a7162..3ef59e5 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -6,7 +6,6 @@ services: dns: - 1.1.1.1 - 1.0.0.1 - environment: labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} From 380a0ba5a1272108bfb0e077b325f5655315b2cc Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 13:56:55 -0500 Subject: [PATCH 072/262] Added persistent configuration file --- templates/HTTPD/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index 3ef59e5..e99e0ed 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -32,6 +32,7 @@ services: - "${WEB_PORT}:80" restart: on-failure volumes: + - /RancherCattleConfig/${DATA_DIR}/httpd.conf:/usr/local/apache2/conf/httpd.conf - /RancherCattleData/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ networks: From 76ab214e582fb7034c613be3943844c4b68b44c5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:00:43 -0500 Subject: [PATCH 073/262] Temporary disable --- templates/HTTPD/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index e99e0ed..8401a0c 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -32,7 +32,7 @@ services: - "${WEB_PORT}:80" restart: on-failure volumes: - - /RancherCattleConfig/${DATA_DIR}/httpd.conf:/usr/local/apache2/conf/httpd.conf + # - /RancherCattleConfig/${DATA_DIR}/httpd.conf:/usr/local/apache2/conf/httpd.conf - /RancherCattleData/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ networks: From b5ea89de278db8175c36bc1e5ebb667f9086bbf4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:12:34 -0500 Subject: [PATCH 074/262] Added persistent configuration back with new directory structure --- templates/HTTPD/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index 8401a0c..2eccdf9 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -32,8 +32,8 @@ services: - "${WEB_PORT}:80" restart: on-failure volumes: - # - /RancherCattleConfig/${DATA_DIR}/httpd.conf:/usr/local/apache2/conf/httpd.conf - - /RancherCattleData/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ + - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf + - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ networks: public-proxy: From 1e8e640539be36515bbf9006a75cf1ad9fb8cb23 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:22:16 -0500 Subject: [PATCH 075/262] Optional persistent configuration --- templates/HTTPD/0/docker-compose.yml | 2 ++ templates/HTTPD/0/rancher-compose.yml | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index 2eccdf9..7412549 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -32,7 +32,9 @@ services: - "${WEB_PORT}:80" restart: on-failure volumes: + {{- if eq .Values.PERSIST_CONF true}} - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf + {{- end}} - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ networks: diff --git a/templates/HTTPD/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml index cf0c08a..98fde51 100644 --- a/templates/HTTPD/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -33,6 +33,14 @@ catalog: required: true type: string + - variable: "PERSIST_CONF" + label: "Persistent Configuration" + description: | + Have a persistent httpd.conf file mounted. + default: true + required: true + type: boolean + - variable: "DATA_DIR" label: "Data Directory" description: | From 79d3cacd22a22244d363596399b77e695d15d2bc Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:25:45 -0500 Subject: [PATCH 076/262] Possible formatting issue --- templates/HTTPD/0/docker-compose.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index 7412549..b13724a 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -31,10 +31,8 @@ services: ports: - "${WEB_PORT}:80" restart: on-failure - volumes: - {{- if eq .Values.PERSIST_CONF true}} - - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf - {{- end}} + volumes: {{- if eq .Values.PERSIST_CONF true}} + - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf {{- end}} - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ networks: From cf99bd1359e769486653c7b969efbafe0c46b885 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:27:17 -0500 Subject: [PATCH 077/262] Testing with quotes --- templates/HTTPD/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index b13724a..05b0efe 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -31,7 +31,7 @@ services: ports: - "${WEB_PORT}:80" restart: on-failure - volumes: {{- if eq .Values.PERSIST_CONF true}} + volumes: {{- if eq .Values.PERSIST_CONF "true"}} - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf {{- end}} - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ From eb1474740ec0bb41974a2d28fac43728c5bfb20f Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:29:10 -0500 Subject: [PATCH 078/262] Testing original formatting --- templates/HTTPD/0/docker-compose.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index 05b0efe..fe600b5 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -31,8 +31,10 @@ services: ports: - "${WEB_PORT}:80" restart: on-failure - volumes: {{- if eq .Values.PERSIST_CONF "true"}} - - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf {{- end}} + volumes: + {{- if eq .Values.PERSIST_CONF "true"}} + - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf + {{- end}} - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ networks: From 0b15bfe6e6c7c98e291684662f07ffe615869b90 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:33:15 -0500 Subject: [PATCH 079/262] Quotes needed; local port now optional --- templates/HTTPD/0/docker-compose.yml | 2 ++ templates/HTTPD/0/rancher-compose.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index fe600b5..31529b3 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -28,8 +28,10 @@ services: {{- end}} networks: - public-proxy + {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" + {{- end}} restart: on-failure volumes: {{- if eq .Values.PERSIST_CONF "true"}} diff --git a/templates/HTTPD/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml index 98fde51..8c285ec 100644 --- a/templates/HTTPD/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -29,6 +29,7 @@ catalog: label: "Web Port" description: | The port to locally access the web interface on. + Leaving this blank will disable opening any port on the host system. default: "10900" required: true type: string From b0afca78771b2585e4198104b2c2005903c0310b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:35:05 -0500 Subject: [PATCH 080/262] Web port optional --- templates/HTTPD/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/HTTPD/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml index 8c285ec..b269e14 100644 --- a/templates/HTTPD/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -31,7 +31,7 @@ catalog: The port to locally access the web interface on. Leaving this blank will disable opening any port on the host system. default: "10900" - required: true + required: false type: string - variable: "PERSIST_CONF" From 410bc197bfbcf558d000ae90ff2f0bf2aeeafba1 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 14:37:56 -0500 Subject: [PATCH 081/262] Web port should be an integer --- templates/HTTPD/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/HTTPD/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml index b269e14..876d75d 100644 --- a/templates/HTTPD/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -32,7 +32,7 @@ catalog: Leaving this blank will disable opening any port on the host system. default: "10900" required: false - type: string + type: int - variable: "PERSIST_CONF" label: "Persistent Configuration" From 99c92622009fecf62e9d632fc19f2283cffcd719 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 15:23:05 -0500 Subject: [PATCH 082/262] Mounting "conf" directory instead of just httpd.conf --- templates/HTTPD/0/docker-compose.yml | 2 +- templates/HTTPD/0/rancher-compose.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index 31529b3..104b1b4 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -35,7 +35,7 @@ services: restart: on-failure volumes: {{- if eq .Values.PERSIST_CONF "true"}} - - /RancherCattle/${DATA_DIR}/Configuration/httpd.conf:/usr/local/apache2/conf/httpd.conf + - /RancherCattle/${DATA_DIR}/Configuration:/usr/local/apache2/conf {{- end}} - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ diff --git a/templates/HTTPD/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml index 876d75d..db96f72 100644 --- a/templates/HTTPD/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -29,7 +29,7 @@ catalog: label: "Web Port" description: | The port to locally access the web interface on. - Leaving this blank will disable opening any port on the host system. + Leaving this empty will disable opening any port on the host system. default: "10900" required: false type: int @@ -37,7 +37,7 @@ catalog: - variable: "PERSIST_CONF" label: "Persistent Configuration" description: | - Have a persistent httpd.conf file mounted. + Have a persistent "conf" directory. default: true required: true type: boolean From bec2e518135d4f68bca9e105b48b5cb8d430ae29 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:16:01 -0500 Subject: [PATCH 083/262] Added default files --- .../Default/conf/extra/httpd-autoindex.conf | 93 + .../HTTPD/Default/conf/extra/httpd-dav.conf | 50 + .../Default/conf/extra/httpd-default.conf | 90 + .../HTTPD/Default/conf/extra/httpd-info.conf | 36 + .../Default/conf/extra/httpd-languages.conf | 141 ++ .../Default/conf/extra/httpd-manual.conf | 38 + .../HTTPD/Default/conf/extra/httpd-mpm.conf | 119 ++ .../conf/extra/httpd-multilang-errordoc.conf | 52 + .../HTTPD/Default/conf/extra/httpd-ssl.conf | 290 +++ .../Default/conf/extra/httpd-userdir.conf | 21 + .../Default/conf/extra/httpd-vhosts.conf | 41 + .../HTTPD/Default/conf/extra/proxy-html.conf | 90 + templates/HTTPD/Default/conf/httpd.conf | 548 +++++ templates/HTTPD/Default/conf/magic.txt | 385 ++++ templates/HTTPD/Default/conf/mime.types | 1855 +++++++++++++++++ 15 files changed, 3849 insertions(+) create mode 100644 templates/HTTPD/Default/conf/extra/httpd-autoindex.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-dav.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-default.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-info.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-languages.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-manual.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-mpm.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-multilang-errordoc.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-ssl.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-userdir.conf create mode 100644 templates/HTTPD/Default/conf/extra/httpd-vhosts.conf create mode 100644 templates/HTTPD/Default/conf/extra/proxy-html.conf create mode 100644 templates/HTTPD/Default/conf/httpd.conf create mode 100644 templates/HTTPD/Default/conf/magic.txt create mode 100644 templates/HTTPD/Default/conf/mime.types diff --git a/templates/HTTPD/Default/conf/extra/httpd-autoindex.conf b/templates/HTTPD/Default/conf/extra/httpd-autoindex.conf new file mode 100644 index 0000000..9c3cf00 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-autoindex.conf @@ -0,0 +1,93 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/local/apache2/icons/" + + + Options Indexes MultiViews + AllowOverride None + Require all granted + + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/templates/HTTPD/Default/conf/extra/httpd-dav.conf b/templates/HTTPD/Default/conf/extra/httpd-dav.conf new file mode 100644 index 0000000..fede2fd --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-dav.conf @@ -0,0 +1,50 @@ +# +# Distributed authoring and versioning (WebDAV) +# +# Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file, +# mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs, +# mod_setenvif + +# The following example gives DAV write access to a directory called +# "uploads" under the ServerRoot directory. +# +# The User/Group specified in httpd.conf needs to have write permissions +# on the directory where the DavLockDB is placed and on any directory where +# "Dav On" is specified. + +DavLockDB "/usr/local/apache2/var/DavLock" + +Alias /uploads "/usr/local/apache2/uploads" + + + Dav On + + AuthType Digest + AuthName DAV-upload + # You can use the htdigest program to create the password database: + # htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin + AuthUserFile "/usr/local/apache2/user.passwd" + AuthDigestProvider file + + # Allow universal read-access, but writes are restricted + # to the admin user. + + Require method GET POST OPTIONS + Require user admin + + + +# +# The following directives disable redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with several clients that do not appropriately handle +# redirects for folders with DAV methods. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +BrowserMatch " Konqueror/4" redirect-carefully diff --git a/templates/HTTPD/Default/conf/extra/httpd-default.conf b/templates/HTTPD/Default/conf/extra/httpd-default.conf new file mode 100644 index 0000000..7196922 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-default.conf @@ -0,0 +1,90 @@ +# +# This configuration file reflects default settings for Apache HTTP Server. +# +# You may change these, but chances are that you may not need to. +# + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 60 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + +# +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +# +UseCanonicalName Off + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +# +ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature Off + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# +# Set a timeout for how long the client may take to send the request header +# and body. +# The default for the headers is header=20-40,MinRate=500, which means wait +# for the first byte of headers for 20 seconds. If some data arrives, +# increase the timeout corresponding to a data rate of 500 bytes/s, but not +# above 40 seconds. +# The default for the request body is body=20,MinRate=500, which is the same +# but has no upper limit for the timeout. +# To disable, set to header=0 body=0 +# + + RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 + diff --git a/templates/HTTPD/Default/conf/extra/httpd-info.conf b/templates/HTTPD/Default/conf/extra/httpd-info.conf new file mode 100644 index 0000000..5cfdf69 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-info.conf @@ -0,0 +1,36 @@ +# +# Get information about the requests being processed by the server +# and the configuration of the server. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_info (for the server-info handler), +# mod_status (for the server-status handler) + +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Change the ".example.com" to match your domain to enable. + + + SetHandler server-status + Require host .example.com + Require ip 127 + + +# +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. The default is Off. +# +#ExtendedStatus On + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".example.com" to match your domain to enable. +# + + SetHandler server-info + Require host .example.com + Require ip 127 + diff --git a/templates/HTTPD/Default/conf/extra/httpd-languages.conf b/templates/HTTPD/Default/conf/extra/httpd-languages.conf new file mode 100644 index 0000000..7f66461 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-languages.conf @@ -0,0 +1,141 @@ +# +# Settings for hosting different languages. +# +# Required modules: mod_mime, mod_negotiation + +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es) +# Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage tr .tr +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +# +AddCharset us-ascii.ascii .us-ascii +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .arb .arabic +AddCharset ISO-8859-7 .iso8859-7 .grk .greek +AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew +AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk +AddCharset ISO-8859-10 .iso8859-10 .latin6 +AddCharset ISO-8859-13 .iso8859-13 +AddCharset ISO-8859-14 .iso8859-14 .latin8 +AddCharset ISO-8859-15 .iso8859-15 .latin9 +AddCharset ISO-8859-16 .iso8859-16 .latin10 +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5.Big5 .big5 .b5 +AddCharset cn-Big5 .cn-big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8 .koi8 +AddCharset KOI8-E .koi8-e +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-U .koi8-u +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-7 .utf7 +AddCharset UTF-8 .utf8 +AddCharset UTF-16 .utf16 +AddCharset UTF-16BE .utf16be +AddCharset UTF-16LE .utf16le +AddCharset UTF-32 .utf32 +AddCharset UTF-32BE .utf32be +AddCharset UTF-32LE .utf32le +AddCharset euc-cn .euc-cn +AddCharset euc-gb .euc-gb +AddCharset euc-jp .euc-jp +AddCharset euc-kr .euc-kr +#Not sure how euc-tw got in - IANA doesn't list it??? +AddCharset EUC-TW .euc-tw +AddCharset gb2312 .gb2312 .gb +AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 +AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 +AddCharset shift_jis .shift_jis .sjis diff --git a/templates/HTTPD/Default/conf/extra/httpd-manual.conf b/templates/HTTPD/Default/conf/extra/httpd-manual.conf new file mode 100644 index 0000000..6d27e83 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-manual.conf @@ -0,0 +1,38 @@ +# +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.4/ +# +# Required modules: mod_alias, mod_authz_core, mod_authz_host, +# mod_setenvif, mod_negotiation +# + +AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/usr/local/apache2/manual$1" + + + Options Indexes + AllowOverride None + Require all granted + + + SetHandler type-map + + + # .tr is text/troff in mime.types! + RemoveType tr + + # Traditionally, used .dk filename extension for da language + AddLanguage da .da + + SetEnvIf Request_URI ^/manual/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)){2,}(/.*)?$ /manual/$1$2 + + # Reflect the greatest effort in translation (most content available), + # inferring greater attention to detail (potentially false assumption, + # counting translations presently in-sync would be more helpful.) + # Use caution counting; safest pattern is '*.xml.XX'. Recent .xml source + # document count: 266 214 110 94 82 25 22 18 4 1 1 + LanguagePriority en fr ko ja tr es de zh-cn pt-br da ru + ForceLanguagePriority Prefer Fallback + diff --git a/templates/HTTPD/Default/conf/extra/httpd-mpm.conf b/templates/HTTPD/Default/conf/extra/httpd-mpm.conf new file mode 100644 index 0000000..ab3b31f --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-mpm.conf @@ -0,0 +1,119 @@ +# +# Server-Pool Management (MPM specific) +# + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +# Note that this is the default PidFile for most MPMs. +# + + PidFile "logs/httpd.pid" + + +# +# Only one of the below sections will be relevant on your +# installed httpd. Use "apachectl -l" to find out the +# active mpm. +# + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxRequestWorkers: maximum number of server processes allowed to start +# MaxConnectionsPerChild: maximum number of connections a server process serves +# before terminating + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 250 + MaxConnectionsPerChild 0 + + +# worker MPM +# StartServers: initial number of server processes to start +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestWorkers: maximum number of worker threads +# MaxConnectionsPerChild: maximum number of connections a server process serves +# before terminating + + StartServers 3 + MinSpareThreads 75 + MaxSpareThreads 250 + ThreadsPerChild 25 + MaxRequestWorkers 400 + MaxConnectionsPerChild 0 + + +# event MPM +# StartServers: initial number of server processes to start +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestWorkers: maximum number of worker threads +# MaxConnectionsPerChild: maximum number of connections a server process serves +# before terminating + + StartServers 3 + MinSpareThreads 75 + MaxSpareThreads 250 + ThreadsPerChild 25 + MaxRequestWorkers 400 + MaxConnectionsPerChild 0 + + +# NetWare MPM +# ThreadStackSize: Stack size allocated for each worker thread +# StartThreads: Number of worker threads launched at server startup +# MinSpareThreads: Minimum number of idle threads, to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# MaxThreads: Maximum number of worker threads alive at the same time +# MaxConnectionsPerChild: Maximum number of connections a thread serves. It +# is recommended that the default value of 0 be set +# for this directive on NetWare. This will allow the +# thread to continue to service requests indefinitely. + + ThreadStackSize 65536 + StartThreads 250 + MinSpareThreads 25 + MaxSpareThreads 250 + MaxThreads 1000 + MaxConnectionsPerChild 0 + + +# OS/2 MPM +# StartServers: Number of server processes to maintain +# MinSpareThreads: Minimum number of idle threads per process, +# to handle request spikes +# MaxSpareThreads: Maximum number of idle threads per process +# MaxConnectionsPerChild: Maximum number of connections per server process + + StartServers 2 + MinSpareThreads 5 + MaxSpareThreads 10 + MaxConnectionsPerChild 0 + + +# WinNT MPM +# ThreadsPerChild: constant number of worker threads in the server process +# MaxConnectionsPerChild: maximum number of connections a server process serves + + ThreadsPerChild 150 + MaxConnectionsPerChild 0 + + +# The maximum number of free Kbytes that every allocator is allowed +# to hold without calling free(). In threaded MPMs, every thread has its own +# allocator. When not set, or when set to zero, the threshold will be set to +# unlimited. + + MaxMemFree 2048 + + + MaxMemFree 100 + diff --git a/templates/HTTPD/Default/conf/extra/httpd-multilang-errordoc.conf b/templates/HTTPD/Default/conf/extra/httpd-multilang-errordoc.conf new file mode 100644 index 0000000..a54a24d --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-multilang-errordoc.conf @@ -0,0 +1,52 @@ +# +# The configuration below implements multi-language error documents through +# content-negotiation. +# +# Required modules: mod_alias, mod_authz_core, mod_authz_host, +# mod_include, mod_negotiation +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/local/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. + +Alias /error/ "/usr/local/apache2/error/" + + + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Require all granted + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback + + +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + diff --git a/templates/HTTPD/Default/conf/extra/httpd-ssl.conf b/templates/HTTPD/Default/conf/extra/httpd-ssl.conf new file mode 100644 index 0000000..c2eaeab --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-ssl.conf @@ -0,0 +1,290 @@ +# +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailed information about these +# directives see +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Required modules: mod_log_config, mod_setenvif, mod_ssl, +# socache_shmcb_module (for default value of SSLSessionCache) + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + + +# +# When we also provide SSL we have to listen to the +# standard HTTP port (see above) and to the HTTPS port +# +Listen 443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate, +# and that httpd will negotiate as the client of a proxied server. +# See the OpenSSL documentation for a complete list of ciphers, and +# ensure these follow appropriate best practices for this deployment. +# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, +# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES + +# By the end of 2016, only TLSv1.2 ciphers should remain in use. +# Older ciphers should be disallowed as soon as possible, while the +# kRSA ciphers do not offer forward secrecy. These changes inhibit +# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy +# non-browser tooling) from successfully connecting. +# +# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable +# those protocols which do not support forward secrecy, replace +# the SSLCipherSuite and SSLProxyCipherSuite directives above with +# the following two directives, as soon as practical. +# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA +# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA + +# User agents such as web browsers are not configured for the user's +# own preference of either security or performance, therefore this +# must be the prerogative of the web server administrator who manages +# cpu load versus confidentiality, so enforce the server's cipher order. +SSLHonorCipherOrder on + +# SSL Protocol support: +# List the protocol versions which clients are allowed to connect with. +# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be +# disabled as quickly as practical. By the end of 2016, only the TLSv1.2 +# protocol or later should remain in use. +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is an internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +#SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache" +SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" +SSLSessionCacheTimeout 300 + +# OCSP Stapling (requires OpenSSL 0.9.8h or later) +# +# This feature is disabled by default and requires at least +# the two directives SSLUseStapling and SSLStaplingCache. +# Refer to the documentation on OCSP Stapling in the SSL/TLS +# How-To for more information. +# +# Enable stapling for all SSL-enabled servers: +#SSLUseStapling On + +# Define a relatively small cache for OCSP Stapling using +# the same mechanism that is used for the SSL session cache +# above. If stapling is used with more than a few certificates, +# the size may need to be increased. (AH01929 will be logged.) +#SSLStaplingCache "shmcb:/usr/local/apache2/logs/ssl_stapling(32768)" + +# Seconds before valid OCSP responses are expired from the cache +#SSLStaplingStandardCacheTimeout 3600 + +# Seconds before invalid OCSP responses are expired from the cache +#SSLStaplingErrorCacheTimeout 600 + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host +DocumentRoot "/usr/local/apache2/htdocs" +ServerName www.example.com:443 +ServerAdmin you@example.com +ErrorLog "/usr/local/apache2/logs/error_log" +TransferLog "/usr/local/apache2/logs/access_log" + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. Keep +# in mind that if you have both an RSA and a DSA certificate you +# can configure both in parallel (to also allow the use of DSA +# ciphers, etc.) +# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) +# require an ECC certificate which can also be configured in +# parallel. +SSLCertificateFile "/usr/local/apache2/conf/server.crt" +#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt" +#SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt" + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +# ECC keys, when in use, can also be configured in parallel +SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" +#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key" +#SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key" + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convenience. +#SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt" + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +# Note: Inside SSLCACertificatePath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt" +#SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt" + +# Certificate Revocation Lists (CRL): +# Set the CA revocation path where to find CA CRLs for client +# authentication or alternatively one huge file containing all +# of them (file must be PEM encoded). +# The CRL checking mode needs to be configured explicitly +# through SSLCARevocationCheck (defaults to "none" otherwise). +# Note: Inside SSLCARevocationPath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl" +#SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle.crl" +#SSLCARevocationCheck chain + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# TLS-SRP mutual authentication: +# Enable TLS-SRP and set the path to the OpenSSL SRP verifier +# file (containing login information for SRP user accounts). +# Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for +# detailed instructions on creating this file. Example: +# "openssl srp -srpvfile /usr/local/apache2/conf/passwd.srpv -add username" +#SSLSRPVerifierFile "/usr/local/apache2/conf/passwd.srpv" + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is sent or allowed to be received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog "/usr/local/apache2/logs/ssl_request_log" \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + diff --git a/templates/HTTPD/Default/conf/extra/httpd-userdir.conf b/templates/HTTPD/Default/conf/extra/httpd-userdir.conf new file mode 100644 index 0000000..a744322 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-userdir.conf @@ -0,0 +1,21 @@ +# Settings for user home directories +# +# Required module: mod_authz_core, mod_authz_host, mod_userdir + +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. Note that you must also set +# the default access control for these directories, as in the example below. +# +UserDir public_html + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS + + diff --git a/templates/HTTPD/Default/conf/extra/httpd-vhosts.conf b/templates/HTTPD/Default/conf/extra/httpd-vhosts.conf new file mode 100644 index 0000000..996c924 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/httpd-vhosts.conf @@ -0,0 +1,41 @@ +# Virtual Hosts +# +# Required modules: mod_log_config + +# If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + +# +# VirtualHost example: +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for all requests that do not +# match a ServerName or ServerAlias in any block. +# + + ServerAdmin webmaster@dummy-host.example.com + DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com" + ServerName dummy-host.example.com + ServerAlias www.dummy-host.example.com + ErrorLog "logs/dummy-host.example.com-error_log" + CustomLog "logs/dummy-host.example.com-access_log" common + + + + ServerAdmin webmaster@dummy-host2.example.com + DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com" + ServerName dummy-host2.example.com + ErrorLog "logs/dummy-host2.example.com-error_log" + CustomLog "logs/dummy-host2.example.com-access_log" common + + + + diff --git a/templates/HTTPD/Default/conf/extra/proxy-html.conf b/templates/HTTPD/Default/conf/extra/proxy-html.conf new file mode 100644 index 0000000..683a091 --- /dev/null +++ b/templates/HTTPD/Default/conf/extra/proxy-html.conf @@ -0,0 +1,90 @@ +# Configuration example. +# +# For detailed information about these directives see +# +# and for mod_xml2enc see +# +# +# First, to load the module with its prerequisites. Note: mod_xml2enc +# is not always necessary, but without it mod_proxy_html is likely to +# mangle pages in encodings other than ASCII or Unicode (utf-8). +# +# For Unix-family systems: +# LoadFile /usr/lib/libxml2.so +# LoadModule proxy_html_module modules/mod_proxy_html.so +# LoadModule xml2enc_module modules/mod_xml2enc.so +# +# For Windows (I don't know if there's a standard path for the libraries) +# LoadFile C:/path/zlib.dll +# LoadFile C:/path/iconv.dll +# LoadFile C:/path/libxml2.dll +# LoadModule proxy_html_module modules/mod_proxy_html.so +# LoadModule xml2enc_module modules/mod_xml2enc.so +# +# All knowledge of HTML links has been removed from the mod_proxy_html +# code itself, and is instead read from httpd.conf (or included file) +# at server startup. So you MUST declare it. This will normally be +# at top level, but can also be used in a . +# +# Here's the declaration for W3C HTML 4.01 and XHTML 1.0 + +ProxyHTMLLinks a href +ProxyHTMLLinks area href +ProxyHTMLLinks link href +ProxyHTMLLinks img src longdesc usemap +ProxyHTMLLinks object classid codebase data usemap +ProxyHTMLLinks q cite +ProxyHTMLLinks blockquote cite +ProxyHTMLLinks ins cite +ProxyHTMLLinks del cite +ProxyHTMLLinks form action +ProxyHTMLLinks input src usemap +ProxyHTMLLinks head profile +ProxyHTMLLinks base href +ProxyHTMLLinks script src for + +# To support scripting events (with ProxyHTMLExtended On), +# you'll need to declare them too. + +ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ + onmouseover onmousemove onmouseout onkeypress \ + onkeydown onkeyup onfocus onblur onload \ + onunload onsubmit onreset onselect onchange + +# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML, +# you'll need to uncomment the following deprecated link attributes. +# Note that these are enabled in earlier mod_proxy_html versions +# +# ProxyHTMLLinks frame src longdesc +# ProxyHTMLLinks iframe src longdesc +# ProxyHTMLLinks body background +# ProxyHTMLLinks applet codebase +# +# If you're dealing with proprietary HTML variants, +# declare your own URL attributes here as required. +# +# ProxyHTMLLinks myelement myattr otherattr +# +########### +# EXAMPLE # +########### +# +# To define the URL /my-gateway/ as a gateway to an appserver with address +# http://some.app.intranet/ on a private network, after loading the +# modules and including this configuration file: +# +# ProxyRequests Off <-- this is an important security setting +# ProxyPass /my-gateway/ http://some.app.intranet/ +# +# ProxyPassReverse / +# ProxyHTMLEnable On +# ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/ +# ProxyHTMLURLMap / /my-gateway/ +# +# +# Many (though not all) real-life setups are more complex. +# +# See the documentation at +# http://apache.webthing.com/mod_proxy_html/ +# and the tutorial at +# http://www.apachetutor.org/admin/reverseproxies diff --git a/templates/HTTPD/Default/conf/httpd.conf b/templates/HTTPD/Default/conf/httpd.conf new file mode 100644 index 0000000..378ac5c --- /dev/null +++ b/templates/HTTPD/Default/conf/httpd.conf @@ -0,0 +1,548 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/access_log" +# with ServerRoot set to "/usr/local/apache2" will be interpreted by the +# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" +# will be interpreted as '/logs/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/usr/local/apache2" + +# +# Mutex: Allows you to set the mutex mechanism and mutex file directory +# for individual mutexes, or change the global defaults +# +# Uncomment and change the directory if mutexes are file-based and the default +# mutex file directory is not on a local disk or is not appropriate for some +# other reason. +# +# Mutex default:logs + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule mpm_event_module modules/mod_mpm_event.so +#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +#LoadModule mpm_worker_module modules/mod_mpm_worker.so +LoadModule authn_file_module modules/mod_authn_file.so +#LoadModule authn_dbm_module modules/mod_authn_dbm.so +#LoadModule authn_anon_module modules/mod_authn_anon.so +#LoadModule authn_dbd_module modules/mod_authn_dbd.so +#LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +#LoadModule authz_dbm_module modules/mod_authz_dbm.so +#LoadModule authz_owner_module modules/mod_authz_owner.so +#LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_core_module modules/mod_authz_core.so +#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +#LoadModule auth_form_module modules/mod_auth_form.so +#LoadModule auth_digest_module modules/mod_auth_digest.so +#LoadModule allowmethods_module modules/mod_allowmethods.so +#LoadModule isapi_module modules/mod_isapi.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule cache_module modules/mod_cache.so +#LoadModule cache_disk_module modules/mod_cache_disk.so +#LoadModule cache_socache_module modules/mod_cache_socache.so +#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +#LoadModule socache_dbm_module modules/mod_socache_dbm.so +#LoadModule socache_memcache_module modules/mod_socache_memcache.so +#LoadModule watchdog_module modules/mod_watchdog.so +#LoadModule macro_module modules/mod_macro.so +#LoadModule dbd_module modules/mod_dbd.so +#LoadModule bucketeer_module modules/mod_bucketeer.so +#LoadModule dumpio_module modules/mod_dumpio.so +#LoadModule echo_module modules/mod_echo.so +#LoadModule example_hooks_module modules/mod_example_hooks.so +#LoadModule case_filter_module modules/mod_case_filter.so +#LoadModule case_filter_in_module modules/mod_case_filter_in.so +#LoadModule example_ipc_module modules/mod_example_ipc.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule data_module modules/mod_data.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +#LoadModule ext_filter_module modules/mod_ext_filter.so +#LoadModule request_module modules/mod_request.so +#LoadModule include_module modules/mod_include.so +LoadModule filter_module modules/mod_filter.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule substitute_module modules/mod_substitute.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule deflate_module modules/mod_deflate.so +#LoadModule xml2enc_module modules/mod_xml2enc.so +#LoadModule proxy_html_module modules/mod_proxy_html.so +LoadModule mime_module modules/mod_mime.so +#LoadModule ldap_module modules/mod_ldap.so +LoadModule log_config_module modules/mod_log_config.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule logio_module modules/mod_logio.so +#LoadModule lua_module modules/mod_lua.so +LoadModule env_module modules/mod_env.so +#LoadModule mime_magic_module modules/mod_mime_magic.so +#LoadModule cern_meta_module modules/mod_cern_meta.so +#LoadModule expires_module modules/mod_expires.so +LoadModule headers_module modules/mod_headers.so +#LoadModule ident_module modules/mod_ident.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule unique_id_module modules/mod_unique_id.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +#LoadModule remoteip_module modules/mod_remoteip.so +#LoadModule proxy_module modules/mod_proxy.so +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so +#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +#LoadModule proxy_express_module modules/mod_proxy_express.so +#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so +#LoadModule session_module modules/mod_session.so +#LoadModule session_cookie_module modules/mod_session_cookie.so +#LoadModule session_crypto_module modules/mod_session_crypto.so +#LoadModule session_dbd_module modules/mod_session_dbd.so +#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +#LoadModule ssl_module modules/mod_ssl.so +#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so +#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so +#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so +#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule http2_module modules/mod_http2.so +#LoadModule proxy_http2_module modules/mod_proxy_http2.so +#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule unixd_module modules/mod_unixd.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule dav_module modules/mod_dav.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +#LoadModule asis_module modules/mod_asis.so +#LoadModule info_module modules/mod_info.so +#LoadModule suexec_module modules/mod_suexec.so + + #LoadModule cgid_module modules/mod_cgid.so + + + #LoadModule cgi_module modules/mod_cgi.so + +#LoadModule dav_fs_module modules/mod_dav_fs.so +#LoadModule dav_lock_module modules/mod_dav_lock.so +#LoadModule vhost_alias_module modules/mod_vhost_alias.so +#LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +#LoadModule imagemap_module modules/mod_imagemap.so +#LoadModule actions_module modules/mod_actions.so +#LoadModule speling_module modules/mod_speling.so +#LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +#LoadModule rewrite_module modules/mod_rewrite.so + + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User daemon +Group daemon + + + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin you@example.com + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/usr/local/apache2/htdocs" + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + #CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" + + + + + # + # ScriptSock: On threaded servers, designate the path to the UNIX + # socket used to communicate with the CGI daemon of mod_cgid. + # + #Scriptsock cgisock + + +# +# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied + # backend servers which have lingering "httpoxy" defects. + # 'Proxy' request header is undefined by the IETF, not listed by IANA + # + RequestHeader unset Proxy early + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig conf/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + #AddType text/html .shtml + #AddOutputFilter INCLUDES .shtml + + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# +#MIMEMagicFile conf/magic + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +#EnableSendfile on + +# Supplemental configuration +# +# The configuration files in the conf/extra/ directory can be +# included to add extra features or to modify the default configuration of +# the server, or you may simply copy their contents here and change as +# necessary. + +# Server-pool management (MPM specific) +#Include conf/extra/httpd-mpm.conf + +# Multi-language error messages +#Include conf/extra/httpd-multilang-errordoc.conf + +# Fancy directory listings +#Include conf/extra/httpd-autoindex.conf + +# Language settings +#Include conf/extra/httpd-languages.conf + +# User home directories +#Include conf/extra/httpd-userdir.conf + +# Real-time info on requests and configuration +#Include conf/extra/httpd-info.conf + +# Virtual hosts +#Include conf/extra/httpd-vhosts.conf + +# Local access to the Apache HTTP Server Manual +#Include conf/extra/httpd-manual.conf + +# Distributed authoring and versioning (WebDAV) +#Include conf/extra/httpd-dav.conf + +# Various default settings +#Include conf/extra/httpd-default.conf + +# Configure mod_proxy_html to understand HTML4/XHTML1 + +Include conf/extra/proxy-html.conf + + +# Secure (SSL/TLS) connections +#Include conf/extra/httpd-ssl.conf +# +# Note: The following must must be present to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# + +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + + diff --git a/templates/HTTPD/Default/conf/magic.txt b/templates/HTTPD/Default/conf/magic.txt new file mode 100644 index 0000000..7c56119 --- /dev/null +++ b/templates/HTTPD/Default/conf/magic.txt @@ -0,0 +1,385 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF audio/unknown +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# and Anna Shergold +# +0 string \ +0 string \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + diff --git a/templates/HTTPD/Default/conf/mime.types b/templates/HTTPD/Default/conf/mime.types new file mode 100644 index 0000000..7508c26 --- /dev/null +++ b/templates/HTTPD/Default/conf/mime.types @@ -0,0 +1,1855 @@ +# This file maps Internet media types to unique file extension(s). +# Although created for httpd, this file is used by many software systems +# and has been placed in the public domain for unlimited redisribution. +# +# The table below contains both registered and (common) unregistered types. +# A type that has no unique extension can be ignored -- they are listed +# here to guide configurations toward known types and to make it easier to +# identify "new" types. File extensions are also commonly used to indicate +# content languages and encodings, so choose them carefully. +# +# Internet media types should be registered as described in RFC 4288. +# The registry is at . +# +# MIME type (lowercased) Extensions +# ============================================ ========== +# application/1d-interleaved-parityfec +# application/3gpdash-qoe-report+xml +# application/3gpp-ims+xml +# application/a2l +# application/activemessage +# application/alto-costmap+json +# application/alto-costmapfilter+json +# application/alto-directory+json +# application/alto-endpointcost+json +# application/alto-endpointcostparams+json +# application/alto-endpointprop+json +# application/alto-endpointpropparams+json +# application/alto-error+json +# application/alto-networkmap+json +# application/alto-networkmapfilter+json +# application/aml +application/andrew-inset ez +# application/applefile +application/applixware aw +# application/atf +# application/atfx +application/atom+xml atom +application/atomcat+xml atomcat +# application/atomdeleted+xml +# application/atomicmail +application/atomsvc+xml atomsvc +# application/atxml +# application/auth-policy+xml +# application/bacnet-xdd+zip +# application/batch-smtp +# application/beep+xml +# application/calendar+json +# application/calendar+xml +# application/call-completion +# application/cals-1840 +# application/cbor +# application/ccmp+xml +application/ccxml+xml ccxml +# application/cdfx+xml +application/cdmi-capability cdmia +application/cdmi-container cdmic +application/cdmi-domain cdmid +application/cdmi-object cdmio +application/cdmi-queue cdmiq +# application/cdni +# application/cea +# application/cea-2018+xml +# application/cellml+xml +# application/cfw +# application/cms +# application/cnrp+xml +# application/coap-group+json +# application/commonground +# application/conference-info+xml +# application/cpl+xml +# application/csrattrs +# application/csta+xml +# application/cstadata+xml +# application/csvm+json +application/cu-seeme cu +# application/cybercash +# application/dash+xml +# application/dashdelta +application/davmount+xml davmount +# application/dca-rft +# application/dcd +# application/dec-dx +# application/dialog-info+xml +# application/dicom +# application/dii +# application/dit +# application/dns +application/docbook+xml dbk +# application/dskpp+xml +application/dssc+der dssc +application/dssc+xml xdssc +# application/dvcs +application/ecmascript ecma +# application/edi-consent +# application/edi-x12 +# application/edifact +# application/efi +# application/emergencycalldata.comment+xml +# application/emergencycalldata.deviceinfo+xml +# application/emergencycalldata.providerinfo+xml +# application/emergencycalldata.serviceinfo+xml +# application/emergencycalldata.subscriberinfo+xml +application/emma+xml emma +# application/emotionml+xml +# application/encaprtp +# application/epp+xml +application/epub+zip epub +# application/eshop +# application/example +application/exi exi +# application/fastinfoset +# application/fastsoap +# application/fdt+xml +# application/fits +application/font-tdpfr pfr +# application/framework-attributes+xml +# application/geo+json +application/gml+xml gml +application/gpx+xml gpx +application/gxf gxf +# application/gzip +# application/h224 +# application/held+xml +# application/http +application/hyperstudio stk +# application/ibe-key-request+xml +# application/ibe-pkg-reply+xml +# application/ibe-pp-data +# application/iges +# application/im-iscomposing+xml +# application/index +# application/index.cmd +# application/index.obj +# application/index.response +# application/index.vnd +application/inkml+xml ink inkml +# application/iotp +application/ipfix ipfix +# application/ipp +# application/isup +# application/its+xml +application/java-archive jar +application/java-serialized-object ser +application/java-vm class +application/javascript js +# application/jose +# application/jose+json +# application/jrd+json +application/json json +# application/json-patch+json +# application/json-seq +application/jsonml+json jsonml +# application/jwk+json +# application/jwk-set+json +# application/jwt +# application/kpml-request+xml +# application/kpml-response+xml +# application/ld+json +# application/lgr+xml +# application/link-format +# application/load-control+xml +application/lost+xml lostxml +# application/lostsync+xml +# application/lxf +application/mac-binhex40 hqx +application/mac-compactpro cpt +# application/macwriteii +application/mads+xml mads +application/marc mrc +application/marcxml+xml mrcx +application/mathematica ma nb mb +application/mathml+xml mathml +# application/mathml-content+xml +# application/mathml-presentation+xml +# application/mbms-associated-procedure-description+xml +# application/mbms-deregister+xml +# application/mbms-envelope+xml +# application/mbms-msk+xml +# application/mbms-msk-response+xml +# application/mbms-protection-description+xml +# application/mbms-reception-report+xml +# application/mbms-register+xml +# application/mbms-register-response+xml +# application/mbms-schedule+xml +# application/mbms-user-service-description+xml +application/mbox mbox +# application/media-policy-dataset+xml +# application/media_control+xml +application/mediaservercontrol+xml mscml +# application/merge-patch+json +application/metalink+xml metalink +application/metalink4+xml meta4 +application/mets+xml mets +# application/mf4 +# application/mikey +application/mods+xml mods +# application/moss-keys +# application/moss-signature +# application/mosskey-data +# application/mosskey-request +application/mp21 m21 mp21 +application/mp4 mp4s +# application/mpeg4-generic +# application/mpeg4-iod +# application/mpeg4-iod-xmt +# application/mrb-consumer+xml +# application/mrb-publish+xml +# application/msc-ivr+xml +# application/msc-mixer+xml +application/msword doc dot +application/mxf mxf +# application/nasdata +# application/news-checkgroups +# application/news-groupinfo +# application/news-transmission +# application/nlsml+xml +# application/nss +# application/ocsp-request +# application/ocsp-response +application/octet-stream bin dms lrf mar so dist distz pkg bpk dump elc deploy +application/oda oda +# application/odx +application/oebps-package+xml opf +application/ogg ogx +application/omdoc+xml omdoc +application/onenote onetoc onetoc2 onetmp onepkg +application/oxps oxps +# application/p2p-overlay+xml +# application/parityfec +application/patch-ops-error+xml xer +application/pdf pdf +# application/pdx +application/pgp-encrypted pgp +# application/pgp-keys +application/pgp-signature asc sig +application/pics-rules prf +# application/pidf+xml +# application/pidf-diff+xml +application/pkcs10 p10 +# application/pkcs12 +application/pkcs7-mime p7m p7c +application/pkcs7-signature p7s +application/pkcs8 p8 +application/pkix-attr-cert ac +application/pkix-cert cer +application/pkix-crl crl +application/pkix-pkipath pkipath +application/pkixcmp pki +application/pls+xml pls +# application/poc-settings+xml +application/postscript ai eps ps +# application/ppsp-tracker+json +# application/problem+json +# application/problem+xml +# application/provenance+xml +# application/prs.alvestrand.titrax-sheet +application/prs.cww cww +# application/prs.hpub+zip +# application/prs.nprend +# application/prs.plucker +# application/prs.rdf-xml-crypt +# application/prs.xsf+xml +application/pskc+xml pskcxml +# application/qsig +# application/raptorfec +# application/rdap+json +application/rdf+xml rdf +application/reginfo+xml rif +application/relax-ng-compact-syntax rnc +# application/remote-printing +# application/reputon+json +application/resource-lists+xml rl +application/resource-lists-diff+xml rld +# application/rfc+xml +# application/riscos +# application/rlmi+xml +application/rls-services+xml rs +application/rpki-ghostbusters gbr +application/rpki-manifest mft +application/rpki-roa roa +# application/rpki-updown +application/rsd+xml rsd +application/rss+xml rss +application/rtf rtf +# application/rtploopback +# application/rtx +# application/samlassertion+xml +# application/samlmetadata+xml +application/sbml+xml sbml +# application/scaip+xml +# application/scim+json +application/scvp-cv-request scq +application/scvp-cv-response scs +application/scvp-vp-request spq +application/scvp-vp-response spp +application/sdp sdp +# application/sep+xml +# application/sep-exi +# application/session-info +# application/set-payment +application/set-payment-initiation setpay +# application/set-registration +application/set-registration-initiation setreg +# application/sgml +# application/sgml-open-catalog +application/shf+xml shf +# application/sieve +# application/simple-filter+xml +# application/simple-message-summary +# application/simplesymbolcontainer +# application/slate +# application/smil +application/smil+xml smi smil +# application/smpte336m +# application/soap+fastinfoset +# application/soap+xml +application/sparql-query rq +application/sparql-results+xml srx +# application/spirits-event+xml +# application/sql +application/srgs gram +application/srgs+xml grxml +application/sru+xml sru +application/ssdl+xml ssdl +application/ssml+xml ssml +# application/tamp-apex-update +# application/tamp-apex-update-confirm +# application/tamp-community-update +# application/tamp-community-update-confirm +# application/tamp-error +# application/tamp-sequence-adjust +# application/tamp-sequence-adjust-confirm +# application/tamp-status-query +# application/tamp-status-response +# application/tamp-update +# application/tamp-update-confirm +application/tei+xml tei teicorpus +application/thraud+xml tfi +# application/timestamp-query +# application/timestamp-reply +application/timestamped-data tsd +# application/ttml+xml +# application/tve-trigger +# application/ulpfec +# application/urc-grpsheet+xml +# application/urc-ressheet+xml +# application/urc-targetdesc+xml +# application/urc-uisocketdesc+xml +# application/vcard+json +# application/vcard+xml +# application/vemmi +# application/vividence.scriptfile +# application/vnd.3gpp-prose+xml +# application/vnd.3gpp-prose-pc3ch+xml +# application/vnd.3gpp.access-transfer-events+xml +# application/vnd.3gpp.bsf+xml +# application/vnd.3gpp.mid-call+xml +application/vnd.3gpp.pic-bw-large plb +application/vnd.3gpp.pic-bw-small psb +application/vnd.3gpp.pic-bw-var pvb +# application/vnd.3gpp.sms +# application/vnd.3gpp.sms+xml +# application/vnd.3gpp.srvcc-ext+xml +# application/vnd.3gpp.srvcc-info+xml +# application/vnd.3gpp.state-and-event-info+xml +# application/vnd.3gpp.ussd+xml +# application/vnd.3gpp2.bcmcsinfo+xml +# application/vnd.3gpp2.sms +application/vnd.3gpp2.tcap tcap +# application/vnd.3lightssoftware.imagescal +application/vnd.3m.post-it-notes pwn +application/vnd.accpac.simply.aso aso +application/vnd.accpac.simply.imp imp +application/vnd.acucobol acu +application/vnd.acucorp atc acutc +application/vnd.adobe.air-application-installer-package+zip air +# application/vnd.adobe.flash.movie +application/vnd.adobe.formscentral.fcdt fcdt +application/vnd.adobe.fxp fxp fxpl +# application/vnd.adobe.partial-upload +application/vnd.adobe.xdp+xml xdp +application/vnd.adobe.xfdf xfdf +# application/vnd.aether.imp +# application/vnd.ah-barcode +application/vnd.ahead.space ahead +application/vnd.airzip.filesecure.azf azf +application/vnd.airzip.filesecure.azs azs +application/vnd.amazon.ebook azw +# application/vnd.amazon.mobi8-ebook +application/vnd.americandynamics.acc acc +application/vnd.amiga.ami ami +# application/vnd.amundsen.maze+xml +application/vnd.android.package-archive apk +# application/vnd.anki +application/vnd.anser-web-certificate-issue-initiation cii +application/vnd.anser-web-funds-transfer-initiation fti +application/vnd.antix.game-component atx +# application/vnd.apache.thrift.binary +# application/vnd.apache.thrift.compact +# application/vnd.apache.thrift.json +# application/vnd.api+json +application/vnd.apple.installer+xml mpkg +application/vnd.apple.mpegurl m3u8 +# application/vnd.arastra.swi +application/vnd.aristanetworks.swi swi +# application/vnd.artsquare +application/vnd.astraea-software.iota iota +application/vnd.audiograph aep +# application/vnd.autopackage +# application/vnd.avistar+xml +# application/vnd.balsamiq.bmml+xml +# application/vnd.balsamiq.bmpr +# application/vnd.bekitzur-stech+json +# application/vnd.biopax.rdf+xml +application/vnd.blueice.multipass mpm +# application/vnd.bluetooth.ep.oob +# application/vnd.bluetooth.le.oob +application/vnd.bmi bmi +application/vnd.businessobjects rep +# application/vnd.cab-jscript +# application/vnd.canon-cpdl +# application/vnd.canon-lips +# application/vnd.cendio.thinlinc.clientconf +# application/vnd.century-systems.tcp_stream +application/vnd.chemdraw+xml cdxml +# application/vnd.chess-pgn +application/vnd.chipnuts.karaoke-mmd mmd +application/vnd.cinderella cdy +# application/vnd.cirpack.isdn-ext +# application/vnd.citationstyles.style+xml +application/vnd.claymore cla +application/vnd.cloanto.rp9 rp9 +application/vnd.clonk.c4group c4g c4d c4f c4p c4u +application/vnd.cluetrust.cartomobile-config c11amc +application/vnd.cluetrust.cartomobile-config-pkg c11amz +# application/vnd.coffeescript +# application/vnd.collection+json +# application/vnd.collection.doc+json +# application/vnd.collection.next+json +# application/vnd.comicbook+zip +# application/vnd.commerce-battelle +application/vnd.commonspace csp +application/vnd.contact.cmsg cdbcmsg +# application/vnd.coreos.ignition+json +application/vnd.cosmocaller cmc +application/vnd.crick.clicker clkx +application/vnd.crick.clicker.keyboard clkk +application/vnd.crick.clicker.palette clkp +application/vnd.crick.clicker.template clkt +application/vnd.crick.clicker.wordbank clkw +application/vnd.criticaltools.wbs+xml wbs +application/vnd.ctc-posml pml +# application/vnd.ctct.ws+xml +# application/vnd.cups-pdf +# application/vnd.cups-postscript +application/vnd.cups-ppd ppd +# application/vnd.cups-raster +# application/vnd.cups-raw +# application/vnd.curl +application/vnd.curl.car car +application/vnd.curl.pcurl pcurl +# application/vnd.cyan.dean.root+xml +# application/vnd.cybank +application/vnd.dart dart +application/vnd.data-vision.rdz rdz +# application/vnd.debian.binary-package +application/vnd.dece.data uvf uvvf uvd uvvd +application/vnd.dece.ttml+xml uvt uvvt +application/vnd.dece.unspecified uvx uvvx +application/vnd.dece.zip uvz uvvz +application/vnd.denovo.fcselayout-link fe_launch +# application/vnd.desmume.movie +# application/vnd.dir-bi.plate-dl-nosuffix +# application/vnd.dm.delegation+xml +application/vnd.dna dna +# application/vnd.document+json +application/vnd.dolby.mlp mlp +# application/vnd.dolby.mobile.1 +# application/vnd.dolby.mobile.2 +# application/vnd.doremir.scorecloud-binary-document +application/vnd.dpgraph dpg +application/vnd.dreamfactory dfac +# application/vnd.drive+json +application/vnd.ds-keypoint kpxx +# application/vnd.dtg.local +# application/vnd.dtg.local.flash +# application/vnd.dtg.local.html +application/vnd.dvb.ait ait +# application/vnd.dvb.dvbj +# application/vnd.dvb.esgcontainer +# application/vnd.dvb.ipdcdftnotifaccess +# application/vnd.dvb.ipdcesgaccess +# application/vnd.dvb.ipdcesgaccess2 +# application/vnd.dvb.ipdcesgpdd +# application/vnd.dvb.ipdcroaming +# application/vnd.dvb.iptv.alfec-base +# application/vnd.dvb.iptv.alfec-enhancement +# application/vnd.dvb.notif-aggregate-root+xml +# application/vnd.dvb.notif-container+xml +# application/vnd.dvb.notif-generic+xml +# application/vnd.dvb.notif-ia-msglist+xml +# application/vnd.dvb.notif-ia-registration-request+xml +# application/vnd.dvb.notif-ia-registration-response+xml +# application/vnd.dvb.notif-init+xml +# application/vnd.dvb.pfr +application/vnd.dvb.service svc +# application/vnd.dxr +application/vnd.dynageo geo +# application/vnd.dzr +# application/vnd.easykaraoke.cdgdownload +# application/vnd.ecdis-update +application/vnd.ecowin.chart mag +# application/vnd.ecowin.filerequest +# application/vnd.ecowin.fileupdate +# application/vnd.ecowin.series +# application/vnd.ecowin.seriesrequest +# application/vnd.ecowin.seriesupdate +# application/vnd.emclient.accessrequest+xml +application/vnd.enliven nml +# application/vnd.enphase.envoy +# application/vnd.eprints.data+xml +application/vnd.epson.esf esf +application/vnd.epson.msf msf +application/vnd.epson.quickanime qam +application/vnd.epson.salt slt +application/vnd.epson.ssf ssf +# application/vnd.ericsson.quickcall +application/vnd.eszigno3+xml es3 et3 +# application/vnd.etsi.aoc+xml +# application/vnd.etsi.asic-e+zip +# application/vnd.etsi.asic-s+zip +# application/vnd.etsi.cug+xml +# application/vnd.etsi.iptvcommand+xml +# application/vnd.etsi.iptvdiscovery+xml +# application/vnd.etsi.iptvprofile+xml +# application/vnd.etsi.iptvsad-bc+xml +# application/vnd.etsi.iptvsad-cod+xml +# application/vnd.etsi.iptvsad-npvr+xml +# application/vnd.etsi.iptvservice+xml +# application/vnd.etsi.iptvsync+xml +# application/vnd.etsi.iptvueprofile+xml +# application/vnd.etsi.mcid+xml +# application/vnd.etsi.mheg5 +# application/vnd.etsi.overload-control-policy-dataset+xml +# application/vnd.etsi.pstn+xml +# application/vnd.etsi.sci+xml +# application/vnd.etsi.simservs+xml +# application/vnd.etsi.timestamp-token +# application/vnd.etsi.tsl+xml +# application/vnd.etsi.tsl.der +# application/vnd.eudora.data +application/vnd.ezpix-album ez2 +application/vnd.ezpix-package ez3 +# application/vnd.f-secure.mobile +# application/vnd.fastcopy-disk-image +application/vnd.fdf fdf +application/vnd.fdsn.mseed mseed +application/vnd.fdsn.seed seed dataless +# application/vnd.ffsns +# application/vnd.filmit.zfc +# application/vnd.fints +# application/vnd.firemonkeys.cloudcell +application/vnd.flographit gph +application/vnd.fluxtime.clip ftc +# application/vnd.font-fontforge-sfd +application/vnd.framemaker fm frame maker book +application/vnd.frogans.fnc fnc +application/vnd.frogans.ltf ltf +application/vnd.fsc.weblaunch fsc +application/vnd.fujitsu.oasys oas +application/vnd.fujitsu.oasys2 oa2 +application/vnd.fujitsu.oasys3 oa3 +application/vnd.fujitsu.oasysgp fg5 +application/vnd.fujitsu.oasysprs bh2 +# application/vnd.fujixerox.art-ex +# application/vnd.fujixerox.art4 +application/vnd.fujixerox.ddd ddd +application/vnd.fujixerox.docuworks xdw +application/vnd.fujixerox.docuworks.binder xbd +# application/vnd.fujixerox.docuworks.container +# application/vnd.fujixerox.hbpl +# application/vnd.fut-misnet +application/vnd.fuzzysheet fzs +application/vnd.genomatix.tuxedo txd +# application/vnd.geo+json +# application/vnd.geocube+xml +application/vnd.geogebra.file ggb +application/vnd.geogebra.tool ggt +application/vnd.geometry-explorer gex gre +application/vnd.geonext gxt +application/vnd.geoplan g2w +application/vnd.geospace g3w +# application/vnd.gerber +# application/vnd.globalplatform.card-content-mgt +# application/vnd.globalplatform.card-content-mgt-response +application/vnd.gmx gmx +application/vnd.google-earth.kml+xml kml +application/vnd.google-earth.kmz kmz +# application/vnd.gov.sk.e-form+xml +# application/vnd.gov.sk.e-form+zip +# application/vnd.gov.sk.xmldatacontainer+xml +application/vnd.grafeq gqf gqs +# application/vnd.gridmp +application/vnd.groove-account gac +application/vnd.groove-help ghf +application/vnd.groove-identity-message gim +application/vnd.groove-injector grv +application/vnd.groove-tool-message gtm +application/vnd.groove-tool-template tpl +application/vnd.groove-vcard vcg +# application/vnd.hal+json +application/vnd.hal+xml hal +application/vnd.handheld-entertainment+xml zmm +application/vnd.hbci hbci +# application/vnd.hcl-bireports +# application/vnd.hdt +# application/vnd.heroku+json +application/vnd.hhe.lesson-player les +application/vnd.hp-hpgl hpgl +application/vnd.hp-hpid hpid +application/vnd.hp-hps hps +application/vnd.hp-jlyt jlt +application/vnd.hp-pcl pcl +application/vnd.hp-pclxl pclxl +# application/vnd.httphone +application/vnd.hydrostatix.sof-data sfd-hdstx +# application/vnd.hyperdrive+json +# application/vnd.hzn-3d-crossword +# application/vnd.ibm.afplinedata +# application/vnd.ibm.electronic-media +application/vnd.ibm.minipay mpy +application/vnd.ibm.modcap afp listafp list3820 +application/vnd.ibm.rights-management irm +application/vnd.ibm.secure-container sc +application/vnd.iccprofile icc icm +# application/vnd.ieee.1905 +application/vnd.igloader igl +application/vnd.immervision-ivp ivp +application/vnd.immervision-ivu ivu +# application/vnd.ims.imsccv1p1 +# application/vnd.ims.imsccv1p2 +# application/vnd.ims.imsccv1p3 +# application/vnd.ims.lis.v2.result+json +# application/vnd.ims.lti.v2.toolconsumerprofile+json +# application/vnd.ims.lti.v2.toolproxy+json +# application/vnd.ims.lti.v2.toolproxy.id+json +# application/vnd.ims.lti.v2.toolsettings+json +# application/vnd.ims.lti.v2.toolsettings.simple+json +# application/vnd.informedcontrol.rms+xml +# application/vnd.informix-visionary +# application/vnd.infotech.project +# application/vnd.infotech.project+xml +# application/vnd.innopath.wamp.notification +application/vnd.insors.igm igm +application/vnd.intercon.formnet xpw xpx +application/vnd.intergeo i2g +# application/vnd.intertrust.digibox +# application/vnd.intertrust.nncp +application/vnd.intu.qbo qbo +application/vnd.intu.qfx qfx +# application/vnd.iptc.g2.catalogitem+xml +# application/vnd.iptc.g2.conceptitem+xml +# application/vnd.iptc.g2.knowledgeitem+xml +# application/vnd.iptc.g2.newsitem+xml +# application/vnd.iptc.g2.newsmessage+xml +# application/vnd.iptc.g2.packageitem+xml +# application/vnd.iptc.g2.planningitem+xml +application/vnd.ipunplugged.rcprofile rcprofile +application/vnd.irepository.package+xml irp +application/vnd.is-xpr xpr +application/vnd.isac.fcs fcs +application/vnd.jam jam +# application/vnd.japannet-directory-service +# application/vnd.japannet-jpnstore-wakeup +# application/vnd.japannet-payment-wakeup +# application/vnd.japannet-registration +# application/vnd.japannet-registration-wakeup +# application/vnd.japannet-setstore-wakeup +# application/vnd.japannet-verification +# application/vnd.japannet-verification-wakeup +application/vnd.jcp.javame.midlet-rms rms +application/vnd.jisp jisp +application/vnd.joost.joda-archive joda +# application/vnd.jsk.isdn-ngn +application/vnd.kahootz ktz ktr +application/vnd.kde.karbon karbon +application/vnd.kde.kchart chrt +application/vnd.kde.kformula kfo +application/vnd.kde.kivio flw +application/vnd.kde.kontour kon +application/vnd.kde.kpresenter kpr kpt +application/vnd.kde.kspread ksp +application/vnd.kde.kword kwd kwt +application/vnd.kenameaapp htke +application/vnd.kidspiration kia +application/vnd.kinar kne knp +application/vnd.koan skp skd skt skm +application/vnd.kodak-descriptor sse +application/vnd.las.las+xml lasxml +# application/vnd.liberty-request+xml +application/vnd.llamagraphics.life-balance.desktop lbd +application/vnd.llamagraphics.life-balance.exchange+xml lbe +application/vnd.lotus-1-2-3 123 +application/vnd.lotus-approach apr +application/vnd.lotus-freelance pre +application/vnd.lotus-notes nsf +application/vnd.lotus-organizer org +application/vnd.lotus-screencam scm +application/vnd.lotus-wordpro lwp +application/vnd.macports.portpkg portpkg +# application/vnd.mapbox-vector-tile +# application/vnd.marlin.drm.actiontoken+xml +# application/vnd.marlin.drm.conftoken+xml +# application/vnd.marlin.drm.license+xml +# application/vnd.marlin.drm.mdcf +# application/vnd.mason+json +# application/vnd.maxmind.maxmind-db +application/vnd.mcd mcd +application/vnd.medcalcdata mc1 +application/vnd.mediastation.cdkey cdkey +# application/vnd.meridian-slingshot +application/vnd.mfer mwf +application/vnd.mfmp mfm +# application/vnd.micro+json +application/vnd.micrografx.flo flo +application/vnd.micrografx.igx igx +# application/vnd.microsoft.portable-executable +# application/vnd.miele+json +application/vnd.mif mif +# application/vnd.minisoft-hp3000-save +# application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf daf +application/vnd.mobius.dis dis +application/vnd.mobius.mbk mbk +application/vnd.mobius.mqy mqy +application/vnd.mobius.msl msl +application/vnd.mobius.plc plc +application/vnd.mobius.txf txf +application/vnd.mophun.application mpn +application/vnd.mophun.certificate mpc +# application/vnd.motorola.flexsuite +# application/vnd.motorola.flexsuite.adsi +# application/vnd.motorola.flexsuite.fis +# application/vnd.motorola.flexsuite.gotap +# application/vnd.motorola.flexsuite.kmr +# application/vnd.motorola.flexsuite.ttc +# application/vnd.motorola.flexsuite.wem +# application/vnd.motorola.iprm +application/vnd.mozilla.xul+xml xul +# application/vnd.ms-3mfdocument +application/vnd.ms-artgalry cil +# application/vnd.ms-asf +application/vnd.ms-cab-compressed cab +# application/vnd.ms-color.iccprofile +application/vnd.ms-excel xls xlm xla xlc xlt xlw +application/vnd.ms-excel.addin.macroenabled.12 xlam +application/vnd.ms-excel.sheet.binary.macroenabled.12 xlsb +application/vnd.ms-excel.sheet.macroenabled.12 xlsm +application/vnd.ms-excel.template.macroenabled.12 xltm +application/vnd.ms-fontobject eot +application/vnd.ms-htmlhelp chm +application/vnd.ms-ims ims +application/vnd.ms-lrm lrm +# application/vnd.ms-office.activex+xml +application/vnd.ms-officetheme thmx +# application/vnd.ms-opentype +# application/vnd.ms-package.obfuscated-opentype +application/vnd.ms-pki.seccat cat +application/vnd.ms-pki.stl stl +# application/vnd.ms-playready.initiator+xml +application/vnd.ms-powerpoint ppt pps pot +application/vnd.ms-powerpoint.addin.macroenabled.12 ppam +application/vnd.ms-powerpoint.presentation.macroenabled.12 pptm +application/vnd.ms-powerpoint.slide.macroenabled.12 sldm +application/vnd.ms-powerpoint.slideshow.macroenabled.12 ppsm +application/vnd.ms-powerpoint.template.macroenabled.12 potm +# application/vnd.ms-printdevicecapabilities+xml +# application/vnd.ms-printing.printticket+xml +# application/vnd.ms-printschematicket+xml +application/vnd.ms-project mpp mpt +# application/vnd.ms-tnef +# application/vnd.ms-windows.devicepairing +# application/vnd.ms-windows.nwprinting.oob +# application/vnd.ms-windows.printerpairing +# application/vnd.ms-windows.wsd.oob +# application/vnd.ms-wmdrm.lic-chlg-req +# application/vnd.ms-wmdrm.lic-resp +# application/vnd.ms-wmdrm.meter-chlg-req +# application/vnd.ms-wmdrm.meter-resp +application/vnd.ms-word.document.macroenabled.12 docm +application/vnd.ms-word.template.macroenabled.12 dotm +application/vnd.ms-works wps wks wcm wdb +application/vnd.ms-wpl wpl +application/vnd.ms-xpsdocument xps +# application/vnd.msa-disk-image +application/vnd.mseq mseq +# application/vnd.msign +# application/vnd.multiad.creator +# application/vnd.multiad.creator.cif +# application/vnd.music-niff +application/vnd.musician mus +application/vnd.muvee.style msty +application/vnd.mynfc taglet +# application/vnd.ncd.control +# application/vnd.ncd.reference +# application/vnd.nervana +# application/vnd.netfpx +application/vnd.neurolanguage.nlu nlu +# application/vnd.nintendo.nitro.rom +# application/vnd.nintendo.snes.rom +application/vnd.nitf ntf nitf +application/vnd.noblenet-directory nnd +application/vnd.noblenet-sealer nns +application/vnd.noblenet-web nnw +# application/vnd.nokia.catalogs +# application/vnd.nokia.conml+wbxml +# application/vnd.nokia.conml+xml +# application/vnd.nokia.iptv.config+xml +# application/vnd.nokia.isds-radio-presets +# application/vnd.nokia.landmark+wbxml +# application/vnd.nokia.landmark+xml +# application/vnd.nokia.landmarkcollection+xml +# application/vnd.nokia.n-gage.ac+xml +application/vnd.nokia.n-gage.data ngdat +application/vnd.nokia.n-gage.symbian.install n-gage +# application/vnd.nokia.ncd +# application/vnd.nokia.pcd+wbxml +# application/vnd.nokia.pcd+xml +application/vnd.nokia.radio-preset rpst +application/vnd.nokia.radio-presets rpss +application/vnd.novadigm.edm edm +application/vnd.novadigm.edx edx +application/vnd.novadigm.ext ext +# application/vnd.ntt-local.content-share +# application/vnd.ntt-local.file-transfer +# application/vnd.ntt-local.ogw_remote-access +# application/vnd.ntt-local.sip-ta_remote +# application/vnd.ntt-local.sip-ta_tcp_stream +application/vnd.oasis.opendocument.chart odc +application/vnd.oasis.opendocument.chart-template otc +application/vnd.oasis.opendocument.database odb +application/vnd.oasis.opendocument.formula odf +application/vnd.oasis.opendocument.formula-template odft +application/vnd.oasis.opendocument.graphics odg +application/vnd.oasis.opendocument.graphics-template otg +application/vnd.oasis.opendocument.image odi +application/vnd.oasis.opendocument.image-template oti +application/vnd.oasis.opendocument.presentation odp +application/vnd.oasis.opendocument.presentation-template otp +application/vnd.oasis.opendocument.spreadsheet ods +application/vnd.oasis.opendocument.spreadsheet-template ots +application/vnd.oasis.opendocument.text odt +application/vnd.oasis.opendocument.text-master odm +application/vnd.oasis.opendocument.text-template ott +application/vnd.oasis.opendocument.text-web oth +# application/vnd.obn +# application/vnd.oftn.l10n+json +# application/vnd.oipf.contentaccessdownload+xml +# application/vnd.oipf.contentaccessstreaming+xml +# application/vnd.oipf.cspg-hexbinary +# application/vnd.oipf.dae.svg+xml +# application/vnd.oipf.dae.xhtml+xml +# application/vnd.oipf.mippvcontrolmessage+xml +# application/vnd.oipf.pae.gem +# application/vnd.oipf.spdiscovery+xml +# application/vnd.oipf.spdlist+xml +# application/vnd.oipf.ueprofile+xml +# application/vnd.oipf.userprofile+xml +application/vnd.olpc-sugar xo +# application/vnd.oma-scws-config +# application/vnd.oma-scws-http-request +# application/vnd.oma-scws-http-response +# application/vnd.oma.bcast.associated-procedure-parameter+xml +# application/vnd.oma.bcast.drm-trigger+xml +# application/vnd.oma.bcast.imd+xml +# application/vnd.oma.bcast.ltkm +# application/vnd.oma.bcast.notification+xml +# application/vnd.oma.bcast.provisioningtrigger +# application/vnd.oma.bcast.sgboot +# application/vnd.oma.bcast.sgdd+xml +# application/vnd.oma.bcast.sgdu +# application/vnd.oma.bcast.simple-symbol-container +# application/vnd.oma.bcast.smartcard-trigger+xml +# application/vnd.oma.bcast.sprov+xml +# application/vnd.oma.bcast.stkm +# application/vnd.oma.cab-address-book+xml +# application/vnd.oma.cab-feature-handler+xml +# application/vnd.oma.cab-pcc+xml +# application/vnd.oma.cab-subs-invite+xml +# application/vnd.oma.cab-user-prefs+xml +# application/vnd.oma.dcd +# application/vnd.oma.dcdc +application/vnd.oma.dd2+xml dd2 +# application/vnd.oma.drm.risd+xml +# application/vnd.oma.group-usage-list+xml +# application/vnd.oma.lwm2m+json +# application/vnd.oma.lwm2m+tlv +# application/vnd.oma.pal+xml +# application/vnd.oma.poc.detailed-progress-report+xml +# application/vnd.oma.poc.final-report+xml +# application/vnd.oma.poc.groups+xml +# application/vnd.oma.poc.invocation-descriptor+xml +# application/vnd.oma.poc.optimized-progress-report+xml +# application/vnd.oma.push +# application/vnd.oma.scidm.messages+xml +# application/vnd.oma.xcap-directory+xml +# application/vnd.omads-email+xml +# application/vnd.omads-file+xml +# application/vnd.omads-folder+xml +# application/vnd.omaloc-supl-init +# application/vnd.onepager +# application/vnd.openblox.game+xml +# application/vnd.openblox.game-binary +# application/vnd.openeye.oeb +application/vnd.openofficeorg.extension oxt +# application/vnd.openxmlformats-officedocument.custom-properties+xml +# application/vnd.openxmlformats-officedocument.customxmlproperties+xml +# application/vnd.openxmlformats-officedocument.drawing+xml +# application/vnd.openxmlformats-officedocument.drawingml.chart+xml +# application/vnd.openxmlformats-officedocument.drawingml.chartshapes+xml +# application/vnd.openxmlformats-officedocument.drawingml.diagramcolors+xml +# application/vnd.openxmlformats-officedocument.drawingml.diagramdata+xml +# application/vnd.openxmlformats-officedocument.drawingml.diagramlayout+xml +# application/vnd.openxmlformats-officedocument.drawingml.diagramstyle+xml +# application/vnd.openxmlformats-officedocument.extended-properties+xml +# application/vnd.openxmlformats-officedocument.presentationml.commentauthors+xml +# application/vnd.openxmlformats-officedocument.presentationml.comments+xml +# application/vnd.openxmlformats-officedocument.presentationml.handoutmaster+xml +# application/vnd.openxmlformats-officedocument.presentationml.notesmaster+xml +# application/vnd.openxmlformats-officedocument.presentationml.notesslide+xml +application/vnd.openxmlformats-officedocument.presentationml.presentation pptx +# application/vnd.openxmlformats-officedocument.presentationml.presentation.main+xml +# application/vnd.openxmlformats-officedocument.presentationml.presprops+xml +application/vnd.openxmlformats-officedocument.presentationml.slide sldx +# application/vnd.openxmlformats-officedocument.presentationml.slide+xml +# application/vnd.openxmlformats-officedocument.presentationml.slidelayout+xml +# application/vnd.openxmlformats-officedocument.presentationml.slidemaster+xml +application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx +# application/vnd.openxmlformats-officedocument.presentationml.slideshow.main+xml +# application/vnd.openxmlformats-officedocument.presentationml.slideupdateinfo+xml +# application/vnd.openxmlformats-officedocument.presentationml.tablestyles+xml +# application/vnd.openxmlformats-officedocument.presentationml.tags+xml +application/vnd.openxmlformats-officedocument.presentationml.template potx +# application/vnd.openxmlformats-officedocument.presentationml.template.main+xml +# application/vnd.openxmlformats-officedocument.presentationml.viewprops+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.calcchain+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.chartsheet+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.comments+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.connections+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.dialogsheet+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.externallink+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.pivotcachedefinition+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.pivotcacherecords+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.pivottable+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.querytable+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.revisionheaders+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.revisionlog+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.sharedstrings+xml +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx +# application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.sheetmetadata+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.styles+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.table+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.tablesinglecells+xml +application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx +# application/vnd.openxmlformats-officedocument.spreadsheetml.template.main+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.usernames+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.volatiledependencies+xml +# application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml +# application/vnd.openxmlformats-officedocument.theme+xml +# application/vnd.openxmlformats-officedocument.themeoverride+xml +# application/vnd.openxmlformats-officedocument.vmldrawing +# application/vnd.openxmlformats-officedocument.wordprocessingml.comments+xml +application/vnd.openxmlformats-officedocument.wordprocessingml.document docx +# application/vnd.openxmlformats-officedocument.wordprocessingml.document.glossary+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.endnotes+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.fonttable+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.footnotes+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.numbering+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml +application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx +# application/vnd.openxmlformats-officedocument.wordprocessingml.template.main+xml +# application/vnd.openxmlformats-officedocument.wordprocessingml.websettings+xml +# application/vnd.openxmlformats-package.core-properties+xml +# application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml +# application/vnd.openxmlformats-package.relationships+xml +# application/vnd.oracle.resource+json +# application/vnd.orange.indata +# application/vnd.osa.netdeploy +application/vnd.osgeo.mapguide.package mgp +# application/vnd.osgi.bundle +application/vnd.osgi.dp dp +application/vnd.osgi.subsystem esa +# application/vnd.otps.ct-kip+xml +# application/vnd.oxli.countgraph +# application/vnd.pagerduty+json +application/vnd.palm pdb pqa oprc +# application/vnd.panoply +# application/vnd.paos.xml +application/vnd.pawaafile paw +# application/vnd.pcos +application/vnd.pg.format str +application/vnd.pg.osasli ei6 +# application/vnd.piaccess.application-licence +application/vnd.picsel efif +application/vnd.pmi.widget wg +# application/vnd.poc.group-advertisement+xml +application/vnd.pocketlearn plf +application/vnd.powerbuilder6 pbd +# application/vnd.powerbuilder6-s +# application/vnd.powerbuilder7 +# application/vnd.powerbuilder7-s +# application/vnd.powerbuilder75 +# application/vnd.powerbuilder75-s +# application/vnd.preminet +application/vnd.previewsystems.box box +application/vnd.proteus.magazine mgz +application/vnd.publishare-delta-tree qps +application/vnd.pvi.ptid1 ptid +# application/vnd.pwg-multiplexed +# application/vnd.pwg-xhtml-print+xml +# application/vnd.qualcomm.brew-app-res +# application/vnd.quarantainenet +application/vnd.quark.quarkxpress qxd qxt qwd qwt qxl qxb +# application/vnd.quobject-quoxdocument +# application/vnd.radisys.moml+xml +# application/vnd.radisys.msml+xml +# application/vnd.radisys.msml-audit+xml +# application/vnd.radisys.msml-audit-conf+xml +# application/vnd.radisys.msml-audit-conn+xml +# application/vnd.radisys.msml-audit-dialog+xml +# application/vnd.radisys.msml-audit-stream+xml +# application/vnd.radisys.msml-conf+xml +# application/vnd.radisys.msml-dialog+xml +# application/vnd.radisys.msml-dialog-base+xml +# application/vnd.radisys.msml-dialog-fax-detect+xml +# application/vnd.radisys.msml-dialog-fax-sendrecv+xml +# application/vnd.radisys.msml-dialog-group+xml +# application/vnd.radisys.msml-dialog-speech+xml +# application/vnd.radisys.msml-dialog-transform+xml +# application/vnd.rainstor.data +# application/vnd.rapid +# application/vnd.rar +application/vnd.realvnc.bed bed +application/vnd.recordare.musicxml mxl +application/vnd.recordare.musicxml+xml musicxml +# application/vnd.renlearn.rlprint +application/vnd.rig.cryptonote cryptonote +application/vnd.rim.cod cod +application/vnd.rn-realmedia rm +application/vnd.rn-realmedia-vbr rmvb +application/vnd.route66.link66+xml link66 +# application/vnd.rs-274x +# application/vnd.ruckus.download +# application/vnd.s3sms +application/vnd.sailingtracker.track st +# application/vnd.sbm.cid +# application/vnd.sbm.mid2 +# application/vnd.scribus +# application/vnd.sealed.3df +# application/vnd.sealed.csf +# application/vnd.sealed.doc +# application/vnd.sealed.eml +# application/vnd.sealed.mht +# application/vnd.sealed.net +# application/vnd.sealed.ppt +# application/vnd.sealed.tiff +# application/vnd.sealed.xls +# application/vnd.sealedmedia.softseal.html +# application/vnd.sealedmedia.softseal.pdf +application/vnd.seemail see +application/vnd.sema sema +application/vnd.semd semd +application/vnd.semf semf +application/vnd.shana.informed.formdata ifm +application/vnd.shana.informed.formtemplate itp +application/vnd.shana.informed.interchange iif +application/vnd.shana.informed.package ipk +application/vnd.simtech-mindmapper twd twds +# application/vnd.siren+json +application/vnd.smaf mmf +# application/vnd.smart.notebook +application/vnd.smart.teacher teacher +# application/vnd.software602.filler.form+xml +# application/vnd.software602.filler.form-xml-zip +application/vnd.solent.sdkm+xml sdkm sdkd +application/vnd.spotfire.dxp dxp +application/vnd.spotfire.sfs sfs +# application/vnd.sss-cod +# application/vnd.sss-dtf +# application/vnd.sss-ntf +application/vnd.stardivision.calc sdc +application/vnd.stardivision.draw sda +application/vnd.stardivision.impress sdd +application/vnd.stardivision.math smf +application/vnd.stardivision.writer sdw vor +application/vnd.stardivision.writer-global sgl +application/vnd.stepmania.package smzip +application/vnd.stepmania.stepchart sm +# application/vnd.street-stream +# application/vnd.sun.wadl+xml +application/vnd.sun.xml.calc sxc +application/vnd.sun.xml.calc.template stc +application/vnd.sun.xml.draw sxd +application/vnd.sun.xml.draw.template std +application/vnd.sun.xml.impress sxi +application/vnd.sun.xml.impress.template sti +application/vnd.sun.xml.math sxm +application/vnd.sun.xml.writer sxw +application/vnd.sun.xml.writer.global sxg +application/vnd.sun.xml.writer.template stw +application/vnd.sus-calendar sus susp +application/vnd.svd svd +# application/vnd.swiftview-ics +application/vnd.symbian.install sis sisx +application/vnd.syncml+xml xsm +application/vnd.syncml.dm+wbxml bdm +application/vnd.syncml.dm+xml xdm +# application/vnd.syncml.dm.notification +# application/vnd.syncml.dmddf+wbxml +# application/vnd.syncml.dmddf+xml +# application/vnd.syncml.dmtnds+wbxml +# application/vnd.syncml.dmtnds+xml +# application/vnd.syncml.ds.notification +application/vnd.tao.intent-module-archive tao +application/vnd.tcpdump.pcap pcap cap dmp +# application/vnd.tmd.mediaflex.api+xml +# application/vnd.tml +application/vnd.tmobile-livetv tmo +application/vnd.trid.tpt tpt +application/vnd.triscape.mxs mxs +application/vnd.trueapp tra +# application/vnd.truedoc +# application/vnd.ubisoft.webplayer +application/vnd.ufdl ufd ufdl +application/vnd.uiq.theme utz +application/vnd.umajin umj +application/vnd.unity unityweb +application/vnd.uoml+xml uoml +# application/vnd.uplanet.alert +# application/vnd.uplanet.alert-wbxml +# application/vnd.uplanet.bearer-choice +# application/vnd.uplanet.bearer-choice-wbxml +# application/vnd.uplanet.cacheop +# application/vnd.uplanet.cacheop-wbxml +# application/vnd.uplanet.channel +# application/vnd.uplanet.channel-wbxml +# application/vnd.uplanet.list +# application/vnd.uplanet.list-wbxml +# application/vnd.uplanet.listcmd +# application/vnd.uplanet.listcmd-wbxml +# application/vnd.uplanet.signal +# application/vnd.uri-map +# application/vnd.valve.source.material +application/vnd.vcx vcx +# application/vnd.vd-study +# application/vnd.vectorworks +# application/vnd.vel+json +# application/vnd.verimatrix.vcas +# application/vnd.vidsoft.vidconference +application/vnd.visio vsd vst vss vsw +application/vnd.visionary vis +# application/vnd.vividence.scriptfile +application/vnd.vsf vsf +# application/vnd.wap.sic +# application/vnd.wap.slc +application/vnd.wap.wbxml wbxml +application/vnd.wap.wmlc wmlc +application/vnd.wap.wmlscriptc wmlsc +application/vnd.webturbo wtb +# application/vnd.wfa.p2p +# application/vnd.wfa.wsc +# application/vnd.windows.devicepairing +# application/vnd.wmc +# application/vnd.wmf.bootstrap +# application/vnd.wolfram.mathematica +# application/vnd.wolfram.mathematica.package +application/vnd.wolfram.player nbp +application/vnd.wordperfect wpd +application/vnd.wqd wqd +# application/vnd.wrq-hp3000-labelled +application/vnd.wt.stf stf +# application/vnd.wv.csp+wbxml +# application/vnd.wv.csp+xml +# application/vnd.wv.ssp+xml +# application/vnd.xacml+json +application/vnd.xara xar +application/vnd.xfdl xfdl +# application/vnd.xfdl.webform +# application/vnd.xmi+xml +# application/vnd.xmpie.cpkg +# application/vnd.xmpie.dpkg +# application/vnd.xmpie.plan +# application/vnd.xmpie.ppkg +# application/vnd.xmpie.xlim +application/vnd.yamaha.hv-dic hvd +application/vnd.yamaha.hv-script hvs +application/vnd.yamaha.hv-voice hvp +application/vnd.yamaha.openscoreformat osf +application/vnd.yamaha.openscoreformat.osfpvg+xml osfpvg +# application/vnd.yamaha.remote-setup +application/vnd.yamaha.smaf-audio saf +application/vnd.yamaha.smaf-phrase spf +# application/vnd.yamaha.through-ngn +# application/vnd.yamaha.tunnel-udpencap +# application/vnd.yaoweme +application/vnd.yellowriver-custom-menu cmp +application/vnd.zul zir zirz +application/vnd.zzazz.deck+xml zaz +application/voicexml+xml vxml +# application/vq-rtcpxr +# application/watcherinfo+xml +# application/whoispp-query +# application/whoispp-response +application/widget wgt +application/winhlp hlp +# application/wita +# application/wordperfect5.1 +application/wsdl+xml wsdl +application/wspolicy+xml wspolicy +application/x-7z-compressed 7z +application/x-abiword abw +application/x-ace-compressed ace +# application/x-amf +application/x-apple-diskimage dmg +application/x-authorware-bin aab x32 u32 vox +application/x-authorware-map aam +application/x-authorware-seg aas +application/x-bcpio bcpio +application/x-bittorrent torrent +application/x-blorb blb blorb +application/x-bzip bz +application/x-bzip2 bz2 boz +application/x-cbr cbr cba cbt cbz cb7 +application/x-cdlink vcd +application/x-cfs-compressed cfs +application/x-chat chat +application/x-chess-pgn pgn +# application/x-compress +application/x-conference nsc +application/x-cpio cpio +application/x-csh csh +application/x-debian-package deb udeb +application/x-dgc-compressed dgc +application/x-director dir dcr dxr cst cct cxt w3d fgd swa +application/x-doom wad +application/x-dtbncx+xml ncx +application/x-dtbook+xml dtb +application/x-dtbresource+xml res +application/x-dvi dvi +application/x-envoy evy +application/x-eva eva +application/x-font-bdf bdf +# application/x-font-dos +# application/x-font-framemaker +application/x-font-ghostscript gsf +# application/x-font-libgrx +application/x-font-linux-psf psf +application/x-font-pcf pcf +application/x-font-snf snf +# application/x-font-speedo +# application/x-font-sunos-news +application/x-font-type1 pfa pfb pfm afm +# application/x-font-vfont +application/x-freearc arc +application/x-futuresplash spl +application/x-gca-compressed gca +application/x-glulx ulx +application/x-gnumeric gnumeric +application/x-gramps-xml gramps +application/x-gtar gtar +# application/x-gzip +application/x-hdf hdf +application/x-install-instructions install +application/x-iso9660-image iso +application/x-java-jnlp-file jnlp +application/x-latex latex +application/x-lzh-compressed lzh lha +application/x-mie mie +application/x-mobipocket-ebook prc mobi +application/x-ms-application application +application/x-ms-shortcut lnk +application/x-ms-wmd wmd +application/x-ms-wmz wmz +application/x-ms-xbap xbap +application/x-msaccess mdb +application/x-msbinder obd +application/x-mscardfile crd +application/x-msclip clp +application/x-msdownload exe dll com bat msi +application/x-msmediaview mvb m13 m14 +application/x-msmetafile wmf wmz emf emz +application/x-msmoney mny +application/x-mspublisher pub +application/x-msschedule scd +application/x-msterminal trm +application/x-mswrite wri +application/x-netcdf nc cdf +application/x-nzb nzb +application/x-pkcs12 p12 pfx +application/x-pkcs7-certificates p7b spc +application/x-pkcs7-certreqresp p7r +application/x-rar-compressed rar +application/x-research-info-systems ris +application/x-sh sh +application/x-shar shar +application/x-shockwave-flash swf +application/x-silverlight-app xap +application/x-sql sql +application/x-stuffit sit +application/x-stuffitx sitx +application/x-subrip srt +application/x-sv4cpio sv4cpio +application/x-sv4crc sv4crc +application/x-t3vm-image t3 +application/x-tads gam +application/x-tar tar +application/x-tcl tcl +application/x-tex tex +application/x-tex-tfm tfm +application/x-texinfo texinfo texi +application/x-tgif obj +application/x-ustar ustar +application/x-wais-source src +# application/x-www-form-urlencoded +application/x-x509-ca-cert der crt +application/x-xfig fig +application/x-xliff+xml xlf +application/x-xpinstall xpi +application/x-xz xz +application/x-zmachine z1 z2 z3 z4 z5 z6 z7 z8 +# application/x400-bp +# application/xacml+xml +application/xaml+xml xaml +# application/xcap-att+xml +# application/xcap-caps+xml +application/xcap-diff+xml xdf +# application/xcap-el+xml +# application/xcap-error+xml +# application/xcap-ns+xml +# application/xcon-conference-info+xml +# application/xcon-conference-info-diff+xml +application/xenc+xml xenc +application/xhtml+xml xhtml xht +# application/xhtml-voice+xml +application/xml xml xsl +application/xml-dtd dtd +# application/xml-external-parsed-entity +# application/xml-patch+xml +# application/xmpp+xml +application/xop+xml xop +application/xproc+xml xpl +application/xslt+xml xslt +application/xspf+xml xspf +application/xv+xml mxml xhvml xvml xvm +application/yang yang +application/yin+xml yin +application/zip zip +# application/zlib +# audio/1d-interleaved-parityfec +# audio/32kadpcm +# audio/3gpp +# audio/3gpp2 +# audio/ac3 +audio/adpcm adp +# audio/amr +# audio/amr-wb +# audio/amr-wb+ +# audio/aptx +# audio/asc +# audio/atrac-advanced-lossless +# audio/atrac-x +# audio/atrac3 +audio/basic au snd +# audio/bv16 +# audio/bv32 +# audio/clearmode +# audio/cn +# audio/dat12 +# audio/dls +# audio/dsr-es201108 +# audio/dsr-es202050 +# audio/dsr-es202211 +# audio/dsr-es202212 +# audio/dv +# audio/dvi4 +# audio/eac3 +# audio/encaprtp +# audio/evrc +# audio/evrc-qcp +# audio/evrc0 +# audio/evrc1 +# audio/evrcb +# audio/evrcb0 +# audio/evrcb1 +# audio/evrcnw +# audio/evrcnw0 +# audio/evrcnw1 +# audio/evrcwb +# audio/evrcwb0 +# audio/evrcwb1 +# audio/evs +# audio/example +# audio/fwdred +# audio/g711-0 +# audio/g719 +# audio/g722 +# audio/g7221 +# audio/g723 +# audio/g726-16 +# audio/g726-24 +# audio/g726-32 +# audio/g726-40 +# audio/g728 +# audio/g729 +# audio/g7291 +# audio/g729d +# audio/g729e +# audio/gsm +# audio/gsm-efr +# audio/gsm-hr-08 +# audio/ilbc +# audio/ip-mr_v2.5 +# audio/isac +# audio/l16 +# audio/l20 +# audio/l24 +# audio/l8 +# audio/lpc +audio/midi mid midi kar rmi +# audio/mobile-xmf +audio/mp4 m4a mp4a +# audio/mp4a-latm +# audio/mpa +# audio/mpa-robust +audio/mpeg mpga mp2 mp2a mp3 m2a m3a +# audio/mpeg4-generic +# audio/musepack +audio/ogg oga ogg spx +# audio/opus +# audio/parityfec +# audio/pcma +# audio/pcma-wb +# audio/pcmu +# audio/pcmu-wb +# audio/prs.sid +# audio/qcelp +# audio/raptorfec +# audio/red +# audio/rtp-enc-aescm128 +# audio/rtp-midi +# audio/rtploopback +# audio/rtx +audio/s3m s3m +audio/silk sil +# audio/smv +# audio/smv-qcp +# audio/smv0 +# audio/sp-midi +# audio/speex +# audio/t140c +# audio/t38 +# audio/telephone-event +# audio/tone +# audio/uemclip +# audio/ulpfec +# audio/vdvi +# audio/vmr-wb +# audio/vnd.3gpp.iufp +# audio/vnd.4sb +# audio/vnd.audiokoz +# audio/vnd.celp +# audio/vnd.cisco.nse +# audio/vnd.cmles.radio-events +# audio/vnd.cns.anp1 +# audio/vnd.cns.inf1 +audio/vnd.dece.audio uva uvva +audio/vnd.digital-winds eol +# audio/vnd.dlna.adts +# audio/vnd.dolby.heaac.1 +# audio/vnd.dolby.heaac.2 +# audio/vnd.dolby.mlp +# audio/vnd.dolby.mps +# audio/vnd.dolby.pl2 +# audio/vnd.dolby.pl2x +# audio/vnd.dolby.pl2z +# audio/vnd.dolby.pulse.1 +audio/vnd.dra dra +audio/vnd.dts dts +audio/vnd.dts.hd dtshd +# audio/vnd.dvb.file +# audio/vnd.everad.plj +# audio/vnd.hns.audio +audio/vnd.lucent.voice lvp +audio/vnd.ms-playready.media.pya pya +# audio/vnd.nokia.mobile-xmf +# audio/vnd.nortel.vbk +audio/vnd.nuera.ecelp4800 ecelp4800 +audio/vnd.nuera.ecelp7470 ecelp7470 +audio/vnd.nuera.ecelp9600 ecelp9600 +# audio/vnd.octel.sbc +# audio/vnd.qcelp +# audio/vnd.rhetorex.32kadpcm +audio/vnd.rip rip +# audio/vnd.sealedmedia.softseal.mpeg +# audio/vnd.vmx.cvsd +# audio/vorbis +# audio/vorbis-config +audio/webm weba +audio/x-aac aac +audio/x-aiff aif aiff aifc +audio/x-caf caf +audio/x-flac flac +audio/x-matroska mka +audio/x-mpegurl m3u +audio/x-ms-wax wax +audio/x-ms-wma wma +audio/x-pn-realaudio ram ra +audio/x-pn-realaudio-plugin rmp +# audio/x-tta +audio/x-wav wav +audio/xm xm +chemical/x-cdx cdx +chemical/x-cif cif +chemical/x-cmdf cmdf +chemical/x-cml cml +chemical/x-csml csml +# chemical/x-pdb +chemical/x-xyz xyz +font/collection ttc +font/otf otf +# font/sfnt +font/ttf ttf +font/woff woff +font/woff2 woff2 +image/bmp bmp +image/cgm cgm +# image/dicom-rle +# image/emf +# image/example +# image/fits +image/g3fax g3 +image/gif gif +image/ief ief +# image/jls +# image/jp2 +image/jpeg jpeg jpg jpe +# image/jpm +# image/jpx +image/ktx ktx +# image/naplps +image/png png +image/prs.btif btif +# image/prs.pti +# image/pwg-raster +image/sgi sgi +image/svg+xml svg svgz +# image/t38 +image/tiff tiff tif +# image/tiff-fx +image/vnd.adobe.photoshop psd +# image/vnd.airzip.accelerator.azv +# image/vnd.cns.inf2 +image/vnd.dece.graphic uvi uvvi uvg uvvg +image/vnd.djvu djvu djv +image/vnd.dvb.subtitle sub +image/vnd.dwg dwg +image/vnd.dxf dxf +image/vnd.fastbidsheet fbs +image/vnd.fpx fpx +image/vnd.fst fst +image/vnd.fujixerox.edmics-mmr mmr +image/vnd.fujixerox.edmics-rlc rlc +# image/vnd.globalgraphics.pgb +# image/vnd.microsoft.icon +# image/vnd.mix +# image/vnd.mozilla.apng +image/vnd.ms-modi mdi +image/vnd.ms-photo wdp +image/vnd.net-fpx npx +# image/vnd.radiance +# image/vnd.sealed.png +# image/vnd.sealedmedia.softseal.gif +# image/vnd.sealedmedia.softseal.jpg +# image/vnd.svf +# image/vnd.tencent.tap +# image/vnd.valve.source.texture +image/vnd.wap.wbmp wbmp +image/vnd.xiff xif +# image/vnd.zbrush.pcx +image/webp webp +# image/wmf +image/x-3ds 3ds +image/x-cmu-raster ras +image/x-cmx cmx +image/x-freehand fh fhc fh4 fh5 fh7 +image/x-icon ico +image/x-mrsid-image sid +image/x-pcx pcx +image/x-pict pic pct +image/x-portable-anymap pnm +image/x-portable-bitmap pbm +image/x-portable-graymap pgm +image/x-portable-pixmap ppm +image/x-rgb rgb +image/x-tga tga +image/x-xbitmap xbm +image/x-xpixmap xpm +image/x-xwindowdump xwd +# message/cpim +# message/delivery-status +# message/disposition-notification +# message/example +# message/external-body +# message/feedback-report +# message/global +# message/global-delivery-status +# message/global-disposition-notification +# message/global-headers +# message/http +# message/imdn+xml +# message/news +# message/partial +message/rfc822 eml mime +# message/s-http +# message/sip +# message/sipfrag +# message/tracking-status +# message/vnd.si.simp +# message/vnd.wfa.wsc +# model/example +# model/gltf+json +model/iges igs iges +model/mesh msh mesh silo +model/vnd.collada+xml dae +model/vnd.dwf dwf +# model/vnd.flatland.3dml +model/vnd.gdl gdl +# model/vnd.gs-gdl +# model/vnd.gs.gdl +model/vnd.gtw gtw +# model/vnd.moml+xml +model/vnd.mts mts +# model/vnd.opengex +# model/vnd.parasolid.transmit.binary +# model/vnd.parasolid.transmit.text +# model/vnd.rosette.annotated-data-model +# model/vnd.valve.source.compiled-map +model/vnd.vtu vtu +model/vrml wrl vrml +model/x3d+binary x3db x3dbz +# model/x3d+fastinfoset +model/x3d+vrml x3dv x3dvz +model/x3d+xml x3d x3dz +# model/x3d-vrml +# multipart/alternative +# multipart/appledouble +# multipart/byteranges +# multipart/digest +# multipart/encrypted +# multipart/example +# multipart/form-data +# multipart/header-set +# multipart/mixed +# multipart/parallel +# multipart/related +# multipart/report +# multipart/signed +# multipart/voice-message +# multipart/x-mixed-replace +# text/1d-interleaved-parityfec +text/cache-manifest appcache +text/calendar ics ifb +text/css css +text/csv csv +# text/csv-schema +# text/directory +# text/dns +# text/ecmascript +# text/encaprtp +# text/enriched +# text/example +# text/fwdred +# text/grammar-ref-list +text/html html htm +# text/javascript +# text/jcr-cnd +# text/markdown +# text/mizar +text/n3 n3 +# text/parameters +# text/parityfec +text/plain txt text conf def list log in +# text/provenance-notation +# text/prs.fallenstein.rst +text/prs.lines.tag dsc +# text/prs.prop.logic +# text/raptorfec +# text/red +# text/rfc822-headers +text/richtext rtx +# text/rtf +# text/rtp-enc-aescm128 +# text/rtploopback +# text/rtx +text/sgml sgml sgm +# text/t140 +text/tab-separated-values tsv +text/troff t tr roff man me ms +text/turtle ttl +# text/ulpfec +text/uri-list uri uris urls +text/vcard vcard +# text/vnd.a +# text/vnd.abc +text/vnd.curl curl +text/vnd.curl.dcurl dcurl +text/vnd.curl.mcurl mcurl +text/vnd.curl.scurl scurl +# text/vnd.debian.copyright +# text/vnd.dmclientscript +text/vnd.dvb.subtitle sub +# text/vnd.esmertec.theme-descriptor +text/vnd.fly fly +text/vnd.fmi.flexstor flx +text/vnd.graphviz gv +text/vnd.in3d.3dml 3dml +text/vnd.in3d.spot spot +# text/vnd.iptc.newsml +# text/vnd.iptc.nitf +# text/vnd.latex-z +# text/vnd.motorola.reflex +# text/vnd.ms-mediapackage +# text/vnd.net2phone.commcenter.command +# text/vnd.radisys.msml-basic-layout +# text/vnd.si.uricatalogue +text/vnd.sun.j2me.app-descriptor jad +# text/vnd.trolltech.linguist +# text/vnd.wap.si +# text/vnd.wap.sl +text/vnd.wap.wml wml +text/vnd.wap.wmlscript wmls +text/x-asm s asm +text/x-c c cc cxx cpp h hh dic +text/x-fortran f for f77 f90 +text/x-java-source java +text/x-nfo nfo +text/x-opml opml +text/x-pascal p pas +text/x-setext etx +text/x-sfv sfv +text/x-uuencode uu +text/x-vcalendar vcs +text/x-vcard vcf +# text/xml +# text/xml-external-parsed-entity +# video/1d-interleaved-parityfec +video/3gpp 3gp +# video/3gpp-tt +video/3gpp2 3g2 +# video/bmpeg +# video/bt656 +# video/celb +# video/dv +# video/encaprtp +# video/example +video/h261 h261 +video/h263 h263 +# video/h263-1998 +# video/h263-2000 +video/h264 h264 +# video/h264-rcdo +# video/h264-svc +# video/h265 +# video/iso.segment +video/jpeg jpgv +# video/jpeg2000 +video/jpm jpm jpgm +video/mj2 mj2 mjp2 +# video/mp1s +# video/mp2p +# video/mp2t +video/mp4 mp4 mp4v mpg4 +# video/mp4v-es +video/mpeg mpeg mpg mpe m1v m2v +# video/mpeg4-generic +# video/mpv +# video/nv +video/ogg ogv +# video/parityfec +# video/pointer +video/quicktime qt mov +# video/raptorfec +# video/raw +# video/rtp-enc-aescm128 +# video/rtploopback +# video/rtx +# video/smpte292m +# video/ulpfec +# video/vc1 +# video/vnd.cctv +video/vnd.dece.hd uvh uvvh +video/vnd.dece.mobile uvm uvvm +# video/vnd.dece.mp4 +video/vnd.dece.pd uvp uvvp +video/vnd.dece.sd uvs uvvs +video/vnd.dece.video uvv uvvv +# video/vnd.directv.mpeg +# video/vnd.directv.mpeg-tts +# video/vnd.dlna.mpeg-tts +video/vnd.dvb.file dvb +video/vnd.fvt fvt +# video/vnd.hns.video +# video/vnd.iptvforum.1dparityfec-1010 +# video/vnd.iptvforum.1dparityfec-2005 +# video/vnd.iptvforum.2dparityfec-1010 +# video/vnd.iptvforum.2dparityfec-2005 +# video/vnd.iptvforum.ttsavc +# video/vnd.iptvforum.ttsmpeg2 +# video/vnd.motorola.video +# video/vnd.motorola.videop +video/vnd.mpegurl mxu m4u +video/vnd.ms-playready.media.pyv pyv +# video/vnd.nokia.interleaved-multimedia +# video/vnd.nokia.videovoip +# video/vnd.objectvideo +# video/vnd.radgamettools.bink +# video/vnd.radgamettools.smacker +# video/vnd.sealed.mpeg1 +# video/vnd.sealed.mpeg4 +# video/vnd.sealed.swf +# video/vnd.sealedmedia.softseal.mov +video/vnd.uvvu.mp4 uvu uvvu +video/vnd.vivo viv +# video/vp8 +video/webm webm +video/x-f4v f4v +video/x-fli fli +video/x-flv flv +video/x-m4v m4v +video/x-matroska mkv mk3d mks +video/x-mng mng +video/x-ms-asf asf asx +video/x-ms-vob vob +video/x-ms-wm wm +video/x-ms-wmv wmv +video/x-ms-wmx wmx +video/x-ms-wvx wvx +video/x-msvideo avi +video/x-sgi-movie movie +video/x-smv smv +x-conference/x-cooltalk ice From c46f0bd7e817e17060a399aa513ea3f40979dc24 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:21:55 -0500 Subject: [PATCH 084/262] Status update, mostly functional --- templates/HTTPD/0/README.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/templates/HTTPD/0/README.md b/templates/HTTPD/0/README.md index 852140b..a244494 100644 --- a/templates/HTTPD/0/README.md +++ b/templates/HTTPD/0/README.md @@ -1,5 +1,11 @@ # httpd -### Will work on this in the future +https://docs.docker.com/samples/library/httpd/ -https://docs.docker.com/samples/library/httpd/ \ No newline at end of file + +### Status +Still container still does not like mounting httpd.conf for reasons I cannot seem to understand, whether it's by mounting the file directly, or the parent folder. +Getting the error message of it not being a regular file, along with "bad file descriptor". +Will eventually come back to this. + +As for right now, it works **WITHOUT** persistent configuration \ No newline at end of file From 6ebce7c89c77a9c5470575c4fe0f34ce4eafc7d7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:24:51 -0500 Subject: [PATCH 085/262] Added Apache httpd configuration reference --- templates/Nextcloud/0/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index e0ece46..e8fe31d 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -1,4 +1,8 @@ # Nextcloud ### Security Check -https://scan.nextcloud.com/ \ No newline at end of file +https://scan.nextcloud.com/ + + +### Apache Configuration Reference +https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html? \ No newline at end of file From 23574343b7f963097ee891836ff5e1c6a81c4023 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:34:55 -0500 Subject: [PATCH 086/262] Initial completed configuration --- templates/Nginx/0/docker-compose.yml | 44 +++++++++++++++++++++++ templates/Nginx/0/rancher-compose.yml | 51 +++++++++++++++++++++++++++ templates/Nginx/config.yml | 8 +++++ 3 files changed, 103 insertions(+) create mode 100644 templates/Nginx/0/docker-compose.yml create mode 100644 templates/Nginx/0/rancher-compose.yml create mode 100644 templates/Nginx/config.yml diff --git a/templates/Nginx/0/docker-compose.yml b/templates/Nginx/0/docker-compose.yml new file mode 100644 index 0000000..d27b7c9 --- /dev/null +++ b/templates/Nginx/0/docker-compose.yml @@ -0,0 +1,44 @@ +version: '2' + +services: + nginx: + image: nginx:alpine + dns: + - 1.1.1.1 + - 1.0.0.1 + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "80" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + networks: + - public-proxy + {{- if .Values.WEB_PORT}} + ports: + - "${WEB_PORT}:80" + {{- end}} + restart: on-failure + volumes: + {{- if eq .Values.PERSIST_CONF "true"}} + - /RancherCattle/${DATA_DIR}/Configuration/nginx.conf:/etc/nginx/nginx.conf + {{- end}} + - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/share/nginx/html + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/Nginx/0/rancher-compose.yml b/templates/Nginx/0/rancher-compose.yml new file mode 100644 index 0000000..6a7f35e --- /dev/null +++ b/templates/Nginx/0/rancher-compose.yml @@ -0,0 +1,51 @@ +version: '2' +catalog: + name: Nginx + version: latest + # description: + # minimum_rancher_version: + # maximum_rancher_version: + # upgrade_from: + questions: + + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Label Key/Value pair on the host which containers should be deployed + default: "host.id=Host1" + required: false + type: string + + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string + + - variable: "WEB_PORT" + label: "Web Port" + description: | + The port to locally access the web interface on. + Leaving this empty will disable opening any port on the host system. + default: "11000" + required: false + type: int + + - variable: "PERSIST_CONF" + label: "Persistent Configuration" + description: | + Have a persistent "nginx.conf" file. + default: true + required: true + type: boolean + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/Nginx" + required: true + type: string \ No newline at end of file diff --git a/templates/Nginx/config.yml b/templates/Nginx/config.yml new file mode 100644 index 0000000..e935336 --- /dev/null +++ b/templates/Nginx/config.yml @@ -0,0 +1,8 @@ +name: Nginx +description: | + Status: NOT READY +version: latest +# category: +maintainer: WilliamMiceli +# license: +# projectURL: \ No newline at end of file From cb65a043547962485a32d5ae5350b7c394c2f803 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:45:46 -0500 Subject: [PATCH 087/262] Persistent config cannot be optional --- templates/Nginx/0/docker-compose.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/Nginx/0/docker-compose.yml b/templates/Nginx/0/docker-compose.yml index d27b7c9..4bd10b8 100644 --- a/templates/Nginx/0/docker-compose.yml +++ b/templates/Nginx/0/docker-compose.yml @@ -34,10 +34,8 @@ services: {{- end}} restart: on-failure volumes: - {{- if eq .Values.PERSIST_CONF "true"}} - - /RancherCattle/${DATA_DIR}/Configuration/nginx.conf:/etc/nginx/nginx.conf - {{- end}} - - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/share/nginx/html + - /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx + - /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html networks: public-proxy: From 24636e5c0ce7f9c76ac8054cfa0eedfa6715dc3c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:46:00 -0500 Subject: [PATCH 088/262] Removed persistent config option --- templates/Nginx/0/rancher-compose.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/templates/Nginx/0/rancher-compose.yml b/templates/Nginx/0/rancher-compose.yml index 6a7f35e..8c17f28 100644 --- a/templates/Nginx/0/rancher-compose.yml +++ b/templates/Nginx/0/rancher-compose.yml @@ -34,14 +34,6 @@ catalog: required: false type: int - - variable: "PERSIST_CONF" - label: "Persistent Configuration" - description: | - Have a persistent "nginx.conf" file. - default: true - required: true - type: boolean - - variable: "DATA_DIR" label: "Data Directory" description: | From 8ead0543bea68a4c1a796246e6759f21ea9596e4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:46:15 -0500 Subject: [PATCH 089/262] Added official example for full nginx.conf --- templates/Nginx/0/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/Nginx/0/README.md b/templates/Nginx/0/README.md index f23bc92..3fa3929 100644 --- a/templates/Nginx/0/README.md +++ b/templates/Nginx/0/README.md @@ -2,4 +2,8 @@ ### Will continue this in the future -https://store.docker.com/_/nginx \ No newline at end of file +https://store.docker.com/_/nginx + + +### Full Example nginx.conf +https://www.nginx.com/resources/wiki/start/topics/examples/full/ \ No newline at end of file From e249d915aec960fb76fe19e57033e8f0d5b14c12 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 16:51:05 -0500 Subject: [PATCH 090/262] Added example files --- templates/Nginx/Examples/fastcgi.conf | 21 ++++++++ templates/Nginx/Examples/mime.types | 48 ++++++++++++++++++ templates/Nginx/Examples/nginx.conf | 70 +++++++++++++++++++++++++++ templates/Nginx/Examples/proxy.conf | 10 ++++ 4 files changed, 149 insertions(+) create mode 100644 templates/Nginx/Examples/fastcgi.conf create mode 100644 templates/Nginx/Examples/mime.types create mode 100644 templates/Nginx/Examples/nginx.conf create mode 100644 templates/Nginx/Examples/proxy.conf diff --git a/templates/Nginx/Examples/fastcgi.conf b/templates/Nginx/Examples/fastcgi.conf new file mode 100644 index 0000000..c2f509a --- /dev/null +++ b/templates/Nginx/Examples/fastcgi.conf @@ -0,0 +1,21 @@ +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_index index.php; + +fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nginx/Examples/mime.types b/templates/Nginx/Examples/mime.types new file mode 100644 index 0000000..62bd4b6 --- /dev/null +++ b/templates/Nginx/Examples/mime.types @@ -0,0 +1,48 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + text/plain txt; + text/x-component htc; + text/mathml mml; + image/png png; + image/x-icon ico; + image/x-jng jng; + image/vnd.wap.wbmp wbmp; + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/pdf pdf; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + application/octet-stream deb; + application/octet-stream bin exe dll; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + audio/mpeg mp3; + audio/x-realaudio ra; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-msvideo avi; + video/x-ms-wmv wmv; + video/x-ms-asf asx asf; + video/x-mng mng; +} \ No newline at end of file diff --git a/templates/Nginx/Examples/nginx.conf b/templates/Nginx/Examples/nginx.conf new file mode 100644 index 0000000..5fec6bc --- /dev/null +++ b/templates/Nginx/Examples/nginx.conf @@ -0,0 +1,70 @@ +user www www; ## Default: nobody +worker_processes 5; ## Default: 1 +error_log logs/error.log; +pid logs/nginx.pid; +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; ## Default: 1024 +} + +http { + include conf/mime.types; + include /etc/nginx/proxy.conf; + include /etc/nginx/fastcgi.conf; + index index.html index.htm index.php; + + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log logs/access.log main; + sendfile on; + tcp_nopush on; + server_names_hash_bucket_size 128; # this seems to be required for some vhosts + + server { # php/fastcgi + listen 80; + server_name domain1.com www.domain1.com; + access_log logs/domain1.access.log main; + root html; + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:1025; + } + } + + server { # simple reverse-proxy + listen 80; + server_name domain2.com www.domain2.com; + access_log logs/domain2.access.log main; + + # serve static files + location ~ ^/(images|javascript|js|css|flash|media|static)/ { + root /var/www/virtual/big.server.com/htdocs; + expires 30d; + } + + # pass requests for dynamic content to rails/turbogears/zope, et al + location / { + proxy_pass http://127.0.0.1:8080; + } + } + + upstream big_server_com { + server 127.0.0.3:8000 weight=5; + server 127.0.0.3:8001 weight=5; + server 192.168.0.1:8000; + server 192.168.0.1:8001; + } + + server { # simple load balancing + listen 80; + server_name big.server.com; + access_log logs/big.server.access.log main; + + location / { + proxy_pass http://big_server_com; + } + } +} \ No newline at end of file diff --git a/templates/Nginx/Examples/proxy.conf b/templates/Nginx/Examples/proxy.conf new file mode 100644 index 0000000..0906ee1 --- /dev/null +++ b/templates/Nginx/Examples/proxy.conf @@ -0,0 +1,10 @@ +proxy_redirect off; +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +client_max_body_size 10m; +client_body_buffer_size 128k; +proxy_connect_timeout 90; +proxy_send_timeout 90; +proxy_read_timeout 90; +proxy_buffers 32 4k; \ No newline at end of file From 6e08a183d0957ac036572f0c2c83bb804a50de4c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 17:03:25 -0500 Subject: [PATCH 091/262] Renamed folder; Added README.md --- templates/Nginx/Examples-Full/README.md | 3 +++ templates/Nginx/{Examples => Examples-Full}/fastcgi.conf | 0 templates/Nginx/{Examples => Examples-Full}/mime.types | 0 templates/Nginx/{Examples => Examples-Full}/nginx.conf | 0 templates/Nginx/{Examples => Examples-Full}/proxy.conf | 0 5 files changed, 3 insertions(+) create mode 100644 templates/Nginx/Examples-Full/README.md rename templates/Nginx/{Examples => Examples-Full}/fastcgi.conf (100%) rename templates/Nginx/{Examples => Examples-Full}/mime.types (100%) rename templates/Nginx/{Examples => Examples-Full}/nginx.conf (100%) rename templates/Nginx/{Examples => Examples-Full}/proxy.conf (100%) diff --git a/templates/Nginx/Examples-Full/README.md b/templates/Nginx/Examples-Full/README.md new file mode 100644 index 0000000..e815f80 --- /dev/null +++ b/templates/Nginx/Examples-Full/README.md @@ -0,0 +1,3 @@ +# Examples (Full) +These example files were directly copied from: +https://www.nginx.com/resources/wiki/start/topics/examples/full/ \ No newline at end of file diff --git a/templates/Nginx/Examples/fastcgi.conf b/templates/Nginx/Examples-Full/fastcgi.conf similarity index 100% rename from templates/Nginx/Examples/fastcgi.conf rename to templates/Nginx/Examples-Full/fastcgi.conf diff --git a/templates/Nginx/Examples/mime.types b/templates/Nginx/Examples-Full/mime.types similarity index 100% rename from templates/Nginx/Examples/mime.types rename to templates/Nginx/Examples-Full/mime.types diff --git a/templates/Nginx/Examples/nginx.conf b/templates/Nginx/Examples-Full/nginx.conf similarity index 100% rename from templates/Nginx/Examples/nginx.conf rename to templates/Nginx/Examples-Full/nginx.conf diff --git a/templates/Nginx/Examples/proxy.conf b/templates/Nginx/Examples-Full/proxy.conf similarity index 100% rename from templates/Nginx/Examples/proxy.conf rename to templates/Nginx/Examples-Full/proxy.conf From 0861f6fb6bad2041e372fbf72dd9cc8b5a359a3d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 17:40:09 -0500 Subject: [PATCH 092/262] Testing with config omitted --- templates/Nginx/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nginx/0/docker-compose.yml b/templates/Nginx/0/docker-compose.yml index 4bd10b8..a214a6e 100644 --- a/templates/Nginx/0/docker-compose.yml +++ b/templates/Nginx/0/docker-compose.yml @@ -34,7 +34,7 @@ services: {{- end}} restart: on-failure volumes: - - /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx +# - /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx - /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html networks: From 6227eb85afdb34eed3aca837d78542c7e2076dfe Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 17:45:46 -0500 Subject: [PATCH 093/262] Super happy to be wrong about needing pre-made config! I previously thought that a configuration was necessary, as I assumed that there was no built-in mode. But very happy to be wrong that it can absolutely be ran to serve static content without making your own nginx.conf file! --- templates/Nginx/0/docker-compose.yml | 4 +++- templates/Nginx/0/rancher-compose.yml | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/templates/Nginx/0/docker-compose.yml b/templates/Nginx/0/docker-compose.yml index a214a6e..0ac72a2 100644 --- a/templates/Nginx/0/docker-compose.yml +++ b/templates/Nginx/0/docker-compose.yml @@ -34,7 +34,9 @@ services: {{- end}} restart: on-failure volumes: -# - /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx + {{- if eq .Values.PERSIST_CONF "true"}} + - /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx + {{- end}} - /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html networks: diff --git a/templates/Nginx/0/rancher-compose.yml b/templates/Nginx/0/rancher-compose.yml index 8c17f28..e569f26 100644 --- a/templates/Nginx/0/rancher-compose.yml +++ b/templates/Nginx/0/rancher-compose.yml @@ -34,6 +34,14 @@ catalog: required: false type: int + - variable: "PERSIST_CONF" + label: "Persistent Configuration" + description: | + Have a persistent congiguration directory. + default: true + required: true + type: boolean + - variable: "DATA_DIR" label: "Data Directory" description: | From 4ae3f81d5e0a99d39d06f3a243c6bfba03e80828 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 18:04:58 -0500 Subject: [PATCH 094/262] Updated examples --- templates/Nginx/Examples-Full/README.md | 3 -- .../Nginx/Examples/Official-Full/README.md | 7 +++ .../Official-Full}/fastcgi.conf | 0 .../Official-Full}/mime.types | 0 .../Official-Full}/nginx.conf | 0 .../Official-Full}/proxy.conf | 0 .../Nginx/Examples/SimpleStatic/README.md | 3 ++ .../Nginx/Examples/SimpleStatic/mime.types | 48 +++++++++++++++++++ .../Nginx/Examples/SimpleStatic/nginx.conf | 25 ++++++++++ 9 files changed, 83 insertions(+), 3 deletions(-) delete mode 100644 templates/Nginx/Examples-Full/README.md create mode 100644 templates/Nginx/Examples/Official-Full/README.md rename templates/Nginx/{Examples-Full => Examples/Official-Full}/fastcgi.conf (100%) rename templates/Nginx/{Examples-Full => Examples/Official-Full}/mime.types (100%) rename templates/Nginx/{Examples-Full => Examples/Official-Full}/nginx.conf (100%) rename templates/Nginx/{Examples-Full => Examples/Official-Full}/proxy.conf (100%) create mode 100644 templates/Nginx/Examples/SimpleStatic/README.md create mode 100644 templates/Nginx/Examples/SimpleStatic/mime.types create mode 100644 templates/Nginx/Examples/SimpleStatic/nginx.conf diff --git a/templates/Nginx/Examples-Full/README.md b/templates/Nginx/Examples-Full/README.md deleted file mode 100644 index e815f80..0000000 --- a/templates/Nginx/Examples-Full/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Examples (Full) -These example files were directly copied from: -https://www.nginx.com/resources/wiki/start/topics/examples/full/ \ No newline at end of file diff --git a/templates/Nginx/Examples/Official-Full/README.md b/templates/Nginx/Examples/Official-Full/README.md new file mode 100644 index 0000000..2c5e5b7 --- /dev/null +++ b/templates/Nginx/Examples/Official-Full/README.md @@ -0,0 +1,7 @@ +# Full Configuration Example +These example files were directly copied from: +https://www.nginx.com/resources/wiki/start/topics/examples/full/ + +They are **NOT** configured for this configuration, simply a generic reference. + +Last updated: 9 December 2018 \ No newline at end of file diff --git a/templates/Nginx/Examples-Full/fastcgi.conf b/templates/Nginx/Examples/Official-Full/fastcgi.conf similarity index 100% rename from templates/Nginx/Examples-Full/fastcgi.conf rename to templates/Nginx/Examples/Official-Full/fastcgi.conf diff --git a/templates/Nginx/Examples-Full/mime.types b/templates/Nginx/Examples/Official-Full/mime.types similarity index 100% rename from templates/Nginx/Examples-Full/mime.types rename to templates/Nginx/Examples/Official-Full/mime.types diff --git a/templates/Nginx/Examples-Full/nginx.conf b/templates/Nginx/Examples/Official-Full/nginx.conf similarity index 100% rename from templates/Nginx/Examples-Full/nginx.conf rename to templates/Nginx/Examples/Official-Full/nginx.conf diff --git a/templates/Nginx/Examples-Full/proxy.conf b/templates/Nginx/Examples/Official-Full/proxy.conf similarity index 100% rename from templates/Nginx/Examples-Full/proxy.conf rename to templates/Nginx/Examples/Official-Full/proxy.conf diff --git a/templates/Nginx/Examples/SimpleStatic/README.md b/templates/Nginx/Examples/SimpleStatic/README.md new file mode 100644 index 0000000..e530b05 --- /dev/null +++ b/templates/Nginx/Examples/SimpleStatic/README.md @@ -0,0 +1,3 @@ +# Simple Static Content Example +This is an extremely simple configuration that works, close to what the default configuration would do. +This example does work with this Docker configuration, so it can simply be copied into the correct directory. \ No newline at end of file diff --git a/templates/Nginx/Examples/SimpleStatic/mime.types b/templates/Nginx/Examples/SimpleStatic/mime.types new file mode 100644 index 0000000..62bd4b6 --- /dev/null +++ b/templates/Nginx/Examples/SimpleStatic/mime.types @@ -0,0 +1,48 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + text/plain txt; + text/x-component htc; + text/mathml mml; + image/png png; + image/x-icon ico; + image/x-jng jng; + image/vnd.wap.wbmp wbmp; + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/pdf pdf; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + application/octet-stream deb; + application/octet-stream bin exe dll; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + audio/mpeg mp3; + audio/x-realaudio ra; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-msvideo avi; + video/x-ms-wmv wmv; + video/x-ms-asf asx asf; + video/x-mng mng; +} \ No newline at end of file diff --git a/templates/Nginx/Examples/SimpleStatic/nginx.conf b/templates/Nginx/Examples/SimpleStatic/nginx.conf new file mode 100644 index 0000000..c287728 --- /dev/null +++ b/templates/Nginx/Examples/SimpleStatic/nginx.conf @@ -0,0 +1,25 @@ +user nobody; +worker_processes 5; ## Default: 1 +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; ## Default: 1024 +} + +http { + include /etc/nginx/mime.types; + index index.html; + + default_type application/octet-stream; + sendfile on; + tcp_nopush on; + + server { + listen 80; + server_name _; + + # serve static files + location / { + root /usr/share/nginx/html; + } +} \ No newline at end of file From 986194c31a42f70d1490ccfed21976e187db9d14 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 18:06:54 -0500 Subject: [PATCH 095/262] Added final description --- templates/Nginx/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nginx/config.yml b/templates/Nginx/config.yml index e935336..ec6dc72 100644 --- a/templates/Nginx/config.yml +++ b/templates/Nginx/config.yml @@ -1,6 +1,6 @@ name: Nginx description: | - Status: NOT READY + A web server with a strong focus on high concurrency, performance and low memory usage. version: latest # category: maintainer: WilliamMiceli From d1bdd6b92becd9da31a485952474f359dbb01f4a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 18:15:56 -0500 Subject: [PATCH 096/262] Issues were on my part; fully functional and ready now --- templates/HTTPD/0/README.md | 10 +--------- templates/HTTPD/config.yml | 2 +- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/templates/HTTPD/0/README.md b/templates/HTTPD/0/README.md index a244494..dea353a 100644 --- a/templates/HTTPD/0/README.md +++ b/templates/HTTPD/0/README.md @@ -1,11 +1,3 @@ # httpd -https://docs.docker.com/samples/library/httpd/ - - -### Status -Still container still does not like mounting httpd.conf for reasons I cannot seem to understand, whether it's by mounting the file directly, or the parent folder. -Getting the error message of it not being a regular file, along with "bad file descriptor". -Will eventually come back to this. - -As for right now, it works **WITHOUT** persistent configuration \ No newline at end of file +https://docs.docker.com/samples/library/httpd/ \ No newline at end of file diff --git a/templates/HTTPD/config.yml b/templates/HTTPD/config.yml index bbde47f..6be1b16 100644 --- a/templates/HTTPD/config.yml +++ b/templates/HTTPD/config.yml @@ -1,6 +1,6 @@ name: Apache httpd description: | - Status: NOT READY + A Web server application notable for playing a key role in the initial growth of the World Wide Web. version: latest # category: maintainer: WilliamMiceli From acca7d3efaf5d31c55e5724ca68ae829b53c1a48 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 19:37:20 -0500 Subject: [PATCH 097/262] Initial complete creation of fpm and alpine setup Many changes --- templates/Nextcloud/0/README.md | 5 +- templates/Nextcloud/0/docker-compose.yml | 101 ++++++++++++---------- templates/Nextcloud/0/rancher-compose.yml | 5 +- 3 files changed, 63 insertions(+), 48 deletions(-) diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index e8fe31d..0d177e1 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -5,4 +5,7 @@ https://scan.nextcloud.com/ ### Apache Configuration Reference -https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html? \ No newline at end of file +https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html? + +### To-Do's +* Explain how to manually setup Redis \ No newline at end of file diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 78d3022..ba2e3a3 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -1,47 +1,6 @@ version: '2' services: - httpd: - image: httpd:alpine - dns: - - 1.1.1.1 - - 1.0.0.1 - labels: - io.rancher.container.pull_image: always - {{- if .Values.HOST_LABEL}} - io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} - {{- end}} - io.rancher.sidekicks: nextcloud - {{- if .Values.TRAEFIK_HOST}} - traefik.enable: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.frontend.entryPoints: http # ,https - # traefik.frontend.headers.forceSTSHeader: true - # traefik.frontend.headers.SSLRedirect: true - # traefik.frontend.headers.STSPreload: true - # traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "80" - {{- else}} - traefik.enable: false - {{- end}} - links: - - mysql - - nextcloud - {{- if eq .Values.REDIS "true"}} - - redis - {{- end}} - networks: - - public-proxy - ports: - - "${WEB_PORT}:80" - restart: on-failure - volumes: - - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Application:/usr/local/apache2/htdocs -# - /RancherCattleConfig/${DATA_DIR}/httpd:/usr/local/apache2/conf - - /RancherCattleData/${DATA_DIR}/Application:/var/www/html - - /RancherCattleData/${DATA_DIR}/UserData:/var/www/html/data nextcloud: image: nextcloud:fpm-alpine dns: @@ -55,6 +14,7 @@ services: NEXTCLOUD_ADMIN_USER: ${NC_ADMIN} NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS} expose: + - "80" - "9000" labels: io.rancher.container.pull_image: always @@ -65,14 +25,59 @@ services: - public-proxy restart: on-failure volumes_from: - - httpd + - nginx + nginx: + image: nginx:alpine + dns: + - 1.1.1.1 + - 1.0.0.1 + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + io.rancher.sidekicks: nextcloud + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "80" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + links: + - mysql + - nextcloud + {{- if eq .Values.REDIS "true"}} + - redis + {{- end}} + networks: + - public-proxy + {{- if .Values.WEB_PORT}} + ports: + - "${WEB_PORT}:80" + {{- end}} + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx + - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html + - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data mysql: image: mysql:5 dns: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DATABASE: nextcloud + MYSQL_DATABASE: nextcloud # Will rename this to "nextcloud_db" in the future. MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} @@ -81,11 +86,15 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + networks: + db-admin: + aliases: + - nextcloud # This should allow access from "mysql.nextcloud.rancher.internal" restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} redis: image: redis:latest @@ -100,5 +109,7 @@ services: {{- end}} networks: + db-admin: + external: true # Created by phpMyAdmin stack public-proxy: - external: true \ No newline at end of file + external: true # Created by Traefik stack \ No newline at end of file diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index 0f52a7b..ea4de32 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -29,9 +29,10 @@ catalog: label: "Web Port" description: | The port to locally access the web interface on. + Leaving this empty will disable opening any port on the host system. default: "10100" - required: true - type: string + required: false + type: int - variable: "DB_ROOT_PASS" label: "MySQL Root Password" From 3b6a342fb1231d90a4ddf3ec88005821ad233081 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 20:23:15 -0500 Subject: [PATCH 098/262] Added pre-configured files --- templates/Nextcloud/Resources/README.md | 5 + templates/Nextcloud/Resources/mime.types | 48 +++++++++ templates/Nextcloud/Resources/nginx.conf | 119 +++++++++++++++++++++++ 3 files changed, 172 insertions(+) create mode 100644 templates/Nextcloud/Resources/README.md create mode 100644 templates/Nextcloud/Resources/mime.types create mode 100644 templates/Nextcloud/Resources/nginx.conf diff --git a/templates/Nextcloud/Resources/README.md b/templates/Nextcloud/Resources/README.md new file mode 100644 index 0000000..1f24674 --- /dev/null +++ b/templates/Nextcloud/Resources/README.md @@ -0,0 +1,5 @@ +# Default Configured Files +nginx.conf and mime.types to be put in the Configuration/NGINX directory. + +Included nginx.conf has only a few minor tweaks from the one located here: +https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx \ No newline at end of file diff --git a/templates/Nextcloud/Resources/mime.types b/templates/Nextcloud/Resources/mime.types new file mode 100644 index 0000000..62bd4b6 --- /dev/null +++ b/templates/Nextcloud/Resources/mime.types @@ -0,0 +1,48 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + text/plain txt; + text/x-component htc; + text/mathml mml; + image/png png; + image/x-icon ico; + image/x-jng jng; + image/vnd.wap.wbmp wbmp; + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/pdf pdf; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + application/octet-stream deb; + application/octet-stream bin exe dll; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + audio/mpeg mp3; + audio/x-realaudio ra; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-msvideo avi; + video/x-ms-wmv wmv; + video/x-ms-asf asx asf; + video/x-mng mng; +} \ No newline at end of file diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf new file mode 100644 index 0000000..c6fd4ad --- /dev/null +++ b/templates/Nextcloud/Resources/nginx.conf @@ -0,0 +1,119 @@ +user www-data; +worker_processes 4; ## Default: 1 +# worker_rlimit_nofile 8192; + +#error_log /var/log/nginx/error.log warn; +#pid /var/run/nginx.pid; + +events { + worker_connections 1024; ## Default: 1024 +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; +# access_log /var/log/nginx/access.log main; + sendfile on; + tcp_nopush on; +# keepalive_timeout 65; + upstream php-handler { + server nextcloud:9000; + } + server { + listen 80; + server_name _; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/nextcloud/; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 1G; # Previous: "512M" + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php$request_uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + # fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff2?|svg|gif)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + # Optional: Don't log access to assets + access_log off; + } + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$request_uri; + # Optional: Don't log access to other assets + access_log off; + } + } +} \ No newline at end of file From de7a4cec8e0b4162d63325e98827be7a8b6b0784 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 20:23:38 -0500 Subject: [PATCH 099/262] Various minor additions --- templates/Nextcloud/0/docker-compose.yml | 8 +++++--- templates/Nextcloud/0/rancher-compose.yml | 10 ++-------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index ba2e3a3..398c47c 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -68,9 +68,11 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx - - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html - - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data + - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files + - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files + - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps + - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site + - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file mysql: image: mysql:5 dns: diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index ea4de32..f9dbd1e 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -78,12 +78,6 @@ catalog: label: "Data Directory" description: | The directory to store persistent data for the stack. - default: "Personal/Nextcloud-Experimental" + default: "Personal-Experimental/Nextcloud" required: true - type: string - -services: - nextcloud: - scale: 1 - mysql: - scale: 1 \ No newline at end of file + type: string \ No newline at end of file From e09274940af325e91db2cd238e2af04e4afe4bc0 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 21:43:40 -0500 Subject: [PATCH 100/262] Made a few minor adjustments; added fastcgi.conf --- templates/Nextcloud/Resources/fastcgi.conf | 21 +++++++++++++++++++++ templates/Nextcloud/Resources/nginx.conf | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 templates/Nextcloud/Resources/fastcgi.conf diff --git a/templates/Nextcloud/Resources/fastcgi.conf b/templates/Nextcloud/Resources/fastcgi.conf new file mode 100644 index 0000000..c2f509a --- /dev/null +++ b/templates/Nextcloud/Resources/fastcgi.conf @@ -0,0 +1,21 @@ +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_index index.php; + +fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index c6fd4ad..b99a1d0 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -69,7 +69,7 @@ http { } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - include fastcgi_params; + include fastcgi.conf; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; # fastcgi_param HTTPS on; From e51618802f0034226a2bfe2c4a62d1839f7ba85d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 21:44:12 -0500 Subject: [PATCH 101/262] Changed back to string, as int was unnecessary --- templates/Nextcloud/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index f9dbd1e..5158688 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -32,7 +32,7 @@ catalog: Leaving this empty will disable opening any port on the host system. default: "10100" required: false - type: int + type: string - variable: "DB_ROOT_PASS" label: "MySQL Root Password" From fe696b4679aa495f49d693c15d625caf50c41031 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 21:44:31 -0500 Subject: [PATCH 102/262] Testing without alpine, may not be possible to use --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 398c47c..e250bde 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -27,7 +27,7 @@ services: volumes_from: - nginx nginx: - image: nginx:alpine + image: nginx:latest # :alpine dns: - 1.1.1.1 - 1.0.0.1 From 8e87382743499eae04064ee568eea668e9c82d68 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 21:57:17 -0500 Subject: [PATCH 103/262] Added some comments --- templates/Nextcloud/0/docker-compose.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index e250bde..4c16d3b 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -3,7 +3,7 @@ version: '2' services: nextcloud: image: nextcloud:fpm-alpine - dns: + dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 environment: @@ -27,8 +27,8 @@ services: volumes_from: - nginx nginx: - image: nginx:latest # :alpine - dns: + image: nginx:latest # Can't use ":alpine" until I have a way to get the "www-data" user added automatically. (Project for another time) + dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 labels: @@ -75,7 +75,7 @@ services: - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file mysql: image: mysql:5 - dns: + dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 environment: @@ -100,7 +100,7 @@ services: {{- if eq .Values.REDIS "true"}} redis: image: redis:latest - dns: + dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 labels: @@ -108,6 +108,9 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system {{- end}} networks: From 2d3f943ca5a6854bbe7a5524d16c315ec20f1b97 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 9 Dec 2018 21:57:39 -0500 Subject: [PATCH 104/262] Will continue debugging later --- templates/Nextcloud/Resources/nginx.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index b99a1d0..861d6e6 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -57,6 +57,10 @@ http { # This module is currently not supported. #pagespeed off; +# Will test later +# error_page 403 /core/templates/403.php; +# error_page 404 /core/templates/404.php; + location / { rewrite ^ /index.php$request_uri; } @@ -67,6 +71,7 @@ http { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } +############################################################################################################################### Suspected current issue location location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; include fastcgi.conf; From 5568cb360de7b06e464b2018ba47c18a90572fc5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 10 Dec 2018 14:39:31 -0500 Subject: [PATCH 105/262] Testing changes --- templates/Nextcloud/Resources/fastcgi.conf | 21 --------------- templates/Nextcloud/Resources/fastcgi_params | 27 ++++++++++++++++++++ templates/Nextcloud/Resources/nginx.conf | 17 ++++++++---- 3 files changed, 39 insertions(+), 26 deletions(-) delete mode 100644 templates/Nextcloud/Resources/fastcgi.conf create mode 100644 templates/Nextcloud/Resources/fastcgi_params diff --git a/templates/Nextcloud/Resources/fastcgi.conf b/templates/Nextcloud/Resources/fastcgi.conf deleted file mode 100644 index c2f509a..0000000 --- a/templates/Nextcloud/Resources/fastcgi.conf +++ /dev/null @@ -1,21 +0,0 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -fastcgi_index index.php; - -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/Resources/fastcgi_params b/templates/Nextcloud/Resources/fastcgi_params new file mode 100644 index 0000000..14e5ac6 --- /dev/null +++ b/templates/Nextcloud/Resources/fastcgi_params @@ -0,0 +1,27 @@ +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param PATH_INFO $fastcgi_path_info; +fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_param HTTPS $https; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index 861d6e6..82ddf1c 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -27,7 +27,7 @@ http { fastcgi_hide_header X-Powered-By; # Path to the root of your installation - root /var/www/nextcloud/; + root /var/www/html/; location = /robots.txt { allow all; @@ -71,17 +71,24 @@ http { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } -############################################################################################################################### Suspected current issue location location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - include fastcgi.conf; + + # Mitigate https://httpoxy.org/ vulnerabilities + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass php-handler; + fastcgi_index index.php; + + # include the fastcgi_param setting + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; - # fastcgi_param HTTPS on; + # fastcgi_param HTTPS on; # Handled through Traefik #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; - fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } From bbfe6b3b54d7f912d19ab68bbfd90231466bb195 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 10 Dec 2018 15:55:04 -0500 Subject: [PATCH 106/262] Added reminder for future instructions --- templates/Nextcloud/0/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 0d177e1..212758b 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -7,5 +7,9 @@ https://scan.nextcloud.com/ ### Apache Configuration Reference https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html? +### Setup trusted domains on first startup +https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains + + ### To-Do's * Explain how to manually setup Redis \ No newline at end of file From 4162d8130fcdbd6e7f557e050f4c8b0b5702867c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 10 Dec 2018 15:55:30 -0500 Subject: [PATCH 107/262] Fixed a few things; site accessible now; no images yet --- templates/Nextcloud/Resources/nginx.conf | 55 ++++++++++-------------- 1 file changed, 23 insertions(+), 32 deletions(-) diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index 82ddf1c..379e00e 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -29,17 +29,6 @@ http { # Path to the root of your installation root /var/www/html/; - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } # set max upload size client_max_body_size 1G; # Previous: "512M" @@ -53,6 +42,14 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + # Add headers to serve security related headers + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; @@ -61,10 +58,24 @@ http { # error_page 403 /core/templates/403.php; # error_page 404 /core/templates/404.php; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/webfinger { + return 301 $scheme://$host/public.php?service=webfinger; + } location / { rewrite ^ /index.php$request_uri; } - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } @@ -85,8 +96,6 @@ http { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; - # fastcgi_param HTTPS on; # Handled through Traefik - #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_intercept_errors on; @@ -101,24 +110,6 @@ http { location ~ \.(?:css|js|woff2?|svg|gif)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - # Optional: Don't log access to assets access_log off; } From 561b808f68cb62662b8b403e1f25b749e65483ba Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 10 Dec 2018 15:59:22 -0500 Subject: [PATCH 108/262] Removed webfinger --- templates/Nextcloud/Resources/nginx.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index 379e00e..b7dcd16 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -70,9 +70,6 @@ http { location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } - location = /.well-known/webfinger { - return 301 $scheme://$host/public.php?service=webfinger; - } location / { rewrite ^ /index.php$request_uri; } From cc50b09dbad6eab63a0f1702f8da4634c1eacaec Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 21:48:56 -0500 Subject: [PATCH 109/262] Initial completed configuration --- templates/XWiki/0/docker-compose.yml | 79 +++++++++++++++++++++++++++ templates/XWiki/0/rancher-compose.yml | 59 ++++++++++++++++++++ templates/XWiki/config.yml | 8 +++ 3 files changed, 146 insertions(+) create mode 100644 templates/XWiki/0/docker-compose.yml create mode 100644 templates/XWiki/0/rancher-compose.yml create mode 100644 templates/XWiki/config.yml diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml new file mode 100644 index 0000000..27a34b4 --- /dev/null +++ b/templates/XWiki/0/docker-compose.yml @@ -0,0 +1,79 @@ +version: '2' + +services: + xwiki: + image: xwiki:stable-postgres-tomcat + container_name: xwiki + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + DB_HOST: postgresql + DB_DATABASE: xwiki + DB_USER: xwiki_user + DB_PASSWORD: ${DB_USER_PASS} + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "8080" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + links: + - postgresql # Using links because "depends_on" does not work in Rancher 1.6 + networks: + - public-proxy + {{- if .Values.WEB_PORT}} + ports: + - "${WEB_PORT}:8080" + {{- end}} + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki + postgresql: + image: postgres:9.5 + container_name: postgresql + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + POSTGRES_INITDB_ARGS: "--encoding=UTF8" + POSTGRES_DATABASE: xwiki + POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} + POSTGRES_USER: xwiki_user + POSTGRES_PASSWORD: ${DB_USER_PASS} + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + networks: + db-admin: + aliases: + - xwiki + restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data + +networks: + db-admin: + external: true + public-proxy: + external: true \ No newline at end of file diff --git a/templates/XWiki/0/rancher-compose.yml b/templates/XWiki/0/rancher-compose.yml new file mode 100644 index 0000000..2a52c70 --- /dev/null +++ b/templates/XWiki/0/rancher-compose.yml @@ -0,0 +1,59 @@ +version: '2' +catalog: + name: XWiki + version: latest + # description: + # minimum_rancher_version: + # maximum_rancher_version: + # upgrade_from: + questions: + + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Label Key/Value pair on the host which containers should be deployed + default: "host.id=Host1" + required: false + type: string + + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string + + - variable: "WEB_PORT" + label: "Web Port" + description: | + The port to locally access the web interface on. + Leaving this empty will disable opening any port on the host system. + default: "11100" + required: true + type: string # "Int" sometimes causes problems, and not a huge issue + + - variable: "DB_ROOT_PASS" + label: "Database Root Password" + description: | + A secure password to be used by the "root" MySQL user. + # default: + required: true + type: password + + - variable: "DB_USER_PASS" + label: "Database User Password" + description: | + A secure password to be used by the "xwiki_user" MySQL user. + # default: + required: true + type: password + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/XWiki" + required: true + type: string \ No newline at end of file diff --git a/templates/XWiki/config.yml b/templates/XWiki/config.yml new file mode 100644 index 0000000..ed31e90 --- /dev/null +++ b/templates/XWiki/config.yml @@ -0,0 +1,8 @@ +name: XWiki +description: | + Status: EXPERIMENTAL +version: latest +category: Wiki +maintainer: WilliamMiceli +# license: +# projectURL: \ No newline at end of file From 83bfb2af69180cdff881fc8ffab339364a38d5e1 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 22:02:27 -0500 Subject: [PATCH 110/262] Trying later version --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 27a34b4..ac79342 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -46,7 +46,7 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki postgresql: - image: postgres:9.5 + image: postgres:latest container_name: postgresql dns: - 1.1.1.1 From 57f5a718d5e59294430de5781c5be4e5d159a7c2 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 22:02:41 -0500 Subject: [PATCH 111/262] Fixed variable name --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index ac79342..0545fb2 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -53,7 +53,7 @@ services: - 1.0.0.1 environment: POSTGRES_INITDB_ARGS: "--encoding=UTF8" - POSTGRES_DATABASE: xwiki + POSTGRES_DB: xwiki POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} POSTGRES_USER: xwiki_user POSTGRES_PASSWORD: ${DB_USER_PASS} From 2e39193ea556fd2fda34b16931b731debb7777ca Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 22:20:26 -0500 Subject: [PATCH 112/262] Testing different data location This is to try and get around a possible permissions issue --- templates/XWiki/0/docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 0545fb2..b209d77 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -52,6 +52,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: + PGDATA: /postgresql/data POSTGRES_INITDB_ARGS: "--encoding=UTF8" POSTGRES_DB: xwiki POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} @@ -70,7 +71,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data + - /RancherCattle/${DATA_DIR}/Database:/postgresql/data networks: db-admin: From 5aa439b5d3a23ed80a776b1d18cf1475a8bc6057 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 22:31:10 -0500 Subject: [PATCH 113/262] Trying without initialization arguments --- templates/XWiki/0/docker-compose.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index b209d77..179c683 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -52,8 +52,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - PGDATA: /postgresql/data - POSTGRES_INITDB_ARGS: "--encoding=UTF8" + # POSTGRES_INITDB_ARGS: "--encoding=UTF8" POSTGRES_DB: xwiki POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} POSTGRES_USER: xwiki_user @@ -71,7 +70,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/postgresql/data + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data networks: db-admin: From 11ce9c46d39b5d3cf022a875082f65c526090cd6 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 22:35:28 -0500 Subject: [PATCH 114/262] Added temporary file directory --- templates/XWiki/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 179c683..86254f0 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -71,6 +71,7 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data + - /RancherCattle/${DATA_DIR}/Temp:/var/run/postgresql networks: db-admin: From 4a737bfe5ae219b9b0bb1ff0e7ecedbd16d492ac Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 22:51:56 -0500 Subject: [PATCH 115/262] Found workaround for PostgreSQL issue --- templates/XWiki/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 86254f0..0f8a3ce 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -46,13 +46,13 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki postgresql: - image: postgres:latest + image: postgres:alpine container_name: postgresql dns: - 1.1.1.1 - 1.0.0.1 environment: - # POSTGRES_INITDB_ARGS: "--encoding=UTF8" + POSTGRES_INITDB_ARGS: "--encoding=UTF8" POSTGRES_DB: xwiki POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} POSTGRES_USER: xwiki_user @@ -71,7 +71,7 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - - /RancherCattle/${DATA_DIR}/Temp:/var/run/postgresql + - /RancherCattle/${DATA_DIR}/Temp:/var/run/postgresql # Band-aid for PostgreSQL issue of being "out of space" networks: db-admin: From 294a37c27f50a9fe93ce7aea58be10ac1ba137e8 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 23:21:12 -0500 Subject: [PATCH 116/262] Bug fixing testing --- templates/XWiki/0/docker-compose.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 0f8a3ce..f393e60 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -52,7 +52,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - POSTGRES_INITDB_ARGS: "--encoding=UTF8" + POSTGRES_INITDB_ARGS: "--encoding=UTF8 -k ''" # UTF8 Encoding and disable listening on unix socket POSTGRES_DB: xwiki POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} POSTGRES_USER: xwiki_user @@ -71,7 +71,8 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - - /RancherCattle/${DATA_DIR}/Temp:/var/run/postgresql # Band-aid for PostgreSQL issue of being "out of space" + - /RancherCattle/${DATA_DIR}/Temp1:/var/run/postgresql # Band-aid for PostgreSQL issue of being "out of space" + - /RancherCattle/${DATA_DIR}/Temp2:/usr/local/pgsql # Attempt to fix minor issue networks: db-admin: From cab8db05c8e93f778a54122b990441ee09e7468e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 23:26:26 -0500 Subject: [PATCH 117/262] Testing --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index f393e60..5ff4615 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -52,7 +52,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - POSTGRES_INITDB_ARGS: "--encoding=UTF8 -k ''" # UTF8 Encoding and disable listening on unix socket + POSTGRES_INITDB_ARGS: "--encoding=UTF8 -k \"\"" # UTF8 Encoding and disable listening on unix socket POSTGRES_DB: xwiki POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} POSTGRES_USER: xwiki_user From f90fa64dfb9a720d856a04eaeb4ea5770476584f Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 23:34:54 -0500 Subject: [PATCH 118/262] Removed for now --- templates/XWiki/0/README.md | 6 +++++- templates/XWiki/0/docker-compose.yml | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/templates/XWiki/0/README.md b/templates/XWiki/0/README.md index 9bea272..d068197 100644 --- a/templates/XWiki/0/README.md +++ b/templates/XWiki/0/README.md @@ -2,4 +2,8 @@ ### Will continue this later -https://store.docker.com/_/xwiki \ No newline at end of file +https://store.docker.com/_/xwiki + + +# TODO +* Look into disabling listening on unix socket, as it's not needed, and the workaround is required for it \ No newline at end of file diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 5ff4615..48e2f75 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -52,7 +52,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - POSTGRES_INITDB_ARGS: "--encoding=UTF8 -k \"\"" # UTF8 Encoding and disable listening on unix socket + POSTGRES_INITDB_ARGS: "--encoding=UTF8" POSTGRES_DB: xwiki POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} POSTGRES_USER: xwiki_user From b4772d66094459fad8b6be5e079bfaba7ccbeafb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 23:40:23 -0500 Subject: [PATCH 119/262] Did not fix minor issue --- templates/XWiki/0/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 48e2f75..96a1882 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -72,7 +72,6 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - /RancherCattle/${DATA_DIR}/Temp1:/var/run/postgresql # Band-aid for PostgreSQL issue of being "out of space" - - /RancherCattle/${DATA_DIR}/Temp2:/usr/local/pgsql # Attempt to fix minor issue networks: db-admin: From a8884a8e7e5e6b5f688fb7270a01da022ff5ff5a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 17 Dec 2018 23:40:46 -0500 Subject: [PATCH 120/262] Small rename --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 96a1882..0f8a3ce 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -71,7 +71,7 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - - /RancherCattle/${DATA_DIR}/Temp1:/var/run/postgresql # Band-aid for PostgreSQL issue of being "out of space" + - /RancherCattle/${DATA_DIR}/Temp:/var/run/postgresql # Band-aid for PostgreSQL issue of being "out of space" networks: db-admin: From 2c6ec7a777a9ec67d916299490cd8b159d7456d1 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 11:09:21 -0500 Subject: [PATCH 121/262] Switched to MySQL --- templates/XWiki/0/docker-compose.yml | 23 +++++++++--------- templates/XWiki/Configuration/xwiki.cnf | 31 +++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 12 deletions(-) create mode 100644 templates/XWiki/Configuration/xwiki.cnf diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 0f8a3ce..fe6ccdb 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -2,13 +2,13 @@ version: '2' services: xwiki: - image: xwiki:stable-postgres-tomcat + image: xwiki:latest container_name: xwiki dns: - 1.1.1.1 - 1.0.0.1 environment: - DB_HOST: postgresql + DB_HOST: mysql DB_DATABASE: xwiki DB_USER: xwiki_user DB_PASSWORD: ${DB_USER_PASS} @@ -45,18 +45,17 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki - postgresql: - image: postgres:alpine - container_name: postgresql + mysql: + image: mysql:5.7 + container_name: mysql dns: - 1.1.1.1 - 1.0.0.1 environment: - POSTGRES_INITDB_ARGS: "--encoding=UTF8" - POSTGRES_DB: xwiki - POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} - POSTGRES_USER: xwiki_user - POSTGRES_PASSWORD: ${DB_USER_PASS} + MYSQL_DATABASE: xwiki + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: xwiki_user + MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -70,8 +69,8 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - - /RancherCattle/${DATA_DIR}/Temp:/var/run/postgresql # Band-aid for PostgreSQL issue of being "out of space" + - /RancherCattle/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql networks: db-admin: diff --git a/templates/XWiki/Configuration/xwiki.cnf b/templates/XWiki/Configuration/xwiki.cnf new file mode 100644 index 0000000..9c14b16 --- /dev/null +++ b/templates/XWiki/Configuration/xwiki.cnf @@ -0,0 +1,31 @@ +# --------------------------------------------------------------------------- +# See the NOTICE file distributed with this work for additional +# information regarding copyright ownership. +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as +# published by the Free Software Foundation; either version 2.1 of +# the License, or (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this software; if not, write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +# 02110-1301 USA, or see the FSF site: http://www.fsf.org. +# --------------------------------------------------------------------------- + +[client] +default-character-set = utf8 + +[mysqld] +character-set-server = utf8 +collation-server = utf8_bin +explicit_defaults_for_timestamp = 1 + +[mysql] +default-character-set = utf8 + From 81dd776c5ce42d57f2bec3b221d13cef1686f494 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 11:11:31 -0500 Subject: [PATCH 122/262] Updated link --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index fe6ccdb..a51441d 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -33,7 +33,7 @@ services: traefik.enable: false {{- end}} links: - - postgresql # Using links because "depends_on" does not work in Rancher 1.6 + - mysql # Using links because "depends_on" does not work in Rancher 1.6 networks: - public-proxy {{- if .Values.WEB_PORT}} From 60569afbca24de4939885b070442f7273b0f9e81 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 11:24:22 -0500 Subject: [PATCH 123/262] Trying something --- templates/XWiki/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index a51441d..22b9231 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -44,7 +44,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki + - /RancherCattleData/${DATA_DIR}/Application:/usr/local/xwiki mysql: image: mysql:5.7 container_name: mysql @@ -69,8 +69,8 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf - - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattleData/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql networks: db-admin: From d2c032c789c97d719000ff9b2bf4d396d9f40b1a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 11:33:50 -0500 Subject: [PATCH 124/262] Testing --- templates/XWiki/0/docker-compose.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 22b9231..a9b93b3 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -69,8 +69,9 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Temp:/var/run/mysqld/ # Temporary fix for socket issue networks: db-admin: From 09dc554355aad70f00f15cfac5a1bd6cd83d21c4 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 13:29:32 -0500 Subject: [PATCH 125/262] Testing with default configuration --- templates/XWiki/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index a9b93b3..82f7b73 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -69,9 +69,9 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf +# - /RancherCattle/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql - - /RancherCattle/${DATA_DIR}/Temp:/var/run/mysqld/ # Temporary fix for socket issue +# - /RancherCattle/${DATA_DIR}/Temp:/var/run/mysqld/ # Temporary fix for socket issue networks: db-admin: From 09b9533e17adccf77126a58988573399becd8453 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 13:30:55 -0500 Subject: [PATCH 126/262] Reverted directory for Application --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 82f7b73..4a33541 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -44,7 +44,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Application:/usr/local/xwiki + - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki mysql: image: mysql:5.7 container_name: mysql From e767fc4fb6e521688f57aefd01f6aa8c5e5b6a6b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 13:51:11 -0500 Subject: [PATCH 127/262] Removing container names --- templates/XWiki/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 4a33541..d948780 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -3,7 +3,7 @@ version: '2' services: xwiki: image: xwiki:latest - container_name: xwiki +# container_name: xwiki dns: - 1.1.1.1 - 1.0.0.1 @@ -47,7 +47,7 @@ services: - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki mysql: image: mysql:5.7 - container_name: mysql +# container_name: mysql dns: - 1.1.1.1 - 1.0.0.1 From 099394b08a7ea13ca17a4b01904cc150b810d784 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 23:18:57 -0500 Subject: [PATCH 128/262] Using new directory --- templates/Bind/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Bind/0/docker-compose.yml b/templates/Bind/0/docker-compose.yml index 0b922a6..456023a 100644 --- a/templates/Bind/0/docker-compose.yml +++ b/templates/Bind/0/docker-compose.yml @@ -23,4 +23,4 @@ services: {{- end}} restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Data:/data \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Data:/data \ No newline at end of file From 5ac76de4338d6e6f51d415d3f4c6b24e400c217d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 23:23:57 -0500 Subject: [PATCH 129/262] Bringing it up to standards, ready for master --- templates/WordPress/0/docker-compose.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index 223b839..9a44587 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -10,7 +10,7 @@ services: WORDPRESS_DB_HOST: mysql WORDPRESS_DB_USER: wordpress_user WORDPRESS_DB_PASSWORD: ${DB_USER_PASS} - WORDPRESS_DB_NAME: wordpress + WORDPRESS_DB_NAME: wordpress # Will eventually rename this to "wordpress_db" labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -32,18 +32,22 @@ services: - mysql networks: - public-proxy + {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" + {{- end}} restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Application:/var/www/html + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Application:/var/www/html mysql: image: mysql:5 dns: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DATABASE: wordpress + MYSQL_DATABASE: wordpress # Will eventually rename this to "wordpress_db" MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_USER: wordpress_user MYSQL_PASSWORD: ${DB_USER_PASS} @@ -52,12 +56,18 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + networks: + db-admin: + aliases: + - wordpress restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql networks: + db-admin: + external: true public-proxy: external: true \ No newline at end of file From 925bbd5b943cc53ae7f666dcfb6c49ab469a7987 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 23:36:26 -0500 Subject: [PATCH 130/262] Modified persistent data directories --- templates/InvoiceNinja/0/docker-compose.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index a6d99cf..a9a32f1 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -16,9 +16,9 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleConfig/${DATA_DIR}/.env:/var/www/app/.env - - /RancherCattleData/${DATA_DIR}/Logo:/var/www/app/public/logo - - /RancherCattleData/${DATA_DIR}/Storage:/var/www/app/storage + - /RancherCattle/${DATA_DIR}/Configuration/.env:/var/www/app/.env + - /RancherCattle/${DATA_DIR}/Logo:/var/www/app/public/logo + - /RancherCattle/${DATA_DIR}/Storage:/var/www/app/storage cron: image: invoiceninja/invoiceninja:latest dns: @@ -64,7 +64,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql nginx: image: nginx # Alpine does not work (last checked 6 December 2018) dns: @@ -96,7 +96,7 @@ services: - "${WEB_PORT}:80" restart: on-failure volumes: - - /RancherCattleConfig/${DATA_DIR}/nginx.conf:/etc/nginx/nginx.conf:ro + - /RancherCattle/${DATA_DIR}/Configuration/nginx.conf:/etc/nginx/nginx.conf:ro volumes_from: - invoiceninja From f33e5311d4b114834e5710a58f225c5c8e03a868 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 23:42:46 -0500 Subject: [PATCH 131/262] Modified persistent directory --- templates/Traefik/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Traefik/0/docker-compose.yml b/templates/Traefik/0/docker-compose.yml index 05ce5bc..6a757b7 100644 --- a/templates/Traefik/0/docker-compose.yml +++ b/templates/Traefik/0/docker-compose.yml @@ -27,9 +27,9 @@ services: - /var/run/docker.sock:/var/run/docker.sock - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleConfig/${DATA_DIR}/traefik.toml:/traefik.toml - - /RancherCattleConfig/${DATA_DIR}/acme:/etc/traefik/acme # For Let's Encrypt certificates - - /RancherCattleConfig/${DATA_DIR}/logs:/external/logs + - /RancherCattle/${DATA_DIR}/Configuration/traefik.toml:/traefik.toml + - /RancherCattle/${DATA_DIR}/LetsEncrypt:/etc/traefik/acme # For Let's Encrypt certificates + - /RancherCattle/${DATA_DIR}/Logs:/external/logs networks: public-proxy: \ No newline at end of file From b054d04ee1958ff222adba256ca893268e72754e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 23:46:35 -0500 Subject: [PATCH 132/262] Updated persistent directories and added host time sync --- templates/Nextcloud/0/docker-compose.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 92440c8..7fbfab9 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -44,8 +44,10 @@ services: - "${WEB_PORT}:80" restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Application:/var/www/html - - /RancherCattleData/${DATA_DIR}/UserData:/var/www/html/data + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Application:/var/www/html + - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data mysql: image: mysql:5 dns: @@ -63,7 +65,9 @@ services: {{- end}} restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} redis: image: redis:latest From 46ec14d452372912d8cd9d105a80bae462364bc7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 18 Dec 2018 23:49:40 -0500 Subject: [PATCH 133/262] Modified persistent directories --- templates/Snipe-IT/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index abae525..6574e41 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -55,8 +55,8 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups + - /RancherCattle/${DATA_DIR}/Application:/var/lib/snipeit + - /RancherCattle/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: image: mysql:5 dns: @@ -80,7 +80,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql networks: db-admin: From f552cf05fb6875262ad7bbf94f6bc5c1286df5a8 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 19 Dec 2018 00:12:16 -0500 Subject: [PATCH 134/262] Modified default port --- templates/Traefik/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Traefik/0/rancher-compose.yml b/templates/Traefik/0/rancher-compose.yml index 2e8ebee..fba8fcd 100644 --- a/templates/Traefik/0/rancher-compose.yml +++ b/templates/Traefik/0/rancher-compose.yml @@ -21,7 +21,7 @@ catalog: label: "Dashboard Port" description: | The port to access the dashboard interface on. - default: "1200" + default: "10" required: true type: string From 1bfa318a357e8c6b50dd3b887bb83fa94e3b2136 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 19 Dec 2018 10:11:03 -0500 Subject: [PATCH 135/262] Back to PostgreSQL, issue was with own infrastructure --- templates/XWiki/0/docker-compose.yml | 29 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index d948780..235c0d7 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -2,14 +2,14 @@ version: '2' services: xwiki: - image: xwiki:latest -# container_name: xwiki + image: xwiki:stable-postgres-tomcat + container_name: xwiki dns: - 1.1.1.1 - 1.0.0.1 environment: - DB_HOST: mysql - DB_DATABASE: xwiki + DB_HOST: postgresql + DB_DATABASE: xwiki_db DB_USER: xwiki_user DB_PASSWORD: ${DB_USER_PASS} labels: @@ -33,7 +33,7 @@ services: traefik.enable: false {{- end}} links: - - mysql # Using links because "depends_on" does not work in Rancher 1.6 + - postgresql # Using links because "depends_on" does not work in Rancher 1.6 networks: - public-proxy {{- if .Values.WEB_PORT}} @@ -45,17 +45,18 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki - mysql: - image: mysql:5.7 -# container_name: mysql + postgresql: + image: postgres:alpine + container_name: postgresql dns: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DATABASE: xwiki - MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} - MYSQL_USER: xwiki_user - MYSQL_PASSWORD: ${DB_USER_PASS} + POSTGRES_INITDB_ARGS: "--encoding=UTF8" + POSTGRES_DB: xwiki_db + POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} + POSTGRES_USER: xwiki_user + POSTGRES_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -69,9 +70,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system -# - /RancherCattle/${DATA_DIR}/Configuration/xwiki.cnf:/etc/mysql/conf.d/xwiki.cnf - - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql -# - /RancherCattle/${DATA_DIR}/Temp:/var/run/mysqld/ # Temporary fix for socket issue + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data networks: db-admin: From 4c1d549c69f3bbc77b83e22a7375e8bf78cc38dc Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 19 Dec 2018 22:00:19 -0500 Subject: [PATCH 136/262] Updated README, removed MySQL config --- templates/XWiki/0/README.md | 8 +++---- templates/XWiki/Configuration/xwiki.cnf | 31 ------------------------- 2 files changed, 4 insertions(+), 35 deletions(-) delete mode 100644 templates/XWiki/Configuration/xwiki.cnf diff --git a/templates/XWiki/0/README.md b/templates/XWiki/0/README.md index d068197..ec1371a 100644 --- a/templates/XWiki/0/README.md +++ b/templates/XWiki/0/README.md @@ -1,9 +1,9 @@ # XWiki -### Will continue this later +## Will continue this later -https://store.docker.com/_/xwiki + +### TODO -# TODO -* Look into disabling listening on unix socket, as it's not needed, and the workaround is required for it \ No newline at end of file +* Fix issue with some page assets being delivered over http instead of https \ No newline at end of file diff --git a/templates/XWiki/Configuration/xwiki.cnf b/templates/XWiki/Configuration/xwiki.cnf deleted file mode 100644 index 9c14b16..0000000 --- a/templates/XWiki/Configuration/xwiki.cnf +++ /dev/null @@ -1,31 +0,0 @@ -# --------------------------------------------------------------------------- -# See the NOTICE file distributed with this work for additional -# information regarding copyright ownership. -# -# This is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# This software is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this software; if not, write to the Free -# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -# 02110-1301 USA, or see the FSF site: http://www.fsf.org. -# --------------------------------------------------------------------------- - -[client] -default-character-set = utf8 - -[mysqld] -character-set-server = utf8 -collation-server = utf8_bin -explicit_defaults_for_timestamp = 1 - -[mysql] -default-character-set = utf8 - From 5b0bfa207061e6e84e436321f44d0390482f573b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 19 Dec 2018 22:10:50 -0500 Subject: [PATCH 137/262] WEB_PORT not actually required --- templates/XWiki/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/rancher-compose.yml b/templates/XWiki/0/rancher-compose.yml index 2a52c70..8f433c1 100644 --- a/templates/XWiki/0/rancher-compose.yml +++ b/templates/XWiki/0/rancher-compose.yml @@ -31,7 +31,7 @@ catalog: The port to locally access the web interface on. Leaving this empty will disable opening any port on the host system. default: "11100" - required: true + required: false type: string # "Int" sometimes causes problems, and not a huge issue - variable: "DB_ROOT_PASS" From d0ca9dae3e5fb3dc304b029fa1ed6e2fe97659d7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 19 Dec 2018 22:16:55 -0500 Subject: [PATCH 138/262] Updated README, and rancher questions options --- README.md | 9 ++++++++- templates/Snipe-IT/0/rancher-compose.yml | 2 +- templates/WordPress/0/rancher-compose.yml | 3 ++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6a74473..e6cf95f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,10 @@ # WilliamMiceli's Personal Rancher Catalog -My personal rancher catalog to make my own life just a little bit easier. \ No newline at end of file +My personal rancher catalog to make my own life just a little bit easier. + +## TODO List + +* Have WEB_PORT be optional +* Have DATA_DIR be optional +* Include logos for all stacks +* Include description for all stacks diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 9b8ec41..c767187 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -29,7 +29,7 @@ catalog: label: "Local Web Port" description: | The port to locally access the web interface on. - Leaving this empty will not expose a any port on the host system, disabling local access outside of it's Rancher network. + Leaving this empty will disable opening any port on the host system. default: "10300" required: false type: string diff --git a/templates/WordPress/0/rancher-compose.yml b/templates/WordPress/0/rancher-compose.yml index 4bd2961..88dcc41 100644 --- a/templates/WordPress/0/rancher-compose.yml +++ b/templates/WordPress/0/rancher-compose.yml @@ -29,8 +29,9 @@ catalog: label: "Web Port" description: | The port to locally access the web interface on. + Leaving this empty will disable opening any port on the host system. default: "10600" - required: true + required: false type: string - variable: "DB_ROOT_PASS" From 659ce41eefcab1be5267e0fef3c8b17b992d230b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 19 Dec 2018 22:20:04 -0500 Subject: [PATCH 139/262] Updated --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index e6cf95f..2234716 100644 --- a/README.md +++ b/README.md @@ -8,3 +8,22 @@ My personal rancher catalog to make my own life just a little bit easier. * Have DATA_DIR be optional * Include logos for all stacks * Include description for all stacks + +## Stacks Complete + +* Bind +* Ghost +* HTTPD +* InvoiceNinja +* Nextcloud +* Nginx +* OpenProject +* PHPMyAdmin +* Snipe-IT +* Traefik +* WordPress + +## Stacks Yet To Be Made + +* Adminer +* Apache Guacamole \ No newline at end of file From 8d3933e70595b7f833cb21cbae55d83d63e3a357 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 21 Dec 2018 16:11:13 -0500 Subject: [PATCH 140/262] Added Discourse --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2234716..fd5ba81 100644 --- a/README.md +++ b/README.md @@ -26,4 +26,6 @@ My personal rancher catalog to make my own life just a little bit easier. ## Stacks Yet To Be Made * Adminer -* Apache Guacamole \ No newline at end of file +* Apache Guacamole +* Discourse +* Eclipse Che From 38a116cbf28237e6fe561af71e228b2b39523651 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 22 Dec 2018 14:05:28 -0500 Subject: [PATCH 141/262] Updates --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fd5ba81..8653cf9 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # WilliamMiceli's Personal Rancher Catalog My personal rancher catalog to make my own life just a little bit easier. +Hopefully it can also be of use to others as well! ## TODO List @@ -25,7 +26,9 @@ My personal rancher catalog to make my own life just a little bit easier. ## Stacks Yet To Be Made -* Adminer +* Adminer * Apache Guacamole * Discourse * Eclipse Che +* Matomo +* MediaWiki From 71c024b227d3ea7ee20f64ea04005447b7ed765a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 22 Dec 2018 20:04:07 -0500 Subject: [PATCH 142/262] Added more stacks --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 8653cf9..1bfd8b2 100644 --- a/README.md +++ b/README.md @@ -32,3 +32,6 @@ Hopefully it can also be of use to others as well! * Eclipse Che * Matomo * MediaWiki +* Redmine +* Rocket.Chat +* YOURLS From 955ffa2d33fff42d2ad4c5d29a1acf6c2d6e5158 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 29 Dec 2018 16:07:33 -0500 Subject: [PATCH 143/262] Allowing use of sub-subdomains --- templates/XWiki/0/README.md | 3 ++- templates/XWiki/0/docker-compose.yml | 2 +- templates/XWiki/0/rancher-compose.yml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/templates/XWiki/0/README.md b/templates/XWiki/0/README.md index ec1371a..75cdd23 100644 --- a/templates/XWiki/0/README.md +++ b/templates/XWiki/0/README.md @@ -6,4 +6,5 @@ ### TODO -* Fix issue with some page assets being delivered over http instead of https \ No newline at end of file +* Fix issue with some page assets being delivered over http instead of https +* Document setting up domain DNS \ No newline at end of file diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 235c0d7..c1ae212 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -26,7 +26,7 @@ services: traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 - traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.frontend.rule: ${TRAEFIK_HOST} traefik.port: "8080" ### End Web Segment {{- else}} diff --git a/templates/XWiki/0/rancher-compose.yml b/templates/XWiki/0/rancher-compose.yml index 8f433c1..59bd5ee 100644 --- a/templates/XWiki/0/rancher-compose.yml +++ b/templates/XWiki/0/rancher-compose.yml @@ -21,7 +21,7 @@ catalog: description: | The host that Traefik will use to provide public access. Leaving this empty will disable Traefik on this stack. - default: "subdomain.domain.tld" + default: "HostRegexp:{subdomain:.*}subdomain.domain.tld" required: false type: string From ed8854c925b34a19dc127812feef031d2de5ff51 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 31 Dec 2018 10:58:30 -0500 Subject: [PATCH 144/262] Added named bind mounts to TODO list --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1bfd8b2..3414eef 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,9 @@ Hopefully it can also be of use to others as well! * Have DATA_DIR be optional * Include logos for all stacks * Include description for all stacks +* Use named volumes for the bind mounts + * + * ## Stacks Complete From af8d09650b4affb049b134d1ccdb318548e8774a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 31 Dec 2018 11:01:36 -0500 Subject: [PATCH 145/262] Experimenting with change in infrastructure --- templates/WordPress/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index 9a44587..d84583a 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -40,7 +40,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Application:/var/www/html + - /FreeNAS/${DATA_DIR}/Application:/var/www/html mysql: image: mysql:5 dns: @@ -64,7 +64,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql + - /FreeNAS/${DATA_DIR}/Database:/var/lib/mysql networks: db-admin: From 9912091d3ecaabe0c330d8ccaf7b6fcc4640a0e8 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 31 Dec 2018 13:20:59 -0500 Subject: [PATCH 146/262] Test successful, using same name now --- templates/WordPress/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index d84583a..9a44587 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -40,7 +40,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /FreeNAS/${DATA_DIR}/Application:/var/www/html + - /RancherCattle/${DATA_DIR}/Application:/var/www/html mysql: image: mysql:5 dns: @@ -64,7 +64,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /FreeNAS/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql networks: db-admin: From c1e09f686372d2df25df3de92482552b3d1d7251 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 17:58:07 -0500 Subject: [PATCH 147/262] Added Pre-Deployment information --- templates/Traefik/0/README.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/templates/Traefik/0/README.md b/templates/Traefik/0/README.md index f64f053..c74dc61 100644 --- a/templates/Traefik/0/README.md +++ b/templates/Traefik/0/README.md @@ -1 +1,11 @@ -# Traefik \ No newline at end of file +# Traefik + +## About + +## Pre-Depoloyment + +* Create a "traefik.toml" file to configure Traefik how you would like for it to function + * This will go in the `/Configuration` directory + * Examples for what it should contain: + * [Docker](https://docs.traefik.io/configuration/backends/docker/) + * [Rancher](https://docs.traefik.io/configuration/backends/rancher/) From 09263f2f403b3c0f7a272fb587a7bf2655ca5f4a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 19:13:07 -0500 Subject: [PATCH 148/262] Modified database user --- templates/InvoiceNinja/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index a9a32f1..15db8d0 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -52,7 +52,7 @@ services: environment: MYSQL_DATABASE: ninja_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} - MYSQL_USER: ninja + MYSQL_USER: ninja_user MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always From b568e86b1ef25bade902b142a19204917f30e633 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 22:44:27 -0500 Subject: [PATCH 149/262] Small clarification fix --- templates/Traefik/0/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Traefik/0/README.md b/templates/Traefik/0/README.md index c74dc61..f1a27d3 100644 --- a/templates/Traefik/0/README.md +++ b/templates/Traefik/0/README.md @@ -5,7 +5,7 @@ ## Pre-Depoloyment * Create a "traefik.toml" file to configure Traefik how you would like for it to function - * This will go in the `/Configuration` directory + * This will go in the `/Configuration` directory * Examples for what it should contain: * [Docker](https://docs.traefik.io/configuration/backends/docker/) * [Rancher](https://docs.traefik.io/configuration/backends/rancher/) From 98b476e0584392a75150056699de9115c717b3b6 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 22:44:44 -0500 Subject: [PATCH 150/262] Testing to see where this shows up in Rancher, if it does --- templates/InvoiceNinja/README.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 templates/InvoiceNinja/README.md diff --git a/templates/InvoiceNinja/README.md b/templates/InvoiceNinja/README.md new file mode 100644 index 0000000..886efa5 --- /dev/null +++ b/templates/InvoiceNinja/README.md @@ -0,0 +1,3 @@ +# Invoice Ninja + +Test README file \ No newline at end of file From d5c40bcb88845f18ab5ad784259fb8e33d8b5fba Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 22:45:08 -0500 Subject: [PATCH 151/262] Major overhaul of deployment guide --- templates/InvoiceNinja/0/README.md | 45 ++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/templates/InvoiceNinja/0/README.md b/templates/InvoiceNinja/0/README.md index 6c21e7f..e88fab4 100644 --- a/templates/InvoiceNinja/0/README.md +++ b/templates/InvoiceNinja/0/README.md @@ -6,23 +6,46 @@ [Docker Page](https://hub.docker.com/r/invoiceninja/invoiceninja/) -## From Website +## Description Free Open-Source Invoicing Expenses & time-tracking built with Laravel -### Pre-Installation: +## Pre-Deployment -Make sure that you have a "nginx.conf" file for the nginx container. -Copying the default one located [on their GitHub](https://github.com/invoiceninja/dockerfiles/blob/master/docker-compose/nginx.conf) should be sufficient. +### Optional Features Preparation -You may need to "chmod -R 777 storage" in the "App" container. +#### Google Maps Integration -Google Maps: -Get an API Key [Here](https://developers.google.com/maps/documentation/javascript/get-api-key) first. -Then add GOOGLE_MAPS_API_KEY= in your .env file. +1. [Get an API Key Here](https://developers.google.com/maps/documentation/javascript/get-api-key). -If using without HTTPS (like using the direct IP instead of through Traefik), please take out the line: "fastcgi_param HTTPS 1;" from your nginx.conf +2. Insert `GOOGLE_MAPS_API_KEY=` into your .env file. -### To-Do List -* Add documentation for easier adding environment variables, and see if there's a better way to do so \ No newline at end of file +### Required Configuration Files + +* Place a "nginx.conf" file in the `/Configuration` directory. + * An Example can be found in the "Resources" directory for this catalog item. + * This file has been modified for this configuration, based on the [Example](https://github.com/invoiceninja/dockerfiles/blob/master/docker-compose/nginx.conf) located in the official GitHub repository. +* Place a ".env" file in the `/Configuration` directory. + * An example can be found in the "Resources" directory for this catalog item. + * This file has been modified for this configuration, based on the ".env.example" file provided within the container image. + * [A Configuration Guide](https://invoice-ninja.readthedocs.io/en/latest/configure.html) related to environment variables, along with the [Full Example](https://github.com/invoiceninja/invoiceninja/blob/master/.env.example) from the official GitHub repository. + +## Tips + +* With this configuration, DO NOT enable "Require HTTPS", as the connection between Traefik and InvoiceNinja is over non-SSL HTTP, and is not setup for internal HTTPS. + +## Backing Up Your Instance + +### Complete Backup + +Through the MySQL container, run a MySQL Dump. +(Will complete this later) + +### Easy Backup + +The web interface provides an easy backup method by exporting to a JSON file, which saves most information. + +## TODO + +* Add more integration instructions \ No newline at end of file From 5bca067ca3e0ad0f1b370d68135406995979e892 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 22:45:28 -0500 Subject: [PATCH 152/262] Added ability for MySQL to be connected to --- templates/InvoiceNinja/0/docker-compose.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index 15db8d0..6dc6036 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -60,6 +60,8 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: false + networks: + - db-admin restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system @@ -101,5 +103,7 @@ services: - invoiceninja networks: + db-admin: + external: true public-proxy: external: true \ No newline at end of file From dd398963e11262c239780939bb2b38b5dbe05e8a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 22:45:55 -0500 Subject: [PATCH 153/262] Added slightly modified environment file --- templates/InvoiceNinja/0/Resources/.env | 107 ++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 templates/InvoiceNinja/0/Resources/.env diff --git a/templates/InvoiceNinja/0/Resources/.env b/templates/InvoiceNinja/0/Resources/.env new file mode 100644 index 0000000..50719dc --- /dev/null +++ b/templates/InvoiceNinja/0/Resources/.env @@ -0,0 +1,107 @@ +APP_ENV=production +APP_DEBUG=false +APP_URL=http://www.ninja.test +APP_KEY=SomeRandomStringSomeRandomString +APP_CIPHER=AES-256-CBC +APP_LOCALE=en + +DB_TYPE=mysql +DB_STRICT=false +DB_HOST=localhost +DB_DATABASE=ninja_db +DB_USERNAME=ninja_user +DB_PASSWORD= + +MAIL_DRIVER=smtp +MAIL_PORT=587 +MAIL_ENCRYPTION=tls +MAIL_HOST= +MAIL_USERNAME= +MAIL_FROM_ADDRESS= +MAIL_FROM_NAME= +MAIL_PASSWORD= + +MAILGUN_DOMAIN= +MAILGUN_SECRET= + +#POSTMARK_API_TOKEN= + +PHANTOMJS_CLOUD_KEY='a-demo-key-with-low-quota-per-ip-address' +#PHANTOMJS_BIN_PATH=/usr/local/bin/phantomjs + +LOG=single +REQUIRE_HTTPS=false +API_SECRET=password + +#TRUSTED_PROXIES= + +#SESSION_DRIVER= +#SESSION_DOMAIN= +#SESSION_ENCRYPT= +#SESSION_SECURE= + +#CACHE_DRIVER= +#CACHE_HOST= +#REDIS_HOST= +#CACHE_PORT1= +#CACHE_PORT2= + +#GOOGLE_CLIENT_ID= +#GOOGLE_CLIENT_SECRET= +#GOOGLE_OAUTH_REDIRECT=http://ninja.test/auth/google + +GOOGLE_MAPS_ENABLED=true +#GOOGLE_MAPS_API_KEY= + +# Create a cookie to stay logged in +#REMEMBER_ME_ENABLED=true + +# Immediately expire cookie on the browser closing +#SESSION_EXPIRE_ON_CLOSE=false + +# The app automatically logs the user out after this number of seconds +#AUTO_LOGOUT_SECONDS=28800 + +#S3_KEY= +#S3_SECRET= +#S3_REGION= +#S3_BUCKET= + +#RACKSPACE_USERNAME= +#RACKSPACE_KEY= +#RACKSPACE_CONTAINER= +#RACKSPACE_REGION= + +#RACKSPACE_TEMP_URL_SECRET= + +# If this is set to anything, the URL secret will be set the next +# time a file is downloaded through the client portal. +# Only set this temporarily, as it slows things down. +#RACKSPACE_TEMP_URL_SECRET_SET= + +#DOCUMENT_FILESYSTEM= + +#MAX_DOCUMENT_SIZE # KB +#MAX_EMAIL_DOCUMENTS_SIZE # Total KB +#MAX_ZIP_DOCUMENTS_SIZE # Total KB (uncompressed) +#DOCUMENT_PREVIEW_SIZE # Pixels + +WEPAY_CLIENT_ID= +WEPAY_CLIENT_SECRET= +WEPAY_ENVIRONMENT=production # production or stage +WEPAY_AUTO_UPDATE=true # Requires permission from WePay +WEPAY_FEE_PAYER=payee +WEPAY_APP_FEE_CC_MULTIPLIER=0 +WEPAY_APP_FEE_ACH_MULTIPLIER=0 +WEPAY_APP_FEE_FIXED=0 +WEPAY_THEME='{"name":"Invoice Ninja","primary_color":"0b4d78","secondary_color":"0b4d78","background_color":"f8f8f8","button_color":"33b753"}' # See https://www.wepay.com/developer/reference/structures#theme + + +BLUEVINE_PARTNER_UNIQUE_ID= +BLUEVINE_PARTNER_TOKEN= + +CLOUDFLARE_DNS_ENABLED=false +CLOUDFLARE_API_KEY= +CLOUDFLARE_EMAIL= +CLOUDFLARE_TARGET_IP_ADDRESS= +CLOUDFLARE_ZONE_IDS={} From 044f7a2501a407292b9c8e6deb2285af1fa1fc55 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 22:58:15 -0500 Subject: [PATCH 154/262] Never visible anywhere --- templates/InvoiceNinja/README.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 templates/InvoiceNinja/README.md diff --git a/templates/InvoiceNinja/README.md b/templates/InvoiceNinja/README.md deleted file mode 100644 index 886efa5..0000000 --- a/templates/InvoiceNinja/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Invoice Ninja - -Test README file \ No newline at end of file From f34abe2fc644667c8be4de8db11c84cd3488c957 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 22:58:26 -0500 Subject: [PATCH 155/262] Spacing done my way --- templates/InvoiceNinja/0/README.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/templates/InvoiceNinja/0/README.md b/templates/InvoiceNinja/0/README.md index e88fab4..e178d6f 100644 --- a/templates/InvoiceNinja/0/README.md +++ b/templates/InvoiceNinja/0/README.md @@ -8,21 +8,28 @@ ## Description -Free Open-Source Invoicing -Expenses & time-tracking built with Laravel + + Free Open-Source Invoicing + + Expenses & time-tracking built with Laravel + ## Pre-Deployment + ### Optional Features Preparation + #### Google Maps Integration -1. [Get an API Key Here](https://developers.google.com/maps/documentation/javascript/get-api-key). +1. [Get an API Key Here](https://developers.google.com/maps/documentation/javascript/get-api-key). 2. Insert `GOOGLE_MAPS_API_KEY=` into your .env file. + ### Required Configuration Files + * Place a "nginx.conf" file in the `/Configuration` directory. * An Example can be found in the "Resources" directory for this catalog item. * This file has been modified for this configuration, based on the [Example](https://github.com/invoiceninja/dockerfiles/blob/master/docker-compose/nginx.conf) located in the official GitHub repository. @@ -31,21 +38,30 @@ Expenses & time-tracking built with Laravel * This file has been modified for this configuration, based on the ".env.example" file provided within the container image. * [A Configuration Guide](https://invoice-ninja.readthedocs.io/en/latest/configure.html) related to environment variables, along with the [Full Example](https://github.com/invoiceninja/invoiceninja/blob/master/.env.example) from the official GitHub repository. + ## Tips + * With this configuration, DO NOT enable "Require HTTPS", as the connection between Traefik and InvoiceNinja is over non-SSL HTTP, and is not setup for internal HTTPS. + ## Backing Up Your Instance + ### Complete Backup + Through the MySQL container, run a MySQL Dump. (Will complete this later) + ### Easy Backup + The web interface provides an easy backup method by exporting to a JSON file, which saves most information. + ## TODO + * Add more integration instructions \ No newline at end of file From 6aebf621abf19bb08a5dab731c1c0d99726e267e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 23:02:37 -0500 Subject: [PATCH 156/262] Hopefully HTML is parsed --- templates/InvoiceNinja/0/README.md | 52 +++++++++++------------------- 1 file changed, 18 insertions(+), 34 deletions(-) diff --git a/templates/InvoiceNinja/0/README.md b/templates/InvoiceNinja/0/README.md index e178d6f..a2e8797 100644 --- a/templates/InvoiceNinja/0/README.md +++ b/templates/InvoiceNinja/0/README.md @@ -1,35 +1,28 @@ # Invoice Ninja - +
[Hosted Official Website](https://www.invoiceninja.com/) [Self-Hosted Official Website](https://www.invoiceninja.org/) [Docker Page](https://hub.docker.com/r/invoiceninja/invoiceninja/) - +
## Description - - +
Free Open-Source Invoicing Expenses & time-tracking built with Laravel - - +
## Pre-Deployment - - +
### Optional Features Preparation - - +
#### Google Maps Integration - - +
1. [Get an API Key Here](https://developers.google.com/maps/documentation/javascript/get-api-key). 2. Insert `GOOGLE_MAPS_API_KEY=` into your .env file. - - +
### Required Configuration Files - - +
* Place a "nginx.conf" file in the `/Configuration` directory. * An Example can be found in the "Resources" directory for this catalog item. * This file has been modified for this configuration, based on the [Example](https://github.com/invoiceninja/dockerfiles/blob/master/docker-compose/nginx.conf) located in the official GitHub repository. @@ -37,31 +30,22 @@ * An example can be found in the "Resources" directory for this catalog item. * This file has been modified for this configuration, based on the ".env.example" file provided within the container image. * [A Configuration Guide](https://invoice-ninja.readthedocs.io/en/latest/configure.html) related to environment variables, along with the [Full Example](https://github.com/invoiceninja/invoiceninja/blob/master/.env.example) from the official GitHub repository. - - +
## Tips - - +
* With this configuration, DO NOT enable "Require HTTPS", as the connection between Traefik and InvoiceNinja is over non-SSL HTTP, and is not setup for internal HTTPS. - - +
## Backing Up Your Instance - - +
### Complete Backup - - +
Through the MySQL container, run a MySQL Dump. (Will complete this later) - - +
### Easy Backup - - +
The web interface provides an easy backup method by exporting to a JSON file, which saves most information. - - +
## TODO - - +
* Add more integration instructions \ No newline at end of file From d02141cb60834de8e16103191de587ac45f541b0 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 1 Jan 2019 23:05:07 -0500 Subject: [PATCH 157/262] I guess it's just always going to look bad :/ --- templates/InvoiceNinja/0/README.md | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/templates/InvoiceNinja/0/README.md b/templates/InvoiceNinja/0/README.md index a2e8797..ecd6246 100644 --- a/templates/InvoiceNinja/0/README.md +++ b/templates/InvoiceNinja/0/README.md @@ -1,28 +1,28 @@ # Invoice Ninja -
+ [Hosted Official Website](https://www.invoiceninja.com/) [Self-Hosted Official Website](https://www.invoiceninja.org/) [Docker Page](https://hub.docker.com/r/invoiceninja/invoiceninja/) -
+ ## Description -
+ Free Open-Source Invoicing Expenses & time-tracking built with Laravel -
+ ## Pre-Deployment -
+ ### Optional Features Preparation -
+ #### Google Maps Integration -
+ 1. [Get an API Key Here](https://developers.google.com/maps/documentation/javascript/get-api-key). 2. Insert `GOOGLE_MAPS_API_KEY=` into your .env file. -
+ ### Required Configuration Files -
+ * Place a "nginx.conf" file in the `/Configuration` directory. * An Example can be found in the "Resources" directory for this catalog item. * This file has been modified for this configuration, based on the [Example](https://github.com/invoiceninja/dockerfiles/blob/master/docker-compose/nginx.conf) located in the official GitHub repository. @@ -30,22 +30,22 @@ * An example can be found in the "Resources" directory for this catalog item. * This file has been modified for this configuration, based on the ".env.example" file provided within the container image. * [A Configuration Guide](https://invoice-ninja.readthedocs.io/en/latest/configure.html) related to environment variables, along with the [Full Example](https://github.com/invoiceninja/invoiceninja/blob/master/.env.example) from the official GitHub repository. -
+ ## Tips -
+ * With this configuration, DO NOT enable "Require HTTPS", as the connection between Traefik and InvoiceNinja is over non-SSL HTTP, and is not setup for internal HTTPS. -
+ ## Backing Up Your Instance -
+ ### Complete Backup -
+ Through the MySQL container, run a MySQL Dump. (Will complete this later) -
+ ### Easy Backup -
+ The web interface provides an easy backup method by exporting to a JSON file, which saves most information. -
+ ## TODO -
+ * Add more integration instructions \ No newline at end of file From f3114441d7c96347384baaf159450285c667568a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 2 Jan 2019 19:07:05 -0500 Subject: [PATCH 158/262] Updated setup guide --- templates/Nextcloud/0/README.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 212758b..0ddd721 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -1,15 +1,26 @@ # Nextcloud -### Security Check -https://scan.nextcloud.com/ +## First Run Setup +### Add Your Domain as a Trusted Domain + +[Official Documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#trusted-domains) + +* Open the "config.php" file, located in `/Application/config`. +* Under the "trusted_domains" array, add `1 => 'cloud.williammiceli.systems',`. ### Apache Configuration Reference + https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html? ### Setup trusted domains on first startup + https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains +## Useful Tools + +* [Official Security Check](https://scan.nextcloud.com/) + +## To-Do's -### To-Do's * Explain how to manually setup Redis \ No newline at end of file From 19ef596f121c183b7549084780bb655a192e6040 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 2 Jan 2019 19:12:15 -0500 Subject: [PATCH 159/262] Switched to help debug --- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 6574e41..1dc5f52 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -9,8 +9,8 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - APP_ENV: production # "development" or "production" - APP_DEBUG: false + APP_ENV: 'development' # "development" or "production" + APP_DEBUG: true {{- if .Values.TRAEFIK_HOST}} APP_URL: https://${TRAEFIK_HOST} # No port number needed {{- else}} From 12f2805f72f8a101aa98d827df9d29151b5bfbea Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 2 Jan 2019 19:18:31 -0500 Subject: [PATCH 160/262] Fixed issue --- templates/Snipe-IT/0/README.md | 3 ++- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/templates/Snipe-IT/0/README.md b/templates/Snipe-IT/0/README.md index b575cf8..ce6728c 100644 --- a/templates/Snipe-IT/0/README.md +++ b/templates/Snipe-IT/0/README.md @@ -8,4 +8,5 @@ https://snipe-it.readme.io/docs/generate-your-app-key ### After upgrading to a later version, use: -`php artisan migrate` \ No newline at end of file +`php artisan migrate` +Also use if upon starting for the first time, and you get an error, as this may fix it \ No newline at end of file diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 1dc5f52..6574e41 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -9,8 +9,8 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - APP_ENV: 'development' # "development" or "production" - APP_DEBUG: true + APP_ENV: production # "development" or "production" + APP_DEBUG: false {{- if .Values.TRAEFIK_HOST}} APP_URL: https://${TRAEFIK_HOST} # No port number needed {{- else}} From 8feab78eeb5209a5a99d77e7a341ee502fa2dc4b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 4 Jan 2019 21:41:33 -0500 Subject: [PATCH 161/262] Ditching using NGINX and added Collabora --- templates/Nextcloud/0/README.md | 12 ++ templates/Nextcloud/0/docker-compose.yml | 70 ++++++---- templates/Nextcloud/0/rancher-compose.yml | 12 +- templates/Nextcloud/Resources/README.md | 5 - templates/Nextcloud/Resources/Template 1.conf | 128 ++++++++++++++++++ templates/Nextcloud/Resources/Template 2.conf | 128 ++++++++++++++++++ templates/Nextcloud/Resources/nginx.conf | 119 ---------------- 7 files changed, 319 insertions(+), 155 deletions(-) delete mode 100644 templates/Nextcloud/Resources/README.md create mode 100644 templates/Nextcloud/Resources/Template 1.conf create mode 100644 templates/Nextcloud/Resources/Template 2.conf delete mode 100644 templates/Nextcloud/Resources/nginx.conf diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 0ddd721..3c80e4c 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -2,6 +2,18 @@ ## First Run Setup +### Add Configuration For NGINX + +nginx.conf and mime.types to be put in the Configuration/NGINX directory. + +Included nginx.conf has only a few minor tweaks from the one located here: + +https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx + +??? Template 1.conf is WITHOUT Collabora + +??? Template 2.conf is WITH Collabora + ### Add Your Domain as a Trusted Domain [Official Documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#trusted-domains) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 4c16d3b..93ae21a 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -1,43 +1,57 @@ version: '2' services: + {{- if eq .Values.COLLABORA "true"}} + collabora: + image: collabora/code:latest + cap_add: + - MKNOD # Ability to create special files (https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 + environment: + domain: collabora.${TRAEFIK_HOST} + expose: + - "9980" + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + traefik.enable: true + ### Start Web Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.rule: Host:collabora.${TRAEFIK_HOST} + traefik.port: "9980" + ### End Web Segment + networks: + - public-proxy + restart: on-failure + {{- end}} nextcloud: - image: nextcloud:fpm-alpine + image: nextcloud:stable-apache dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 environment: MYSQL_HOST: mysql - MYSQL_DATABASE: nextcloud + MYSQL_DATABASE: nextcloud_db MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} NEXTCLOUD_ADMIN_USER: ${NC_ADMIN} NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS} expose: - "80" - - "9000" labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - networks: - - public-proxy - restart: on-failure - volumes_from: - - nginx - nginx: - image: nginx:latest # Can't use ":alpine" until I have a way to get the "www-data" user added automatically. (Project for another time) - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - labels: - io.rancher.container.pull_image: always - {{- if .Values.HOST_LABEL}} - io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} - {{- end}} - io.rancher.sidekicks: nextcloud - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true ### Start Web Segment traefik.frontend.entryPoints: http,https @@ -49,12 +63,11 @@ services: traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.port: "80" ### End Web Segment - {{- else}} - traefik.enable: false - {{- end}} links: + {{- if eq .Values.COLLABORA "true"}} + - collabora + {{- end}} - mysql - - nextcloud {{- if eq .Values.REDIS "true"}} - redis {{- end}} @@ -68,18 +81,17 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files - - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files + - /RancherCattle/${DATA_DIR}/Configuration:/var/www/html/config # Nextcloud configuration files - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file mysql: - image: mysql:5 + image: mysql:latest dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DATABASE: nextcloud # Will rename this to "nextcloud_db" in the future. + MYSQL_DATABASE: nextcloud_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} @@ -115,6 +127,6 @@ services: networks: db-admin: - external: true # Created by phpMyAdmin stack + external: true # Created by Adminer or phpMyAdmin stack public-proxy: external: true # Created by Traefik stack \ No newline at end of file diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index 5158688..a8f40ea 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -66,10 +66,18 @@ catalog: required: true type: password + - variable: "COLLABORA" + label: "Enable Collabora" + description: | + Add a Collabora container for office document editing and live collaboration. Additional setup required, see README. + default: true + required: true + type: boolean + - variable: "REDIS" label: "Enable Redis" description: | - Add a Redis container for memory caching. Must be setup manually. + Add a Redis container for memory caching. Additional setup required, see README. default: true required: true type: boolean @@ -78,6 +86,6 @@ catalog: label: "Data Directory" description: | The directory to store persistent data for the stack. - default: "Personal-Experimental/Nextcloud" + default: "Personal/Nextcloud-Experimental" required: true type: string \ No newline at end of file diff --git a/templates/Nextcloud/Resources/README.md b/templates/Nextcloud/Resources/README.md deleted file mode 100644 index 1f24674..0000000 --- a/templates/Nextcloud/Resources/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Default Configured Files -nginx.conf and mime.types to be put in the Configuration/NGINX directory. - -Included nginx.conf has only a few minor tweaks from the one located here: -https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx \ No newline at end of file diff --git a/templates/Nextcloud/Resources/Template 1.conf b/templates/Nextcloud/Resources/Template 1.conf new file mode 100644 index 0000000..2c33275 --- /dev/null +++ b/templates/Nextcloud/Resources/Template 1.conf @@ -0,0 +1,128 @@ +user www-data; +worker_processes 4; ## Default: 1 +# worker_rlimit_nofile 8192; + +#error_log /var/log/nginx/error.log warn; +#pid /var/run/nginx.pid; + +events { + worker_connections 1024; ## Default: 1024 +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + #access_log /var/log/nginx/access.log main; + sendfile on; + tcp_nopush on; + #keepalive_timeout 65; + + upstream php-handler { + server nextcloud:9000; + } + + server { + listen 80; + listen [::]:80; + server_name _; + + # Add headers to serve security related headers + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html/; + + # Will test later + #error_page 403 /core/templates/403.php; + #error_page 404 /core/templates/404.php; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 1G; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + location / { + rewrite ^ /index.php$request_uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + # Mitigate https://httpoxy.org/ vulnerabilities: + fastcgi_param HTTP_PROXY ""; + #fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff2?|svg|gif)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$request_uri; + # Optional: Don't log access to other assets + access_log off; + } + } +} \ No newline at end of file diff --git a/templates/Nextcloud/Resources/Template 2.conf b/templates/Nextcloud/Resources/Template 2.conf new file mode 100644 index 0000000..2c33275 --- /dev/null +++ b/templates/Nextcloud/Resources/Template 2.conf @@ -0,0 +1,128 @@ +user www-data; +worker_processes 4; ## Default: 1 +# worker_rlimit_nofile 8192; + +#error_log /var/log/nginx/error.log warn; +#pid /var/run/nginx.pid; + +events { + worker_connections 1024; ## Default: 1024 +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + #access_log /var/log/nginx/access.log main; + sendfile on; + tcp_nopush on; + #keepalive_timeout 65; + + upstream php-handler { + server nextcloud:9000; + } + + server { + listen 80; + listen [::]:80; + server_name _; + + # Add headers to serve security related headers + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html/; + + # Will test later + #error_page 403 /core/templates/403.php; + #error_page 404 /core/templates/404.php; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 1G; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + location / { + rewrite ^ /index.php$request_uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + # Mitigate https://httpoxy.org/ vulnerabilities: + fastcgi_param HTTP_PROXY ""; + #fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff2?|svg|gif)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$request_uri; + # Optional: Don't log access to other assets + access_log off; + } + } +} \ No newline at end of file diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf deleted file mode 100644 index b7dcd16..0000000 --- a/templates/Nextcloud/Resources/nginx.conf +++ /dev/null @@ -1,119 +0,0 @@ -user www-data; -worker_processes 4; ## Default: 1 -# worker_rlimit_nofile 8192; - -#error_log /var/log/nginx/error.log warn; -#pid /var/run/nginx.pid; - -events { - worker_connections 1024; ## Default: 1024 -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; -# access_log /var/log/nginx/access.log main; - sendfile on; - tcp_nopush on; -# keepalive_timeout 65; - upstream php-handler { - server nextcloud:9000; - } - server { - listen 80; - server_name _; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html/; - - - # set max upload size - client_max_body_size 1G; # Previous: "512M" - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Add headers to serve security related headers - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - -# Will test later -# error_page 403 /core/templates/403.php; -# error_page 404 /core/templates/404.php; - - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - location / { - rewrite ^ /index.php$request_uri; - } - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - deny all; - } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - - # Mitigate https://httpoxy.org/ vulnerabilities - fastcgi_param HTTP_PROXY ""; - - fastcgi_pass php-handler; - fastcgi_index index.php; - - # include the fastcgi_param setting - include fastcgi_params; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - location ~ ^/(?:updater|ocs-provider)(?:$|/) { - try_files $uri/ =404; - index index.php; - } - # Adding the cache control header for js and css files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Optional: Don't log access to assets - access_log off; - } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } -} \ No newline at end of file From 7a67e4af3b83a0a44622e4cc802ac9192c2c43de Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 4 Jan 2019 22:07:19 -0500 Subject: [PATCH 162/262] Why is it that v8 never works with anything?... --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 93ae21a..85ee6c5 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -86,7 +86,7 @@ services: - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file mysql: - image: mysql:latest + image: mysql:5 dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 From 3adbea871292e0b63075b4338e96886d17bd4041 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 4 Jan 2019 22:07:40 -0500 Subject: [PATCH 163/262] Changed default data directory name --- templates/Nextcloud/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index a8f40ea..a9c0516 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -86,6 +86,6 @@ catalog: label: "Data Directory" description: | The directory to store persistent data for the stack. - default: "Personal/Nextcloud-Experimental" + default: "Personal/Nextcloud" required: true type: string \ No newline at end of file From d2334dbc0e813b95ef8c004d742474e4919f92b3 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 15:45:56 -0500 Subject: [PATCH 164/262] Back to NGINX, added cron --- templates/Nextcloud/0/README.md | 8 +- templates/Nextcloud/0/docker-compose.yml | 91 +++++++++---- templates/Nextcloud/0/rancher-compose.yml | 1 - templates/Nextcloud/Resources/Template 2.conf | 128 ------------------ .../Resources/{Template 1.conf => nginx.conf} | 0 5 files changed, 68 insertions(+), 160 deletions(-) delete mode 100644 templates/Nextcloud/Resources/Template 2.conf rename templates/Nextcloud/Resources/{Template 1.conf => nginx.conf} (100%) diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 3c80e4c..180b3a8 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -1,5 +1,9 @@ # Nextcloud +## Pre-Requisites + +* Traefik deployed + ## First Run Setup ### Add Configuration For NGINX @@ -10,10 +14,6 @@ Included nginx.conf has only a few minor tweaks from the one located here: https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx -??? Template 1.conf is WITHOUT Collabora - -??? Template 2.conf is WITH Collabora - ### Add Your Domain as a Trusted Domain [Official Documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#trusted-domains) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 85ee6c5..e08a2b0 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -18,23 +18,28 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - traefik.enable: true - ### Start Web Segment - traefik.frontend.entryPoints: http,https - traefik.frontend.headers.forceSTSHeader: true - traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.frontend.headers.SSLRedirect: true - traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.STSSeconds: 15552000 - traefik.frontend.rule: Host:collabora.${TRAEFIK_HOST} - traefik.port: "9980" - ### End Web Segment - networks: - - public-proxy + traefik.enable: false restart: on-failure {{- end}} + cron: + image: nextcloud:fpm-alpine + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 + entrypoint: | + bash -c 'bash -s < Date: Sat, 5 Jan 2019 15:48:33 -0500 Subject: [PATCH 165/262] Added Cron container as a Rancher sidekick --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index e08a2b0..ce9ad3e 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -72,7 +72,7 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - io.rancher.sidekicks: nextcloud + io.rancher.sidekicks: nextcloud, cron traefik.enable: true ### Start Nextcloud Segment traefik.nextcloud.frontend.entryPoints: http,https From fcd2c6cd27c7d79d0cbf4058116906c0d4fdcec7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 16:10:49 -0500 Subject: [PATCH 166/262] Probably won't work, but we'll try! --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index ce9ad3e..3abb50f 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -27,7 +27,7 @@ services: - 1.1.1.1 - 1.0.0.1 entrypoint: | - bash -c 'bash -s < Date: Sat, 5 Jan 2019 16:13:04 -0500 Subject: [PATCH 167/262] Revert "Probably won't work, but we'll try!" This reverts commit fcd2c6cd27c7d79d0cbf4058116906c0d4fdcec7. --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 3abb50f..ce9ad3e 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -27,7 +27,7 @@ services: - 1.1.1.1 - 1.0.0.1 entrypoint: | - bash -c 'sh -s < Date: Sat, 5 Jan 2019 16:20:00 -0500 Subject: [PATCH 168/262] Also probably won't work, but we'll try! --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index ce9ad3e..1a4c91d 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -27,7 +27,7 @@ services: - 1.1.1.1 - 1.0.0.1 entrypoint: | - bash -c 'bash -s < Date: Sat, 5 Jan 2019 16:24:20 -0500 Subject: [PATCH 169/262] Removed Cron container for the moment --- templates/Nextcloud/0/docker-compose.yml | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 1a4c91d..1b15101 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -21,23 +21,6 @@ services: traefik.enable: false restart: on-failure {{- end}} - cron: - image: nextcloud:fpm-alpine - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - entrypoint: | - sh -c 'sh -s < Date: Sat, 5 Jan 2019 17:43:47 -0500 Subject: [PATCH 170/262] Testing --- templates/Nextcloud/0/docker-compose.yml | 11 +++--- templates/Nextcloud/Resources/nginx.conf | 46 +++++++++++++++++++++++- 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 1b15101..d89e067 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -42,6 +42,11 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: false + links: + - mysql + {{- if eq .Values.REDIS "true"}} + - redis + {{- end}} restart: on-failure volumes_from: - nginx @@ -75,17 +80,13 @@ services: traefik.collabora.frontend.headers.STSPreload: true traefik.collabora.frontend.headers.STSSeconds: 15552000 traefik.collabora.frontend.rule: Host:collabora.${TRAEFIK_HOST} - traefik.collabora.port: "9980" + traefik.collabora.port: "81" ### End Collabora Segment links: {{- if eq .Values.COLLABORA "true"}} - collabora {{- end}} - - mysql - nextcloud - {{- if eq .Values.REDIS "true"}} - - redis - {{- end}} networks: - public-proxy {{- if .Values.WEB_PORT}} diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index 2c33275..c6717df 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -21,10 +21,13 @@ http { server nextcloud:9000; } + upstream collabora { + server collabora:9980 + } + server { listen 80; listen [::]:80; - server_name _; # Add headers to serve security related headers add_header X-Content-Type-Options nosniff; @@ -125,4 +128,45 @@ http { access_log off; } } + + server { + listen 81; + listen [::]:81; + + # static files + location ^~ /loleaflet { + proxy_pass collabora; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass collabora; + proxy_set_header Host $http_host; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + proxy_pass collabora; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^/lool { + proxy_pass collabora; + proxy_set_header Host $http_host; + } + + # Admin Console websocket + location ^~ /lool/adminws { + proxy_pass collabora; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + } } \ No newline at end of file From 2484bf113efde056f2bba213b3faa1444bf9c251 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 19:03:30 -0500 Subject: [PATCH 171/262] Testing --- templates/Nextcloud/Resources/nginx.conf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index c6717df..22ea724 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -22,12 +22,13 @@ http { } upstream collabora { - server collabora:9980 + server collabora:9980; } server { listen 80; listen [::]:80; + server_name _; # Add headers to serve security related headers add_header X-Content-Type-Options nosniff; @@ -132,22 +133,23 @@ http { server { listen 81; listen [::]:81; + server_name _; # static files location ^~ /loleaflet { - proxy_pass collabora; + proxy_pass http://collabora; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { - proxy_pass collabora; + proxy_pass http://collabora; proxy_set_header Host $http_host; } # main websocket location ~ ^/lool/(.*)/ws$ { - proxy_pass collabora; + proxy_pass http://collabora; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; @@ -156,13 +158,13 @@ http { # download, presentation and image upload location ~ ^/lool { - proxy_pass collabora; + proxy_pass http://collabora; proxy_set_header Host $http_host; } # Admin Console websocket location ^~ /lool/adminws { - proxy_pass collabora; + proxy_pass http://collabora; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; From 2c3fa9d96d48fc8cb71f56171e25952c6f55b02a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 20:54:23 -0500 Subject: [PATCH 172/262] Trying a different entrypoint for Cron --- templates/Nextcloud/0/docker-compose.yml | 26 ++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index d89e067..0177d46 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -21,6 +21,20 @@ services: traefik.enable: false restart: on-failure {{- end}} + cron: + image: nextcloud:fpm-alpine + dns: # Using Cloudflare DNS + - 1.1.1.1 + - 1.0.0.1 + entrypoint: | + #!/bin/sh + set -eu + + exec busybox crond -f -l 0 -L /dev/stdout + restart: on-failure + user: www-data + volumes_from: + - nextcloud nextcloud: image: nextcloud:fpm-alpine dns: # Using Cloudflare DNS @@ -43,11 +57,19 @@ services: {{- end}} traefik.enable: false links: + - cron - mysql {{- if eq .Values.REDIS "true"}} - redis {{- end}} restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files + - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps + - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site + - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file volumes_from: - nginx nginx: @@ -97,11 +119,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files - - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps - - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file mysql: image: mysql:5 dns: # Using Cloudflare DNS From bf126678bedf3333d2e7067504040f0a1d58dc94 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 21:00:02 -0500 Subject: [PATCH 173/262] Fixed issue with sidekick declaration --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 0177d46..6c1d5b0 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -55,6 +55,7 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + io.rancher.sidekicks: cron traefik.enable: false links: - cron @@ -82,7 +83,6 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - io.rancher.sidekicks: nextcloud traefik.enable: true ### Start Nextcloud Segment traefik.nextcloud.frontend.entryPoints: http,https From 95ce3f611c8584816bd565b144d185ef8d141e6b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 21:02:42 -0500 Subject: [PATCH 174/262] Removed volumes_from for Nextcloud container --- templates/Nextcloud/0/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 6c1d5b0..ac1fac6 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -71,8 +71,6 @@ services: - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file - volumes_from: - - nginx nginx: image: nginx:latest # Can't use ":alpine" until I have a way to get the "www-data" user added automatically. (Project for another time) dns: # Using Cloudflare DNS From 9712507f470c21709e9d586f25a7b0bbe6b6c506 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 21:10:25 -0500 Subject: [PATCH 175/262] Slight modification to Cron entrypoint (testing) --- templates/Nextcloud/0/docker-compose.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index ac1fac6..11e7bb9 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -27,10 +27,8 @@ services: - 1.1.1.1 - 1.0.0.1 entrypoint: | - #!/bin/sh - set -eu - - exec busybox crond -f -l 0 -L /dev/stdout + /bin/sh 'set -eu + exec busybox crond -f -l 0 -L /dev/stdout' restart: on-failure user: www-data volumes_from: From 044edeeb0e4ee94848a1e49ece98e560b2589d1a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 21:35:22 -0500 Subject: [PATCH 176/262] Moved Resources directory --- templates/Nextcloud/{ => 0}/Resources/fastcgi_params | 0 templates/Nextcloud/{ => 0}/Resources/mime.types | 0 templates/Nextcloud/{ => 0}/Resources/nginx.conf | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename templates/Nextcloud/{ => 0}/Resources/fastcgi_params (100%) rename templates/Nextcloud/{ => 0}/Resources/mime.types (100%) rename templates/Nextcloud/{ => 0}/Resources/nginx.conf (100%) diff --git a/templates/Nextcloud/Resources/fastcgi_params b/templates/Nextcloud/0/Resources/fastcgi_params similarity index 100% rename from templates/Nextcloud/Resources/fastcgi_params rename to templates/Nextcloud/0/Resources/fastcgi_params diff --git a/templates/Nextcloud/Resources/mime.types b/templates/Nextcloud/0/Resources/mime.types similarity index 100% rename from templates/Nextcloud/Resources/mime.types rename to templates/Nextcloud/0/Resources/mime.types diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/0/Resources/nginx.conf similarity index 100% rename from templates/Nextcloud/Resources/nginx.conf rename to templates/Nextcloud/0/Resources/nginx.conf From b6ef872ca8cea7ef507fed385cdff2a2439ba4aa Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 5 Jan 2019 21:35:35 -0500 Subject: [PATCH 177/262] Testing --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 11e7bb9..5405693 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -27,7 +27,7 @@ services: - 1.1.1.1 - 1.0.0.1 entrypoint: | - /bin/sh 'set -eu + /bin/sh '/bin/sh set -eu exec busybox crond -f -l 0 -L /dev/stdout' restart: on-failure user: www-data From 5a8c25d800a1133de82c4f1e8dab218a647c3b2d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 6 Jan 2019 17:04:07 -0500 Subject: [PATCH 178/262] Added trusted domains environment variable --- templates/Nextcloud/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 5405693..df17ce2 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -45,6 +45,7 @@ services: MYSQL_PASSWORD: ${DB_USER_PASS} NEXTCLOUD_ADMIN_USER: ${NC_ADMIN} NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS} + NEXTCLOUD_TRUSTED_DOMAINS: ${TRAEFIK_HOST} expose: - "80" - "9000" From cbffbad2df0450854ae42f3d2611ada4aee2c19e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 6 Jan 2019 17:05:03 -0500 Subject: [PATCH 179/262] Fixed wording --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index df17ce2..977eb0c 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -162,6 +162,6 @@ services: networks: db-admin: - external: true # Created by Adminer or phpMyAdmin stack + external: true # Created by administrative stack (such as Adminer or phpMyAdmin) public-proxy: external: true # Created by Traefik stack \ No newline at end of file From 669ce48762d2d45ce51b84578bfcb0aa04cf72e5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 7 Jan 2019 10:04:53 -0500 Subject: [PATCH 180/262] Testing --- templates/Nextcloud/0/docker-compose.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 977eb0c..08a976a 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -27,8 +27,14 @@ services: - 1.1.1.1 - 1.0.0.1 entrypoint: | - /bin/sh '/bin/sh set -eu - exec busybox crond -f -l 0 -L /dev/stdout' + sh -c 'sh -s < Date: Mon, 7 Jan 2019 10:37:29 -0500 Subject: [PATCH 181/262] Testing without Cron --- templates/Nextcloud/0/docker-compose.yml | 40 ++++++++++++------------ 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 08a976a..1d98cc2 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -21,24 +21,24 @@ services: traefik.enable: false restart: on-failure {{- end}} - cron: - image: nextcloud:fpm-alpine - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - entrypoint: | - sh -c 'sh -s < Date: Mon, 7 Jan 2019 11:29:52 -0500 Subject: [PATCH 182/262] Minor adjustments --- templates/Nextcloud/0/Resources/nginx.conf | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/templates/Nextcloud/0/Resources/nginx.conf b/templates/Nextcloud/0/Resources/nginx.conf index 22ea724..d8d3aac 100644 --- a/templates/Nextcloud/0/Resources/nginx.conf +++ b/templates/Nextcloud/0/Resources/nginx.conf @@ -21,10 +21,6 @@ http { server nextcloud:9000; } - upstream collabora { - server collabora:9980; - } - server { listen 80; listen [::]:80; @@ -90,7 +86,7 @@ http { fastcgi_split_path_info ^(.+?\.php)(/.*)$; # Mitigate https://httpoxy.org/ vulnerabilities: fastcgi_param HTTP_PROXY ""; - #fastcgi_index index.php; + fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; @@ -137,19 +133,19 @@ http { # static files location ^~ /loleaflet { - proxy_pass http://collabora; + proxy_pass http://collabora:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { - proxy_pass http://collabora; + proxy_pass http://collabora:9980; proxy_set_header Host $http_host; } # main websocket location ~ ^/lool/(.*)/ws$ { - proxy_pass http://collabora; + proxy_pass http://collabora:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; @@ -158,13 +154,13 @@ http { # download, presentation and image upload location ~ ^/lool { - proxy_pass http://collabora; + proxy_pass http://collabora:9980; proxy_set_header Host $http_host; } # Admin Console websocket location ^~ /lool/adminws { - proxy_pass http://collabora; + proxy_pass http://collabora:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; From 34b3bd79c7e030b95fb4afddd507ec23d8acf262 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 7 Jan 2019 11:38:06 -0500 Subject: [PATCH 183/262] Testing with volumes declared in NGINX --- templates/Nextcloud/0/docker-compose.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 1d98cc2..7304523 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -38,7 +38,7 @@ services: # restart: on-failure # user: www-data # volumes_from: -# - nextcloud +# - nginx nextcloud: image: nextcloud:fpm-alpine dns: # Using Cloudflare DNS @@ -60,7 +60,6 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} -# io.rancher.sidekicks: cron traefik.enable: false links: # - cron @@ -69,13 +68,8 @@ services: - redis {{- end}} restart: on-failure - volumes: - - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files - - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps - - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file + volumes_from: + - nginx nginx: image: nginx:latest # Can't use ":alpine" until I have a way to get the "www-data" user added automatically. (Project for another time) dns: # Using Cloudflare DNS @@ -86,6 +80,7 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + io.rancher.sidekicks: nextcloud traefik.enable: true ### Start Nextcloud Segment traefik.nextcloud.frontend.entryPoints: http,https @@ -122,7 +117,11 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files + - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps + - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site + - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file mysql: image: mysql:5 dns: # Using Cloudflare DNS From f2016d750e1eb46839da7ae86c0f4958f8e4d7e7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 7 Jan 2019 11:49:16 -0500 Subject: [PATCH 184/262] Re-enabled Cron --- templates/Nextcloud/0/docker-compose.yml | 37 ++++++++++++------------ 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 7304523..6d39aee 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -21,24 +21,24 @@ services: traefik.enable: false restart: on-failure {{- end}} -# cron: -# image: nextcloud:fpm-alpine -# dns: # Using Cloudflare DNS -# - 1.1.1.1 -# - 1.0.0.1 -# entrypoint: | -# sh -c 'sh -s < Date: Mon, 7 Jan 2019 11:54:56 -0500 Subject: [PATCH 185/262] Added Cron as sidekick --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 6d39aee..dbc7c99 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -79,7 +79,7 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - io.rancher.sidekicks: nextcloud + io.rancher.sidekicks: cron, nextcloud traefik.enable: true ### Start Nextcloud Segment traefik.nextcloud.frontend.entryPoints: http,https From ab2703d2335cd4282622dfb4bb633844de11000d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 7 Jan 2019 14:20:54 -0500 Subject: [PATCH 186/262] Testing Cron issues --- templates/Nextcloud/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index dbc7c99..e0de4ec 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -26,17 +26,17 @@ services: dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 - entrypoint: | + entrypoint: | # www-data uid: 82 sh -c 'sh -s < Date: Mon, 7 Jan 2019 16:19:43 -0500 Subject: [PATCH 187/262] Changed user to a string --- templates/Nextcloud/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index e0de4ec..c6af9d7 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -36,7 +36,7 @@ services: done EOF' restart: on-failure - user: 82 + user: "82" volumes_from: - nginx nextcloud: From 5ffda99de2702d8750d26e6df9b5b7f1fd98a997 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 7 Jan 2019 16:59:01 -0500 Subject: [PATCH 188/262] Tried some changes, still no fix --- templates/Nextcloud/0/Resources/nginx.conf | 29 +++++++++++++--------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/templates/Nextcloud/0/Resources/nginx.conf b/templates/Nextcloud/0/Resources/nginx.conf index d8d3aac..ca6c521 100644 --- a/templates/Nextcloud/0/Resources/nginx.conf +++ b/templates/Nextcloud/0/Resources/nginx.conf @@ -1,21 +1,28 @@ user www-data; -worker_processes 4; ## Default: 1 +worker_processes 1; # worker_rlimit_nofile 8192; #error_log /var/log/nginx/error.log warn; -#pid /var/run/nginx.pid; +pid /var/run/nginx.pid; events { - worker_connections 1024; ## Default: 1024 + worker_connections 1024; } http { - include /etc/nginx/mime.types; + include /etc/nginx/mime.types; default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + #access_log /var/log/nginx/access.log main; + sendfile on; - tcp_nopush on; - #keepalive_timeout 65; + #tcp_nopush on; + + keepalive_timeout 65; upstream php-handler { server nextcloud:9000; @@ -24,7 +31,6 @@ http { server { listen 80; listen [::]:80; - server_name _; # Add headers to serve security related headers add_header X-Content-Type-Options nosniff; @@ -59,7 +65,7 @@ http { } # set max upload size - client_max_body_size 1G; + client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -83,10 +89,10 @@ http { } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_split_path_info ^(.+\.php)(/.*)$; # Mitigate https://httpoxy.org/ vulnerabilities: fastcgi_param HTTP_PROXY ""; - fastcgi_index index.php; + #fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; @@ -105,7 +111,7 @@ http { # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif)$ { + location ~ \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; @@ -129,7 +135,6 @@ http { server { listen 81; listen [::]:81; - server_name _; # static files location ^~ /loleaflet { From 97c139af9e8c8ef0acee280f7182a8b4a19eeb7c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 7 Jan 2019 17:21:16 -0500 Subject: [PATCH 189/262] Made db-admin external --- templates/PHPMyAdmin/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index f7832ff..007c493 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -38,5 +38,6 @@ services: networks: db-admin: + external: true public-proxy: external: true \ No newline at end of file From 76fdb3ebcc690803e8db02c9653e6e94dcb00976 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 7 Jan 2019 20:04:04 -0500 Subject: [PATCH 190/262] Added note about Rancher networking --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 3414eef..26d4fed 100644 --- a/README.md +++ b/README.md @@ -38,3 +38,9 @@ Hopefully it can also be of use to others as well! * Redmine * Rocket.Chat * YOURLS + +## Using These Templates For Non-Rancher Configurations + +Notable Differences: +* Rancher provides networking for all stacks within the environment, so any declarations to `networks` and `expose` are ignored by rancher (excluding `ports`). + * Instead, network policies are created in order to restrict network traffic, instead of creating networks. \ No newline at end of file From db6a573b5b768cf88796dadae33ff9433de7b2bd Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 16:36:45 -0500 Subject: [PATCH 191/262] Testing --- .../0/Resources/conf.d/collabora.conf | 40 ++++ .../0/Resources/conf.d/nextcloud.conf | 69 +++++++ .../Nextcloud/0/Resources/fastcgi_params | 44 ++-- templates/Nextcloud/0/Resources/nginx.conf | 194 +++++------------- templates/Nextcloud/0/docker-compose.yml | 92 ++++++--- 5 files changed, 245 insertions(+), 194 deletions(-) create mode 100644 templates/Nextcloud/0/Resources/conf.d/collabora.conf create mode 100644 templates/Nextcloud/0/Resources/conf.d/nextcloud.conf diff --git a/templates/Nextcloud/0/Resources/conf.d/collabora.conf b/templates/Nextcloud/0/Resources/conf.d/collabora.conf new file mode 100644 index 0000000..1f6b893 --- /dev/null +++ b/templates/Nextcloud/0/Resources/conf.d/collabora.conf @@ -0,0 +1,40 @@ +server { + listen 81; + listen [::]:81; + + # static files + location ^~ /loleaflet { + proxy_pass http://collabora:9980; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass http://collabora:9980; + proxy_set_header Host $http_host; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + proxy_pass http://collabora:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^/lool { + proxy_pass http://collabora:9980; + proxy_set_header Host $http_host; + } + + # Admin Console websocket + location ^~ /lool/adminws { + proxy_pass http://collabora:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } +} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf b/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf new file mode 100644 index 0000000..50ad8e7 --- /dev/null +++ b/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf @@ -0,0 +1,69 @@ +upstream php-handler { + server nextcloud:9000; +} + +server { + listen 80; + listen [::]:80; + server_name _; + + root /var/www/html/; # Path to the root of your installation + + client_max_body_size 10G; # Max upload size + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip off; + + index index.php + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + + + location / { + rewrite ^ /index.php$request_uri; + } + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the location ~ \.php(?:$|/) { block + location ~* \.(?:css|js)$ { + add_header Cache-Control "public, max-age=7200"; + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + # Optional: Don't log access to assets + access_log off; + } + + # Optional: Don't log access to other assets + location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { + access_log off; + } +} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/fastcgi_params b/templates/Nextcloud/0/Resources/fastcgi_params index 14e5ac6..c2f509a 100644 --- a/templates/Nextcloud/0/Resources/fastcgi_params +++ b/templates/Nextcloud/0/Resources/fastcgi_params @@ -1,27 +1,21 @@ -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param PATH_INFO $fastcgi_path_info; -fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_index index.php; -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -fastcgi_param HTTPS $https; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file +fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/nginx.conf b/templates/Nextcloud/0/Resources/nginx.conf index ca6c521..9493b30 100644 --- a/templates/Nextcloud/0/Resources/nginx.conf +++ b/templates/Nextcloud/0/Resources/nginx.conf @@ -1,175 +1,79 @@ user www-data; -worker_processes 1; -# worker_rlimit_nofile 8192; +worker_processes auto; -#error_log /var/log/nginx/error.log warn; +# error_log /var/log/nginx.error_log info; # [ debug | info | notice | warn | error | crit ] pid /var/run/nginx.pid; events { worker_connections 1024; + use epoll; # use [ kqueue | rtsig | epoll | /dev/poll | select | poll ] } http { - include /etc/nginx/mime.types; - default_type application/octet-stream; + #---------------------------------------- + # Logging + #---------------------------------------- + + + # REFERENCE 1 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - + + # REFERENCE 2 + #log_format main '$remote_addr - $host [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"' + # 'rt=$request_time ut=$upstream_response_time ' + # 'cs=$upstream_cache_status'; + + #log_format cache '$remote_addr - $host [$time_local] "$request" $status ' + # '$body_bytes_sent "$http_referer" ' + # 'rt=$request_time ut=$upstream_response_time ' + # 'cs=$upstream_cache_status'; + + #access_log /var/log/nginx/access.log main; + #error_log /var/log/nginx/error.log warn; + + #---------------------------------------- + # Basic Settings + #---------------------------------------- + + sendfile on; + tcp_nopush on; + tcp_nodelay on; keepalive_timeout 65; - - upstream php-handler { - server nextcloud:9000; - } - server { - listen 80; - listen [::]:80; + include /etc/nginx/mime.types; + default_type application/octet-stream; - # Add headers to serve security related headers - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; + #---------------------------------------- + # Common Limits + #---------------------------------------- - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; + client_max_body_size 1G; # Max upload size - # Path to the root of your installation - root /var/www/html/; + #---------------------------------------- + # GZip + #---------------------------------------- - # Will test later - #error_page 403 /core/templates/403.php; - #error_page 404 /core/templates/404.php; - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; + #---------------------------------------- + # Cache + #---------------------------------------- - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + proxy_cache_valid 1m; - location / { - rewrite ^ /index.php$request_uri; - } + #---------------------------------------- + # Virtual Hosts + #---------------------------------------- - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - deny all; - } + include /etc/nginx/conf.d/*.conf; - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.*)$; - # Mitigate https://httpoxy.org/ vulnerabilities: - fastcgi_param HTTP_PROXY ""; - #fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - #Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^/(?:updater|ocs-provider)(?:$|/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js and css files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff|svg|gif)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } - - server { - listen 81; - listen [::]:81; - - # static files - location ^~ /loleaflet { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # WOPI discovery URL - location ^~ /hosting/discovery { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # main websocket - location ~ ^/lool/(.*)/ws$ { - proxy_pass http://collabora:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } - - # download, presentation and image upload - location ~ ^/lool { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # Admin Console websocket - location ^~ /lool/adminws { - proxy_pass http://collabora:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } - } } \ No newline at end of file diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index c6af9d7..4a001fb 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -11,8 +11,6 @@ services: - 1.0.0.1 environment: domain: collabora.${TRAEFIK_HOST} - expose: - - "9980" labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -20,6 +18,9 @@ services: {{- end}} traefik.enable: false restart: on-failure + volumes: + - Localtime:/etc/localtime:ro # Syncronize time of container with the host system + - Timezone:/etc/timezone:ro # Syncronize timezone of container with the host system {{- end}} cron: image: nextcloud:fpm-alpine @@ -30,13 +31,13 @@ services: sh -c 'sh -s < Date: Fri, 11 Jan 2019 16:38:26 -0500 Subject: [PATCH 192/262] Testing Rancher hostname_override --- templates/Nextcloud/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 4a001fb..f805ecf 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -130,6 +130,7 @@ services: MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} labels: + io.rancher.container.hostname_override: "nextcloud" io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} From 1b80cc9dbae66f24d60ed7c3434ab25bfb508048 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 16:42:03 -0500 Subject: [PATCH 193/262] Removed network declaration --- templates/Traefik/0/docker-compose.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/templates/Traefik/0/docker-compose.yml b/templates/Traefik/0/docker-compose.yml index 6a757b7..ff93ae7 100644 --- a/templates/Traefik/0/docker-compose.yml +++ b/templates/Traefik/0/docker-compose.yml @@ -29,7 +29,4 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Configuration/traefik.toml:/traefik.toml - /RancherCattle/${DATA_DIR}/LetsEncrypt:/etc/traefik/acme # For Let's Encrypt certificates - - /RancherCattle/${DATA_DIR}/Logs:/external/logs - -networks: - public-proxy: \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Logs:/external/logs \ No newline at end of file From 48f9cbaf853419fca3f3d500220920551c94517e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 16:45:19 -0500 Subject: [PATCH 194/262] Removed networks as they are ignored in Rancher --- templates/PHPMyAdmin/0/docker-compose.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index 007c493..dd66cb8 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -29,15 +29,6 @@ services: {{- else}} traefik.enable: false {{- end}} - networks: - - db-admin # Used to be able to make secure, direct connections to other services in other stacks - - public-proxy # Used for the connection to the Traefik container for public access ports: - "${WEB_PORT}:80" - restart: on-failure - -networks: - db-admin: - external: true - public-proxy: - external: true \ No newline at end of file + restart: on-failure \ No newline at end of file From 30738d9e524121694c876fe882a8b12a130ef830 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 16:47:06 -0500 Subject: [PATCH 195/262] Finished removing networks --- templates/Traefik/0/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/Traefik/0/docker-compose.yml b/templates/Traefik/0/docker-compose.yml index ff93ae7..30e80fe 100644 --- a/templates/Traefik/0/docker-compose.yml +++ b/templates/Traefik/0/docker-compose.yml @@ -14,8 +14,6 @@ services: {{- if (.Values.HOST_LABEL)}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - networks: - - public-proxy # This is used for connecting to other containers, which need to be part of this network as well ports: - "80:80" # HTTP - "443:443" # HTTPS From 0cb7258eff5e038dbe00702807059b6bc8d7ec20 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 16:54:09 -0500 Subject: [PATCH 196/262] Removed other networks, fixed Database --- templates/Nextcloud/0/docker-compose.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index f805ecf..d352350 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -104,8 +104,6 @@ services: - collabora {{- end}} - nextcloud - networks: - - public-proxy {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" @@ -136,15 +134,11 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: false - networks: - db-admin: - aliases: - - nextcloud restart: on-failure volumes: - Localtime:/etc/localtime:ro # Syncronize time of container with the host system - Timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - mysql:/var/lib/mysql + - Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} redis: image: redis:alpine From 73dc3bb186854356d8c4125fd74f0e408fbe11a2 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 17:08:44 -0500 Subject: [PATCH 197/262] Named bind mounts don't work... --- templates/Nextcloud/0/docker-compose.yml | 84 +++++------------------- 1 file changed, 17 insertions(+), 67 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index d352350..99d6815 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -19,8 +19,8 @@ services: traefik.enable: false restart: on-failure volumes: - - Localtime:/etc/localtime:ro # Syncronize time of container with the host system - - Timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system {{- end}} cron: image: nextcloud:fpm-alpine @@ -110,13 +110,15 @@ services: {{- end}} restart: on-failure volumes: - - Localtime:/etc/localtime:ro # Syncronize time of container with the host system - - Timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - Apps:/var/www/html/custom_apps # Nextcloud apps - - Configuration-Nextcloud:/var/www/html/config # Nextcloud configuration files - - Configuration-NGINX:/etc/nginx # NGINX configuration files - - Nextcloud:/var/www/html # Nextcloud site - - UserData:/var/www/html/data # Users' data file + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps + - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files + - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files + - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site + - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file + #- /RancherCattle/${DATA_DIR}/Logs/Nextcloud + #- /RancherCattle/${DATA_DIR}/Logs/NGINX mysql: image: mysql:5 dns: # Using Cloudflare DNS @@ -136,9 +138,9 @@ services: traefik.enable: false restart: on-failure volumes: - - Localtime:/etc/localtime:ro # Syncronize time of container with the host system - - Timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - Database:/var/lib/mysql + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql {{- if eq .Values.REDIS "true"}} redis: image: redis:alpine @@ -153,58 +155,6 @@ services: traefik.enable: false restart: on-failure volumes: - - Localtime:/etc/localtime:ro # Syncronize time of container with the host system - - Timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - {{- end}} - -volumes: - Localtime: - driver_opts: - type: none - device: /etc/localtime - o: bind - Timezone: - driver_opts: - type: none - device: /etc/timezone - o: bind - Database: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/Database - o: bind - Configuration-Nextcloud: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/Configuration/Nextcloud - o: bind - Configuration-NGINX: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/Configuration/NGINX - o: bind - Apps: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/Apps - o: bind - Nextcloud: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/Nextcloud - o: bind - UserData: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/UserData - o: bind - Logs-Nextcloud: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/Logs/Nextcloud - o: bind - Logs-NGINX: - driver_opts: - type: none - device: /RancherCattle/${DATA_DIR}/Logs/NGINX - o: bind \ No newline at end of file + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + {{- end}} \ No newline at end of file From e03f8625f25eaf154dfdc005257193ceeccbc7e9 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 17:23:41 -0500 Subject: [PATCH 198/262] Maybe this will work... --- templates/Nextcloud/0/docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 99d6815..2be9b4a 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -121,6 +121,7 @@ services: #- /RancherCattle/${DATA_DIR}/Logs/NGINX mysql: image: mysql:5 + container_name: nextcloud dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 @@ -130,7 +131,7 @@ services: MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} labels: - io.rancher.container.hostname_override: "nextcloud" + io.rancher.container.hostname_override: container_name io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} From 16ee5533d835c7a4c80cdaf3c6ef4345fdff7329 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 17:32:22 -0500 Subject: [PATCH 199/262] SO happy Rancher stuff rarely seems to work... --- templates/Nextcloud/0/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 2be9b4a..80f1d1e 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -121,7 +121,6 @@ services: #- /RancherCattle/${DATA_DIR}/Logs/NGINX mysql: image: mysql:5 - container_name: nextcloud dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 @@ -131,7 +130,6 @@ services: MYSQL_USER: nextcloud_user MYSQL_PASSWORD: ${DB_USER_PASS} labels: - io.rancher.container.hostname_override: container_name io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} From 0af049b60c77b0daeb00dadb63b739d161922478 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 19:17:21 -0500 Subject: [PATCH 200/262] Reverted some things, but still using new file structure --- .../0/Resources/conf.d/collabora.conf | 4 + .../0/Resources/conf.d/nextcloud.conf | 88 +++++++++++++++---- templates/Nextcloud/0/Resources/nginx.conf | 19 ++-- 3 files changed, 88 insertions(+), 23 deletions(-) diff --git a/templates/Nextcloud/0/Resources/conf.d/collabora.conf b/templates/Nextcloud/0/Resources/conf.d/collabora.conf index 1f6b893..0b718bd 100644 --- a/templates/Nextcloud/0/Resources/conf.d/collabora.conf +++ b/templates/Nextcloud/0/Resources/conf.d/collabora.conf @@ -1,7 +1,11 @@ server { listen 81; listen [::]:81; + server_name _; + #access_log logs/collabora_access.log; + #error_log logs/collabora_error.log error; + # static files location ^~ /loleaflet { proxy_pass http://collabora:9980; diff --git a/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf b/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf index 50ad8e7..e2ee329 100644 --- a/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf +++ b/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf @@ -7,15 +7,52 @@ server { listen [::]:80; server_name _; + #---------------------------------------- + # Logging + #---------------------------------------- + + #access_log logs/nextcloud_access.log; + #error_log logs/nextcloud_error.log error; + + #---------------------------------------- + # Basic Settings + #---------------------------------------- + root /var/www/html/; # Path to the root of your installation client_max_body_size 10G; # Max upload size fastcgi_buffers 64 4K; - # Enable gzip but do not remove ETag headers - gzip off; + #---------------------------------------- + # GZip + #---------------------------------------- + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + #---------------------------------------- + # Security Headers + #---------------------------------------- + + # Add headers to serve security related headers + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + fastcgi_hide_header X-Powered-By; # Remove X-Powered-By, which is an information leak + + #---------------------------------------- + # Locations + #---------------------------------------- - index index.php error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; @@ -33,37 +70,58 @@ server { return 301 $scheme://$host/remote.php/dav; } - - location / { rewrite ^ /index.php$request_uri; } - location ~ \.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)$; + # Mitigate https://httpoxy.org/ vulnerabilities: + fastcgi_param HTTP_PROXY ""; + #fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; } # Adding the cache control header for js and css files - # Make sure it is BELOW the location ~ \.php(?:$|/) { block - location ~* \.(?:css|js)$ { - add_header Cache-Control "public, max-age=7200"; - # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff|svg|gif)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + # Optional: Don't log access to assets access_log off; } - # Optional: Don't log access to other assets - location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$request_uri; + # Optional: Don't log access to other assets access_log off; } } \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/nginx.conf b/templates/Nextcloud/0/Resources/nginx.conf index 9493b30..682ca28 100644 --- a/templates/Nextcloud/0/Resources/nginx.conf +++ b/templates/Nextcloud/0/Resources/nginx.conf @@ -1,7 +1,7 @@ user www-data; worker_processes auto; -# error_log /var/log/nginx.error_log info; # [ debug | info | notice | warn | error | crit ] +#error_log /var/log/nginx_error.log info; # [ debug | info | notice | warn | error | crit ] pid /var/run/nginx.pid; events { @@ -21,7 +21,7 @@ http { # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; - #access_log /var/log/nginx/access.log main; + #access_log /var/log/nginx/http_access.log main; # REFERENCE 2 #log_format main '$remote_addr - $host [$time_local] "$request" ' @@ -35,8 +35,8 @@ http { # 'rt=$request_time ut=$upstream_response_time ' # 'cs=$upstream_cache_status'; - #access_log /var/log/nginx/access.log main; - #error_log /var/log/nginx/error.log warn; + #access_log /var/log/nginx/http_access.log main; + #error_log /var/log/nginx/http_error.log error; #---------------------------------------- # Basic Settings @@ -45,7 +45,7 @@ http { sendfile on; tcp_nopush on; tcp_nodelay on; - keepalive_timeout 65; + keepalive_timeout 65; include /etc/nginx/mime.types; default_type application/octet-stream; @@ -60,9 +60,12 @@ http { # GZip #---------------------------------------- - - - + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 1000; + gzip_buffers 4 8k; + gzip_types text/plain; #---------------------------------------- # Cache From 3821bbe6946b957feb5fe921d6001df599821db3 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 21:24:32 -0500 Subject: [PATCH 201/262] Giving up on NGINX/Collabora/Alpine stuff Just not worth the time... --- templates/Nextcloud/0/README.md | 25 ---- .../0/Resources/conf.d/collabora.conf | 44 ------ .../0/Resources/conf.d/nextcloud.conf | 127 ------------------ .../Nextcloud/0/Resources/fastcgi_params | 21 --- templates/Nextcloud/0/Resources/mime.types | 48 ------- templates/Nextcloud/0/Resources/nginx.conf | 82 ----------- templates/Nextcloud/0/docker-compose.yml | 67 +-------- templates/Nextcloud/0/rancher-compose.yml | 8 -- 8 files changed, 7 insertions(+), 415 deletions(-) delete mode 100644 templates/Nextcloud/0/Resources/conf.d/collabora.conf delete mode 100644 templates/Nextcloud/0/Resources/conf.d/nextcloud.conf delete mode 100644 templates/Nextcloud/0/Resources/fastcgi_params delete mode 100644 templates/Nextcloud/0/Resources/mime.types delete mode 100644 templates/Nextcloud/0/Resources/nginx.conf diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 180b3a8..bb093a4 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -4,31 +4,6 @@ * Traefik deployed -## First Run Setup - -### Add Configuration For NGINX - -nginx.conf and mime.types to be put in the Configuration/NGINX directory. - -Included nginx.conf has only a few minor tweaks from the one located here: - -https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx - -### Add Your Domain as a Trusted Domain - -[Official Documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#trusted-domains) - -* Open the "config.php" file, located in `/Application/config`. -* Under the "trusted_domains" array, add `1 => 'cloud.williammiceli.systems',`. - -### Apache Configuration Reference - -https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html? - -### Setup trusted domains on first startup - -https://docs.nextcloud.com/server/14/admin_manual/installation/installation_wizard.html#trusted-domains - ## Useful Tools * [Official Security Check](https://scan.nextcloud.com/) diff --git a/templates/Nextcloud/0/Resources/conf.d/collabora.conf b/templates/Nextcloud/0/Resources/conf.d/collabora.conf deleted file mode 100644 index 0b718bd..0000000 --- a/templates/Nextcloud/0/Resources/conf.d/collabora.conf +++ /dev/null @@ -1,44 +0,0 @@ -server { - listen 81; - listen [::]:81; - server_name _; - - #access_log logs/collabora_access.log; - #error_log logs/collabora_error.log error; - - # static files - location ^~ /loleaflet { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # WOPI discovery URL - location ^~ /hosting/discovery { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # main websocket - location ~ ^/lool/(.*)/ws$ { - proxy_pass http://collabora:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } - - # download, presentation and image upload - location ~ ^/lool { - proxy_pass http://collabora:9980; - proxy_set_header Host $http_host; - } - - # Admin Console websocket - location ^~ /lool/adminws { - proxy_pass http://collabora:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } -} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf b/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf deleted file mode 100644 index e2ee329..0000000 --- a/templates/Nextcloud/0/Resources/conf.d/nextcloud.conf +++ /dev/null @@ -1,127 +0,0 @@ -upstream php-handler { - server nextcloud:9000; -} - -server { - listen 80; - listen [::]:80; - server_name _; - - #---------------------------------------- - # Logging - #---------------------------------------- - - #access_log logs/nextcloud_access.log; - #error_log logs/nextcloud_error.log error; - - #---------------------------------------- - # Basic Settings - #---------------------------------------- - - root /var/www/html/; # Path to the root of your installation - - client_max_body_size 10G; # Max upload size - fastcgi_buffers 64 4K; - - #---------------------------------------- - # GZip - #---------------------------------------- - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - #---------------------------------------- - # Security Headers - #---------------------------------------- - - # Add headers to serve security related headers - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - fastcgi_hide_header X-Powered-By; # Remove X-Powered-By, which is an information leak - - #---------------------------------------- - # Locations - #---------------------------------------- - - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - location / { - rewrite ^ /index.php$request_uri; - } - - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - deny all; - } - - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.*)$; - # Mitigate https://httpoxy.org/ vulnerabilities: - fastcgi_param HTTP_PROXY ""; - #fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - #Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^/(?:updater|ocs-provider)(?:$|/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js and css files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff|svg|gif)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } -} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/fastcgi_params b/templates/Nextcloud/0/Resources/fastcgi_params deleted file mode 100644 index c2f509a..0000000 --- a/templates/Nextcloud/0/Resources/fastcgi_params +++ /dev/null @@ -1,21 +0,0 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -fastcgi_index index.php; - -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/mime.types b/templates/Nextcloud/0/Resources/mime.types deleted file mode 100644 index 62bd4b6..0000000 --- a/templates/Nextcloud/0/Resources/mime.types +++ /dev/null @@ -1,48 +0,0 @@ -types { - text/html html htm shtml; - text/css css; - text/xml xml rss; - image/gif gif; - image/jpeg jpeg jpg; - application/x-javascript js; - text/plain txt; - text/x-component htc; - text/mathml mml; - image/png png; - image/x-icon ico; - image/x-jng jng; - image/vnd.wap.wbmp wbmp; - application/java-archive jar war ear; - application/mac-binhex40 hqx; - application/pdf pdf; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/zip zip; - application/octet-stream deb; - application/octet-stream bin exe dll; - application/octet-stream dmg; - application/octet-stream eot; - application/octet-stream iso img; - application/octet-stream msi msp msm; - audio/mpeg mp3; - audio/x-realaudio ra; - video/mpeg mpeg mpg; - video/quicktime mov; - video/x-flv flv; - video/x-msvideo avi; - video/x-ms-wmv wmv; - video/x-ms-asf asx asf; - video/x-mng mng; -} \ No newline at end of file diff --git a/templates/Nextcloud/0/Resources/nginx.conf b/templates/Nextcloud/0/Resources/nginx.conf deleted file mode 100644 index 682ca28..0000000 --- a/templates/Nextcloud/0/Resources/nginx.conf +++ /dev/null @@ -1,82 +0,0 @@ -user www-data; -worker_processes auto; - -#error_log /var/log/nginx_error.log info; # [ debug | info | notice | warn | error | crit ] -pid /var/run/nginx.pid; - -events { - worker_connections 1024; - use epoll; # use [ kqueue | rtsig | epoll | /dev/poll | select | poll ] -} - -http { - - #---------------------------------------- - # Logging - #---------------------------------------- - - - # REFERENCE 1 - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - - #access_log /var/log/nginx/http_access.log main; - - # REFERENCE 2 - #log_format main '$remote_addr - $host [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"' - # 'rt=$request_time ut=$upstream_response_time ' - # 'cs=$upstream_cache_status'; - - #log_format cache '$remote_addr - $host [$time_local] "$request" $status ' - # '$body_bytes_sent "$http_referer" ' - # 'rt=$request_time ut=$upstream_response_time ' - # 'cs=$upstream_cache_status'; - - #access_log /var/log/nginx/http_access.log main; - #error_log /var/log/nginx/http_error.log error; - - #---------------------------------------- - # Basic Settings - #---------------------------------------- - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - #---------------------------------------- - # Common Limits - #---------------------------------------- - - client_max_body_size 1G; # Max upload size - - #---------------------------------------- - # GZip - #---------------------------------------- - - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 1000; - gzip_buffers 4 8k; - gzip_types text/plain; - - #---------------------------------------- - # Cache - #---------------------------------------- - - proxy_cache_valid 1m; - - #---------------------------------------- - # Virtual Hosts - #---------------------------------------- - - include /etc/nginx/conf.d/*.conf; - -} \ No newline at end of file diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 80f1d1e..184e7db 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -1,29 +1,8 @@ version: '2' services: - {{- if eq .Values.COLLABORA "true"}} - collabora: - image: collabora/code:latest - cap_add: - - MKNOD # Ability to create special files (https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - environment: - domain: collabora.${TRAEFIK_HOST} - labels: - io.rancher.container.pull_image: always - {{- if .Values.HOST_LABEL}} - io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} - {{- end}} - traefik.enable: false - restart: on-failure - volumes: - - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - {{- end}} cron: - image: nextcloud:fpm-alpine + image: nextcloud:apache dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 @@ -41,7 +20,7 @@ services: volumes_from: - nginx nextcloud: - image: nextcloud:fpm-alpine + image: nextcloud:apache dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 @@ -58,26 +37,7 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - traefik.enable: false - links: - - mysql - {{- if eq .Values.REDIS "true"}} - - redis - {{- end}} - restart: on-failure - volumes_from: - - nginx - nginx: - image: nginx:latest # Can't use ":alpine" until I have a way to get the "www-data" user added automatically. (Project for another time) - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - labels: - io.rancher.container.pull_image: always - {{- if .Values.HOST_LABEL}} - io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} - {{- end}} - io.rancher.sidekicks: cron, nextcloud + io.rancher.sidekicks: cron traefik.enable: true ### Start Nextcloud Segment traefik.nextcloud.frontend.entryPoints: http,https @@ -89,21 +49,11 @@ services: traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST} traefik.nextcloud.port: "80" ### End Nextcloud Segment - ### Start Collabora Segment - traefik.collabora.frontend.entryPoints: http,https - traefik.collabora.frontend.headers.forceSTSHeader: true - traefik.collabora.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.collabora.frontend.headers.SSLRedirect: true - traefik.collabora.frontend.headers.STSPreload: true - traefik.collabora.frontend.headers.STSSeconds: 15552000 - traefik.collabora.frontend.rule: Host:collabora.${TRAEFIK_HOST} - traefik.collabora.port: "81" - ### End Collabora Segment links: - {{- if eq .Values.COLLABORA "true"}} - - collabora + - mysql + {{- if eq .Values.REDIS "true"}} + - redis {{- end}} - - nextcloud {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" @@ -113,12 +63,9 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps - - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files - - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files + - /RancherCattle/${DATA_DIR}/Configuration:/var/www/html/config # Nextcloud configuration files - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file - #- /RancherCattle/${DATA_DIR}/Logs/Nextcloud - #- /RancherCattle/${DATA_DIR}/Logs/NGINX mysql: image: mysql:5 dns: # Using Cloudflare DNS diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index 7a54f5a..faa54a4 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -65,14 +65,6 @@ catalog: required: true type: password - - variable: "COLLABORA" - label: "Enable Collabora" - description: | - Add a Collabora container for office document editing and live collaboration. Additional setup required, see README. - default: true - required: true - type: boolean - - variable: "REDIS" label: "Enable Redis" description: | From a394a878a899161529c08900e42b8b84d9e94036 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 11 Jan 2019 21:26:43 -0500 Subject: [PATCH 202/262] Disabled Cron for now --- templates/Nextcloud/0/README.md | 3 +- templates/Nextcloud/0/docker-compose.yml | 38 ++++++++++++------------ 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index bb093a4..6a42d1f 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -10,4 +10,5 @@ ## To-Do's -* Explain how to manually setup Redis \ No newline at end of file +* Explain how to manually setup Redis +* Fix Cron container, does not yet properly execute yet \ No newline at end of file diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 184e7db..07d1043 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -1,24 +1,24 @@ version: '2' services: - cron: - image: nextcloud:apache - dns: # Using Cloudflare DNS - - 1.1.1.1 - - 1.0.0.1 - entrypoint: | # www-data uid: 82 - sh -c 'sh -s < Date: Fri, 11 Jan 2019 21:28:04 -0500 Subject: [PATCH 203/262] I don't really trust 15 yet... --- templates/Nextcloud/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index 07d1043..2970ab0 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: # cron: -# image: nextcloud:apache +# image: nextcloud:stable-apache # dns: # Using Cloudflare DNS # - 1.1.1.1 # - 1.0.0.1 @@ -20,7 +20,7 @@ services: # volumes_from: # - nginx nextcloud: - image: nextcloud:apache + image: nextcloud:stable-apache dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 From 6ae14f3517e1ef060fb8b98e612d298b17cea0c8 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 12 Jan 2019 19:32:18 -0500 Subject: [PATCH 204/262] Minor updates, should be finally "done" --- templates/WordPress/0/docker-compose.yml | 45 +++++++---------------- templates/WordPress/0/rancher-compose.yml | 17 +-------- 2 files changed, 15 insertions(+), 47 deletions(-) diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index 9a44587..84dd830 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -8,46 +8,39 @@ services: - 1.0.0.1 environment: WORDPRESS_DB_HOST: mysql + WORDPRESS_DB_NAME: wordpress_db WORDPRESS_DB_USER: wordpress_user WORDPRESS_DB_PASSWORD: ${DB_USER_PASS} - WORDPRESS_DB_NAME: wordpress # Will eventually rename this to "wordpress_db" labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.frontend.entryPoints: http,https - traefik.frontend.headers.forceSTSHeader: true - traefik.frontend.headers.SSLRedirect: true - traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "80" - {{- else}} - traefik.enable: false - {{- end}} + ### Start Web Segment + traefik.web.frontend.entryPoints: http,https + traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.port: "80" + ### End Web Segment links: - mysql - networks: - - public-proxy - {{- if .Values.WEB_PORT}} - ports: - - "${WEB_PORT}:80" - {{- end}} restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Application:/var/www/html + - /RancherCattle/${DATA_DIR}/Wordpress:/var/www/html mysql: image: mysql:5 dns: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DATABASE: wordpress # Will eventually rename this to "wordpress_db" + MYSQL_DATABASE: wordpress_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_USER: wordpress_user MYSQL_PASSWORD: ${DB_USER_PASS} @@ -56,18 +49,8 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - networks: - db-admin: - aliases: - - wordpress restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql - -networks: - db-admin: - external: true - public-proxy: - external: true \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql \ No newline at end of file diff --git a/templates/WordPress/0/rancher-compose.yml b/templates/WordPress/0/rancher-compose.yml index 4bd2961..be11e89 100644 --- a/templates/WordPress/0/rancher-compose.yml +++ b/templates/WordPress/0/rancher-compose.yml @@ -20,16 +20,7 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Web Port" - description: | - The port to locally access the web interface on. - default: "10600" required: true type: string @@ -55,10 +46,4 @@ catalog: The directory to store persistent data for the stack. default: "Personal/Wordpress" required: true - type: string - -services: - wordpress: - scale: 1 - mysql: - scale: 1 \ No newline at end of file + type: string \ No newline at end of file From 60f5ba6bda50dda46eaf1a39db650c1abd1def07 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 12 Jan 2019 19:55:02 -0500 Subject: [PATCH 205/262] Removed networks, ports, disabling traefik --- templates/Snipe-IT/0/docker-compose.yml | 33 ++---------------------- templates/Snipe-IT/0/rancher-compose.yml | 12 +-------- 2 files changed, 3 insertions(+), 42 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index abae525..d741bc7 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -3,19 +3,13 @@ services: snipe-it: image: snipe/snipe-it:latest - depends_on: - - mysql dns: - 1.1.1.1 - 1.0.0.1 environment: - APP_ENV: production # "development" or "production" + APP_ENV: production # [ development | production ] APP_DEBUG: false - {{- if .Values.TRAEFIK_HOST}} APP_URL: https://${TRAEFIK_HOST} # No port number needed - {{- else}} - APP_URL: http://localhost - {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit_db @@ -26,7 +20,6 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true ### Start Web Segment traefik.web.frontend.entryPoints: http,https @@ -37,20 +30,8 @@ services: traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment - {{- else}} - traefik.enable: false - {{- end}} links: - mysql - networks: - - public-proxy - {{- if .Values.WEB_PORT}} # Allows for local access to be disabled - ports: - - "${WEB_PORT}:80" - {{- else}} - expose: - - "80" - {{- end}} restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system @@ -72,18 +53,8 @@ services: {{- if (.Values.HOST_LABEL)}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - networks: - db-admin: - aliases: - - snipe-it # This should allow access from "mysql.snipe-it.rancher.internal" restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql - -networks: - db-admin: - external: true - public-proxy: - external: true \ No newline at end of file + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql \ No newline at end of file diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 9b8ec41..a6a9136 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -20,18 +20,8 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Local Web Port" - description: | - The port to locally access the web interface on. - Leaving this empty will not expose a any port on the host system, disabling local access outside of it's Rancher network. - default: "10300" - required: false + required: true type: string - variable: "DATA_DIR" From 9326cbff031c9a41c03c05eeb853dc137b70e81c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 12 Jan 2019 20:00:51 -0500 Subject: [PATCH 206/262] Added "no-referrer" header --- templates/Snipe-IT/0/docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index d741bc7..80dbf5e 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -24,6 +24,7 @@ services: ### Start Web Segment traefik.web.frontend.entryPoints: http,https traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 @@ -53,6 +54,7 @@ services: {{- if (.Values.HOST_LABEL)}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + traefik.enable: false restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system From 057b73aeb9fa61602b433db47202a90689aeab4a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 12 Jan 2019 20:12:41 -0500 Subject: [PATCH 207/262] Various updates, hopefully it still works --- templates/InvoiceNinja/0/docker-compose.yml | 57 +++++++++----------- templates/InvoiceNinja/0/rancher-compose.yml | 9 ---- 2 files changed, 25 insertions(+), 41 deletions(-) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index a6d99cf..385138e 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -1,4 +1,5 @@ version: '2' + services: invoiceninja: image: invoiceninja/invoiceninja:latest @@ -10,15 +11,12 @@ services: {{- if (.Values.HOST_LABEL)}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + traefik.enable: false links: - mysql restart: on-failure - volumes: - - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleConfig/${DATA_DIR}/.env:/var/www/app/.env - - /RancherCattleData/${DATA_DIR}/Logo:/var/www/app/public/logo - - /RancherCattleData/${DATA_DIR}/Storage:/var/www/app/storage + volumes_from: + - nginx cron: image: invoiceninja/invoiceninja:latest dns: @@ -39,11 +37,12 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + traefik.enable: false links: - mysql restart: on-failure volumes_from: - - invoiceninja + - nginx mysql: image: mysql:5 dns: @@ -52,7 +51,7 @@ services: environment: MYSQL_DATABASE: ninja_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} - MYSQL_USER: ninja + MYSQL_USER: ninja # Will eventually rename to "ninja_user" MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always @@ -66,7 +65,7 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql nginx: - image: nginx # Alpine does not work (last checked 6 December 2018) + image: nginx:latest dns: - 1.1.1.1 - 1.0.0.1 @@ -75,31 +74,25 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.frontend.entryPoints: http,https - traefik.frontend.headers.forceSTSHeader: true - traefik.frontend.headers.SSLRedirect: true - traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.STSSeconds: 15552000 - traefik.port: "80" - {{- else}} - traefik.enable: false - {{- end}} - io.rancher.sidekicks: invoiceninja,cron + ### Start Web Segment + traefik.web.frontend.entryPoints: http,https + traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.port: "80" + ### End Web Segment + io.rancher.sidekicks: invoiceninja, cron links: - invoiceninja - networks: - - public-proxy - ports: - - "${WEB_PORT}:80" restart: on-failure volumes: - - /RancherCattleConfig/${DATA_DIR}/nginx.conf:/etc/nginx/nginx.conf:ro - volumes_from: - - invoiceninja - -networks: - public-proxy: - external: true \ No newline at end of file + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Configuration/NGINX/nginx.conf:/etc/nginx/nginx.conf:ro + - /RancherCattle/${DATA_DIR}/Configuration/Invoice Ninja/.env:/var/www/app/.env + - /RancherCattle/${DATA_DIR}/Logo:/var/www/app/public/logo + - /RancherCattle/${DATA_DIR}/Storage:/var/www/app/storage \ No newline at end of file diff --git a/templates/InvoiceNinja/0/rancher-compose.yml b/templates/InvoiceNinja/0/rancher-compose.yml index 3711750..5434cbe 100644 --- a/templates/InvoiceNinja/0/rancher-compose.yml +++ b/templates/InvoiceNinja/0/rancher-compose.yml @@ -20,16 +20,7 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Local Web Port" - description: | - The port to locally access the web interface on. - default: "10200" required: true type: string From a65472858fa8b65fa6e057fed9807aa4d50b5af1 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 12 Jan 2019 20:43:05 -0500 Subject: [PATCH 208/262] No longer using :latest for NGINX --- templates/InvoiceNinja/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index 385138e..bbf7e5b 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -65,7 +65,7 @@ services: - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql nginx: - image: nginx:latest + image: nginx dns: - 1.1.1.1 - 1.0.0.1 From 6ab37e82639613b9eb10b008ffccf1f141e02b96 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 12 Jan 2019 21:01:15 -0500 Subject: [PATCH 209/262] Testing --- templates/InvoiceNinja/0/docker-compose.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index bbf7e5b..63b0ac1 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -15,8 +15,12 @@ services: links: - mysql restart: on-failure - volumes_from: - - nginx + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Configuration/Invoice Ninja/.env:/var/www/app/.env + - /RancherCattle/${DATA_DIR}/Logo:/var/www/app/public/logo + - /RancherCattle/${DATA_DIR}/Storage:/var/www/app/storage cron: image: invoiceninja/invoiceninja:latest dns: @@ -42,7 +46,7 @@ services: - mysql restart: on-failure volumes_from: - - nginx + - invoiceninja mysql: image: mysql:5 dns: @@ -63,7 +67,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql nginx: image: nginx dns: @@ -90,9 +94,6 @@ services: - invoiceninja restart: on-failure volumes: - - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Configuration/NGINX/nginx.conf:/etc/nginx/nginx.conf:ro - - /RancherCattle/${DATA_DIR}/Configuration/Invoice Ninja/.env:/var/www/app/.env - - /RancherCattle/${DATA_DIR}/Logo:/var/www/app/public/logo - - /RancherCattle/${DATA_DIR}/Storage:/var/www/app/storage \ No newline at end of file + volumes_from: + - invoiceninja \ No newline at end of file From 764ee76118da5f4b62bc17c49b775796dc35f3e3 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 15:03:01 -0500 Subject: [PATCH 210/262] Updated to new persistent volume directories --- templates/Snipe-IT/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 80dbf5e..e649d4b 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -37,8 +37,8 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups + - /RancherCattle/${DATA_DIR}/Application:/var/lib/snipeit + - /RancherCattle/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: image: mysql:5 dns: @@ -59,4 +59,4 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql \ No newline at end of file From ad393cadec2175699b82ddfdb4a4d462c46d8f5d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 15:17:05 -0500 Subject: [PATCH 211/262] Testing --- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 4530a7c..f050842 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -7,8 +7,8 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - APP_ENV: production # [ development | production ] - APP_DEBUG: false + APP_ENV: development # [ development | production ] + APP_DEBUG: true APP_URL: https://${TRAEFIK_HOST} # No port number needed APP_KEY: ${APP_KEY} MYSQL_HOST: mysql From 9f20daaadd83f6cdaf6923c73293e222dba5366e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 15:48:44 -0500 Subject: [PATCH 212/262] Determined issue (Old browser data) --- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index f050842..4530a7c 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -7,8 +7,8 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - APP_ENV: development # [ development | production ] - APP_DEBUG: true + APP_ENV: production # [ development | production ] + APP_DEBUG: false APP_URL: https://${TRAEFIK_HOST} # No port number needed APP_KEY: ${APP_KEY} MYSQL_HOST: mysql From 9333421a62727efdc9835f9b9b2a566c06b4f67c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 16:52:20 -0500 Subject: [PATCH 213/262] Removed networking, miscellaneous fixes --- templates/XWiki/0/docker-compose.yml | 44 +++++++-------------------- templates/XWiki/0/rancher-compose.yml | 12 +------- 2 files changed, 12 insertions(+), 44 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index c1ae212..0de619a 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -3,7 +3,6 @@ version: '2' services: xwiki: image: xwiki:stable-postgres-tomcat - container_name: xwiki dns: - 1.1.1.1 - 1.0.0.1 @@ -17,37 +16,26 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true ### Start Web Segment - traefik.frontend.entryPoints: http,https - traefik.frontend.headers.forceSTSHeader: true - traefik.frontend.headers.referrerPolicy: no-referrer - traefik.frontend.headers.SSLRedirect: true - traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.STSSeconds: 15552000 - traefik.frontend.rule: ${TRAEFIK_HOST} - traefik.port: "8080" + traefik.web.frontend.entryPoints: http, https + traefik.web.frontend.headers.forceSTSHeader: true +# traefik.web.frontend.headers.referrerPolicy: no-referrer +# traefik.web.frontend.headers.SSLRedirect: true +# traefik.web.frontend.headers.STSPreload: true +# traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.rule: ${TRAEFIK_HOST} + traefik.web.port: "8080" ### End Web Segment - {{- else}} - traefik.enable: false - {{- end}} links: - - postgresql # Using links because "depends_on" does not work in Rancher 1.6 - networks: - - public-proxy - {{- if .Values.WEB_PORT}} - ports: - - "${WEB_PORT}:8080" - {{- end}} + - postgresql restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Application:/usr/local/xwiki + - /RancherCattle/${DATA_DIR}/XWiki:/usr/local/xwiki postgresql: image: postgres:alpine - container_name: postgresql dns: - 1.1.1.1 - 1.0.0.1 @@ -62,18 +50,8 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - networks: - db-admin: - aliases: - - xwiki restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - -networks: - db-admin: - external: true - public-proxy: - external: true \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data \ No newline at end of file diff --git a/templates/XWiki/0/rancher-compose.yml b/templates/XWiki/0/rancher-compose.yml index 59bd5ee..3fa7b19 100644 --- a/templates/XWiki/0/rancher-compose.yml +++ b/templates/XWiki/0/rancher-compose.yml @@ -20,20 +20,10 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. default: "HostRegexp:{subdomain:.*}subdomain.domain.tld" - required: false + required: true type: string - - variable: "WEB_PORT" - label: "Web Port" - description: | - The port to locally access the web interface on. - Leaving this empty will disable opening any port on the host system. - default: "11100" - required: false - type: string # "Int" sometimes causes problems, and not a huge issue - - variable: "DB_ROOT_PASS" label: "Database Root Password" description: | From e412b9c23332825bcf49adc086c8339516f7a6ee Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 17:01:21 -0500 Subject: [PATCH 214/262] Re-enabled HSTS --- templates/XWiki/0/docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 0de619a..72ac1d2 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -20,10 +20,10 @@ services: ### Start Web Segment traefik.web.frontend.entryPoints: http, https traefik.web.frontend.headers.forceSTSHeader: true -# traefik.web.frontend.headers.referrerPolicy: no-referrer -# traefik.web.frontend.headers.SSLRedirect: true -# traefik.web.frontend.headers.STSPreload: true -# traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.headers.referrerPolicy: no-referrer + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 traefik.web.frontend.rule: ${TRAEFIK_HOST} traefik.web.port: "8080" ### End Web Segment From 85914b182307a314c5ab0a53b2a1fe052ccfa3c2 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 17:51:00 -0500 Subject: [PATCH 215/262] Trying modified frontend rule --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 72ac1d2..66e475a 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -24,7 +24,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: ${TRAEFIK_HOST} + traefik.web.frontend.rule: "HostRegexp: ${TRAEFIK_HOST}, {subdomain:.+}.${TRAEFIK_HOST}" traefik.web.port: "8080" ### End Web Segment links: From 929a739c20c8c7d4b4b03d2ec865601cf236cb73 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 17:54:01 -0500 Subject: [PATCH 216/262] Modified default Traefik host --- templates/XWiki/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/rancher-compose.yml b/templates/XWiki/0/rancher-compose.yml index 3fa7b19..7d86f2a 100644 --- a/templates/XWiki/0/rancher-compose.yml +++ b/templates/XWiki/0/rancher-compose.yml @@ -20,7 +20,7 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - default: "HostRegexp:{subdomain:.*}subdomain.domain.tld" + default: "subdomain.domain.tld" required: true type: string From 6e15eaeafaf6e91fb13f144b37a80fb82a3ce3e6 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 18:33:43 -0500 Subject: [PATCH 217/262] Fixed persistent certificate storage --- templates/Traefik/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Traefik/0/docker-compose.yml b/templates/Traefik/0/docker-compose.yml index 30e80fe..6f3c013 100644 --- a/templates/Traefik/0/docker-compose.yml +++ b/templates/Traefik/0/docker-compose.yml @@ -15,16 +15,16 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} ports: + - "${DASHBOARD_PORT}:8080" - "80:80" # HTTP - "443:443" # HTTPS - "1022:22" # SSH - "5050:5050" # Eclipse Che Multi-User Required - - "${DASHBOARD_PORT}:8080" restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Configuration/traefik.toml:/traefik.toml - - /RancherCattle/${DATA_DIR}/LetsEncrypt:/etc/traefik/acme # For Let's Encrypt certificates + - /RancherCattle/${DATA_DIR}/LetsEncrypt/acme.json:/acme.json # For Let's Encrypt certificates - /RancherCattle/${DATA_DIR}/Logs:/external/logs \ No newline at end of file From 20746425b3a3aa1e6403d8f81d3725e4f843eae2 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 18:42:58 -0500 Subject: [PATCH 218/262] Testing --- templates/XWiki/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/docker-compose.yml b/templates/XWiki/0/docker-compose.yml index 66e475a..4b86480 100644 --- a/templates/XWiki/0/docker-compose.yml +++ b/templates/XWiki/0/docker-compose.yml @@ -24,7 +24,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: "HostRegexp: ${TRAEFIK_HOST}, {subdomain:.+}.${TRAEFIK_HOST}" + traefik.web.frontend.rule: "Host:${TRAEFIK_HOST}" # HostRegexp:${TRAEFIK_HOST},{subdomain:.+}. traefik.web.port: "8080" ### End Web Segment links: From 4fe52ac8796a6e8445774f4efeab64663a6f1b23 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 19:06:58 -0500 Subject: [PATCH 219/262] Added link for later --- templates/XWiki/0/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/README.md b/templates/XWiki/0/README.md index 75cdd23..2564a7d 100644 --- a/templates/XWiki/0/README.md +++ b/templates/XWiki/0/README.md @@ -7,4 +7,4 @@ ### TODO * Fix issue with some page assets being delivered over http instead of https -* Document setting up domain DNS \ No newline at end of file +* Document setting up domain DNS for [wildcard Let's Encrypt certificates](https://docs.traefik.io/configuration/acme/#wildcard-domains) \ No newline at end of file From a9cf12ef35c2a6c04122a6de15d8d917f669f567 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 13 Jan 2019 21:14:59 -0500 Subject: [PATCH 220/262] Added important articles for configuration --- templates/XWiki/0/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/XWiki/0/README.md b/templates/XWiki/0/README.md index 2564a7d..17c70db 100644 --- a/templates/XWiki/0/README.md +++ b/templates/XWiki/0/README.md @@ -4,6 +4,11 @@ +## Popular Configuration Articles +* [https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Configuration/] +* [https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Virtualization/] +* [https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/ShortURLs/] + ### TODO * Fix issue with some page assets being delivered over http instead of https From 77ad3edad954d170cc15816d042dd448fb519ea5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 00:55:54 -0500 Subject: [PATCH 221/262] Updated Stack Statuses --- README.md | 70 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 26d4fed..157c366 100644 --- a/README.md +++ b/README.md @@ -5,42 +5,50 @@ Hopefully it can also be of use to others as well! ## TODO List -* Have WEB_PORT be optional * Have DATA_DIR be optional * Include logos for all stacks -* Include description for all stacks -* Use named volumes for the bind mounts - * - * +* Include descriptions and setup instructions for all stacks -## Stacks Complete +## Stack Statuses -* Bind -* Ghost -* HTTPD -* InvoiceNinja -* Nextcloud -* Nginx -* OpenProject -* PHPMyAdmin -* Snipe-IT -* Traefik -* WordPress - -## Stacks Yet To Be Made - -* Adminer -* Apache Guacamole -* Discourse -* Eclipse Che -* Matomo -* MediaWiki -* Redmine -* Rocket.Chat -* YOURLS +- [ ] Adminer [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) +- [ ] Apache Guacamole [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) +- [x] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) +- [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) +- [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) +- [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) +- [x] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) +- [ ] Gitea [Docker Hub](https://hub.docker.com/r/gitea/gitea) [Website](https://gitea.io/en-us/) +- [ ] GitPitch Pro [Docker Hub](https://hub.docker.com/_/gitpitch-pro) [Website](https://gitpitch.com/) +- [ ] Gogs [Docker Hub](https://hub.docker.com/r/gogs/gogs) [Website](https://gogs.io/) +- [ ] Grafana [Docker Hub](https://hub.docker.com/r/grafana/grafana) [Website](https://grafana.com/) +- [x] HTTPD [Docker Hub](https://hub.docker.com/_/httpd) [Website](http://httpd.apache.org/) +- [x] InvoiceNinja [Docker Hub](https://hub.docker.com/r/invoiceninja/invoiceninja) [Website](https://www.invoiceninja.org/) +- [ ] Joomla [Docker Hub](https://hub.docker.com/_/joomla) [Website](https://www.joomla.org/) +- [ ] Logstash [Docker Hub](https://hub.docker.com/_/logstash) [Website](https://www.elastic.co/products/logstash) +- [ ] Matomo [Docker Hub](https://hub.docker.com/_/matomo) [Website](https://matomo.org/) +- [ ] MediaWiki [Docker Hub](https://hub.docker.com/_/mediawiki) [Website](https://www.mediawiki.org/) +- [ ] Memcached [Docker Hub](https://hub.docker.com/_/memcached) [Website](https://www.memcached.org/) +- [ ] MySQL [Docker Hub](https://hub.docker.com/_/mysql) [Website](https://www.mysql.com/) +- [x] Nextcloud [Docker Hub](https://hub.docker.com/_/nextcloud) [Website](https://nextcloud.com/) +- [ ] Nginx [Docker Hub](https://hub.docker.com/_/nginx) [Website](https://www.nginx.com/) +- [x] OpenProject [Docker Hub](https://hub.docker.com/r/openproject/community) [Website](https://www.openproject.org/) +- [x] PHPMyAdmin [Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) [Website](https://www.phpmyadmin.net/) +- [ ] PostgreSQL [Docker Hub](https://hub.docker.com/_/postgres) [Website](https://www.postgresql.org/) +- [ ] ProjectSend [Docker Hub](https://hub.docker.com/r/linuxserver/projectsend) [Website](https://www.projectsend.org/) +- [ ] Pydio Cells [Docker Hub](https://hub.docker.com/r/pydio/cells/) [Website](https://pydio.com/en/) +- [ ] Redis [Docker Hub](https://hub.docker.com/_/redis) [Website](https://redis.io/) +- [ ] Redmine [Docker Hub](https://hub.docker.com/_/redmine) [Website](http://www.redmine.org/) +- [ ] Rocket.Chat [Docker Hub](https://hub.docker.com/_/rocketchat) [Website](https://rocket.chat/) +- [x] Snipe-IT [Docker Hub](https://hub.docker.com/r/snipe/snipe-it) [Website](https://snipeitapp.com/) +- [x] Traefik [Docker Hub](https://hub.docker.com/_/traefik) [Website](https://traefik.io/) +- [ ] Transmission [Docker Hub](https://hub.docker.com/r/linuxserver/transmission) [Website](https://transmissionbt.com/) +- [x] WordPress [Docker Hub](https://hub.docker.com/_/wordpress) [Website](https://wordpress.com/) +- [x] XWiki [Docker Hub](https://hub.docker.com/_/xwiki) [Website](https://www.xwiki.org/) +- [ ] YOURLS [Docker Hub](https://hub.docker.com/_/yourls) [Website](http://yourls.org/) ## Using These Templates For Non-Rancher Configurations Notable Differences: -* Rancher provides networking for all stacks within the environment, so any declarations to `networks` and `expose` are ignored by rancher (excluding `ports`). - * Instead, network policies are created in order to restrict network traffic, instead of creating networks. \ No newline at end of file +* Rancher provides networking for stacks, so any declarations to `networks` and `expose` are ignored (excluding `ports`) on creation. + * Instead, network policies can be created within Rancher's "Environments" \ No newline at end of file From 90182d3ba49f8e9ace60647bc9a03eb66b0d8faf Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 00:59:52 -0500 Subject: [PATCH 222/262] Testing markdown ability --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 157c366..2fa8fad 100644 --- a/README.md +++ b/README.md @@ -11,13 +11,13 @@ Hopefully it can also be of use to others as well! ## Stack Statuses -- [ ] Adminer [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) -- [ ] Apache Guacamole [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) -- [x] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) -- [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) -- [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) -- [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) -- [x] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) +- [ ] [ ] Adminer [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) +- [ ] [ ] Apache Guacamole [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) +- [x] [ ] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) +- [ ] [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) +- [ ] [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) +- [ ] [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) +- [x] [ ] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) - [ ] Gitea [Docker Hub](https://hub.docker.com/r/gitea/gitea) [Website](https://gitea.io/en-us/) - [ ] GitPitch Pro [Docker Hub](https://hub.docker.com/_/gitpitch-pro) [Website](https://gitpitch.com/) - [ ] Gogs [Docker Hub](https://hub.docker.com/r/gogs/gogs) [Website](https://gogs.io/) From ec5693836ef2856ac8e233e796541c9e2aa63c65 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 01:00:31 -0500 Subject: [PATCH 223/262] Testing markdown --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2fa8fad..53f823f 100644 --- a/README.md +++ b/README.md @@ -11,13 +11,13 @@ Hopefully it can also be of use to others as well! ## Stack Statuses -- [ ] [ ] Adminer [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) -- [ ] [ ] Apache Guacamole [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) -- [x] [ ] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) -- [ ] [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) -- [ ] [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) -- [ ] [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) -- [x] [ ] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) +- [ ] - [ ] Adminer [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) +- [ ] - [ ] Apache Guacamole [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) +- [x] - [ ] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) +- [ ] - [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) +- [ ] - [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) +- [ ] - [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) +- [x] - [ ] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) - [ ] Gitea [Docker Hub](https://hub.docker.com/r/gitea/gitea) [Website](https://gitea.io/en-us/) - [ ] GitPitch Pro [Docker Hub](https://hub.docker.com/_/gitpitch-pro) [Website](https://gitpitch.com/) - [ ] Gogs [Docker Hub](https://hub.docker.com/r/gogs/gogs) [Website](https://gogs.io/) From 3fcf0c0a9f03e38a4ac98855f18fc9ed6fac38f6 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 01:02:35 -0500 Subject: [PATCH 224/262] Testing markdown --- README.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 53f823f..4b25c47 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,15 @@ Hopefully it can also be of use to others as well! * Include descriptions and setup instructions for all stacks ## Stack Statuses - -- [ ] - [ ] Adminer [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) -- [ ] - [ ] Apache Guacamole [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) -- [x] - [ ] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) -- [ ] - [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) -- [ ] - [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) -- [ ] - [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) -- [x] - [ ] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) +One | Two | Three +--------------|-----------------|---------------------- +- [ ] | Adminer | [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) +- [ ] | Apache Guacamole | [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) +- [x] | Bind | [Docker Hub](https://hub.docker.com/r/sameersbn/bind) +- [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) +- [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) +- [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) +- [x] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) - [ ] Gitea [Docker Hub](https://hub.docker.com/r/gitea/gitea) [Website](https://gitea.io/en-us/) - [ ] GitPitch Pro [Docker Hub](https://hub.docker.com/_/gitpitch-pro) [Website](https://gitpitch.com/) - [ ] Gogs [Docker Hub](https://hub.docker.com/r/gogs/gogs) [Website](https://gogs.io/) From 5be4d8b680155af75e844a58860a108d149f719a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 01:03:37 -0500 Subject: [PATCH 225/262] Testing markdown --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 4b25c47..86360d3 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,12 @@ One | Two | Three - [ ] | Adminer | [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) - [ ] | Apache Guacamole | [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) - [x] | Bind | [Docker Hub](https://hub.docker.com/r/sameersbn/bind) + + + + + + - [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) - [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) - [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) From 73d93abcc82a7197fe46288e18aa538d716adcf6 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 01:06:37 -0500 Subject: [PATCH 226/262] Testing markdown --- README.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 86360d3..895700b 100644 --- a/README.md +++ b/README.md @@ -10,17 +10,10 @@ Hopefully it can also be of use to others as well! * Include descriptions and setup instructions for all stacks ## Stack Statuses -One | Two | Three ---------------|-----------------|---------------------- -- [ ] | Adminer | [Docker Hub](https://hub.docker.com/_/adminer) [Website](https://www.adminer.org/en/) -- [ ] | Apache Guacamole | [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) [Website](https://guacamole.apache.org/) -- [x] | Bind | [Docker Hub](https://hub.docker.com/r/sameersbn/bind) - - - - - +- [ ] Adminer <> [Docker Hub](https://hub.docker.com/_/adminer) <> [Website](https://www.adminer.org/en/) +- [ ] Apache Guacamole <> [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) <> [Website](https://guacamole.apache.org/) +- [x] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) - [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) - [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) - [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) From 2c9b8ccb7372e63b68f7dc713f36c681ab83261c Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 01:08:25 -0500 Subject: [PATCH 227/262] Testing markdown --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 895700b..72d87a1 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,8 @@ Hopefully it can also be of use to others as well! ## Stack Statuses -- [ ] Adminer <> [Docker Hub](https://hub.docker.com/_/adminer) <> [Website](https://www.adminer.org/en/) -- [ ] Apache Guacamole <> [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) <> [Website](https://guacamole.apache.org/) +- [ ] Adminer - [Docker Hub](https://hub.docker.com/_/adminer) - [Website](https://www.adminer.org/en/) +- [ ] Apache Guacamole - [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) - [Website](https://guacamole.apache.org/) - [x] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) - [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) - [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) From ef9723fe28a48b48968c78c876055271aa2e5e1f Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 15 Jan 2019 01:12:31 -0500 Subject: [PATCH 228/262] This looks better --- README.md | 67 +++++++++++++++++++++++++++---------------------------- 1 file changed, 33 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 72d87a1..4969083 100644 --- a/README.md +++ b/README.md @@ -13,42 +13,41 @@ Hopefully it can also be of use to others as well! - [ ] Adminer - [Docker Hub](https://hub.docker.com/_/adminer) - [Website](https://www.adminer.org/en/) - [ ] Apache Guacamole - [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) - [Website](https://guacamole.apache.org/) -- [x] Bind [Docker Hub](https://hub.docker.com/r/sameersbn/bind) -- [ ] Discourse [Docker Hub](https://hub.docker.com/_/discourse) [Website](https://www.discourse.org/) -- [ ] Drupal [Docker Hub](https://hub.docker.com/_/drupal) [Website](https://www.drupal.org/) -- [ ] Eclipse Che [Docker Hub](https://hub.docker.com/_/eclipse-che) [Website](https://www.eclipse.org/che/) -- [x] Ghost [Docker Hub](https://hub.docker.com/_/ghost) [Website](https://ghost.org/) -- [ ] Gitea [Docker Hub](https://hub.docker.com/r/gitea/gitea) [Website](https://gitea.io/en-us/) -- [ ] GitPitch Pro [Docker Hub](https://hub.docker.com/_/gitpitch-pro) [Website](https://gitpitch.com/) -- [ ] Gogs [Docker Hub](https://hub.docker.com/r/gogs/gogs) [Website](https://gogs.io/) -- [ ] Grafana [Docker Hub](https://hub.docker.com/r/grafana/grafana) [Website](https://grafana.com/) -- [x] HTTPD [Docker Hub](https://hub.docker.com/_/httpd) [Website](http://httpd.apache.org/) -- [x] InvoiceNinja [Docker Hub](https://hub.docker.com/r/invoiceninja/invoiceninja) [Website](https://www.invoiceninja.org/) -- [ ] Joomla [Docker Hub](https://hub.docker.com/_/joomla) [Website](https://www.joomla.org/) -- [ ] Logstash [Docker Hub](https://hub.docker.com/_/logstash) [Website](https://www.elastic.co/products/logstash) -- [ ] Matomo [Docker Hub](https://hub.docker.com/_/matomo) [Website](https://matomo.org/) -- [ ] MediaWiki [Docker Hub](https://hub.docker.com/_/mediawiki) [Website](https://www.mediawiki.org/) -- [ ] Memcached [Docker Hub](https://hub.docker.com/_/memcached) [Website](https://www.memcached.org/) -- [ ] MySQL [Docker Hub](https://hub.docker.com/_/mysql) [Website](https://www.mysql.com/) -- [x] Nextcloud [Docker Hub](https://hub.docker.com/_/nextcloud) [Website](https://nextcloud.com/) -- [ ] Nginx [Docker Hub](https://hub.docker.com/_/nginx) [Website](https://www.nginx.com/) -- [x] OpenProject [Docker Hub](https://hub.docker.com/r/openproject/community) [Website](https://www.openproject.org/) -- [x] PHPMyAdmin [Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) [Website](https://www.phpmyadmin.net/) -- [ ] PostgreSQL [Docker Hub](https://hub.docker.com/_/postgres) [Website](https://www.postgresql.org/) -- [ ] ProjectSend [Docker Hub](https://hub.docker.com/r/linuxserver/projectsend) [Website](https://www.projectsend.org/) -- [ ] Pydio Cells [Docker Hub](https://hub.docker.com/r/pydio/cells/) [Website](https://pydio.com/en/) -- [ ] Redis [Docker Hub](https://hub.docker.com/_/redis) [Website](https://redis.io/) -- [ ] Redmine [Docker Hub](https://hub.docker.com/_/redmine) [Website](http://www.redmine.org/) -- [ ] Rocket.Chat [Docker Hub](https://hub.docker.com/_/rocketchat) [Website](https://rocket.chat/) -- [x] Snipe-IT [Docker Hub](https://hub.docker.com/r/snipe/snipe-it) [Website](https://snipeitapp.com/) -- [x] Traefik [Docker Hub](https://hub.docker.com/_/traefik) [Website](https://traefik.io/) -- [ ] Transmission [Docker Hub](https://hub.docker.com/r/linuxserver/transmission) [Website](https://transmissionbt.com/) -- [x] WordPress [Docker Hub](https://hub.docker.com/_/wordpress) [Website](https://wordpress.com/) -- [x] XWiki [Docker Hub](https://hub.docker.com/_/xwiki) [Website](https://www.xwiki.org/) -- [ ] YOURLS [Docker Hub](https://hub.docker.com/_/yourls) [Website](http://yourls.org/) +- [x] Bind - [Docker Hub](https://hub.docker.com/r/sameersbn/bind) +- [ ] Discourse - [Docker Hub](https://hub.docker.com/_/discourse) - [Website](https://www.discourse.org/) +- [ ] Drupal - [Docker Hub](https://hub.docker.com/_/drupal) - [Website](https://www.drupal.org/) +- [ ] Eclipse Che - [Docker Hub](https://hub.docker.com/_/eclipse-che) - [Website](https://www.eclipse.org/che/) +- [x] Ghost - [Docker Hub](https://hub.docker.com/_/ghost) - [Website](https://ghost.org/) +- [ ] Gitea - [Docker Hub](https://hub.docker.com/r/gitea/gitea) - [Website](https://gitea.io/en-us/) +- [ ] GitPitch Pro - [Docker Hub](https://hub.docker.com/_/gitpitch-pro) - [Website](https://gitpitch.com/) +- [ ] Gogs - [Docker Hub](https://hub.docker.com/r/gogs/gogs) - [Website](https://gogs.io/) +- [ ] Grafana - [Docker Hub](https://hub.docker.com/r/grafana/grafana) - [Website](https://grafana.com/) +- [x] HTTPD - [Docker Hub](https://hub.docker.com/_/httpd) - [Website](http://httpd.apache.org/) +- [x] InvoiceNinja - [Docker Hub](https://hub.docker.com/r/invoiceninja/invoiceninja) - [Website](https://www.invoiceninja.org/) +- [ ] Joomla - [Docker Hub](https://hub.docker.com/_/joomla) - [Website](https://www.joomla.org/) +- [ ] Logstash - [Docker Hub](https://hub.docker.com/_/logstash) - [Website](https://www.elastic.co/products/logstash) +- [ ] Matomo - [Docker Hub](https://hub.docker.com/_/matomo) - [Website](https://matomo.org/) +- [ ] MediaWiki - [Docker Hub](https://hub.docker.com/_/mediawiki) - [Website](https://www.mediawiki.org/) +- [ ] Memcached - [Docker Hub](https://hub.docker.com/_/memcached) - [Website](https://www.memcached.org/) +- [ ] MySQL - [Docker Hub](https://hub.docker.com/_/mysql) - [Website](https://www.mysql.com/) +- [x] Nextcloud - [Docker Hub](https://hub.docker.com/_/nextcloud) - [Website](https://nextcloud.com/) +- [ ] Nginx - [Docker Hub](https://hub.docker.com/_/nginx) - [Website](https://www.nginx.com/) +- [x] OpenProject - [Docker Hub](https://hub.docker.com/r/openproject/community) - [Website](https://www.openproject.org/) +- [x] PHPMyAdmin - [Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) - [Website](https://www.phpmyadmin.net/) +- [ ] PostgreSQL - [Docker Hub](https://hub.docker.com/_/postgres) - [Website](https://www.postgresql.org/) +- [ ] ProjectSend - [Docker Hub](https://hub.docker.com/r/linuxserver/projectsend) - [Website](https://www.projectsend.org/) +- [ ] Pydio Cells - [Docker Hub](https://hub.docker.com/r/pydio/cells/) - [Website](https://pydio.com/en/) +- [ ] Redis - [Docker Hub](https://hub.docker.com/_/redis) - [Website](https://redis.io/) +- [ ] Redmine - [Docker Hub](https://hub.docker.com/_/redmine) - [Website](http://www.redmine.org/) +- [ ] Rocket.Chat - [Docker Hub](https://hub.docker.com/_/rocketchat) - [Website](https://rocket.chat/) +- [x] Snipe-IT - [Docker Hub](https://hub.docker.com/r/snipe/snipe-it) - [Website](https://snipeitapp.com/) +- [x] Traefik - [Docker Hub](https://hub.docker.com/_/traefik) - [Website](https://traefik.io/) +- [ ] Transmission - [Docker Hub](https://hub.docker.com/r/linuxserver/transmission) - [Website](https://transmissionbt.com/) +- [x] WordPress - [Docker Hub](https://hub.docker.com/_/wordpress) - [Website](https://wordpress.com/) +- [x] XWiki - [Docker Hub](https://hub.docker.com/_/xwiki) - [Website](https://www.xwiki.org/) +- [ ] YOURLS - [Docker Hub](https://hub.docker.com/_/yourls) - [Website](http://yourls.org/) ## Using These Templates For Non-Rancher Configurations -Notable Differences: * Rancher provides networking for stacks, so any declarations to `networks` and `expose` are ignored (excluding `ports`) on creation. * Instead, network policies can be created within Rancher's "Environments" \ No newline at end of file From 68505b1ec43190a786d8a4ce3b62372ce6d964aa Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 15:33:26 -0500 Subject: [PATCH 229/262] Minor updates, also now using Postgres --- templates/Guacamole/0/docker-compose.yml | 53 ++++++++++-------------- 1 file changed, 21 insertions(+), 32 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 1b6867e..a06d75e 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -7,39 +7,33 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_HOSTNAME: mysql - MYSQL_DATABASE: guacamole_db - MYSQL_USER: guacamole_user - MYSQL_PASSWORD: ${DB_USER_PASS} + POSTGRES_HOSTNAME: postgres + POSTGRES_DATABASE: guacamole_db + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true ### Start Web Segment traefik.web.frontend.entryPoints: http,https traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.redirect.entryPoint: https - traefik.web.frontend.redirect.permanent: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "8080" ### End Web Segment - {{- else}} - traefik.enable: false - {{- end}} links: - guacd - - mysql - networks: - - public-proxy - ports: - - "${WEB_PORT}:8080" + - postgres restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system guacd: image: guacamole/guacd:latest dns: @@ -50,34 +44,29 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + traefik.enable: false restart: on-failure - mysql: - image: mysql:latest + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + postgres: + image: postgres:alpine dns: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} - MYSQL_DATABASE: guacamole_db - MYSQL_USER: guacamole_user - MYSQL_PASSWORD: ${DB_USER_PASS} + POSTGRES_DB: guacamole_db + POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - networks: - db-admin: - aliases: - - guacamole + traefik.enable: false restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql # MySQL Database to be persistent - -networks: - db-admin: - external: true - public-proxy: - external: true \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data \ No newline at end of file From 7c9c0b05198a2f7aa8cf95029e9105e30c8a140d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 15:38:22 -0500 Subject: [PATCH 230/262] Fixed Rancher questions --- templates/Guacamole/0/docker-compose.yml | 2 +- templates/Guacamole/0/rancher-compose.yml | 23 +++++++---------------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a06d75e..09d9112 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -24,7 +24,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.frontend.rule: Host:${TRAEFIK_HOSTNAME} traefik.web.port: "8080" ### End Web Segment links: diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index bf0f58e..b71dddc 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -17,35 +17,26 @@ catalog: required: false type: string - - variable: "TRAEFIK_HOST" - label: "Public Host Domain" + - variable: "TRAEFIK_HOSTNAME" + label: "Public Hostname" description: | - The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. + The FQDN which Traefik should use to provide public access. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Local Web Port" - description: | - The port to locally access the web interface on. - default: "10700" required: true type: string - variable: "DB_ROOT_PASS" - label: "MySQL Root Password" + label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" user. # default: required: true type: password - variable: "DB_USER_PASS" - label: "MySQL User Password" + label: "Database User Password" description: | - A secure password to be used by the "guacamole_user" MySQL user. + A secure password to be used by the "guacamole_user" user. # default: required: true type: password From 0c2618b0c2a7fc8c7c551551e024cb2df5390002 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 16:15:51 -0500 Subject: [PATCH 231/262] Explicitly defined guacd hostname --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 09d9112..a1bb51b 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -7,6 +7,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: + GUACD_HOSTNAME: guacd POSTGRES_HOSTNAME: postgres POSTGRES_DATABASE: guacamole_db POSTGRES_USER: guacamole_user From ada430be5252980bbf4458cfa48ab41563a8fc93 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 16:28:31 -0500 Subject: [PATCH 232/262] Added shared volume for setup files --- templates/Guacamole/0/docker-compose.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a1bb51b..b6ea2ed 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -35,6 +35,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Setup:/Setup guacd: image: guacamole/guacd:latest dns: @@ -70,4 +71,5 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data + - /RancherCattle/${DATA_DIR}/Setup:/Setup \ No newline at end of file From 9b926aed59c5559cb7e8e2f1d35fd9e200a2ec89 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 16:57:56 -0500 Subject: [PATCH 233/262] Changed back to mysql --- templates/Guacamole/0/docker-compose.yml | 28 ++++++++++++------------ 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index b6ea2ed..c278ea0 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -8,10 +8,10 @@ services: - 1.0.0.1 environment: GUACD_HOSTNAME: guacd - POSTGRES_HOSTNAME: postgres - POSTGRES_DATABASE: guacamole_db - POSTGRES_USER: guacamole_user - POSTGRES_PASSWORD: ${DB_USER_PASS} + MYSQL_HOSTNAME: mysql + MYSQL_DATABASE: guacamole_db + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -30,12 +30,12 @@ services: ### End Web Segment links: - guacd - - postgres + - mysql restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Setup:/Setup + - /RancherCattle/${DATA_DIR}/Setup:/setup guacd: image: guacamole/guacd:latest dns: @@ -51,16 +51,16 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - postgres: - image: postgres:alpine + mysql: + image: mysql:5 dns: - 1.1.1.1 - 1.0.0.1 environment: - POSTGRES_DB: guacamole_db - POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} - POSTGRES_USER: guacamole_user - POSTGRES_PASSWORD: ${DB_USER_PASS} + MYSQL_DB: guacamole_db + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -71,5 +71,5 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - - /RancherCattle/${DATA_DIR}/Setup:/Setup \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Setup:/setup \ No newline at end of file From 4b00b089faedc5a18206c2d0c4e0e85a9fd6eda5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:05:31 -0500 Subject: [PATCH 234/262] Fixed environment variable name --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index c278ea0..551ca50 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -57,7 +57,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DB: guacamole_db + MYSQL_DATABASE: guacamole_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_USER: guacamole_user MYSQL_PASSWORD: ${DB_USER_PASS} From f306f394700e8d55fd3ebc4dbd8725c12860c05f Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:41:00 -0500 Subject: [PATCH 235/262] Testing adding a prefix to the path --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 551ca50..a7acf8f 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -25,7 +25,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: Host:${TRAEFIK_HOSTNAME} + traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" traefik.web.port: "8080" ### End Web Segment links: From 23f9ddffa3692d4b60406a30f46545a90aace687 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:41:19 -0500 Subject: [PATCH 236/262] Changed default to have hosted on Controller --- templates/Guacamole/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index b71dddc..7aefee8 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -13,7 +13,7 @@ catalog: label: "Host Label Key/Value Pair" description: | The Key/Value pair on the host which the stack should be deployed. - default: "host.id=Host1" + default: "host.id=Controller" required: false type: string From ade6f1fc353bf51123cebaeee6b37a72e03f6a51 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:41:42 -0500 Subject: [PATCH 237/262] Updated with installation instructions --- templates/Guacamole/0/README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 6eb7b41..453f2f5 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -1,10 +1,13 @@ # Guacamole -Using official images only: -* guacamole/guacamole:latest -* guacamole/guacd:latest -* mysql:latest +## Initial Setup -### To-do List -* Allow LDAP authentication in place of MySQL authentication -* Make database initialization automatic, or provide instructions for it \ No newline at end of file +On the "guacamole" container, run: +`` + +On the "mysql" container, run: +`cat /setup/initdb.sql | mysql -u root -p guacamole_db` + +## Post-Installation + +Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password) \ No newline at end of file From 45ff58c16f8e6658cc96268272c11a00c2888002 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:43:51 -0500 Subject: [PATCH 238/262] Made note for later --- templates/Guacamole/0/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 453f2f5..949c574 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -10,4 +10,7 @@ On the "mysql" container, run: ## Post-Installation -Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password) \ No newline at end of file +Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password) + +## TODO +* Allow adding extensions \ No newline at end of file From a467667184adbdf9d86430af60670a16dcb1c4eb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:45:39 -0500 Subject: [PATCH 239/262] Added setup instruction --- templates/Guacamole/0/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 949c574..b9cc313 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -3,7 +3,7 @@ ## Initial Setup On the "guacamole" container, run: -`` +`/opt/guacamole/bin/initdb.sh --mysql > /setup/initdb.sql` On the "mysql" container, run: `cat /setup/initdb.sql | mysql -u root -p guacamole_db` From 81e746ed91bd29ab4072efd31b7b5f58735f749a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:27:56 -0500 Subject: [PATCH 240/262] Testing some fine-tuning changes --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a7acf8f..d3dc2d4 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -25,7 +25,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" + traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole; PathPrefixStrip: /guacamole" traefik.web.port: "8080" ### End Web Segment links: From 08b414fe228ba452bbe497e1f57840019674d8d9 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:40:10 -0500 Subject: [PATCH 241/262] Found actual reason for the issue --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index d3dc2d4..a7acf8f 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -25,7 +25,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole; PathPrefixStrip: /guacamole" + traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" traefik.web.port: "8080" ### End Web Segment links: From adbe17efc1702b176573fbc35cb749d173a1912d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:43:12 -0500 Subject: [PATCH 242/262] Testing separation of SSL and non-SSL This is to attempt at not having the path prefix added twice on the initial connection to the site --- templates/Guacamole/0/docker-compose.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a7acf8f..020f0fd 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -18,16 +18,19 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true - ### Start Web Segment - traefik.web.frontend.entryPoints: http,https - traefik.web.frontend.headers.forceSTSHeader: true - traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.web.frontend.headers.SSLRedirect: true - traefik.web.frontend.headers.STSPreload: true - traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" - traefik.web.port: "8080" - ### End Web Segment + ### Start HTTP Segment + traefik.http.frontend.entryPoints: http + traefik.http.frontend.headers.SSLRedirect: true + ### End HTTP Segment + ### Start HTTPS Segment + traefik.https.frontend.entryPoints: https + traefik.https.frontend.headers.forceSTSHeader: true + traefik.https.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.https.frontend.headers.STSPreload: true + traefik.https.frontend.headers.STSSeconds: 15552000 + traefik.https.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" + traefik.https.port: "8080" + ### End HTTPS Segment links: - guacd - mysql From 5f6121c2b3777223d94af14895bb1cc8d1b2207b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:47:56 -0500 Subject: [PATCH 243/262] Fixed issue of no matching rule --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 020f0fd..c1ccb02 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -21,6 +21,7 @@ services: ### Start HTTP Segment traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true + traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} ### End HTTP Segment ### Start HTTPS Segment traefik.https.frontend.entryPoints: https From 4e26df51aa171ab388dd0bb09108fb334c4c976a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:51:51 -0500 Subject: [PATCH 244/262] Port possibly required --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index c1ccb02..dd5b026 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -22,6 +22,7 @@ services: traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} + traefik.http.port: "1" ### End HTTP Segment ### Start HTTPS Segment traefik.https.frontend.entryPoints: https From 7ed3a603e87bfe04e52ab9b859012dfe5fdfe22d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:52:24 -0500 Subject: [PATCH 245/262] Changed port in case of healthcheck issues --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index dd5b026..0550b09 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -22,7 +22,7 @@ services: traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} - traefik.http.port: "1" + traefik.http.port: "8080" ### End HTTP Segment ### Start HTTPS Segment traefik.https.frontend.entryPoints: https From b7c6e17ae48829ac29fab90b639e9077c2ad5e63 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:59:01 -0500 Subject: [PATCH 246/262] Added notes --- templates/Guacamole/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 0550b09..e919025 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -18,7 +18,7 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true - ### Start HTTP Segment + ### Start HTTP Segment (Each EntryPoint has it's own segment, that way on initial HTTP connection, the prefix isn't added twice) traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} @@ -40,7 +40,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Setup:/setup + - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler guacd: image: guacamole/guacd:latest dns: @@ -77,4 +77,4 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql - - /RancherCattle/${DATA_DIR}/Setup:/setup \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler \ No newline at end of file From 4a88af47798bbd01740e034e5ae30c63849e415b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 19:03:57 -0500 Subject: [PATCH 247/262] Apache Guacamole is now working! --- README.md | 4 ++-- templates/Guacamole/config.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4969083..8bb7a42 100644 --- a/README.md +++ b/README.md @@ -9,10 +9,10 @@ Hopefully it can also be of use to others as well! * Include logos for all stacks * Include descriptions and setup instructions for all stacks -## Stack Statuses +## Stack Completion Statuses - [ ] Adminer - [Docker Hub](https://hub.docker.com/_/adminer) - [Website](https://www.adminer.org/en/) -- [ ] Apache Guacamole - [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) - [Website](https://guacamole.apache.org/) +- [x] Apache Guacamole - [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) - [Website](https://guacamole.apache.org/) - [x] Bind - [Docker Hub](https://hub.docker.com/r/sameersbn/bind) - [ ] Discourse - [Docker Hub](https://hub.docker.com/_/discourse) - [Website](https://www.discourse.org/) - [ ] Drupal - [Docker Hub](https://hub.docker.com/_/drupal) - [Website](https://www.drupal.org/) diff --git a/templates/Guacamole/config.yml b/templates/Guacamole/config.yml index 95762a4..b42066b 100644 --- a/templates/Guacamole/config.yml +++ b/templates/Guacamole/config.yml @@ -1,6 +1,6 @@ name: Apache Guacamole description: | - Status: NOT READY + A clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. version: latest #category: maintainer: WilliamMiceli From c68e8219c83666dac455ad1de437480949432233 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 19:33:50 -0500 Subject: [PATCH 248/262] Testing using external links to other services --- templates/PHPMyAdmin/0/docker-compose.yml | 12 ++--- templates/PHPMyAdmin/0/rancher-compose.yml | 52 ++++++++++++++++++---- 2 files changed, 50 insertions(+), 14 deletions(-) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index dd66cb8..e4bfef5 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -8,12 +8,17 @@ services: - 1.0.0.1 environment: PMA_ARBITRARY: 1 # Allows the user to specify any arbitrary server using address/hostname and port + {{- if .Values.SERVICE_LINK_1}} + external_links: + - ${SERVICE_LINK_1}{{- if .Values.SERVICE_LINK_1_ALIAS}}:${SERVICE_LINK_1_ALIAS}{{- end}} + - ${SERVICE_LINK_2}{{- if .Values.SERVICE_LINK_2_ALIAS}}:${SERVICE_LINK_2_ALIAS}{{- end}} + - ${SERVICE_LINK_3}{{- if .Values.SERVICE_LINK_3_ALIAS}}:${SERVICE_LINK_3_ALIAS}{{- end}} + {{- end}} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true ### Start Web Segment traefik.web.frontend.entryPoints: http,https @@ -26,9 +31,4 @@ services: traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment - {{- else}} - traefik.enable: false - {{- end}} - ports: - - "${WEB_PORT}:80" restart: on-failure \ No newline at end of file diff --git a/templates/PHPMyAdmin/0/rancher-compose.yml b/templates/PHPMyAdmin/0/rancher-compose.yml index 47a8778..0091e7e 100644 --- a/templates/PHPMyAdmin/0/rancher-compose.yml +++ b/templates/PHPMyAdmin/0/rancher-compose.yml @@ -21,15 +21,51 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. default: "subdomain.domain.tld" - required: false + required: true type: string - - variable: "WEB_PORT" - label: "Local Web Port" + - variable: "SERVICE_LINK_1" + label: "Service 1" description: | - The port to locally access the web interface on. - default: "10700" - required: true - type: string \ No newline at end of file + (Optional) Create a link to another service + required: false + type: service + + - variable: "SERVICE_LINK_1_ALIAS" + label: "Service 1 Alias" + description: | + (Optional) Create an alias for the service + # default: + required: false + type: service + + - variable: "SERVICE_LINK_2" + label: "Service 2" + description: | + (Optional) Create a link to another service + required: false + type: service + + - variable: "SERVICE_LINK_2_ALIAS" + label: "Service 2 Alias" + description: | + (Optional) Create an alias for the service + # default: + required: false + type: service + + - variable: "SERVICE_LINK_3" + label: "Service 3" + description: | + (Optional) Create a link to another service + required: false + type: service + + - variable: "SERVICE_LINK_3_ALIAS" + label: "Service 3 Alias" + description: | + (Optional) Create an alias for the service + # default: + required: false + type: service \ No newline at end of file From d71b3aca6869aa4d50c433fb8aed3aa7df2aed2b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 19:35:40 -0500 Subject: [PATCH 249/262] Fixed alias question types --- templates/PHPMyAdmin/0/rancher-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/PHPMyAdmin/0/rancher-compose.yml b/templates/PHPMyAdmin/0/rancher-compose.yml index 0091e7e..f3cf680 100644 --- a/templates/PHPMyAdmin/0/rancher-compose.yml +++ b/templates/PHPMyAdmin/0/rancher-compose.yml @@ -38,7 +38,7 @@ catalog: (Optional) Create an alias for the service # default: required: false - type: service + type: string - variable: "SERVICE_LINK_2" label: "Service 2" @@ -53,7 +53,7 @@ catalog: (Optional) Create an alias for the service # default: required: false - type: service + type: string - variable: "SERVICE_LINK_3" label: "Service 3" @@ -68,4 +68,4 @@ catalog: (Optional) Create an alias for the service # default: required: false - type: service \ No newline at end of file + type: string \ No newline at end of file From f27798a67c5592a9cb612c240105514fd9a33ab2 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 19:40:00 -0500 Subject: [PATCH 250/262] Fixed logical errors --- templates/PHPMyAdmin/0/docker-compose.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index e4bfef5..97b741e 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -11,8 +11,12 @@ services: {{- if .Values.SERVICE_LINK_1}} external_links: - ${SERVICE_LINK_1}{{- if .Values.SERVICE_LINK_1_ALIAS}}:${SERVICE_LINK_1_ALIAS}{{- end}} + {{- if .Values.SERVICE_LINK_2}} - ${SERVICE_LINK_2}{{- if .Values.SERVICE_LINK_2_ALIAS}}:${SERVICE_LINK_2_ALIAS}{{- end}} + {{- end}} + {{- if .Values.SERVICE_LINK_3}} - ${SERVICE_LINK_3}{{- if .Values.SERVICE_LINK_3_ALIAS}}:${SERVICE_LINK_3_ALIAS}{{- end}} + {{- end}} {{- end}} labels: io.rancher.container.pull_image: always From 5e44cf07c500ecc105b7e06aac4acf08ffa55f9e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 22 Jan 2019 14:06:21 -0500 Subject: [PATCH 251/262] Removed redundant labels --- templates/PHPMyAdmin/0/docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/PHPMyAdmin/0/docker-compose.yml b/templates/PHPMyAdmin/0/docker-compose.yml index 97b741e..9b6032c 100644 --- a/templates/PHPMyAdmin/0/docker-compose.yml +++ b/templates/PHPMyAdmin/0/docker-compose.yml @@ -30,8 +30,6 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.redirect.entryPoint: https - traefik.web.frontend.redirect.permanent: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment From 2124f8b26f222446e95b3bca1e2b32eda8b5a4ae Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 22 Jan 2019 15:57:04 -0500 Subject: [PATCH 252/262] Removed ProjectSend until they have an official Docker image --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 8bb7a42..06801f7 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,6 @@ Hopefully it can also be of use to others as well! - [x] OpenProject - [Docker Hub](https://hub.docker.com/r/openproject/community) - [Website](https://www.openproject.org/) - [x] PHPMyAdmin - [Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) - [Website](https://www.phpmyadmin.net/) - [ ] PostgreSQL - [Docker Hub](https://hub.docker.com/_/postgres) - [Website](https://www.postgresql.org/) -- [ ] ProjectSend - [Docker Hub](https://hub.docker.com/r/linuxserver/projectsend) - [Website](https://www.projectsend.org/) - [ ] Pydio Cells - [Docker Hub](https://hub.docker.com/r/pydio/cells/) - [Website](https://pydio.com/en/) - [ ] Redis - [Docker Hub](https://hub.docker.com/_/redis) - [Website](https://redis.io/) - [ ] Redmine - [Docker Hub](https://hub.docker.com/_/redmine) - [Website](http://www.redmine.org/) From 2345070075e813208ac366ad7f2017c19fd44dd5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 22 Jan 2019 16:19:14 -0500 Subject: [PATCH 253/262] Made new section for things I'll do later --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 06801f7..42d8ee7 100644 --- a/README.md +++ b/README.md @@ -35,17 +35,20 @@ Hopefully it can also be of use to others as well! - [x] OpenProject - [Docker Hub](https://hub.docker.com/r/openproject/community) - [Website](https://www.openproject.org/) - [x] PHPMyAdmin - [Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) - [Website](https://www.phpmyadmin.net/) - [ ] PostgreSQL - [Docker Hub](https://hub.docker.com/_/postgres) - [Website](https://www.postgresql.org/) -- [ ] Pydio Cells - [Docker Hub](https://hub.docker.com/r/pydio/cells/) - [Website](https://pydio.com/en/) - [ ] Redis - [Docker Hub](https://hub.docker.com/_/redis) - [Website](https://redis.io/) - [ ] Redmine - [Docker Hub](https://hub.docker.com/_/redmine) - [Website](http://www.redmine.org/) - [ ] Rocket.Chat - [Docker Hub](https://hub.docker.com/_/rocketchat) - [Website](https://rocket.chat/) - [x] Snipe-IT - [Docker Hub](https://hub.docker.com/r/snipe/snipe-it) - [Website](https://snipeitapp.com/) - [x] Traefik - [Docker Hub](https://hub.docker.com/_/traefik) - [Website](https://traefik.io/) -- [ ] Transmission - [Docker Hub](https://hub.docker.com/r/linuxserver/transmission) - [Website](https://transmissionbt.com/) - [x] WordPress - [Docker Hub](https://hub.docker.com/_/wordpress) - [Website](https://wordpress.com/) - [x] XWiki - [Docker Hub](https://hub.docker.com/_/xwiki) - [Website](https://www.xwiki.org/) - [ ] YOURLS - [Docker Hub](https://hub.docker.com/_/yourls) - [Website](http://yourls.org/) +### Will Complete at a Later Date + +- [ ] Pydio Cells - [Docker Hub](https://hub.docker.com/r/pydio/cells/) - [Website](https://pydio.com/en/) +- [ ] Transmission - [Docker Hub](https://hub.docker.com/r/linuxserver/transmission) - [Website](https://transmissionbt.com/) + ## Using These Templates For Non-Rancher Configurations * Rancher provides networking for stacks, so any declarations to `networks` and `expose` are ignored (excluding `ports`) on creation. From 2c5bdd95beb87018fccf053b6adfce08ca9c9030 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 30 Jan 2019 16:47:40 -0500 Subject: [PATCH 254/262] Added Emby and changed the formatting --- README.md | 70 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 42d8ee7..760e8c5 100644 --- a/README.md +++ b/README.md @@ -11,43 +11,45 @@ Hopefully it can also be of use to others as well! ## Stack Completion Statuses -- [ ] Adminer - [Docker Hub](https://hub.docker.com/_/adminer) - [Website](https://www.adminer.org/en/) -- [x] Apache Guacamole - [Docker Hub](https://hub.docker.com/r/guacamole/guacamole) - [Website](https://guacamole.apache.org/) -- [x] Bind - [Docker Hub](https://hub.docker.com/r/sameersbn/bind) -- [ ] Discourse - [Docker Hub](https://hub.docker.com/_/discourse) - [Website](https://www.discourse.org/) -- [ ] Drupal - [Docker Hub](https://hub.docker.com/_/drupal) - [Website](https://www.drupal.org/) -- [ ] Eclipse Che - [Docker Hub](https://hub.docker.com/_/eclipse-che) - [Website](https://www.eclipse.org/che/) -- [x] Ghost - [Docker Hub](https://hub.docker.com/_/ghost) - [Website](https://ghost.org/) -- [ ] Gitea - [Docker Hub](https://hub.docker.com/r/gitea/gitea) - [Website](https://gitea.io/en-us/) -- [ ] GitPitch Pro - [Docker Hub](https://hub.docker.com/_/gitpitch-pro) - [Website](https://gitpitch.com/) -- [ ] Gogs - [Docker Hub](https://hub.docker.com/r/gogs/gogs) - [Website](https://gogs.io/) -- [ ] Grafana - [Docker Hub](https://hub.docker.com/r/grafana/grafana) - [Website](https://grafana.com/) -- [x] HTTPD - [Docker Hub](https://hub.docker.com/_/httpd) - [Website](http://httpd.apache.org/) -- [x] InvoiceNinja - [Docker Hub](https://hub.docker.com/r/invoiceninja/invoiceninja) - [Website](https://www.invoiceninja.org/) -- [ ] Joomla - [Docker Hub](https://hub.docker.com/_/joomla) - [Website](https://www.joomla.org/) -- [ ] Logstash - [Docker Hub](https://hub.docker.com/_/logstash) - [Website](https://www.elastic.co/products/logstash) -- [ ] Matomo - [Docker Hub](https://hub.docker.com/_/matomo) - [Website](https://matomo.org/) -- [ ] MediaWiki - [Docker Hub](https://hub.docker.com/_/mediawiki) - [Website](https://www.mediawiki.org/) -- [ ] Memcached - [Docker Hub](https://hub.docker.com/_/memcached) - [Website](https://www.memcached.org/) -- [ ] MySQL - [Docker Hub](https://hub.docker.com/_/mysql) - [Website](https://www.mysql.com/) -- [x] Nextcloud - [Docker Hub](https://hub.docker.com/_/nextcloud) - [Website](https://nextcloud.com/) -- [ ] Nginx - [Docker Hub](https://hub.docker.com/_/nginx) - [Website](https://www.nginx.com/) -- [x] OpenProject - [Docker Hub](https://hub.docker.com/r/openproject/community) - [Website](https://www.openproject.org/) -- [x] PHPMyAdmin - [Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) - [Website](https://www.phpmyadmin.net/) -- [ ] PostgreSQL - [Docker Hub](https://hub.docker.com/_/postgres) - [Website](https://www.postgresql.org/) -- [ ] Redis - [Docker Hub](https://hub.docker.com/_/redis) - [Website](https://redis.io/) -- [ ] Redmine - [Docker Hub](https://hub.docker.com/_/redmine) - [Website](http://www.redmine.org/) -- [ ] Rocket.Chat - [Docker Hub](https://hub.docker.com/_/rocketchat) - [Website](https://rocket.chat/) -- [x] Snipe-IT - [Docker Hub](https://hub.docker.com/r/snipe/snipe-it) - [Website](https://snipeitapp.com/) -- [x] Traefik - [Docker Hub](https://hub.docker.com/_/traefik) - [Website](https://traefik.io/) -- [x] WordPress - [Docker Hub](https://hub.docker.com/_/wordpress) - [Website](https://wordpress.com/) -- [x] XWiki - [Docker Hub](https://hub.docker.com/_/xwiki) - [Website](https://www.xwiki.org/) -- [ ] YOURLS - [Docker Hub](https://hub.docker.com/_/yourls) - [Website](http://yourls.org/) +- [ ] Adminer ([Docker Hub](https://hub.docker.com/_/adminer) | [Website](https://www.adminer.org/en/)) +- [x] Apache Guacamole ([Docker Hub](https://hub.docker.com/r/guacamole/guacamole) | [Website](https://guacamole.apache.org/)) +- [x] Bind ([Docker Hub](https://hub.docker.com/r/sameersbn/bind)) +- [ ] Discourse ([Docker Hub](https://hub.docker.com/_/discourse) | [Website](https://www.discourse.org/)) +- [ ] Drupal ([Docker Hub](https://hub.docker.com/_/drupal) | [Website](https://www.drupal.org/)) +- [ ] Eclipse Che ([Docker Hub](https://hub.docker.com/_/eclipse-che) | [Website](https://www.eclipse.org/che/)) +- [ ] Emby ([Docker Hub](https://hub.docker.com/r/emby/embyserver) | [Website](https://emby.media/)) +- [x] Ghost ([Docker Hub](https://hub.docker.com/_/ghost) | [Website](https://ghost.org/)) +- [ ] Gitea ([Docker Hub](https://hub.docker.com/r/gitea/gitea) | [Website](https://gitea.io/en-us/)) +- [ ] GitPitch Pro ([Docker Hub](https://hub.docker.com/_/gitpitch-pro) | [Website](https://gitpitch.com/)) +- [ ] Gogs ([Docker Hub](https://hub.docker.com/r/gogs/gogs) | [Website](https://gogs.io/)) +- [ ] Grafana ([Docker Hub](https://hub.docker.com/r/grafana/grafana) | [Website](https://grafana.com/)) +- [x] HTTPD ([Docker Hub](https://hub.docker.com/_/httpd) | [Website](http://httpd.apache.org/)) +- [x] InvoiceNinja ([Docker Hub](https://hub.docker.com/r/invoiceninja/invoiceninja) | [Website](https://www.invoiceninja.org/)) +- [ ] Joomla ([Docker Hub](https://hub.docker.com/_/joomla) | [Website](https://www.joomla.org/)) +- [ ] Logstash ([Docker Hub](https://hub.docker.com/_/logstash) | [Website](https://www.elastic.co/products/logstash)) +- [ ] Matomo ([Docker Hub](https://hub.docker.com/_/matomo) | [Website](https://matomo.org/)) +- [ ] MediaWiki ([Docker Hub](https://hub.docker.com/_/mediawiki) | [Website](https://www.mediawiki.org/)) +- [ ] Memcached ([Docker Hub](https://hub.docker.com/_/memcached) | [Website](https://www.memcached.org/)) +- [ ] MySQL ([Docker Hub](https://hub.docker.com/_/mysql) | [Website](https://www.mysql.com/)) +- [x] Nextcloud ([Docker Hub](https://hub.docker.com/_/nextcloud) | [Website](https://nextcloud.com/)) +- [ ] Nginx ([Docker Hub](https://hub.docker.com/_/nginx) | [Website](https://www.nginx.com/)) +- [ ] Node RED ([Docker Hub](https://hub.docker.com/r/nodered/node-red-docker) | [Website](https://nodered.org/)) +- [x] OpenProject ([Docker Hub](https://hub.docker.com/r/openproject/community) | [Website](https://www.openproject.org/)) +- [x] PHPMyAdmin ([Docker Hub](https://hub.docker.com/r/phpmyadmin/phpmyadmin) | [Website](https://www.phpmyadmin.net/)) +- [ ] PostgreSQL ([Docker Hub](https://hub.docker.com/_/postgres) | [Website](https://www.postgresql.org/)) +- [ ] Redis ([Docker Hub](https://hub.docker.com/_/redis) | [Website](https://redis.io/)) +- [ ] Redmine ([Docker Hub](https://hub.docker.com/_/redmine) | [Website](http://www.redmine.org/)) +- [ ] Rocket.Chat ([Docker Hub](https://hub.docker.com/_/rocketchat) | [Website](https://rocket.chat/)) +- [x] Snipe-IT ([Docker Hub](https://hub.docker.com/r/snipe/snipe-it) | [Website](https://snipeitapp.com/)) +- [x] Traefik ([Docker Hub](https://hub.docker.com/_/traefik) | [Website](https://traefik.io/)) +- [x] WordPress ([Docker Hub](https://hub.docker.com/_/wordpress) | [Website](https://wordpress.com/)) +- [x] XWiki ([Docker Hub](https://hub.docker.com/_/xwiki) | [Website](https://www.xwiki.org/)) +- [ ] YOURLS ([Docker Hub](https://hub.docker.com/_/yourls) | [Website](http://yourls.org/)) ### Will Complete at a Later Date -- [ ] Pydio Cells - [Docker Hub](https://hub.docker.com/r/pydio/cells/) - [Website](https://pydio.com/en/) -- [ ] Transmission - [Docker Hub](https://hub.docker.com/r/linuxserver/transmission) - [Website](https://transmissionbt.com/) +- [ ] Pydio Cells ([Docker Hub](https://hub.docker.com/r/pydio/cells/) | [Website](https://pydio.com/en/)) +- [ ] Transmission ([Docker Hub](https://hub.docker.com/r/linuxserver/transmission) | [Website](https://transmissionbt.com/)) ## Using These Templates For Non-Rancher Configurations From 25c43b9351e3be11b7907f05e55903f08315d47e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 2 Feb 2019 00:25:11 -0500 Subject: [PATCH 255/262] Updated default host --- templates/XWiki/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/XWiki/0/rancher-compose.yml b/templates/XWiki/0/rancher-compose.yml index 7d86f2a..d97c6b7 100644 --- a/templates/XWiki/0/rancher-compose.yml +++ b/templates/XWiki/0/rancher-compose.yml @@ -12,7 +12,7 @@ catalog: label: "Host Label Key/Value Pair" description: | The Label Key/Value pair on the host which containers should be deployed - default: "host.id=Host1" + default: "host.id=Host3" required: false type: string From 8f3093e5ec7b0c29a869d30954a8469d68993414 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 2 Feb 2019 13:59:47 -0500 Subject: [PATCH 256/262] Quick & Dirty Redis Setup --- templates/Nextcloud/0/README.md | 6 ++++++ templates/Nextcloud/0/redis.config.php | 8 ++++++++ 2 files changed, 14 insertions(+) create mode 100644 templates/Nextcloud/0/redis.config.php diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 6a42d1f..013726b 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -8,6 +8,12 @@ * [Official Security Check](https://scan.nextcloud.com/) +## Easy Redis Setup + +Copy the "redis.config.php" file into your Configuration directory. +You may need to restart your stack for it to pick up. +You can monitor if it is working by opening a shell terminal on your Redis container and using `redis-cli MONITOR` + ## To-Do's * Explain how to manually setup Redis diff --git a/templates/Nextcloud/0/redis.config.php b/templates/Nextcloud/0/redis.config.php new file mode 100644 index 0000000..56e831a --- /dev/null +++ b/templates/Nextcloud/0/redis.config.php @@ -0,0 +1,8 @@ + '\OC\Memcache\Redis', + 'redis' => array( + 'host' => 'redis', + 'port' => 6379, + ), +); \ No newline at end of file From 011f5dca05370b4cdc1a940ad8f316ca880c3b36 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 5 Feb 2019 13:27:36 -0500 Subject: [PATCH 257/262] Folder rename 1/2 --- templates/{Gitlab-CE => GitLab-CE1}/0/README.md | 0 templates/{Gitlab-CE => GitLab-CE1}/0/docker-compose.yml | 0 templates/{Gitlab-CE => GitLab-CE1}/0/rancher-compose.yml | 0 templates/{Gitlab-CE => GitLab-CE1}/catalogIcon-gitlab.svg | 0 templates/{Gitlab-CE => GitLab-CE1}/config.yml | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename templates/{Gitlab-CE => GitLab-CE1}/0/README.md (100%) rename templates/{Gitlab-CE => GitLab-CE1}/0/docker-compose.yml (100%) rename templates/{Gitlab-CE => GitLab-CE1}/0/rancher-compose.yml (100%) rename templates/{Gitlab-CE => GitLab-CE1}/catalogIcon-gitlab.svg (100%) rename templates/{Gitlab-CE => GitLab-CE1}/config.yml (100%) diff --git a/templates/Gitlab-CE/0/README.md b/templates/GitLab-CE1/0/README.md similarity index 100% rename from templates/Gitlab-CE/0/README.md rename to templates/GitLab-CE1/0/README.md diff --git a/templates/Gitlab-CE/0/docker-compose.yml b/templates/GitLab-CE1/0/docker-compose.yml similarity index 100% rename from templates/Gitlab-CE/0/docker-compose.yml rename to templates/GitLab-CE1/0/docker-compose.yml diff --git a/templates/Gitlab-CE/0/rancher-compose.yml b/templates/GitLab-CE1/0/rancher-compose.yml similarity index 100% rename from templates/Gitlab-CE/0/rancher-compose.yml rename to templates/GitLab-CE1/0/rancher-compose.yml diff --git a/templates/Gitlab-CE/catalogIcon-gitlab.svg b/templates/GitLab-CE1/catalogIcon-gitlab.svg similarity index 100% rename from templates/Gitlab-CE/catalogIcon-gitlab.svg rename to templates/GitLab-CE1/catalogIcon-gitlab.svg diff --git a/templates/Gitlab-CE/config.yml b/templates/GitLab-CE1/config.yml similarity index 100% rename from templates/Gitlab-CE/config.yml rename to templates/GitLab-CE1/config.yml From 21589a2867bc8269ab78fa3ecb5187ee688e6279 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Tue, 5 Feb 2019 13:29:04 -0500 Subject: [PATCH 258/262] Folder rename 2/2 --- templates/{GitLab-CE1 => GitLab-CE}/0/README.md | 0 templates/{GitLab-CE1 => GitLab-CE}/0/docker-compose.yml | 0 templates/{GitLab-CE1 => GitLab-CE}/0/rancher-compose.yml | 0 templates/{GitLab-CE1 => GitLab-CE}/catalogIcon-gitlab.svg | 0 templates/{GitLab-CE1 => GitLab-CE}/config.yml | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename templates/{GitLab-CE1 => GitLab-CE}/0/README.md (100%) rename templates/{GitLab-CE1 => GitLab-CE}/0/docker-compose.yml (100%) rename templates/{GitLab-CE1 => GitLab-CE}/0/rancher-compose.yml (100%) rename templates/{GitLab-CE1 => GitLab-CE}/catalogIcon-gitlab.svg (100%) rename templates/{GitLab-CE1 => GitLab-CE}/config.yml (100%) diff --git a/templates/GitLab-CE1/0/README.md b/templates/GitLab-CE/0/README.md similarity index 100% rename from templates/GitLab-CE1/0/README.md rename to templates/GitLab-CE/0/README.md diff --git a/templates/GitLab-CE1/0/docker-compose.yml b/templates/GitLab-CE/0/docker-compose.yml similarity index 100% rename from templates/GitLab-CE1/0/docker-compose.yml rename to templates/GitLab-CE/0/docker-compose.yml diff --git a/templates/GitLab-CE1/0/rancher-compose.yml b/templates/GitLab-CE/0/rancher-compose.yml similarity index 100% rename from templates/GitLab-CE1/0/rancher-compose.yml rename to templates/GitLab-CE/0/rancher-compose.yml diff --git a/templates/GitLab-CE1/catalogIcon-gitlab.svg b/templates/GitLab-CE/catalogIcon-gitlab.svg similarity index 100% rename from templates/GitLab-CE1/catalogIcon-gitlab.svg rename to templates/GitLab-CE/catalogIcon-gitlab.svg diff --git a/templates/GitLab-CE1/config.yml b/templates/GitLab-CE/config.yml similarity index 100% rename from templates/GitLab-CE1/config.yml rename to templates/GitLab-CE/config.yml From cce0a8e4337fb0f64fef90d833a6d26b255aac5a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 6 Feb 2019 10:46:41 -0500 Subject: [PATCH 259/262] Minor wording fixes --- templates/Bind/0/rancher-compose.yml | 2 +- templates/Ghost/0/rancher-compose.yml | 2 +- templates/Gogs/0/rancher-compose.yml | 12 ++++++------ templates/Guacamole/0/rancher-compose.yml | 2 +- templates/HTTPD/0/rancher-compose.yml | 2 +- templates/InvoiceNinja/0/rancher-compose.yml | 10 +++++----- templates/Nextcloud/0/rancher-compose.yml | 10 +++++----- templates/Nginx/0/rancher-compose.yml | 2 +- templates/OpenProject/0/rancher-compose.yml | 2 +- templates/PHPMyAdmin/0/rancher-compose.yml | 2 +- templates/Snipe-IT/0/rancher-compose.yml | 10 +++++----- templates/Traefik/0/rancher-compose.yml | 2 +- templates/WordPress/0/rancher-compose.yml | 8 ++++---- templates/XWiki/0/rancher-compose.yml | 6 +++--- 14 files changed, 36 insertions(+), 36 deletions(-) diff --git a/templates/Bind/0/rancher-compose.yml b/templates/Bind/0/rancher-compose.yml index b3b58d3..1439a3b 100644 --- a/templates/Bind/0/rancher-compose.yml +++ b/templates/Bind/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Key/Value pair on the host which Bind should be deployed. + The Key/Value pair of the host which Bind should be deployed. default: "host.id=Controller" required: false type: string diff --git a/templates/Ghost/0/rancher-compose.yml b/templates/Ghost/0/rancher-compose.yml index fc9c4f7..a84102b 100644 --- a/templates/Ghost/0/rancher-compose.yml +++ b/templates/Ghost/0/rancher-compose.yml @@ -12,7 +12,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Key/Value pair on the host which the stack should be deployed. + The Key/Value pair of the host which the stack should be deployed. default: "host.id=Host1" required: false type: string diff --git a/templates/Gogs/0/rancher-compose.yml b/templates/Gogs/0/rancher-compose.yml index 766476f..8bb1d55 100644 --- a/templates/Gogs/0/rancher-compose.yml +++ b/templates/Gogs/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which containers should be deployed + The Label Key/Value pair of the host which containers should be deployed default: "host.id=Host1" required: false type: string @@ -37,22 +37,22 @@ catalog: label: "SSH Port" description: | The port to access the SSH server on. - default: "10522" + default: "1022" required: true type: string - variable: "DB_ROOT_PASS" - label: "MySQL Root Password" + label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" database user. # default: required: true type: password - variable: "DB_USER_PASS" - label: "MySQL User Password" + label: "Database User Password" description: | - A secure password to be used by the "gogs_user" MySQL user. + A secure password to be used by the "gogs_user" database user. # default: required: true type: password diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 7aefee8..f0bd52d 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -12,7 +12,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Key/Value pair on the host which the stack should be deployed. + The Key/Value pair of the host which the stack should be deployed. default: "host.id=Controller" required: false type: string diff --git a/templates/HTTPD/0/rancher-compose.yml b/templates/HTTPD/0/rancher-compose.yml index db96f72..31e5ee7 100644 --- a/templates/HTTPD/0/rancher-compose.yml +++ b/templates/HTTPD/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which containers should be deployed + The Label Key/Value pair of the host which containers should be deployed default: "host.id=Host1" required: false type: string diff --git a/templates/InvoiceNinja/0/rancher-compose.yml b/templates/InvoiceNinja/0/rancher-compose.yml index 5434cbe..842efaf 100644 --- a/templates/InvoiceNinja/0/rancher-compose.yml +++ b/templates/InvoiceNinja/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which InvoiceNinja should be deployed + The Label Key/Value pair of the host which InvoiceNinja should be deployed default: "host.id=Host1" required: false type: string @@ -25,17 +25,17 @@ catalog: type: string - variable: "DB_ROOT_PASS" - label: "MySQL Root Password" + label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" database user. # default: required: true type: password - variable: "DB_USER_PASS" - label: "MySQL User Password" + label: "Database User Password" description: | - A secure password to be used by the "ninja" MySQL user. + A secure password to be used by the "ninja" database user. # default: required: true type: password diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index faa54a4..17f9b7f 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which containers should be deployed + The Label Key/Value pair of the host which containers should be deployed default: "host.id=Host1" required: false type: string @@ -34,17 +34,17 @@ catalog: type: string - variable: "DB_ROOT_PASS" - label: "MySQL Root Password" + label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" database user. # default: required: true type: password - variable: "DB_USER_PASS" - label: "MySQL User Password" + label: "Database User Password" description: | - A secure password to be used by the "nextcloud_user" MySQL user. + A secure password to be used by the "nextcloud_user" database user. # default: required: true type: password diff --git a/templates/Nginx/0/rancher-compose.yml b/templates/Nginx/0/rancher-compose.yml index e569f26..5966524 100644 --- a/templates/Nginx/0/rancher-compose.yml +++ b/templates/Nginx/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which containers should be deployed + The Label Key/Value pair of the host which containers should be deployed default: "host.id=Host1" required: false type: string diff --git a/templates/OpenProject/0/rancher-compose.yml b/templates/OpenProject/0/rancher-compose.yml index 8591abc..fe77504 100644 --- a/templates/OpenProject/0/rancher-compose.yml +++ b/templates/OpenProject/0/rancher-compose.yml @@ -12,7 +12,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Key/Value pair on the host which the stack should be deployed. + The Key/Value pair of the host which the stack should be deployed. default: "host.id=Host1" required: false type: string diff --git a/templates/PHPMyAdmin/0/rancher-compose.yml b/templates/PHPMyAdmin/0/rancher-compose.yml index f3cf680..af8d01a 100644 --- a/templates/PHPMyAdmin/0/rancher-compose.yml +++ b/templates/PHPMyAdmin/0/rancher-compose.yml @@ -12,7 +12,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Key/Value pair on the host which the stack should be deployed. + The Key/Value pair of the host which the stack should be deployed. default: "host.id=Host1" required: false type: string diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index a6a9136..271b60d 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which containers should be deployed + The Label Key/Value pair of the host which containers should be deployed default: "host.id=Host1" required: false type: string @@ -33,17 +33,17 @@ catalog: type: string - variable: "DB_ROOT_PASS" - label: "MySQL Root Password" + label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" database user. # default: required: true type: password - variable: "DB_USER_PASS" - label: "MySQL User Password" + label: "Database User Password" description: | - A secure password to be used by the "snipeit_user" MySQL user. + A secure password to be used by the "snipeit_user" database user. # default: required: true type: password diff --git a/templates/Traefik/0/rancher-compose.yml b/templates/Traefik/0/rancher-compose.yml index fba8fcd..bc7b461 100644 --- a/templates/Traefik/0/rancher-compose.yml +++ b/templates/Traefik/0/rancher-compose.yml @@ -12,7 +12,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Key/Value pair on the host which the stack should be deployed. + The Key/Value pair of the host which the stack should be deployed. default: "host.id=Proxy1" required: false type: string diff --git a/templates/WordPress/0/rancher-compose.yml b/templates/WordPress/0/rancher-compose.yml index db2997d..b7365ce 100644 --- a/templates/WordPress/0/rancher-compose.yml +++ b/templates/WordPress/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which containers should be deployed + The Label Key/Value pair of the host which containers should be deployed default: "host.id=Host1" required: false type: string @@ -25,9 +25,9 @@ catalog: type: string - variable: "DB_ROOT_PASS" - label: "MySQL Root Password" + label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" database user. # default: required: true type: password @@ -35,7 +35,7 @@ catalog: - variable: "DB_USER_PASS" label: "MySQL User Password" description: | - A secure password to be used by the "wordpress_user" MySQL user. + A secure password to be used by the "wordpress_user" database user. # default: required: true type: password diff --git a/templates/XWiki/0/rancher-compose.yml b/templates/XWiki/0/rancher-compose.yml index d97c6b7..7acfdef 100644 --- a/templates/XWiki/0/rancher-compose.yml +++ b/templates/XWiki/0/rancher-compose.yml @@ -11,7 +11,7 @@ catalog: - variable: "HOST_LABEL" label: "Host Label Key/Value Pair" description: | - The Label Key/Value pair on the host which containers should be deployed + The Label Key/Value pair of the host which containers should be deployed default: "host.id=Host3" required: false type: string @@ -27,7 +27,7 @@ catalog: - variable: "DB_ROOT_PASS" label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" database user. # default: required: true type: password @@ -35,7 +35,7 @@ catalog: - variable: "DB_USER_PASS" label: "Database User Password" description: | - A secure password to be used by the "xwiki_user" MySQL user. + A secure password to be used by the "xwiki_user" database user. # default: required: true type: password From 5f7ab9913319471cfe75230ab0e7a506e01cd749 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 6 Feb 2019 18:28:52 -0500 Subject: [PATCH 260/262] Test commit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 760e8c5..d40d754 100644 --- a/README.md +++ b/README.md @@ -53,5 +53,5 @@ Hopefully it can also be of use to others as well! ## Using These Templates For Non-Rancher Configurations -* Rancher provides networking for stacks, so any declarations to `networks` and `expose` are ignored (excluding `ports`) on creation. +* Rancher provides networking for stacks, so any declarations to `networks` and `expose` are ignored (excluding `ports`). * Instead, network policies can be created within Rancher's "Environments" \ No newline at end of file From 8cd34a4e8af8f6fb37683375c3e871fa335ee416 Mon Sep 17 00:00:00 2001 From: William Miceli <1-WilliamMiceli@users.noreply.git.williammiceli.systems> Date: Wed, 6 Feb 2019 19:56:51 -0500 Subject: [PATCH 261/262] Added notice that SSH isn't possible yet --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index d40d754..1a1a7de 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,10 @@ Hopefully it can also be of use to others as well! - [ ] Pydio Cells ([Docker Hub](https://hub.docker.com/r/pydio/cells/) | [Website](https://pydio.com/en/)) - [ ] Transmission ([Docker Hub](https://hub.docker.com/r/linuxserver/transmission) | [Website](https://transmissionbt.com/)) +## Notices + +* I use Traefik for routing all traffic to/from my services, and although it's an awesome piece of software, it's biggest limitation (to me) is that it cannot be a reverse proxy for SSH connections until [TCP connections are implemented](https://github.com/containous/traefik/issues/10). Until then, all of my own systems simply have SSH disabled, since I can't even test out if it would work for someone else using a different setup. + ## Using These Templates For Non-Rancher Configurations * Rancher provides networking for stacks, so any declarations to `networks` and `expose` are ignored (excluding `ports`). From 2b5208d2e3bcd4f84f60685c66c2d635a3065310 Mon Sep 17 00:00:00 2001 From: William Miceli <1-WilliamMiceli@users.noreply.git.williammiceli.systems> Date: Wed, 6 Feb 2019 20:14:54 -0500 Subject: [PATCH 262/262] Added reminders for trusted proxies --- templates/HTTPD/0/README.md | 6 +++++- templates/InvoiceNinja/0/README.md | 3 ++- templates/Nextcloud/0/README.md | 4 +++- templates/Nginx/0/README.md | 7 ++++++- templates/WordPress/0/README.md | 6 +++++- 5 files changed, 21 insertions(+), 5 deletions(-) diff --git a/templates/HTTPD/0/README.md b/templates/HTTPD/0/README.md index dea353a..21bc08b 100644 --- a/templates/HTTPD/0/README.md +++ b/templates/HTTPD/0/README.md @@ -1,3 +1,7 @@ # httpd -https://docs.docker.com/samples/library/httpd/ \ No newline at end of file +https://docs.docker.com/samples/library/httpd/ + +# ToDo's + +* Add better trusted proxies configuration \ No newline at end of file diff --git a/templates/InvoiceNinja/0/README.md b/templates/InvoiceNinja/0/README.md index ecd6246..c7f8cfd 100644 --- a/templates/InvoiceNinja/0/README.md +++ b/templates/InvoiceNinja/0/README.md @@ -48,4 +48,5 @@ The web interface provides an easy backup method by exporting to a JSON file, wh ## TODO -* Add more integration instructions \ No newline at end of file +* Add more integration instructions +* Add better trusted proxies configuration \ No newline at end of file diff --git a/templates/Nextcloud/0/README.md b/templates/Nextcloud/0/README.md index 013726b..70e8cf0 100644 --- a/templates/Nextcloud/0/README.md +++ b/templates/Nextcloud/0/README.md @@ -17,4 +17,6 @@ You can monitor if it is working by opening a shell terminal on your Redis conta ## To-Do's * Explain how to manually setup Redis -* Fix Cron container, does not yet properly execute yet \ No newline at end of file +* Fix Cron container, does not yet properly execute yet +* Better setup trusted_proxies + * [Documentation Reference](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html?highlight=reverse%20proxy) \ No newline at end of file diff --git a/templates/Nginx/0/README.md b/templates/Nginx/0/README.md index 3fa3929..9893df5 100644 --- a/templates/Nginx/0/README.md +++ b/templates/Nginx/0/README.md @@ -6,4 +6,9 @@ https://store.docker.com/_/nginx ### Full Example nginx.conf -https://www.nginx.com/resources/wiki/start/topics/examples/full/ \ No newline at end of file +https://www.nginx.com/resources/wiki/start/topics/examples/full/ + + +## ToDo's + +* Add better trusted proxies configuration \ No newline at end of file diff --git a/templates/WordPress/0/README.md b/templates/WordPress/0/README.md index c2a2e73..48c8f2d 100644 --- a/templates/WordPress/0/README.md +++ b/templates/WordPress/0/README.md @@ -1 +1,5 @@ -# WordPress \ No newline at end of file +# WordPress + +## ToDo's + +* Add better trusted proxies configuration \ No newline at end of file