Add caddy/Caddyfile-01jun

Move back to using volume on Production cluster shared storage

WatchYourLAN/docker-compose.yml

@@ -1,20 +0,0 @@
-services:
-  shoutrrr:
-    stdin_open: true
-    tty: true
-    image: containrrr/shoutrrr
-    command: generate telegram
-#
-  watchyourlan:
-    image: aceberg/watchyourlan
-    container_name: wyl
-    restart: unless-stopped
-    environment:
-      - IFACES=eth0
-      - TZ=Europe/London
-      - HOST: "0.0.0.0"                   # optional, default: 0.0.0.0
-      - PORT: "8840"                      # optional, default: 8840
-      - TIMEOUT: "120"                    # optional, time in seconds, default: 120
-    network_mode: "host"
-    volumes:
-      - /media/gv0/docker/WatchYourLAN/data:/data/WatchYourLAN

caddy/Caddyfile-01jun

@@ -0,0 +1,258 @@
+ Caddyfile on production cluster
+{
+  # Global options, omly one such block at the head of the file
+  servers {
+    trusted_proxies static 192.168.1.0/24 2a00:23c6::/32
+          }
+  # make admin available to all trusted nodes on the network
+  admin :2019
+  metrics
+}
+#
+
+#
+# For Authelis
+#
+(trusted_proxy_list) {
+       trusted_proxies 192.168.1.0/24 2a00:23c6::/32
+}
+
+(secure_site) {
+       forward_auth {args[0]} 192.168.1.1:9091 {
+                uri /api/verify?rd=https://auth.johnsnexus.click
+                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+                import trusted_proxy_list
+                header_up Host {upstream_hostport}
+       }
+}
+#
+# it appears you need this to allow prometheus on a remote node to scrape the metrics
+:2019 {
+  handle {
+    metrics
+  }
+}
+#
+# Snippet for basic authorisation
+#
+(basic-auth) {
+   basic_auth {
+      john.anderson $2a$10$4ka55bXqNBpoQcBDrJtd5OQje6Nt/HmvRNAGavqO03xq/Noth5xH.
+      mary.anderson $2a$10$UOuB5DpDcKRho0rRPDCmCeFlDSx/f6Bkwqpw8CEeQCbAGA0yULcny
+      frazer.anderson $2a$10$UleGw5O0BB18XtSenFSawudO.qKbNVMFU772XMP4cAAUbWzRo/zr6
+      chris.anderson $2a$10$1MeL9m8M7FW/k6/DW3HB1.rkijS3qao8RraNO/tJKN8OuRTCzc3fK
+      ruth.hoyos $2a$10$9z/3SajAWhxJfu6Xs1lbEeuPpZWUzcuBI/8n5hfv5FUqt11Uxo92S
+      sarah.anderson-beecham $2a$10$.8J1FMBwGDr8XSXCMWcn2ODxSW6txLEqSBHZmA6zQs8qQCDT2KbR2
+      fiona.green $2a$10$Nid0Lg6Wauwi/5BN4N2H5u8T6XumK4EE2MBxZaKXajxUAuUXPEvGO
+      helen.crichton $2a$10$zOcnxMCr62NtNK3YTaWbRuOclI/lC1Lkn1RidTOxkgBTgruQgfg9K
+      david.rawsthorne $2a$10$OIALdPjjQT6i5exUg8GtmOGk4BD4WmanmDhF7wCVH/IbpQQSt6PAS
+      peter.rawsthorne $2a$10$asUwJpdwc4QlGc8b1A1v7ukBCIQTlzm59uRnBH6AnWiK6NAECW03S
+      marilyn.pope $2a$10$6iD1J3FVmFbY7i02gQaF0eu1fY4ufUsXiXMyc1G9YfXbYKwuamjI2
+      alan.potts $2a$10$tzbIZwIuzcdrIzJICIS1oeadwoKyr3JqL2Ec9aB8Dj.MR4Q7lMcV.
+      kate.griffin $2a$10$9R57yOgGilEPZNwCbjWHeOu/ytTv4SLbW0P/plRnI.GqHe3w3IJjO
+      craig.johnson $2a$10$LQf3tK0ZHl63LHybpDfSdu1WT9OtcLeNZTfCwniPlmuqHiNF.yOq6
+      grant.johnson $2a$10$7XZ3aoQdL/fLex48t6hgi.p9Xt3yNJNIXJKflxChprwT5O9zPy2hG
+      barbara.wright $2a$10$Mlp0Y2wPzzomL1EnTInS2u18yv7ksMY.ATURzQz4luRRe2JwBMEJS
+      janet.kennedy $2a$10$/8VCpm68CLSF2zSL5sHtR.hzwJ.h3cX3r8XHogHbz8o7KIYPDHOVW
+    }
+#    respond "Welcome, {http.auth.user.id}" 200
+}  
+#
+# Authelia from PIHOLE
+#
+auth.johnsnexus.click {
+     reverse_proxy 192.168.1.1:9091 {
+         import trusted_proxy_list
+     }
+}
+#
+# Locally hosted site
+#
+testcaddy.johnsnexus.click {
+    root * /usr/share/caddy      # compose file points to this
+    php_fastcgi 192.168.1.11:80
+    file_server
+}
+#
+# Family history web site via container on this cluster
+#
+sandancer.ddnsfree.com {
+    root * /var/www/html
+    file_server
+#    reverse_proxy 192.168.1.1:8888
+    reverse_proxy famhistweb_famhistweb
+}
+#
+# PocketID OIDC security, come here from DYNU, running on OMEGA to access token device
+#
+https://hold.johnsnexus.click {
+    reverse_proxy 192.168.1.5:1411
+}
+#
+# Test GHOST site on BETA 
+#
+#ghost.johnsnexus.click {
+#    root * /var/www/mymag
+#    file_server
+#    reverse_proxy 192.168.1.9:2368
+#}
+#
+# Fanily History Web site on Production cluster system, come here via BIND9
+#
+nextfamhistweb.johnsnexus.click {
+#    import basic-auth
+#    import secure_site *
+#    root * /usr/local/apache2/htdocs
+#    file_server
+    reverse_proxy nextfamhistweb_nextfamhistweb {
+        import trusted_proxy_list
+    }
+}
+#
+# Test web site on Production Cluster, come here via BIND9
+#
+northweb.johnsnexus.click {
+#    import secure_site *
+#    import basic-auth
+#    root * /usr/local/apache2/htdocs
+    file_server
+    reverse_proxy testweb_testweb
+}
+#
+# Test version of paperless-ngx on OMEGA  come here via BIND9
+#
+wastebin.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.5:8600
+}
+#
+# Version of pydio cells on NODE-16 using SAMBA volume - DYNU public address
+#
+#pydiocells.johnsnexus.click {
+#    tls tls@johnsnexus.click
+#    reverse_proxy 192.168.1.4:8888 {
+#       transport http {
+#          tls
+#          tls_insecure_skip_verify
+#       }
+#    }
+#}
+#
+# NEXTCLOUDAIO on virtual node 22, via DYNU
+#
+amudanan.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.22:11000 
+}
+#
+#codeamud.johnsnexus.click {
+#    file_server
+#    reverse_proxy 192.168.1.26:9980 {
+#        header_up X-Forwarded-Proto {scheme}
+#    transport http {
+#        tls_insecure_skip_verify
+#        }
+#    }
+#}
+#
+# OWNCLOUD on vmnode21
+#
+mycloud.johnsnexus.click {
+    header Strict-Transport-Security max-age=15552000
+    file_server
+    reverse_proxy 192.168.1.21:8080
+}
+#
+code.johnsnexus.click {
+       file_server
+       reverse_proxy 192.168.1.21:9980 {
+       header_up X-Forwarded-Proto {scheme}
+#       transport http {
+#          tls_insecure_skip_verify
+#       }
+    }
+}
+#
+# TESTCLOUD/Nextcloud Alpine on ZETA
+#testcloud.johnsnexus.click {
+#    file_server
+#    reverse_proxy 192.168.1.26
+#}
+#
+# TESTCLOUD/nextcloud-alpine in a secure LXC on ZETA
+#
+testcloud.johnsnexus.click {
+    header Strict-Transport-Security max-age=15552000
+    file_server
+    reverse_proxy https://192.168.1.232:443 {
+        transport http {
+            tls_insecure_skip_verify
+            }
+    }
+}
+#
+# Vaultwarden on Production Cluster, come here via HOSTS
+#
+#warden.johnsnexus.click {
+#    reverse_proxy http://192.168.1.1:80
+#}
+#
+# SongKong on VALHALLA, come here via DYNU
+https://chord.johnsnexus.click {
+    root * /music
+    file_server
+    reverse_proxy http://192.168.1.7:4567
+}
+##
+# n8n running on DELTA, come here via DYNU
+#
+#donut.johnsnexus.click {
+#   reverse_proxy http://192.168.1.10:5678 {
+#       flush_interval -1
+#   }
+#}
+#
+# CTiO magazine using NICEPAGE on PROXMOX
+#
+ctio.johnsnexus.click {
+    file_server
+    reverse_proxy ctiomag_ctiomag
+}
+#
+#****************************************
+#
+# Needs SSL; leave as explicit address; use 3200 as gitea uses 3000
+#
+hoarder.johnsnexus.click {
+     reverse_proxy 192.168.1.15:3200 
+}
+#
+#
+# runs on virtual node-15 in a docker container
+#
+grafana.johnsnexus.click {
+#     import basic-auth
+     reverse_proxy 192.168.1.15:3030
+}
+#
+# new gitea on Elite cluster
+#
+mygit.johnsnexus.click {
+     reverse_proxy 192.168.1.15:3000
+}
+#
+# copy of mygit on the production cluster
+gitea.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.1:3000
+}
+#
+# now a cirtual container on PROXMOX
+gotify.johnsnexus.click {
+     reverse_proxy 192.168.1.230:80
+}
+#
+# New home assistant, running under docker on NODE-16 via wireless
+https://have.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.16:8123

ctiomag/docker-compose.yml

@@ -12,7 +12,7 @@ services:
     ports:
       - 8877:80
     volumes:
-      - /media/gv0/ctiomag:/usr/local/apache2/htdocs
+      - /media/gv0/WebSites/CTiOMag:/usr/local/apache2/htdocs
     networks:
       - caddy_net
 

diun/docker-compose.yml

@@ -16,8 +16,8 @@ services:
       - "DIUN_PROVIDERS_SWARM=true"
       - "DIUN_PROVIDERS_SWARM_WATCHBYDEFAULT=true"
 
-      - "DIUN_NOTIF_GOTIFY_ENDPOINT=http://192.168.1.4:8111"
-      - "DIUN_NOTIF_GOTIFY_TOKEN=AKEQs.EZ-5r0Vqs" # get your token from Gotify UI
+      - "DIUN_NOTIF_GOTIFY_ENDPOINT=http://192.168.1.230:80"
+      - "DIUN_NOTIF_GOTIFY_TOKEN=ApsLS-oLoJE9MGT" # get your token from Gotify UI
       - "DIUN_NOTIF_GOTIFY_PRIORITY=5"
       - "DIUN_NOTIF_GOTIFY_TIMEOUT=10s"
     deploy:

nextfamhistweb/docker-compose.yml

@@ -7,17 +7,10 @@ services:
     ports:
       - 8887:80
     volumes:
-      - nas-share:/usr/local/apache2/htdocs
+      - /media/gv0/WebSites/NextFamHist:/usr/local/apache2/htdocs
     networks:
       - caddy_net
 
-volumes:
-  nas-share:
-    driver_opts:
-      type: cifs
-      o: "username=admin,password=Gerald1927"
-      device: "//192.168.1.7/TestFamilyWebSite/"
-
 networks:
   caddy_net:
     external: true

samba/docker-compose.yml

@@ -2,7 +2,7 @@ services:
   samba:
     image: dockurr/samba
     environment:
-      NAME: "prod-cluster" # this is the share name ...
+      NAME: "prod" # this is the share name ...
       USER: "john"
       PASS: "mary1948"
       UID: "1000"

testweb/docker-compose.yml

@@ -12,7 +12,7 @@ services:
     ports:
       - 8878:80
     volumes:
-      - /media/gv0/TestWebSite:/usr/local/apache2/htdocs
+      - /media/gv0/WebSites/Test:/usr/local/apache2/htdocs
     networks:
       - caddy_net
 

uptime-kuma/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   uptime-kuma:
-    image: louislam/uptime-kuma:2
+    image: louislam/uptime-kuma:2.2.1
     container_name: uptime-kuma
     deploy:
       placement: