diff --git a/README.md b/README.md index f113a5b..83c2785 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,33 @@ # Homelab -## Hosts +## Hosts & Services ### Cuddlefish -Services: - -| Service | Internal Ports | External Ports | URL | -| :------ | :------------- | :------------- | :--- | -| Gitea | `3000` | `80` | `git.michaellisano.com` | +- `git.michaellisano.com` ### Rocktiplex -| Service | Internal Ports | External Ports | URL | -| :--------------- | :------------- | :------------- | :--- | -| Fathom Analytics | `8080` | `80` | `analytics.michaellisano.com` | +- `analytics.michaellisano.com` + + +## Dockerized Cloudflared Notes + +If a docker-compose file looks like this: + +```yaml +services: + gitea-server: + image: gitea/gitea:1.19.3 + ... + gitea-cloudflared: + image: cloudflare/cloudflared + ... +``` + +The name of the target services is `gitea-server`, and (per Docker's networking shenanigans), should be specified **directly by service name,** e.g. + +``` +https://git.michaellisano.com -> http://gitea-server:3000 +``` diff --git a/cuddlefish/docker-compose.old.yaml b/cuddlefish/archive/docker-compose.2022.yaml similarity index 100% rename from cuddlefish/docker-compose.old.yaml rename to cuddlefish/archive/docker-compose.2022.yaml diff --git a/cuddlefish/archive/nginx.2022.conf b/cuddlefish/archive/nginx.2022.conf new file mode 100644 index 0000000..de5e746 --- /dev/null +++ b/cuddlefish/archive/nginx.2022.conf @@ -0,0 +1,67 @@ +#/etc/nginx/nginx.conf + +events {} + +http { + server { + listen 80; + server_name git.turtlebasket.ml; + client_max_body_size 50m; + + location / { + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name analytics.turtlebasket.ml; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name md.turtlebasket.ml; + + location / { + proxy_pass http://192.168.1.25:3000; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name money.turtlebasket.ml; + + location / { + proxy_pass http://192.168.1.25:8080; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name iot.turtlebasket.ml; + + location / { + proxy_pass http://192.168.1.25:8123; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Critical for websockets, which Home Assistant uses + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + } +} + diff --git a/cuddlefish/docker-compose.yaml b/cuddlefish/docker-compose.yaml index 4e1656b..3acf857 100644 --- a/cuddlefish/docker-compose.yaml +++ b/cuddlefish/docker-compose.yaml @@ -5,7 +5,8 @@ networks: external: false services: - server: + + gitea-server: image: gitea/gitea:1.19.3 container_name: gitea environment: @@ -22,3 +23,13 @@ services: - "3000:3000" - "222:22" + gitea-cloudflared: + container_name: cloudflared-gitea + image: cloudflare/cloudflared + restart: unless-stopped + command: tunnel run --url http://server:3000 + environment: + - TUNNEL_TOKEN=${GITEA_TUNNEL_TOKEN} + networks: + - gitea + diff --git a/cuddlefish/example.env b/cuddlefish/example.env index f3f209a..4c92250 100644 --- a/cuddlefish/example.env +++ b/cuddlefish/example.env @@ -1,3 +1,7 @@ BACKUP_HOST=bob@1.2.3.4 BACKUP_KEYPATH=~/.ssh/id_backup BACKUP_SSH_PORT=22 + +SSH_TUNNEL_TOKEN=... +GITEA_TUNNEL_TOKEN=... + diff --git a/cuddlefish/nginx.conf b/cuddlefish/nginx.conf index de5e746..b067e1d 100644 --- a/cuddlefish/nginx.conf +++ b/cuddlefish/nginx.conf @@ -1,67 +1,19 @@ -#/etc/nginx/nginx.conf +#/etc/nginx/stream.conf -events {} +load_module /usr/lib64/nginx/modules/ngx_stream_module.so; -http { - server { - listen 80; - server_name git.turtlebasket.ml; - client_max_body_size 50m; - location / { - proxy_pass http://127.0.0.1:3000; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +stream { + map $ssl_preread_server_name $target_host { + cuddlefish.ssh.michael.com 127.0.0.1:22; + rocktiplex.ssh.michaellisano.com 192.168.1.19:22; + default 127.0.0.1:22; } - } - server { - listen 80; - server_name analytics.turtlebasket.ml; - - location / { - proxy_pass http://127.0.0.1:8080; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + server { + listen 2200; + proxy_pass $backend; + ssl_preread on } - } - - server { - listen 80; - server_name md.turtlebasket.ml; - - location / { - proxy_pass http://192.168.1.25:3000; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - - server { - listen 80; - server_name money.turtlebasket.ml; - - location / { - proxy_pass http://192.168.1.25:8080; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - - server { - listen 80; - server_name iot.turtlebasket.ml; - - location / { - proxy_pass http://192.168.1.25:8123; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # Critical for websockets, which Home Assistant uses - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - } }