From 9c1ed78fac5ed643c9257c7ecbb4f1407bbc67b8 Mon Sep 17 00:00:00 2001 From: turtlebasket Date: Thu, 15 Jun 2023 16:42:42 -0700 Subject: [PATCH 1/2] update backup stuff --- .gitignore | 3 +++ cuddlefish/backup | 11 +++++++---- cuddlefish/docker-compose.yaml | 2 +- cuddlefish/example.env | 3 +++ 4 files changed, 14 insertions(+), 5 deletions(-) create mode 100644 cuddlefish/example.env diff --git a/.gitignore b/.gitignore index c265584..55a58f3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ # Docker volume mounts */*-data/ +# envfiles +.env + # backups *.tar diff --git a/cuddlefish/backup b/cuddlefish/backup index c7aac00..ea56d23 100755 --- a/cuddlefish/backup +++ b/cuddlefish/backup @@ -1,8 +1,11 @@ #!/bin/bash -# CONTAINER_ID=b581d6283772 -CONTAINER_ID=gitea +# NOTE: DEPENDING ON PERMISSIONING, YOU MAY NEED TO RUN THIS SCRIPT USING SUDO -docker commit -p $CONTAINER_ID gitea-checkpoint-latest -docker save -o gitea-checkpoint-$(date | tr '[:upper:]' '[:lower:]' | tr ' ' '_').tar checkpoint-latest +source .env +DATESTRING=$(date +"%Y-%m-%d_%H%M%S" | tr '[:upper:]' '[:lower:]' | tr ' ' '_') +ARCHIVE="gitea-data-${DATESTRING}.tar.gz" +tar -czvf $ARCHIVE gitea-data/ +scp -i $BACKUP_KEYPATH -P $BACKUP_SSH_PORT $ARCHIVE $BACKUP_HOST:~/backups/ +rm $ARCHIVE && echo Removed $ARCHIVE. diff --git a/cuddlefish/docker-compose.yaml b/cuddlefish/docker-compose.yaml index 6f2a163..4e1656b 100644 --- a/cuddlefish/docker-compose.yaml +++ b/cuddlefish/docker-compose.yaml @@ -6,7 +6,7 @@ networks: services: server: - image: gitea/gitea:latest + image: gitea/gitea:1.19.3 container_name: gitea environment: USER_UID: 1000 diff --git a/cuddlefish/example.env b/cuddlefish/example.env new file mode 100644 index 0000000..f3f209a --- /dev/null +++ b/cuddlefish/example.env @@ -0,0 +1,3 @@ +BACKUP_HOST=bob@1.2.3.4 +BACKUP_KEYPATH=~/.ssh/id_backup +BACKUP_SSH_PORT=22 From 76fda3f1d5c41d57c3ebfccd71585de9106e4126 Mon Sep 17 00:00:00 2001 From: turtlebasket Date: Mon, 19 Jun 2023 11:27:48 -0700 Subject: [PATCH 2/2] dockerize cloudflared on cuddlefish + ssh proxying test --- README.md | 33 ++++++--- .../docker-compose.2022.yaml} | 0 cuddlefish/archive/nginx.2022.conf | 67 ++++++++++++++++++ cuddlefish/docker-compose.yaml | 13 +++- cuddlefish/example.env | 4 ++ cuddlefish/nginx.conf | 70 +++---------------- 6 files changed, 118 insertions(+), 69 deletions(-) rename cuddlefish/{docker-compose.old.yaml => archive/docker-compose.2022.yaml} (100%) create mode 100644 cuddlefish/archive/nginx.2022.conf diff --git a/README.md b/README.md index f113a5b..83c2785 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,33 @@ # Homelab -## Hosts +## Hosts & Services ### Cuddlefish -Services: - -| Service | Internal Ports | External Ports | URL | -| :------ | :------------- | :------------- | :--- | -| Gitea | `3000` | `80` | `git.michaellisano.com` | +- `git.michaellisano.com` ### Rocktiplex -| Service | Internal Ports | External Ports | URL | -| :--------------- | :------------- | :------------- | :--- | -| Fathom Analytics | `8080` | `80` | `analytics.michaellisano.com` | +- `analytics.michaellisano.com` + + +## Dockerized Cloudflared Notes + +If a docker-compose file looks like this: + +```yaml +services: + gitea-server: + image: gitea/gitea:1.19.3 + ... + gitea-cloudflared: + image: cloudflare/cloudflared + ... +``` + +The name of the target services is `gitea-server`, and (per Docker's networking shenanigans), should be specified **directly by service name,** e.g. + +``` +https://git.michaellisano.com -> http://gitea-server:3000 +``` diff --git a/cuddlefish/docker-compose.old.yaml b/cuddlefish/archive/docker-compose.2022.yaml similarity index 100% rename from cuddlefish/docker-compose.old.yaml rename to cuddlefish/archive/docker-compose.2022.yaml diff --git a/cuddlefish/archive/nginx.2022.conf b/cuddlefish/archive/nginx.2022.conf new file mode 100644 index 0000000..de5e746 --- /dev/null +++ b/cuddlefish/archive/nginx.2022.conf @@ -0,0 +1,67 @@ +#/etc/nginx/nginx.conf + +events {} + +http { + server { + listen 80; + server_name git.turtlebasket.ml; + client_max_body_size 50m; + + location / { + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name analytics.turtlebasket.ml; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name md.turtlebasket.ml; + + location / { + proxy_pass http://192.168.1.25:3000; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name money.turtlebasket.ml; + + location / { + proxy_pass http://192.168.1.25:8080; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 80; + server_name iot.turtlebasket.ml; + + location / { + proxy_pass http://192.168.1.25:8123; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Critical for websockets, which Home Assistant uses + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + } +} + diff --git a/cuddlefish/docker-compose.yaml b/cuddlefish/docker-compose.yaml index 4e1656b..3acf857 100644 --- a/cuddlefish/docker-compose.yaml +++ b/cuddlefish/docker-compose.yaml @@ -5,7 +5,8 @@ networks: external: false services: - server: + + gitea-server: image: gitea/gitea:1.19.3 container_name: gitea environment: @@ -22,3 +23,13 @@ services: - "3000:3000" - "222:22" + gitea-cloudflared: + container_name: cloudflared-gitea + image: cloudflare/cloudflared + restart: unless-stopped + command: tunnel run --url http://server:3000 + environment: + - TUNNEL_TOKEN=${GITEA_TUNNEL_TOKEN} + networks: + - gitea + diff --git a/cuddlefish/example.env b/cuddlefish/example.env index f3f209a..4c92250 100644 --- a/cuddlefish/example.env +++ b/cuddlefish/example.env @@ -1,3 +1,7 @@ BACKUP_HOST=bob@1.2.3.4 BACKUP_KEYPATH=~/.ssh/id_backup BACKUP_SSH_PORT=22 + +SSH_TUNNEL_TOKEN=... +GITEA_TUNNEL_TOKEN=... + diff --git a/cuddlefish/nginx.conf b/cuddlefish/nginx.conf index de5e746..b067e1d 100644 --- a/cuddlefish/nginx.conf +++ b/cuddlefish/nginx.conf @@ -1,67 +1,19 @@ -#/etc/nginx/nginx.conf +#/etc/nginx/stream.conf -events {} +load_module /usr/lib64/nginx/modules/ngx_stream_module.so; -http { - server { - listen 80; - server_name git.turtlebasket.ml; - client_max_body_size 50m; - location / { - proxy_pass http://127.0.0.1:3000; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +stream { + map $ssl_preread_server_name $target_host { + cuddlefish.ssh.michael.com 127.0.0.1:22; + rocktiplex.ssh.michaellisano.com 192.168.1.19:22; + default 127.0.0.1:22; } - } - server { - listen 80; - server_name analytics.turtlebasket.ml; - - location / { - proxy_pass http://127.0.0.1:8080; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + server { + listen 2200; + proxy_pass $backend; + ssl_preread on } - } - - server { - listen 80; - server_name md.turtlebasket.ml; - - location / { - proxy_pass http://192.168.1.25:3000; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - - server { - listen 80; - server_name money.turtlebasket.ml; - - location / { - proxy_pass http://192.168.1.25:8080; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - - server { - listen 80; - server_name iot.turtlebasket.ml; - - location / { - proxy_pass http://192.168.1.25:8123; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # Critical for websockets, which Home Assistant uses - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - } }