From 97c7b23978ec227accad5d10d75ba4dde28674e4 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 16:39:56 +0200 Subject: [PATCH 01/16] create traefik --- traefik/docker-compose.yml | 82 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 traefik/docker-compose.yml diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml new file mode 100644 index 0000000..8335c6d --- /dev/null +++ b/traefik/docker-compose.yml @@ -0,0 +1,82 @@ +# Resources +# - https://www.smarthomebeginner.com/cloudflare-settings-for-traefik-docker/ +# - https://www.smarthomebeginner.com/traefik-2-docker-tutorial/ +# - https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237 +# - https://faun.pub/deploy-nextcloud-with-docker-compose-traefik-2-postgresql-and-redis-fd1ffc166173 +# - https://github.com/jnsgruk/nextcloud-docker-compose/blob/master/traefik/docker-compose.yml +# - https://doc.traefik.io/traefik/middlewares/basicauth/ +# Generate auth: +# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g +# https://gist.github.com/coltenkrauter/124ec31d616fa4c0dcf25d79462a6237 +version: '3.8' + +services: + traefik: + image: traefik:livarot + container_name: traefik + restart: unless-stopped + env_file: .env + command: + - "--api=true" + - "--api.dashboard=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http" + - "--certificatesresolvers.letsencrypt.acme.email=$EMAIL" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--certificatesresolvers.dns-cloudflare.acme.email=$EMAIL" + - "--certificatesresolvers.dns-cloudflare.acme.storage=/cloudflare/acme.json" + - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare" + - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53" + - "--certificatesresolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90" + - "--entrypoints.http.address=:80" + - "--entrypoints.https.address=:443" + - "--entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,104.16.0.0/13,104.24.0.0/14" # allow cloudflare source ips to set x-forwarded-for headers - https://www.cloudflare.com/ips-v4 + - "--entrypoints.https.http.tls.certresolver=dns-cloudflare" + - "--entrypoints.https.http.tls.domains[0].main=$DOMAIN" + - "--entrypoints.https.http.tls.domains[0].sans=*.$DOMAIN" + - "--entrypoints.https.http.tls.domains[1].main=$DOMAIN2" + - "--entrypoints.https.http.tls.domains[1].sans=*.$DOMAIN2" + - "--entrypoints.https.http.tls.options=tls-opts@file" + - "--log.level=INFO" + - "--log.format=json" + - "--metrics.prometheus=true" + - "--ping=true" + - "--providers.docker=true" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.network=public" + - "--providers.docker.swarmMode=false" + environment: + - CF_API_EMAIL=$CF_API_EMAIL + - CF_API_KEY=$CF_API_KEY + ports: + - 80:80 + - 443:443 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - $DOCKER_VOLUME_PATH/traefik/auth:/auth + - $DOCKER_VOLUME_PATH/traefik/letsencrypt:/letsencrypt + - $DOCKER_VOLUME_PATH/traefik/cloudflare:/cloudflare + labels: + - "traefik.enable=true" + # catchall for redirecting http to https + - "traefik.http.routers.http-catchall.entrypoints=http" + - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" + - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + - "traefik.http.routers.traefik-rtr.entrypoints=https" + - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAIN`)" + - "traefik.http.routers.traefik-rtr.service=api@internal" + - "traefik.http.routers.traefik-rtr.middlewares=dashboard-auth" + - "traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/auth/passwords" + - "traefik.http.services.api@internal.loadbalancer.server.port=8080" + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + +networks: + public: + name: public From b1b0f4e07656d70755d883ee78858abe43c36250 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 16:44:26 +0200 Subject: [PATCH 02/16] Create docker-compose.yml --- bitwarden/docker-compose.yml | 80 ++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 bitwarden/docker-compose.yml diff --git a/bitwarden/docker-compose.yml b/bitwarden/docker-compose.yml new file mode 100644 index 0000000..45e4be0 --- /dev/null +++ b/bitwarden/docker-compose.yml @@ -0,0 +1,80 @@ +# resource +# https://github.com/JulianRunnels/Bitwarden_Self_Host/blob/master/docker-compose.yml +# https://medium.com/swlh/set-up-your-own-personal-password-vault-313d76374046 + +# to use grafana loki for logging: +# logging: +# driver: loki +# options: +# loki-url: http://$SERVER_IP:3100/loki/api/v1/push +# loki-external-labels: job=dockerlogs + +version: "3.8" + +services: + bitwarden-frontend: + image: nginx:1.15-alpine + container_name: bitwarden-frontend + restart: unless-stopped + volumes: + - $DOCKER_VOLUME_PATH/bitwarden/frontend/bitwarden.conf:/etc/nginx/conf.d/bitwarden.conf + networks: + - public + depends_on: + - bitwarden-backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.bitwarden.rule=Host(`bitwarden.$DOMAIN`)" + - "traefik.http.routers.bitwarden.entrypoints=https" + - "traefik.http.routers.bitwarden.tls.certresolver=dns-cloudflare" + - "traefik.http.routers.bitwarden.service=bitwarden-service" + - "traefik.http.services.bitwarden-service.loadbalancer.server.port=80" + logging: + driver: "json-file" + options: + max-size: "1m" + + bitwarden-backend: + image: vaultwarden/server:latest + container_name: bitwarden-backend + restart: unless-stopped + volumes: + - $DOCKER_VOLUME_PATH/bitwarden/backend/data:/data + environment: + - WEBSOCKET_ENABLED=true + - SIGNUPS_ALLOWED=false + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + bitwarden-backup: + image: bruceforce/bw_backup:latest + container_name: bitwarden-backup + restart: unless-stopped + depends_on: + - bitwarden-backend + volumes: + - $DOCKER_VOLUME_PATH/bitwarden/backend/data:/data + - $DOCKER_VOLUME_PATH/bitwarden/backend/backup:/backup + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + environment: + - DB_FILE=/data/db.sqlite3 + - BACKUP_FILE=/backup/backup.sqlite3 + - CRON_TIME=0 1 * * * + - TIMESTAMP=false + - UID=0 + - GID=0 + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + +networks: + public: + name: public From b0f055225b4d032a439b153ffa899888ff77a641 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 16:45:01 +0200 Subject: [PATCH 03/16] Create sample-env --- bitwarden/sample-env | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 bitwarden/sample-env diff --git a/bitwarden/sample-env b/bitwarden/sample-env new file mode 100644 index 0000000..369dd3b --- /dev/null +++ b/bitwarden/sample-env @@ -0,0 +1,2 @@ +DOCKER_VOLUME_PATH= +DOMAIN= From 4e9446cd84344e4b57ffb78101080ef5a89acc96 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 16:46:31 +0200 Subject: [PATCH 04/16] Create bitwarden.conf --- bitwarden/bitwarden/frontend/bitwarden.conf | 23 +++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 bitwarden/bitwarden/frontend/bitwarden.conf diff --git a/bitwarden/bitwarden/frontend/bitwarden.conf b/bitwarden/bitwarden/frontend/bitwarden.conf new file mode 100644 index 0000000..553970a --- /dev/null +++ b/bitwarden/bitwarden/frontend/bitwarden.conf @@ -0,0 +1,23 @@ +server { + listen 80; + server_name _; + client_max_body_size 128M; + + location / { + proxy_pass http://bitwarden-backend:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /notifications/hub { + proxy_pass http://bitwarden-backend:3012; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /notifications/hub/negotiate { + proxy_pass http://bitwarden-backend:80; + } +} From 0352fda397dd12a2d6865a202aeda82b46887927 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 16:46:51 +0200 Subject: [PATCH 05/16] Update sample-env --- bitwarden/sample-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitwarden/sample-env b/bitwarden/sample-env index 369dd3b..b475e5a 100644 --- a/bitwarden/sample-env +++ b/bitwarden/sample-env @@ -1,2 +1,2 @@ -DOCKER_VOLUME_PATH= +DOCKER_VOLUME_PATH=. DOMAIN= From 077dd138fe7cc8e2dfa3b20d0254665800217fa4 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 23:42:07 +0200 Subject: [PATCH 06/16] Create sample-env --- traefik/sample-env | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 traefik/sample-env diff --git a/traefik/sample-env b/traefik/sample-env new file mode 100644 index 0000000..e2d3323 --- /dev/null +++ b/traefik/sample-env @@ -0,0 +1,3 @@ +DOCKER_VOLUME_PATH=. +DOMAIN= +DOMAIN2= From 06921016f1b0983dcaa4b8109c4376272665095e Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 23:47:59 +0200 Subject: [PATCH 07/16] Create docker-compose.yml --- rocket-chat/docker-compose.yml | 128 +++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 rocket-chat/docker-compose.yml diff --git a/rocket-chat/docker-compose.yml b/rocket-chat/docker-compose.yml new file mode 100644 index 0000000..daa8bfc --- /dev/null +++ b/rocket-chat/docker-compose.yml @@ -0,0 +1,128 @@ +version: "3.7" + +services: + rocketchat: + image: rocketchat/rocket.chat:latest + container_name: rocketchat + restart: unless-stopped + command: > + bash -c + "for i in `seq 1 30`; do + INSTANCE_IP=$$(hostname -i) node main.js && + s=$$? && break || s=$$?; + echo \"Tried $$i times. Waiting 5 secs...\"; + sleep 5; + done; (exit $$s)" + volumes: + - ${DOCKER_VOLUME_PATH}/rocketchat/app/data/uploads:/app/uploads + - /tmp:/tmp + environment: + - PORT=3000 + - ROOT_URL=http://chat.$DOMAIN + - MONGO_URL=mongodb://rocketchat-mongo:27017/rocketchat + - MONGO_OPLOG_URL=mongodb://rocketchat-mongo:27017/local + ports: + - 9458:9458 # prometheus + labels: + - "traefik.enable=true" + - "traefik.http.routers.rocketchat-app.rule=Host(`chat.$DOMAIN`)" + - "traefik.http.routers.rocketchat-app.entrypoints=https" + - "traefik.http.routers.rocketchat-app.tls.certresolver=dns-cloudflare" + - "com.centurylinklabs.watchtower.enable=true" + depends_on: + - rocketchat-mongo + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + rocketchat-mongo: + image: mongo:4.0 + container_name: rocketchat-mongo + restart: unless-stopped + command: mongod --oplogSize 128 --replSet rs0 + volumes: + - ${DOCKER_VOLUME_PATH}/rocketchat/mongo/data/db:/data/db + - ${DOCKER_VOLUME_PATH}/rocketchat/mongo/data/backups:/dump + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + rocketchat-mongo-init-replica: + image: mongo:4.0 + container_name: rocketchat-mono-init-replica + command: > + bash -c + "for i in `seq 1 30`; do + mongo rocketchat-mongo/rocketchat --eval \" + rs.initiate({ + _id: 'rs0', + members: [ { _id: 0, host: 'localhost:27017' } ]})\" && + s=$$? && break || s=$$?; + echo \"Tried $$i times. Waiting 5 secs...\"; + sleep 5; + done; (exit $$s)" + depends_on: + - rocketchat-mongo + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + rocketchat-hubot: + image: rocketchat/hubot-rocketchat:v1.0.11 + container_name: rocketchat-hubot + restart: unless-stopped + environment: + - MONGODB_URL=mongodb://rocketchat-mongo:27017/hubot-brain + - ROCKETCHAT_URL=rocketchat:3000 + - ROCKETCHAT_ROOM=GENERAL + - ROCKETCHAT_USER=${ROCKETCHAT_USER} + - ROCKETCHAT_PASSWORD=${ROCKETCHAT_PASSWORD} + - BOT_NAME=${ROCKETCHAT_BOT_NAME} + - RESPOND_TO_DM=true + - LISTEN_ON_ALL_PUBLIC=true + - EXTERNAL_SCRIPTS=${ROCKETCHAT_EXTERNAL_SCRIPTS} + - TZ=${TZ} + depends_on: + - rocketchat + volumes: + - ${DOCKER_VOLUME_PATH}/rocketchat/hubot/data/hubotscripts:/home/hubot/scripts + ports: + - 3011:8081 + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + rocketchat-mongo-express: + image: mongo-express + container_name: roccketchat-mongo-express + environment: + - ME_CONFIG_MONGODB_URL=mongodb://rocketchat-mongo:27017/ + - ME_CONFIG_MONGODB_ENABLE_ADMIN=true + - ME_CONFIG_BASICAUTH_USERNAME=admin + - ME_CONFIG_BASICAUTH_PASSWORD=$ME_CONFIG_BASICAUTH_PASSWORD + ports: + - 18087:8081 + networks: + - public + depends_on: + - rocketchat-mongo + logging: + driver: "json-file" + options: + max-size: "1m" + +networks: + public: + name: public From 9e6c3dc0c6a9c2b635e7fd01e1aa15254c99f3fe Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 25 Jul 2021 23:49:51 +0200 Subject: [PATCH 08/16] Create sample-env --- rocket-chat/sample-env | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 rocket-chat/sample-env diff --git a/rocket-chat/sample-env b/rocket-chat/sample-env new file mode 100644 index 0000000..0dc87df --- /dev/null +++ b/rocket-chat/sample-env @@ -0,0 +1,10 @@ +DOMAIN= +ME_CONFIG_BASICAUTH_PASSWORD= +DOCKER_VOLUME_PATH=. +ROCKETCHAT_ROOM=GENERAL +ROCKETCHAT_USER=hubot +ROCKETCHAT_PASSWORD= +ROCKETCHAT_BOT_NAME=hubot +# https://developer.rocket.chat/guides/bots-guides/create-and-run-a-bot/run-a-hubot-bot +ROCKETCHAT_EXTERNAL_SCRIPTS=hubot-help,hubot-diagnostics,hubot-seen,hubot-links,hubot-pugme,hubot-memes,hubot-isup +TZ=/usr/share/zoneinfo/Africa/Johannesburg From 0d6a6183016603d29f1ef388adc4249f4c259e9d Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Mon, 26 Jul 2021 00:08:13 +0200 Subject: [PATCH 09/16] Create docker-compose.yml --- logging-loki/docker-compose.yml | 147 ++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 logging-loki/docker-compose.yml diff --git a/logging-loki/docker-compose.yml b/logging-loki/docker-compose.yml new file mode 100644 index 0000000..3cfc58e --- /dev/null +++ b/logging-loki/docker-compose.yml @@ -0,0 +1,147 @@ +version: '3.8' + +services: + loki-redis: + image: bitnami/redis:latest + restart: unless-stopped + container_name: loki-redis + environment: + ALLOW_EMPTY_PASSWORD: "yes" + ports: + - 6379 + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + loki-consul: + container_name: loki-consul + image: consul:1.9 + command: agent -log-level=info -dev -client 0.0.0.0 + restart: unless-stopped + volumes: + - $DOCKER_VOLUME_PATH/loki/consul/config:/consul/config + - $DOCKER_VOLUME_PATH/loki/consul/data:/consul/data + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + loki-distributor: + image: grafana/loki:2.2.1 + container_name: loki-distributor + restart: unless-stopped + ports: + - 3100:3100 + depends_on: + - loki-redis + - loki-consul + volumes: + - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml + command: -config.file=/etc/loki/config.yaml -target=distributor + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + loki-querier: + image: grafana/loki:2.2.1 + container_name: loki-querier + restart: unless-stopped + ports: + - 3100 + depends_on: + - loki-redis + - loki-consul + volumes: + - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml + command: -config.file=/etc/loki/config.yaml -target=querier + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + loki-ingester: + image: grafana/loki:2.2.1 + container_name: loki-ingester + restart: unless-stopped + ports: + - 3100 + depends_on: + - loki-redis + - loki-consul + volumes: + - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml + command: -config.file=/etc/loki/config.yaml -target=ingester + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + loki-table-manager: + image: grafana/loki:2.2.1 + container_name: loki-table-manager + restart: unless-stopped + ports: + - 3100 + depends_on: + - loki-redis + - loki-consul + volumes: + - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml + command: -config.file=/etc/loki/config.yaml -target=table-manager + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + promtail: + image: grafana/promtail:latest + container_name: promtail + restart: unless-stopped + volumes: + - $DOCKER_VOLUME_PATH/loki/configs/promtail/promtail-config.yaml:/etc/promtail/docker-config.yaml + - /var/log:/var/log + - /var/lib/docker/:/var/lib/docker:ro + command: -config.file=/etc/promtail/docker-config.yaml + depends_on: + - loki-ingester + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + fluent-bit: + image: grafana/fluent-bit-plugin-loki:latest + container_name: fluent-bit + environment: + - LOKI_URL=http://loki-distributor:3100/loki/api/v1/push + volumes: + - $DOCKER_VOLUME_PATH/loki/configs/fluentbit/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf + ports: + - "24224:24224" + - "24224:24224/udp" + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + +networks: + public: + name: public From 03deb1fe422e1b29ffab98d6446baaecc0629122 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Mon, 26 Jul 2021 00:08:56 +0200 Subject: [PATCH 10/16] Create promtail-config.yaml --- .../configs/promtail/promtail-config.yaml | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 logging-loki/loki/configs/promtail/promtail-config.yaml diff --git a/logging-loki/loki/configs/promtail/promtail-config.yaml b/logging-loki/loki/configs/promtail/promtail-config.yaml new file mode 100644 index 0000000..da2abd4 --- /dev/null +++ b/logging-loki/loki/configs/promtail/promtail-config.yaml @@ -0,0 +1,55 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://loki-distributor:3100/loki/api/v1/push + +scrape_configs: +- job_name: logs + pipeline_stages: + static_configs: + - targets: + - localhost + labels: + job: hostlogs + environment: home + __path__: /var/log/*.log + + +- job_name: containers + static_configs: + - targets: + - localhost + labels: + job: containerlogs + __path__: /var/lib/docker/containers/*/*log + + pipeline_stages: + - json: + expressions: + output: log + stream: stream + attrs: + - json: + expressions: + tag: + source: attrs + - regex: + expression: (?P(?:[^|]*[^|])).(?P(?:[^|]*[^|])).(?P(?:[^|]*[^|])).(?P(?:[^|]*[^|])) + source: tag + - timestamp: + format: RFC3339Nano + source: time + - labels: + tag: + stream: + image_name: + container_name: + image_id: + container_id: + - output: + source: output From fe7c7a25bb7df7ef0c9ce162108c5ec9cd74db64 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Mon, 26 Jul 2021 00:11:46 +0200 Subject: [PATCH 11/16] Create consul_config.yaml --- .../loki/configs/loki/consul_config.yaml | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 logging-loki/loki/configs/loki/consul_config.yaml diff --git a/logging-loki/loki/configs/loki/consul_config.yaml b/logging-loki/loki/configs/loki/consul_config.yaml new file mode 100644 index 0000000..bffea16 --- /dev/null +++ b/logging-loki/loki/configs/loki/consul_config.yaml @@ -0,0 +1,82 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + +ingester: + lifecycler: + ring: + kvstore: + store: consul + consul: + host: loki-consul:8500 + heartbeat_timeout: 1m + replication_factor: 1 + num_tokens: 128 + heartbeat_period: 5s + join_after: 0s + min_ready_duration: 10s + interface_names: + - "eth0" + final_sleep: 30s + chunk_idle_period: 5m + chunk_retain_period: 30s + +schema_config: + configs: + - from: 2020-05-15 + store: boltdb-shipper + object_store: s3 + schema: v11 + index: + prefix: loki_ + period: 24h + +storage_config: + aws: + bucketnames: loki + endpoint: minio.$DOMAIN + access_key_id: EXAMPLEACCESSKEY + secret_access_key: EXAMPLEACCESSSECRET + insecure: false + s3forcepathstyle: true + #s3: s3://EXAMPLEACCESSKEY:EXAMPLEACCESSSECRET@minio.:3000/loki + #s3forcepathstyle: true + + boltdb_shipper: + active_index_directory: /loki/index + cache_location: /loki/index_cache + resync_interval: 5s + shared_store: s3 + +limits_config: + enforce_metric_name: false + reject_old_samples: true + reject_old_samples_max_age: 168h + +chunk_store_config: + chunk_cache_config: + redis: + endpoint: "loki-redis:6379" + timeout: 100ms + expiration: 0s + max_look_back_period: 0s + write_dedupe_cache_config: + redis: + endpoint: "loki-redis:6379" + timeout: 100ms + expiration: 0s + +table_manager: + chunk_tables_provisioning: + inactive_read_throughput: 1 + inactive_write_throughput: 1 + provisioned_read_throughput: 5 + provisioned_write_throughput: 5 + index_tables_provisioning: + inactive_read_throughput: 1 + inactive_write_throughput: 1 + provisioned_read_throughput: 5 + provisioned_write_throughput: 5 + retention_deletes_enabled: false + retention_period: 0s From f762a6340eced1cbc8319882a640709069dd4e89 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Mon, 26 Jul 2021 00:12:24 +0200 Subject: [PATCH 12/16] Create fluent-bit.conf --- .../loki/configs/fluentbit/fluent-bit.conf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 logging-loki/loki/configs/fluentbit/fluent-bit.conf diff --git a/logging-loki/loki/configs/fluentbit/fluent-bit.conf b/logging-loki/loki/configs/fluentbit/fluent-bit.conf new file mode 100644 index 0000000..46f41fe --- /dev/null +++ b/logging-loki/loki/configs/fluentbit/fluent-bit.conf @@ -0,0 +1,15 @@ +[INPUT] + Name forward + Listen 0.0.0.0 + Port 24224 +[Output] + Name grafana-loki + Match * + Url ${LOKI_URL} + RemoveKeys source,container_id + Labels {job="fluentbit"} + LabelKeys container_name + BatchWait 1s + BatchSize 1001024 + LineFormat json + LogLevel info From b53c0fbb460530b3949736e91b796491cd5768f7 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Mon, 26 Jul 2021 00:15:06 +0200 Subject: [PATCH 13/16] Update docker-compose.yml --- logging-loki/docker-compose.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/logging-loki/docker-compose.yml b/logging-loki/docker-compose.yml index 3cfc58e..fc684fb 100644 --- a/logging-loki/docker-compose.yml +++ b/logging-loki/docker-compose.yml @@ -16,6 +16,30 @@ services: options: max-size: "1m" + loki-minio: + image: minio/minio:latest + container_name: loki-minio + volumes: + - $DOCKER_VOLUME_PATH/loki/minio/data:/data + env_file: .env + environment: + - MINIO_ROOT_USER=${MINIO_ROOT_USER:-EXAMPLEACCESSKEY} + - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-EXAMPLEACCESSSECRET} + command: server /data + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + restart: unless-stopped + networks: + - public + logging: + driver: "json-file" + options: + max-size: "1m" + + loki-consul: container_name: loki-consul image: consul:1.9 @@ -40,6 +64,7 @@ services: depends_on: - loki-redis - loki-consul + - loki-minio volumes: - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml command: -config.file=/etc/loki/config.yaml -target=distributor @@ -59,6 +84,7 @@ services: depends_on: - loki-redis - loki-consul + - loki-minio volumes: - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml command: -config.file=/etc/loki/config.yaml -target=querier @@ -78,6 +104,7 @@ services: depends_on: - loki-redis - loki-consul + - loki-minio volumes: - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml command: -config.file=/etc/loki/config.yaml -target=ingester @@ -97,6 +124,7 @@ services: depends_on: - loki-redis - loki-consul + - loki-minio volumes: - $DOCKER_VOLUME_PATH/loki/configs/loki/consul_config.yaml:/etc/loki/config.yaml command: -config.file=/etc/loki/config.yaml -target=table-manager From ea37c31fd08157e26c603ec5c4293da374363e77 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Mon, 26 Jul 2021 00:15:37 +0200 Subject: [PATCH 14/16] Create sample-env --- logging-loki/sample-env | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 logging-loki/sample-env diff --git a/logging-loki/sample-env b/logging-loki/sample-env new file mode 100644 index 0000000..a87d634 --- /dev/null +++ b/logging-loki/sample-env @@ -0,0 +1,4 @@ +DOMAIN= +MINIO_ROOT_USER= +MINIO_ROOT_PASSWORD= +DOCKER_VOLUME_PATH=. From c6e6001ba9ca0fda0f37c3ef79157691117d10ec Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Mon, 26 Jul 2021 00:22:46 +0200 Subject: [PATCH 15/16] Update .drone.yml --- .drone.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.drone.yml b/.drone.yml index cc2c117..ea99495 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,3 +8,23 @@ steps: image: busybox commands: - echo hi + +- name: gotify + image: fredix/drone-gotify + settings: + gotifytoken: + from_secret: plugin_gotifytoken + gotifyendpoint: + from_secret: plugin_gotifyendpoint + gotifytitle: + from_secret: plugin_gotifytitle + gotifypriority: + from_secret: plugin_gotifypriority + message: > + {{#success build.status}} + build {{build.number}} succeeded on {{repo.name}}. Good job {{build.author}} {{build.link}} + {{else}} + build {{build.number}} failed on {{repo.name}}. Fix me please {{build.author}} {{build.link}} + {{/success}} + when: + status: [ success, failure ] From 22bc1bfa1420a14e7033bd71e338c3610264b0c1 Mon Sep 17 00:00:00 2001 From: Ruan Bekker Date: Sun, 29 Aug 2021 21:57:47 +0200 Subject: [PATCH 16/16] Update README.md --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index 9bff5e2..a02cfd3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,21 @@ # docker-selfhosted-server My Hobby Server for Self-Hosted Applications on Docker + +## Usage + +In each application directory resides a `sample-env` file, which includes the required environment variables that you can copy to `.env`: + +``` +$ cd folder/ +$ cp sample-env .env +# modify .env to desired values +``` + +## Included Applications + +I will add more over time: + +- `traefik` +- `bitwarden` +- `rocket-chat` +- `grafana loki`