Skip to content
Snippets Groups Projects
Select Git revision
  • 076b677a83356ebbfbdb1c743282c913b13feace
  • master default
  • host01
  • ns4
  • kodi
5 results

docker-compose.yml

Blame
    • nimrod's avatar
      076b677a
      Cleanup. · 076b677a
      nimrod authored
      - No more proxying in www.shore.co.il. I think about redoing it all with
        a subdomain per service. Also no more secrets, intead authenticate
        against the LDAP server or something.
      - CI templates.
      - Simpler self-signed SSL certificate generation.
      - Set the hostname in CI.
      - Use the www-redirect snippet in shore.co.il.
      076b677a
      History
      Cleanup.
      nimrod authored
      - No more proxying in www.shore.co.il. I think about redoing it all with
        a subdomain per service. Also no more secrets, intead authenticate
        against the LDAP server or something.
      - CI templates.
      - Simpler self-signed SSL certificate generation.
      - Set the hostname in CI.
      - Use the www-redirect snippet in shore.co.il.
    docker-compose.yml 1.81 KiB
    ---
    version: '3.5'
    services:
      proxy:
        build:
          context: ./
        # command: ["nginx", "-g", "daemon off;"]
        hostname: &hostname "${HOSTNAME}"
        networks:
          default:
            aliases:
              - *hostname
              - nextcloud.shore.co.il
              - git.shore.co.il
        ports:
          - '80:80'
          - '443:443'
        restart: always
        volumes:
          - '/var/www/www.shore.co.il/.well-known/acme-challenge:/var/www/www.shore.co.il/.well-known/acme-challenge:ro'
          - '/var/www/mail.shore.co.il/.well-known/acme-challenge:/var/www/mail.shore.co.il/.well-known/acme-challenge:ro'
          - '/var/www/www.shore.co.il/blog:/var/www/www.shore.co.il/blog:ro'
          - '/var/www/www.shore.co.il/resume:/var/www/www.shore.co.il/resume:ro'
          - '/var/ssl/site.key:/var/ssl/site.key:ro'
          - '/var/ssl/site.crt:/var/ssl/site.crt:ro'
          - '/var/ssl/mail.key:/var/ssl/mail.key:ro'
          - '/var/ssl/mail.crt:/var/ssl/mail.crt:ro'
          - '/var/ssl/dhparams:/var/ssl/dhparams:ro'
    
      vouch:
        environment:
          OAUTH_AUTH_URL: https://nextcloud.shore.co.il/apps/oauth2/authorize
          OAUTH_CALLBACK_URLS: https://vouch.shore.co.il/auth
          OAUTH_CLIENT_ID: "${VOUCH_OAUTH_CLIENT_ID}"
          # yamllint disable-line rule:line-length
          OAUTH_CLIENT_SECRET: "${VOUCH_OAUTH_CLIENT_SECRET}"  # pragma: allowlist secret
          OAUTH_PROVIDER: nextcloud
          OAUTH_SCOPES: 'openid,email.profile'
          OAUTH_TOKEN_URL: https://nextcloud.shore.co.il/apps/oauth2/api/v1/token
          # yamllint disable-line rule:line-length
          OAUTH_USER_INFO_URL: https://nextcloud.shore.co.il/ocs/v2.php/cloud/user?format=json
          VOUCH_DOMAINS: shore.co.il
          VOUCH_JWT_SECRET: "${VOUCH_JWT_SECRET}"  # pragma: allowlist secret
        image: registry.hub.docker.com/voucher/vouch-proxy:alpine-0.20.1
        restart: always
    
    networks:
      default:
        name: shore