diff options
| -rw-r--r-- | compose.yaml | 15 | ||||
| -rw-r--r-- | example.env | 6 | ||||
| -rw-r--r-- | readme.md | 11 | ||||
| -rw-r--r-- | services/nginx/etc/nginx/templates/default.conf.template | 3 | ||||
| -rw-r--r-- | services/nginx/etc/nginx/templates/services/syncthing.conf.template | 20 |
5 files changed, 52 insertions, 3 deletions
diff --git a/compose.yaml b/compose.yaml index 3149e8c..64827b3 100644 --- a/compose.yaml +++ b/compose.yaml @@ -13,6 +13,7 @@ services: networks: - cgit - radicale + - syncthing ports: - ${HOST__HTTP_PORT:?}:80 - ${HOST__HTTPS_PORT:?}:443 @@ -23,6 +24,7 @@ services: depends_on: - cgit - radicale + - syncthing cgit: build: @@ -70,9 +72,22 @@ services: - ${HOST__RADICALE_USERS_DIR:?}:/etc/radicale/users:ro - radicale_data:/data + syncthing: + build: + dockerfile_inline: | + FROM syncthing/syncthing:2.0.14 + networks: + - syncthing + volumes: + - ${HOST__SYNC_DIR:?}:/var/syncthing + healthcheck: + test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1 + start_period: 5s + networks: cgit: radicale: + syncthing: volumes: radicale_data: diff --git a/example.env b/example.env index 0ce131f..df92ee9 100644 --- a/example.env +++ b/example.env @@ -6,8 +6,7 @@ HOST__HTTP_PORT=80 HOST__HTTPS_PORT=443 # Directory containing the TLS certificate/key pair named -# `server.crt`/`server.key` as well as a `.htpasswd` file with the encrypted -# credentials to access logseq +# `server.crt`/`server.key` HOST__SECRET_DIR=/home/USER/.local/net_services/certs # Directory containing Git repositories @@ -21,3 +20,6 @@ HOST__CGIT_ABOUT_DIR=/home/USER/.local/net_services/cgit/about # Directory containing the `.htpasswd` file with the encrypted credentials of the # Radicale users. HOST__RADICALE_USERS_DIR=/home/USER/.local/net_services/radicale + +# Directory for Syncthing shared folders +HOST__SYNC_DIR=/home/USER/.local/net_services/syncthing @@ -24,3 +24,14 @@ Sensitive data is not stored on the disk when containers start. It is copied int ``` htpasswd ${HOST__RADICALE_USERS_DIR}/.htpasswd username ``` + +1. Access the services + + You may have to adapt the URLs to the configured published ports. + + - https://git.localhost + - https://dav.localhost + - https://sync.localhost + + It is highly recommended to configure authentication for the Syncthing GUI + if it exposed to the network. diff --git a/services/nginx/etc/nginx/templates/default.conf.template b/services/nginx/etc/nginx/templates/default.conf.template index 306a074..f90b61a 100644 --- a/services/nginx/etc/nginx/templates/default.conf.template +++ b/services/nginx/etc/nginx/templates/default.conf.template @@ -5,7 +5,8 @@ server { server_name ${NGINX__HOST} www.${NGINX__HOST} dav.${NGINX__HOST} - git.${NGINX__HOST}; + git.${NGINX__HOST} + sync.${NGINX__HOST}; # Prevent nginx HTTP Server Detection server_tokens off; diff --git a/services/nginx/etc/nginx/templates/services/syncthing.conf.template b/services/nginx/etc/nginx/templates/services/syncthing.conf.template new file mode 100644 index 0000000..31c90bb --- /dev/null +++ b/services/nginx/etc/nginx/templates/services/syncthing.conf.template @@ -0,0 +1,20 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name sync.${NGINX__HOST}; + + ssl_certificate /run/secrets/server.crt; + ssl_certificate_key /run/secrets/server.key; + + location / { + proxy_pass http://syncthing:8384; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} |