diff --git a/container/caddy_proxy.md b/container/caddy_proxy.md new file mode 100644 index 0000000..87eb98b --- /dev/null +++ b/container/caddy_proxy.md @@ -0,0 +1,107 @@ +# Caddy + +Un reverse proxy è un tipo particolare di server proxy che si posiziona davanti ad uno o più server back-end, gestendo tutte le richieste in ingresso dai client, inoltrandole poi opportunamente al server corretto. + +Caddy è un software open-source multipiattaforma progettato proprio come reverse proxy, con una configurazione semplice basata su file JSON o YAML anziché complesse direttive. + +## Installazione + +Su Debian e derivate: + +```bash +sudo apt install caddy +``` + +Quindi avviare il servizio: + +```bash +sudo systemctl enable --now caddy.service +``` + +## Configurazione + +La configurazione è semplicissima. Per prima cosa, creare il seguente file: + +```bash +mkdir /etc/caddy + +touch /etc/caddy/Caddyfile +``` + +In questo file andranno inserite le direttive di reindirizzamento. + +Ogni volta che si modifica il file, ricaricare il servizio coi comandi: + +```bash +sudo systemctl reload caddy.service +``` + +Per verificare eventuali errori o log del servizio: + +```bash +sudo journalctl -u caddy.service -f +``` + +### Esempio di configurazione + +```bash + > cat /etc/caddy/Caddyfile +# The Caddyfile is an easy way to configure your Caddy web server. + +:80 { + # Set this path to your site's directory. + root * /usr/share/caddy + + # Enable the static file server. + file_server +} + +# Refer to the Caddy docs for more information: +# https://caddyserver.com/docs/caddyfile + +## Snikket +## In questo esempio, Caddy si occupa di girare tutte le connessioni diretta a chat.domain.com sulla porta 80/443 del server alla porta 5080/5443 del container Docker + +http://chat.domain.com, +http://groups.chat.domain.com, +http://share.chat.domain.com { + reverse_proxy localhost:5080 +} + +chat.domain.com, +groups.chat.domain.com, +share.chat.domain.com { + reverse_proxy https://localhost:5443 { + transport http { + tls_insecure_skip_verify + } + } +} + +## Kuma + +https://status.domain.com { + reverse_proxy localhost:3001 +} + +## Collabora + +https://code.domain.com { + encode gzip + reverse_proxy localhost:9980 { + transport http { + tls_insecure_skip_verify + } + } +} +``` + +## Gestione certificati TLS + +Funzione utilissima, Caddy genera e rinnova in automatico tramite Let’s Encrypt i certificati TLS per i servizi che gestisce + +## Collegamenti + +- [https://bobadin.icu/posts/guida-caddy/](https://bobadin.icu/posts/guida-caddy/) +- [https://caddyserver.com/docs/install](https://caddyserver.com/docs/install) +- [https://snikket.org/service/help/advanced/reverse_proxy/](https://snikket.org/service/help/advanced/reverse_proxy/) diff --git a/container/docker_compose_example.md b/container/docker_compose_example.md new file mode 100644 index 0000000..561f52d --- /dev/null +++ b/container/docker_compose_example.md @@ -0,0 +1,146 @@ +# Docker compose + +Tutti i file docker-compose.yml si trovano in `/etc/container-name/`. + +Per eseguire tutti i servizi sottostanti, basta posizionarsi nella cartella che contiene il file docker-compose e lanciare i seguenti comandi: + +```bash +cd /etc/container-name/ + +docker compose pull +docker compose up -d +``` + +Verificare anche che la configurazione del proxy sia corretta. + +## Collabora Online Editor + +```bash + > cat /etc/collabora/docker-compose.yml + +version: '3' + +services: + code: + container_name: code + image: collabora/code:latest + env_file: .env + restart: unless-stopped + environment: + # - password=${COLLABORA_PASSWORD} + # - username=${COLLABORA_USERNAME} + - domain=${COLLABORA_DOMAIN} + - dictionaries=en it + - extra_params=--o:ssl.enable=true --o:ssl.termination=false # Set SSL options + ports: + - 9980:9980 + volumes: + - /etc/localtime:/etc/localtime + - /etc/timezone:/etc/timezone + cap_add: + - MKNOD + tty: true +``` + +`env` file con le variabili d'ambiente: + +```bash + > cat /etc/collabora/.env +#COLLABORA_USERNAME=admin +#COLLABORA_PASSWORD=veecheit0Phophiesh1fahPah0Wue3 +COLLABORA_DOMAIN=collabora.domain.com +``` + +## Uptime Kuma + +Si tratta di un tool per il monitoraggio della propria infrastruttura. + +Altre info: [https://github.com/louislam/uptime-kuma](https://github.com/louislam/uptime-kuma) + +```bash + > cat /etc/kuma/docker-compose.yml +# Simple docker-compose.yml +# You can change your port or volume location + +version: '3.3' + +services: + uptime-kuma: + image: louislam/uptime-kuma:1 + container_name: uptime-kuma + volumes: + - ./uptime-kuma-data:/app/data + - /var/run/docker.sock:/var/run/docker.sock ### Per il monitoraggio dei container: è un socket UNIX utilizzato da Docker per la comunicazione remota tra processi. Per default, il socket è accessibile solo localmente, ovvero solo ai processi che girano sullo stesso host + ports: + - 3001:3001 # : + restart: always +``` + +## Snikket + +```bash + > cat /etc/snikket/docker-compose.yml +version: "3.3" + +services: + snikket_proxy: + container_name: snikket-proxy + image: snikket/snikket-web-proxy:stable + env_file: snikket.conf + network_mode: host + volumes: + - snikket_data:/snikket + - acme_challenges:/var/www/html/.well-known/acme-challenge + restart: "unless-stopped" + snikket_certs: + container_name: snikket-certs + image: snikket/snikket-cert-manager:stable + env_file: snikket.conf + volumes: + - snikket_data:/snikket + - acme_challenges:/var/www/.well-known/acme-challenge + restart: "unless-stopped" + snikket_portal: + container_name: snikket-portal + image: snikket/snikket-web-portal:stable + network_mode: host + env_file: snikket.conf + restart: "unless-stopped" + + snikket_server: + container_name: snikket + image: snikket/snikket-server:stable + network_mode: host + volumes: + - snikket_data:/snikket + env_file: snikket.conf + restart: "unless-stopped" + +volumes: + acme_challenges: + snikket_data: +``` + +E il file di configurazione: + +```bash + > cat /etc/snikket/snikket.conf +# The primary domain of your Snikket instance +SNIKKET_DOMAIN=chat.domain.com +# An email address where the admin can be contacted +# (also used to register your Let's Encrypt account to obtain certificates) +SNIKKET_ADMIN_EMAIL=mail@mail.com +SNIKKET_TWEAK_HTTP_PORT=5080 +SNIKKET_TWEAK_HTTPS_PORT=5443 +``` + +## Collegamenti + +- [https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052](https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052) +- [https://codeberg.org/frnmst/ftutorials/src/commit/d3707cbffa3640f5b80a8cc4a6aea69209d8391d/docs/content/server/includes/home/jobs/scripts/by-user/root/docker/nextcloud/docker-compose.yml#L149](https://codeberg.org/frnmst/ftutorials/src/commit/d3707cbffa3640f5b80a8cc4a6aea69209d8391d/docs/content/server/includes/home/jobs/scripts/by-user/root/docker/nextcloud/docker-compose.yml#L149) +- [https://docs.nextcloud.com/server/25/admin_manual/office/example-docker.html](https://docs.nextcloud.com/server/25/admin_manual/office/example-docker.html) +- [https://techoverflow.net/2021/08/19/how-to-run-collabora-office-for-nextcloud-using-docker-compose/](https://techoverflow.net/2021/08/19/how-to-run-collabora-office-for-nextcloud-using-docker-compose/) +- [https://caddy.community/t/example-collabora-code/8224](https://caddy.community/t/example-collabora-code/8224) +- [https://techoverflow.net/2021/08/19/how-to-run-collabora-office-for-nextcloud-using-docker-compose/](https://techoverflow.net/2021/08/19/how-to-run-collabora-office-for-nextcloud-using-docker-compose/) +- [https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#caddy](https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#caddy) +- [https://bobadin.icu/posts/guida-uptime-kuma/](https://bobadin.icu/posts/guida-uptime-kuma/)