ajout nextcloud-ss-tls

docker-traefik-nextcloud-ss-tls/Vagrantfile

@@ -0,0 +1,162 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "nextcloud-traefik"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "1024"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt install -y wget curl git vim libnss3-tools
+     if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+     fi
+     mkdir -p nextcloud && cd nextcloud
+     curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
+     chmod +x mkcert-v*-linux-amd64
+     cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
+     mkcert -install
+cat > traefik.yml  <<-'EOT'
+version: '3'
+
+networks:
+  proxy:
+    external: true
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:v2.9
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - proxy
+
+'EOT'
+cat > mariadb.env  <<-'EOT'
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+      #    ports:
+      #      - 8081:80
+    links:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+'EOT'
+  docker network create proxy
+  docker compose -f traefik.yml up -d 
+  docker compose -f nextcloud.yml up -d 
+  ip -br a 
+   SHELL
+end
+

docker-traefik-nextcloud/Vagrantfile

@@ -13,7 +13,7 @@ Vagrant.configure("2") do |config|
   # Every Vagrant development environment requires a box. You can search for
   # boxes at https://vagrantcloud.com/search.
   config.vm.box = "debian/bullseye64"
-  config.vm.hostname = "traefikb"
+  config.vm.hostname = "nextcloud-traefik"
 
   # Disable automatic box update checking. If you disable this, then
   # boxes will only be checked for updates when the user runs
@@ -66,25 +66,25 @@ Vagrant.configure("2") do |config|
   # documentation for more information about their specific syntax and use.
    config.vm.provision "shell", inline: <<-SHELL
      apt-get update
-     apt-get install -y wget curl git vim libnss3-tools
+     apt install -y wget curl git vim
      if ! which docker ; then
        curl -s -o getdocker.sh https://get.docker.com
        bash getdocker.sh
        gpasswd -a vagrant docker
      fi
-     mkdir -p docker/traefik && cd docker/traefik
+     mkdir -p nextcloud && cd nextcloud
-     mkdir nginx
+cat > traefik.yml  <<-'EOT'
-     echo "my.nginx" > nginx/index.html 
-     mkdir nginx2
-     echo "my.nginx2" > nginx2/index.html 
-     #cat > docker-compose.yml  <<-EOT
-     cat > docker-compose.yml  <<EOT
 version: '3'
 
+networks:
+  proxy:
+    external: true
+
 services:
   reverse-proxy:
     # The official v2 Traefik docker image
-    image: traefik:latest
+    image: traefik:v2.9
+    container_name: traefik
     # Enables the web UI and tells Traefik to listen to docker
     command: --api.insecure=true --providers.docker
     ports:
@@ -95,23 +95,64 @@ services:
     volumes:
       # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
-  nginx:
+    networks:
-    # A container that exposes an API to show its IP address
+      - proxy
-    image: nginx:1.23-alpine
+
+'EOT'
+cat > nextcloud.yml  <<-'EOT'
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     volumes:
-      - ./nginx:/usr/share/nginx/html:ro        
+      - db:/var/lib/mysql
-    labels:
+    networks:
-      - "traefik.http.routers.nginx.rule=Host(`my.nginx`)"
+      - nxc
-  nginx2:
+    environment:
-    # A container that exposes an API to show its IP address
+      - MYSQL_ROOT_PASSWORD=Azerty1+
-    image: nginx:1.23-alpine
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+      #    ports:
+      #      - 8081:80
+    links:
+      - db
     volumes:
-      - ./nginx2:/usr/share/nginx/html:ro        
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
     labels:
-      - "traefik.http.routers.nginx2.rule=Host(`my.nginx2`)"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
-EOT
+    environment:
-  docker compose up -d
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+'EOT'
+  docker network create proxy
+  docker compose -f traefik.yml up -d 
+  docker compose -f nextcloud.yml up -d 
   ip -br a 
-  SHELL
+   SHELL
 end
 

docker-traefik-nginx/Vagrantfile

@@ -73,52 +73,45 @@ Vagrant.configure("2") do |config|
        gpasswd -a vagrant docker
      fi
      mkdir -p docker/traefik && cd docker/traefik
-     wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
+     mkdir nginx
-     chmod +x mkcert-v*-linux-amd64
+     echo "my.nginx" > nginx/index.html 
-     cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
+     mkdir nginx2
-     mkdir certs && cd certs
+     echo "my.nginx2" > nginx2/index.html 
-     mkcert your-domain.net
+     #cat > docker-compose.yml  <<-EOT
-     cd .. 
+     cat > docker-compose.yml  <<'EOT'
+version: '3'
 
-     cat > docker-compose.yml  <<-EOT
+services:
-version: "3.2"
+  reverse-proxy:
-traefik:
+    # The official v2 Traefik docker image
-  image: traefik:latest
+    image: traefik:latest
-  command:
+    # Enables the web UI and tells Traefik to listen to docker
-    - --entrypoints.web.address=:80
+    command: --api.insecure=true --providers.docker
-    - --entrypoints.websecure.address=:443
+    ports:
-    - --providers.docker=true
+      # The HTTP port
-    - --providers.file.directory=/etc/traefik/dynamic_conf
+      - "80:80"
-    - --providers.file.watch=true
+      # The Web UI (enabled by --api.insecure=true)
-  ports:
+      - "8080:8080"
-    - 80:80
+    volumes:
-    - 443:443
+      # So that Traefik can listen to the Docker events
-  volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
-    - /var/run/docker.sock:/var/run/docker.sock:ro
+  nginx:
-    - ./certs/:/certs/:ro
+    # A container that exposes an API to show its IP address
-    - ./traefik.yml:/etc/traefik/dynamic_conf/conf.yml:ro
+    image: nginx:1.23-alpine
-
+    volumes:
-web:
+      - ./nginx:/usr/share/nginx/html:ro        
-  image: nginx:1.17.8-alpine
+    labels:
-  labels:
+      - "traefik.http.routers.nginx.rule=Host(`my.nginx`)"
-    # http with redirection
+  nginx2:
-    - traefik.http.middlewares.redirect-middleware.redirectscheme.scheme=https
+    # A container that exposes an API to show its IP address
-    - traefik.http.routers.web-router.entrypoints=web
+    image: nginx:1.23-alpine
-    - traefik.http.routers.web-router.rule=Host(`your-domain.net`)
+    volumes:
-    - traefik.http.routers.web-router.middlewares=redirect-middleware
+      - ./nginx2:/usr/share/nginx/html:ro        
-    # https
+    labels:
-    - traefik.http.routers.websecure-router.entrypoints=websecure
+      - "traefik.http.routers.nginx2.rule=Host(`my.nginx2`)"
-    - traefik.http.routers.websecure-router.tls=true
+'EOT'
-    - traefik.http.routers.websecure-router.rule=Host(`your-domain.net`)
-EOT
-cat > mariadb.env  <<-EOT
-tls:
-  certificates:
-    - certFile: /certs/awx.afone.priv.crt
-      keyFile: /certs/awx.afone.priv.key
-EOT
   docker compose up -d
   ip -br a 
-   SHELL
+  SHELL
 end