Merge branch 'evanmn-safe.fiery.me' into safe.fiery.me

2025-01-19 01:31:34 +00:00 · 2020-07-03 22:56:34 +07:00 · 2020-07-03 22:56:34 +07:00 · 09d82ede4f
commit 09d82ede4f
parent c4f576a061 69664b05c2
5 changed files with 130 additions and 9 deletions
--- a/.env.example
+++ b/.env.example
@ -0,0 +1,2 @@
+EMAIL=email@example.org
+DOMAIN=MY-DOMAIN.com
--- a/22
+++ b/22
@ -1,19 +1,23 @@
-FROM node:9
+FROM node:lts-alpine

-LABEL name "lolisafe"
+LABEL name "lolisafe-bobbywibowo"
 LABEL version "3.0.0"
-LABEL maintainer "iCrawl <icrawltogo@gmail.com>"
+LABEL maintainer "evanmn <docker@evan.mn>"

 WORKDIR /usr/src/lolisafe

 COPY package.json yarn.lock ./

-RUN sh -c 'echo "deb http://www.deb-multimedia.org jessie main" >> /etc/apt/sources.list' \
-&& apt-key adv --keyserver keyring.debian.org --recv-keys 5C808C2B65558117 \
-&& apt-get update \
-&& apt-get install -y ffmpeg graphicsmagick \
-&& yarn install
+RUN apk add --no-cache --virtual build-dependencies python make g++ && apk add --no-cache ffmpeg
+
+ADD config.sample.js config.js
+
+RUN yarn install
+
+RUN apk update
+
+RUN apk del build-dependencies

 COPY . .
-
+EXPOSE 9999
 CMD ["node", "lolisafe.js"]
--- a/config.sample.js
+++ b/config.sample.js
@ -24,6 +24,8 @@ module.exports = {

    Both cases require you to type the domain where the files will be served on the `domain` key below.
    Which one you use is ultimately up to you.
+
+    NOTE: Set to falsy value if using Docker.
  */
  serveFilesWithNode: false,
  domain: 'https://lolisafe.moe',
@ -37,6 +39,7 @@ module.exports = {

  /*
    Port on which to run the server.
+    NOTE: Change port in .env file if using Docker.
  */
  port: 9999,

--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -0,0 +1,63 @@
+version: '3.8'
+
+networks:
+  net:
+    driver: bridge
+
+services:
+  safe:
+    image: lolisafe/lolisafe
+    volumes:
+      - ./config.js:/usr/src/lolisafe/config.js:ro
+      - ./uploads:/usr/src/lolisafe/uploads
+    restart: unless-stopped
+    networks:
+      - net
+
+  nginx:
+    image: nginx
+    volumes:
+      - ./nginx.docker.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./uploads:/uploads
+    expose:
+      - 80
+    restart: unless-stopped
+    depends_on:
+      - safe
+    networks:
+      - net
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.safe.rule=Host(`${DOMAIN}`)'
+      - 'traefik.http.routers.safe.entrypoints=https'
+      - 'traefik.http.routers.safe.tls=true'
+      - 'traefik.http.routers.safe.tls.certresolver=letsencrypt'
+
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    volumes:
+      - ./traefik/acme.json:/acme.json
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - net
+    ports:
+      - 80:80
+      - 443:443
+    command:
+      - '--log.level=INFO'
+      - '--providers.docker=true'
+      - '--providers.docker.exposedByDefault=false'
+      - '--entrypoints.http=true'
+      - '--entrypoints.http.address=:80'
+      - '--certificatesresolvers.letsencrypt.acme.email=${EMAIL}'
+      - '--certificatesresolvers.letsencrypt.acme.storage=acme.json'
+      - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http'
+      - '--entrypoints.http.http.redirections.entrypoint.to=https'
+      - '--entrypoints.http.http.redirections.entrypoint.scheme=https'
+      - '--entrypoints.https=true'
+      - '--entrypoints.https.address=:443'
+    restart: unless-stopped
+    depends_on:
+      - nginx
+
--- a/nginx.docker.conf
+++ b/nginx.docker.conf
@ -0,0 +1,49 @@
+upstream backend {
+    server safe:9999; # Change to the port you specified on lolisafe
+}
+
+map $sent_http_content_type $charset {
+    ~^text/ utf-8;
+}
+
+server {
+    listen 80;
+
+    client_max_body_size 10000M; # Change this to the max file size you want to allow
+
+    charset $charset;
+    charset_types *;
+
+    # Uncomment if you are running lolisafe behind CloudFlare.
+    # This requires NGINX compiled from source with:
+    #	--with-http_realip_module
+    #include /path/to/lolisafe/real-ip-from-cf;
+
+    location / {
+        add_header Access-Control-Allow-Origin *;
+        root /uploads;
+        try_files $uri @proxy;
+    }
+
+    location @proxy {
+        proxy_pass http://backend;
+        proxy_redirect off;
+        proxy_http_version 1.1;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-NginX-Proxy true;
+
+        # Enabling these may help with clients with slow upload speeds.
+        #proxy_connect_timeout 300s;
+        #proxy_send_timeout 300s;
+        #proxy_read_timeout 600s;
+        #end_timeout 300s;
+    }
+}