Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2024-12-12 15:36:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: adapt docker config from upstream

Browse Source
This commit is contained in:
Bobby Wibowo 2022-06-22 15:40:52 +07:00
parent f37313a84c
commit b398a76564
No known key found for this signature in database
GPG Key ID: 51C3A1E1E22D26CF
27 changed files with 350 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
.dockerignore
View File

@ -1,3 +1,45 @@
# git directories
# Packages
node_modules
**/node_modules
# Log files
logs
*.log
npm-debug.log*
# Runtime data
pids
*.pid
*.seed
# IDE
.vscode
# Docker (experimental)
docker/
Dockerfile
.dockerignore
docker-compose.yml
docker-compose.config.yml
docker-compose.config.example.yml
# Linting
.browserslistrc
.eslingignore
.eslintrc.js
.stylelintignore
.stylelintrc.json
# Miscellaneous
.tmp
.git
.gitattributes
.github
.gitignore
.vscode
database
dist-dev
uploads
gulpfile.js
README.md
renovate.json

2
.editorconfig
View File

@ -11,7 +11,7 @@ indent_style = tab
indent_size = 4
trim_trailing_whitespace = false
[*.conf]
[*.{conf,yml}]
indent_size = 4
[LICENSE]

2
.env.example
View File

@ -1,2 +0,0 @@
EMAIL=email@example.org
DOMAIN=MY-DOMAIN.com

4
.gitignore vendored
View File

@ -36,6 +36,10 @@ node_modules/
# npm's package-lock (if npm is accidentally used)
package-lock.json
# Docker
docker/nginx/lolisafe.tld.conf
docker-compose.config.yml
# vscode's workspace settings
/.vscode
*.code-workspace

24
Dockerfile
View File

@ -1,24 +0,0 @@
FROM node:lts-alpine
LABEL name "lolisafe-bobbywibowo"
LABEL version "3.0.0"
LABEL maintainer "evanmn <docker@evan.mn>"
WORKDIR /usr/src/lolisafe
COPY package.json yarn.lock ./
RUN apk --no-cache update \
&& apk add --no-cache --virtual build-dependencies python make g++ \
&& apk add --no-cache ffmpeg \
&& apk del build-dependencies \
&& yarn install --production \
&& yarn cache clean
ADD config.sample.js config.js
COPY . .
EXPOSE 9999
CMD ["node", "lolisafe.js"]

7
config.sample.js
View File

@ -32,11 +32,9 @@ module.exports = {
Both cases require you to type the domain where the files will be served on the `domain` key below.
Which one you use is ultimately up to you.
NOTE: Set to falsy value if using Docker.
*/
serveFilesWithNode: false,
domain: 'https://lolisafe.moe',
domain: null,
/*
If you serve files with node, you can optionally choose to set Content-Disposition header
@ -63,7 +61,6 @@ module.exports = {
/*
Port on which to run the server.
NOTE: Change port in .env file if using Docker.
*/
port: 9999,
@ -601,7 +598,7 @@ module.exports = {
*/
generateThumbs: {
image: true,
video: false,
video: true,
// Placeholder defaults to 'public/images/unavailable.png'.
placeholder: null,
size: 200

63
docker-compose.yaml
View File

@ -1,63 +0,0 @@
version: '3.8'
networks:
net:
driver: bridge
services:
safe:
image: lolisafe/lolisafe
volumes:
- ./config.js:/usr/src/lolisafe/config.js:ro
- ./uploads:/usr/src/lolisafe/uploads
restart: unless-stopped
networks:
- net
nginx:
image: nginx
volumes:
- ./nginx.docker.conf:/etc/nginx/conf.d/default.conf:ro
- ./uploads:/uploads
expose:
- 80
restart: unless-stopped
depends_on:
- safe
networks:
- net
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.safe.rule=Host(`${DOMAIN}`)'
- 'traefik.http.routers.safe.entrypoints=https'
- 'traefik.http.routers.safe.tls=true'
- 'traefik.http.routers.safe.tls.certresolver=letsencrypt'
traefik:
image: traefik:latest
container_name: traefik
volumes:
- ./traefik/acme.json:/acme.json
- /var/run/docker.sock:/var/run/docker.sock
networks:
- net
ports:
- 80:80
- 443:443
command:
- '--log.level=INFO'
- '--providers.docker=true'
- '--providers.docker.exposedByDefault=false'
- '--entrypoints.http=true'
- '--entrypoints.http.address=:80'
- '--certificatesresolvers.letsencrypt.acme.email=${EMAIL}'
- '--certificatesresolvers.letsencrypt.acme.storage=acme.json'
- '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http'
- '--entrypoints.http.http.redirections.entrypoint.to=https'
- '--entrypoints.http.http.redirections.entrypoint.scheme=https'
- '--entrypoints.https=true'
- '--entrypoints.https.address=:443'
restart: unless-stopped
depends_on:
- nginx

25
docker/README..md Normal file
View File

@ -0,0 +1,25 @@
# Docker
If you want to avoid all the hassle of installing the dependencies, configuring nginx and so on you can try our docker image which makes things a bit simpler.
First make sure you have docker and docker composer installed, so please follow the install instructions for your OS/Distro:
- https://docs.docker.com/engine/install/debian/
- https://docs.docker.com/compose/install/
After that:
- Copy the config file called `docker-compose.config.example.yml` and name it `docker-compose.config.yml` with the values you want. Those that are left commented will use the default values.
- Copy either `lolisafe.tld.http.example.conf` or `lolisafe.tld.https.example.conf` and name it `lolisafe.tld.conf` for either HTTP or HTTPS
- - If using HTTPS make sure to put your certificates into the `ssl` folder and name them accordingly:
- - - `lolisafe.tld.crt` for the certificate
- - - `lolisafe.tld.key` for the certificate key
Once you are done run the following commands:
- `cd docker`
- `./lolisafe.sh prod pull`
- `./lolisafe.sh prod build`
- `./lolisafe.sh prod up -d`
Use `./lolisafe.ps1` instead if you are on a Windows host.
Congrats, your lolisafe instance is now running.

8
docker/docker-compose.config.example.yml Normal file
View File

@ -0,0 +1,8 @@
version: "3.7"
services:
lolisafe:
environment:
PORT: 9999
# DOMAIN: ''
# HOME_DOMAIN: ''

19
docker/docker-compose.local.yml Normal file
View File

@ -0,0 +1,19 @@
version: "3.7"
services:
nginx:
volumes:
- lolisafe-data:/usr/lolisafe/uploads
lolisafe:
volumes:
- lolisafe-data:/usr/lolisafe/uploads
- lolisafe-database:/usr/lolisafe/database
volumes:
nginx-data:
name: "nginx-data"
lolisafe-data:
name: "lolisafe-data"
lolisafe-database:
name: "lolisafe-database"

11
docker/docker-compose.prod.yml Normal file
View File

@ -0,0 +1,11 @@
version: "3.7"
services:
nginx:
volumes:
- ./lolisafe-data:/usr/lolisafe/uploads
lolisafe:
volumes:
- ./lolisafe-data:/usr/lolisafe/uploads
- ./lolisafe-database:/usr/lolisafe/database

30
docker/docker-compose.yml Normal file
View File

@ -0,0 +1,30 @@
version: "3.7"
services:
nginx:
build:
context: ./nginx
dockerfile: Dockerfile
expose:
- "80"
- "443"
ports:
- "80:80"
- "443:443"
restart: unless-stopped
healthcheck:
test: ["CMD", "service", "nginx", "status"]
interval: 60s
timeout: 5s
lolisafe:
build:
context: ../
dockerfile: ./docker/lolisafe/Dockerfile
expose:
- "9999"
restart: unless-stopped
environment:
PORT: 9999
DOMAIN: ''
HOME_DOMAIN: ''

3
docker/lolisafe.ps1 Normal file
View File

@ -0,0 +1,3 @@
$env = $args[0]
$cmd = $args | Select-Object -Skip 1
docker compose -f docker-compose.yml -f docker-compose.$env.yml -f docker-compose.config.yml $cmd

2
docker/lolisafe.sh Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
docker compose -f docker-compose.yml -f docker-compose.$1.yml -f docker-compose.config.yml ${@%$1}

24
docker/lolisafe/Dockerfile Normal file
View File

@ -0,0 +1,24 @@
FROM jrottenberg/ffmpeg:5-alpine as ffmpeg
FROM node:16-alpine
WORKDIR /usr/lolisafe
COPY package.json yarn.lock ./
RUN apk add --update \
&& apk add --no-cache ca-certificates expat \
&& apk add --no-cache vidstab-dev --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
&& apk add --no-cache --virtual .build-deps git curl build-base python3 g++ make \
&& yarn install --production \
&& yarn cache clean \
&& apk del .build-deps
COPY --from=ffmpeg /usr/local /usr/local
ADD config.sample.js config.js
ADD views/_globals.sample.njk views/_globals.njk
COPY . .
RUN mkdir uploads && mkdir database
CMD ["sh", "-c", "yarn migrate && yarn start"]

6
docker/nginx/Dockerfile Normal file
View File

@ -0,0 +1,6 @@
FROM nginx
COPY nginxconfig.io /etc/nginx/nginxconfig.io
COPY nginx.conf /etc/nginx/nginx.conf
COPY lolisafe.tld.conf /etc/nginx/conf.d/lolisafe.tld.conf
COPY ssl /etc/nginx/ssl

28
docker/nginx/lolisafe.tld.http.example.conf Normal file
View File

@ -0,0 +1,28 @@
server {
listen 80;
listen [::]:80;
server_name lolisafe.tld;
# security
include nginxconfig.io/security.conf;
# logging
access_log /var/log/nginx/lolisafe.tld.access.log;
error_log /var/log/nginx/lolisafe.tld.error.log warn;
# uploaded files
location / {
add_header Access-Control-Allow-Origin *;
root /usr/lolisafe/uploads;
try_files $uri @proxy;
}
# reverse proxy
location @proxy {
proxy_pass http://lolisafe:9999;
include nginxconfig.io/proxy.conf;
}
# additional config
include nginxconfig.io/general.conf;
}

39
docker/nginx/lolisafe.tld.https.example.conf Normal file
View File

@ -0,0 +1,39 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name lolisafe.tld;
# SSL
ssl_certificate /etc/nginx/ssl/lolisafe.tld.crt;
ssl_certificate_key /etc/nginx/ssl/lolisafe.tld.key;
# security
include nginxconfig.io/security.conf;
# logging
access_log /var/log/nginx/lolisafe.tld.access.log;
error_log /var/log/nginx/lolisafe.tld.error.log warn;
# uploaded files
location / {
add_header Access-Control-Allow-Origin *;
root /usr/lolisafe/uploads;
try_files $uri @proxy;
}
# reverse proxy
location @proxy {
proxy_pass http://lolisafe:9999;
include nginxconfig.io/proxy.conf;
}
# additional config
include nginxconfig.io/general.conf;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
}

56
docker/nginx/nginx.conf Normal file
View File

@ -0,0 +1,56 @@
# Generated by nginxconfig.io
# https://www.digitalocean.com/community/tools/nginx?domains.0.server.domain=tourneys.naval-base.com&domains.0.server.documentRoot=&domains.0.https.certType=custom&domains.0.php.php=false&domains.0.reverseProxy.reverseProxy=true&domains.0.reverseProxy.proxyPass=http%3A%2F%2F127.0.0.1%3A3001&domains.0.routing.root=false&domains.0.logging.accessLog=true&domains.0.logging.errorLog=true
user www-data;
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
# MIME
include mime.types;
default_type application/octet-stream;
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
# ssl_dhparam /etc/nginx/dhparam.pem;
# Mozilla Intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# OCSP Stapling
ssl_stapling off;
ssl_stapling_verify off;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
# Upload size limit
client_max_body_size 100M;
client_body_timeout 600s;
# Load configs
include /etc/nginx/conf.d/*.conf;
# include /etc/nginx/sites-enabled/*;
}

18
docker/nginx/nginxconfig.io/general.conf Normal file
View File

@ -0,0 +1,18 @@
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

18
docker/nginx/nginxconfig.io/proxy.conf Normal file
View File

@ -0,0 +1,18 @@
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-NginX-Proxy true;
# Proxy timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;

13
docker/nginx/nginxconfig.io/security.conf Normal file
View File

@ -0,0 +1,13 @@
# security headers
# Consider configuring "helmet" option in config.js instead, if applicable.
# Said options will limit the header tags only to pages served by lolisafe service,
# and not the uploaded files that will instead be directly served by nginx.
#add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; media-src 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:";
add_header Permissions-Policy "accelerometer=(), autoplay=(self), camera=(self), fullscreen=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), sync-xhr=(self), usb=(self)";
# . files
location ~ /\.(?!well-known) {
deny all;
}

0
docker/nginx/ssl/.gitkeep Normal file
View File

64
nginx-ssl.sample.conf
View File

@ -1,64 +0,0 @@
upstream backend {
server 127.0.0.1:9999; # Change to the port you specified on lolisafe
}
map $sent_http_content_type $charset {
~^text/ utf-8;
}
server {
listen 80;
listen [::]:80;
server_name lolisafe.moe;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name lolisafe.moe;
server_tokens off;
ssl_certificate /path/to/your/fullchain.pem;
ssl_certificate_key /path/to/your/privkey.pem;
ssl_trusted_certificate /path/to/your/fullchain.pem;
client_max_body_size 100M; # Change this to the max file size you want to allow
charset $charset;
charset_types *;
# Uncomment if you are running lolisafe behind CloudFlare.
# This requires NGINX compiled from source with:
# --with-http_realip_module
#include /path/to/lolisafe/real-ip-from-cf;
location / {
add_header Access-Control-Allow-Origin *;
root /path/to/your/uploads/folder;
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://backend;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-NginX-Proxy true;
# Enabling these may help with clients with slow upload speeds.
#proxy_connect_timeout 300s;
#proxy_send_timeout 300s;
#proxy_read_timeout 600s;
#send_timeout 300s;
}
}

49
nginx.docker.conf
View File

@ -1,49 +0,0 @@
upstream backend {
server safe:9999; # Change to the port you specified on lolisafe
}
map $sent_http_content_type $charset {
~^text/ utf-8;
}
server {
listen 80;
client_max_body_size 10000M; # Change this to the max file size you want to allow
charset $charset;
charset_types *;
# Uncomment if you are running lolisafe behind CloudFlare.
# This requires NGINX compiled from source with:
# --with-http_realip_module
#include /path/to/lolisafe/real-ip-from-cf;
location / {
add_header Access-Control-Allow-Origin *;
root /uploads;
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://backend;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-NginX-Proxy true;
# Enabling these may help with clients with slow upload speeds.
#proxy_connect_timeout 300s;
#proxy_send_timeout 300s;
#proxy_read_timeout 600s;
#send_timeout 300s;
}
}

53
nginx.sample.conf
View File

@ -1,53 +0,0 @@
upstream backend {
server 127.0.0.1:9999; # Change to the port you specified on lolisafe
}
map $sent_http_content_type $charset {
~^text/ utf-8;
}
server {
listen 80;
listen [::]:80;
server_name lolisafe.moe;
server_tokens off;
client_max_body_size 100M; # Change this to the max file size you want to allow
charset $charset;
charset_types *;
# Uncomment if you are running lolisafe behind CloudFlare.
# This requires NGINX compiled from source with:
# --with-http_realip_module
#include /path/to/lolisafe/real-ip-from-cf;
location / {
add_header Access-Control-Allow-Origin *;
root /path/to/your/uploads/folder;
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://backend;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-NginX-Proxy true;
# Enabling these may help with clients with slow upload speeds.
#proxy_connect_timeout 300s;
#proxy_send_timeout 300s;
#proxy_read_timeout 600s;
#send_timeout 300s;
}
}

30
real-ip-from-cf
View File

@ -1,30 +0,0 @@
# https://www.cloudflare.com/ips/
# IPv4 Ranges
# https://www.cloudflare.com/ips-v4/
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
# IPv6 Ranges
# https://www.cloudflare.com/ips-v6/
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;