commit
818ba34135
8 changed files with 422 additions and 0 deletions
@ -0,0 +1,167 @@ |
|||
worker_processes auto; |
|||
error_log stderr warn; |
|||
|
|||
events { |
|||
worker_connections 1024; |
|||
} |
|||
|
|||
http { |
|||
include /etc/nginx/mime.types; |
|||
default_type application/octet-stream; |
|||
|
|||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
|||
'$status $body_bytes_sent "$http_referer" ' |
|||
'"$http_user_agent" "$http_x_forwarded_for"'; |
|||
|
|||
access_log /var/log/nginx/access.log main; |
|||
|
|||
sendfile on; |
|||
#tcp_nopush on; |
|||
|
|||
keepalive_timeout 65; |
|||
|
|||
# Do not leak server version in HTTP headers |
|||
server_tokens off; |
|||
|
|||
set_real_ip_from 10.0.0.0/8; |
|||
set_real_ip_from 172.16.0.0/12; |
|||
set_real_ip_from 192.168.0.0/16; |
|||
real_ip_header X-Real-IP; |
|||
|
|||
upstream php-handler { |
|||
server nextcloud:9000; |
|||
} |
|||
|
|||
server { |
|||
listen 8080; |
|||
|
|||
# HSTS settings |
|||
# WARNING: Only add the preload option once you read about |
|||
# the consequences in https://hstspreload.org/. This option |
|||
# will add the domain to a hardcoded list that is shipped |
|||
# in all major browsers and getting removed from this list |
|||
# could take several months. |
|||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; |
|||
|
|||
# set max upload size |
|||
client_max_body_size 10G; |
|||
fastcgi_buffers 64 4K; |
|||
|
|||
# Enable gzip but do not remove ETag headers |
|||
gzip on; |
|||
gzip_vary on; |
|||
gzip_comp_level 4; |
|||
gzip_min_length 256; |
|||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; |
|||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; |
|||
|
|||
# Pagespeed is not supported by Nextcloud, so if your server is built |
|||
# with the `ngx_pagespeed` module, uncomment this line to disable it. |
|||
#pagespeed off; |
|||
|
|||
# HTTP response headers borrowed from Nextcloud `.htaccess` |
|||
add_header Referrer-Policy "no-referrer" always; |
|||
add_header X-Content-Type-Options "nosniff" always; |
|||
add_header X-Download-Options "noopen" always; |
|||
add_header X-Frame-Options "SAMEORIGIN" always; |
|||
add_header X-Permitted-Cross-Domain-Policies "none" always; |
|||
add_header X-Robots-Tag "none" always; |
|||
add_header X-XSS-Protection "1; mode=block" always; |
|||
|
|||
# Remove X-Powered-By, which is an information leak |
|||
fastcgi_hide_header X-Powered-By; |
|||
|
|||
# Path to the root of your installation |
|||
root /var/www/html; |
|||
|
|||
# Specify how to handle directories -- specifying `/index.php$request_uri` |
|||
# here as the fallback means that Nginx always exhibits the desired behaviour |
|||
# when a client requests a path that corresponds to a directory that exists |
|||
# on the server. In particular, if that directory contains an index.php file, |
|||
# that file is correctly served; if it doesn't, then the request is passed to |
|||
# the front-end controller. This consistent behaviour means that we don't need |
|||
# to specify custom rules for certain paths (e.g. images and other assets, |
|||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus |
|||
# `try_files $uri $uri/ /index.php$request_uri` |
|||
# always provides the desired behaviour. |
|||
index index.php index.html /index.php$request_uri; |
|||
|
|||
# Do not include the hostname and scheme in the redirect URL since it is |
|||
# always wrong in a Kubernetes environment (request received on HTTPS by Traefik |
|||
# and transmitted on HTTP internally). |
|||
absolute_redirect off; |
|||
|
|||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients |
|||
location = / { |
|||
if ( $http_user_agent ~ ^DavClnt ) { |
|||
return 302 /remote.php/webdav/$is_args$args; |
|||
} |
|||
} |
|||
|
|||
location = /robots.txt { |
|||
allow all; |
|||
log_not_found off; |
|||
access_log off; |
|||
} |
|||
|
|||
# Make a regex exception for `/.well-known` so that clients can still |
|||
# access it despite the existence of the regex rule |
|||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests |
|||
# for `/.well-known`. |
|||
location ^~ /.well-known { |
|||
# The following 6 rules are borrowed from `.htaccess` |
|||
|
|||
location = /.well-known/carddav { return 301 /remote.php/dav/; } |
|||
location = /.well-known/caldav { return 301 /remote.php/dav/; } |
|||
# Anything else is dynamically handled by Nextcloud |
|||
location ^~ /.well-known { return 301 /index.php$uri; } |
|||
|
|||
try_files $uri $uri/ =404; |
|||
} |
|||
|
|||
# Rules borrowed from `.htaccess` to hide certain paths from clients |
|||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } |
|||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } |
|||
|
|||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks |
|||
# which handle static assets (as seen below). If this block is not declared first, |
|||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` |
|||
# to the URI, resulting in a HTTP 500 error response. |
|||
location ~ \.php(?:$|/) { |
|||
fastcgi_split_path_info ^(.+?\.php)(/.*)$; |
|||
set $path_info $fastcgi_path_info; |
|||
|
|||
try_files $fastcgi_script_name =404; |
|||
|
|||
include fastcgi_params; |
|||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
|||
fastcgi_param PATH_INFO $path_info; |
|||
fastcgi_param HTTPS on; |
|||
|
|||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice |
|||
fastcgi_param front_controller_active true; # Enable pretty urls |
|||
fastcgi_pass php-handler; |
|||
|
|||
fastcgi_intercept_errors on; |
|||
fastcgi_request_buffering off; |
|||
} |
|||
|
|||
location ~ \.(?:css|js|svg|gif)$ { |
|||
try_files $uri /index.php$request_uri; |
|||
expires 6M; # Cache-Control policy borrowed from `.htaccess` |
|||
access_log off; # Optional: Don't log access to assets |
|||
} |
|||
|
|||
location ~ \.woff2?$ { |
|||
try_files $uri /index.php$request_uri; |
|||
expires 7d; # Cache-Control policy borrowed from `.htaccess` |
|||
access_log off; # Optional: Don't log access to assets |
|||
} |
|||
|
|||
location / { |
|||
try_files $uri $uri/ /index.php$request_uri; |
|||
# Optional: Don't log access to other assets |
|||
access_log off; |
|||
} |
|||
} |
|||
} |
|||
@ -0,0 +1,52 @@ |
|||
volumes: |
|||
db: |
|||
nextcloud: |
|||
|
|||
services: |
|||
db: |
|||
image: docker.io/library/mariadb:10.5 |
|||
expose: |
|||
- "3306" |
|||
restart: always |
|||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW |
|||
volumes: |
|||
- db:/var/lib/mysql |
|||
environment: |
|||
- MARIADB_ROOT_PASSWORD= |
|||
- MARIADB_PASSWORD= |
|||
- MARIADB_DATABASE=nextcloud |
|||
- MARIADB_USER=nextcloud |
|||
- MARIADB_PASSWORD=nextcloud |
|||
- MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=true |
|||
|
|||
# URL: http://localhost:8080/apps/dashboard/ |
|||
nextcloud: |
|||
image: docker.io/library/nextcloud:23-fpm-alpine |
|||
restart: always |
|||
expose: |
|||
- "9000" |
|||
links: |
|||
- db |
|||
volumes: |
|||
- nextcloud:/var/www/html |
|||
environment: |
|||
- MYSQL_PASSWORD=nextcloud |
|||
- MYSQL_DATABASE=nextcloud |
|||
- MYSQL_USER=nextcloud |
|||
- MYSQL_HOST=db |
|||
- NEXTCLOUD_ADMIN_USER=admin |
|||
- NEXTCLOUD_ADMIN_PASSWORD=secret |
|||
- NEXTCLOUD_DATA_DIR=/var/www/html/data |
|||
- NEXTCLOUD_TRUSTED_DOMAINS=localhost |
|||
|
|||
nginx: |
|||
image: docker.io/library/nginx:1.23-alpine |
|||
restart: always |
|||
ports: |
|||
- "8080:8080" |
|||
links: |
|||
- nextcloud |
|||
volumes: |
|||
- nginx/nginx.conf:/etc/nginx/nginx.conf:z |
|||
- nextcloud:/var/www/html |
|||
|
|||
@ -0,0 +1,2 @@ |
|||
consume |
|||
export |
|||
@ -0,0 +1,47 @@ |
|||
# The UID and GID of the user used to run paperless in the container. Set this |
|||
# to your UID and GID on the host so that you have write access to the |
|||
# consumption directory. |
|||
#USERMAP_UID=1000 |
|||
#USERMAP_GID=1000 |
|||
|
|||
# Additional languages to install for text recognition, separated by a |
|||
# whitespace. Note that this is |
|||
# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the |
|||
# language used for OCR. |
|||
# The container installs English, German, Italian, Spanish and French by |
|||
# default. |
|||
# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster |
|||
# for available languages. |
|||
#PAPERLESS_OCR_LANGUAGES=tur ces |
|||
|
|||
############################################################################### |
|||
# Paperless-specific settings # |
|||
############################################################################### |
|||
|
|||
# All settings defined in the paperless.conf.example can be used here. The |
|||
# Docker setup does not use the configuration file. |
|||
# A few commonly adjusted settings are provided below. |
|||
|
|||
# This is required if you will be exposing Paperless-ngx on a public domain |
|||
# (if doing so please consider security measures such as reverse proxy) |
|||
#PAPERLESS_URL=https://paperless.example.com |
|||
|
|||
# Adjust this key if you plan to make paperless available publicly. It should |
|||
# be a very long sequence of random characters. You don't need to remember it. |
|||
#PAPERLESS_SECRET_KEY=change-me |
|||
|
|||
# Use this variable to set a timezone for the Paperless Docker containers. If not specified, defaults to UTC. |
|||
#PAPERLESS_TIME_ZONE=America/Los_Angeles |
|||
|
|||
# The default language to use for OCR. Set this to the language most of your |
|||
# documents are written in. |
|||
#PAPERLESS_OCR_LANGUAGE=eng |
|||
|
|||
# Set if accessing paperless via a domain subpath e.g. https://domain.com/PATHPREFIX and using a reverse-proxy like traefik or nginx |
|||
#PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX |
|||
#PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required |
|||
|
|||
PAPERLESS_ADMIN_USER=admin |
|||
PAPERLESS_ADMIN_MAIL=nicolas.masse@itix.fr |
|||
PAPERLESS_ADMIN_PASSWORD=secret |
|||
PAPERLESS_SECRET_KEY=s3cr3t |
|||
@ -0,0 +1,75 @@ |
|||
# docker-compose file for running paperless from the Docker Hub. |
|||
# This file contains everything paperless needs to run. |
|||
# Paperless supports amd64, arm and arm64 hardware. |
|||
# |
|||
# All compose files of paperless configure paperless in the following way: |
|||
# |
|||
# - Paperless is (re)started on system boot, if it was running before shutdown. |
|||
# - Docker volumes for storing data are managed by Docker. |
|||
# - Folders for importing and exporting files are created in the same directory |
|||
# as this file and mounted to the correct folders inside the container. |
|||
# - Paperless listens on port 8000. |
|||
# |
|||
# In addition to that, this docker-compose file adds the following optional |
|||
# configurations: |
|||
# |
|||
# - Instead of SQLite (default), PostgreSQL is used as the database server. |
|||
# |
|||
# To install and update paperless with this file, do the following: |
|||
# |
|||
# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env' |
|||
# and '.env' into a folder. |
|||
# - Run 'docker-compose pull'. |
|||
# - Run 'docker-compose run --rm webserver createsuperuser' to create a user. |
|||
# - Run 'docker-compose up -d'. |
|||
# |
|||
# For more extensive installation and update instructions, refer to the |
|||
# documentation. |
|||
|
|||
version: "3.4" |
|||
services: |
|||
broker: |
|||
image: docker.io/library/redis:7 |
|||
restart: unless-stopped |
|||
volumes: |
|||
- redisdata:/data |
|||
|
|||
db: |
|||
image: docker.io/library/postgres:13 |
|||
restart: unless-stopped |
|||
volumes: |
|||
- pgdata:/var/lib/postgresql/data |
|||
environment: |
|||
POSTGRES_DB: paperless |
|||
POSTGRES_USER: paperless |
|||
POSTGRES_PASSWORD: paperless |
|||
|
|||
webserver: |
|||
image: ghcr.io/paperless-ngx/paperless-ngx:latest |
|||
restart: unless-stopped |
|||
depends_on: |
|||
- db |
|||
- broker |
|||
ports: |
|||
- 8000:8000 |
|||
healthcheck: |
|||
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] |
|||
interval: 30s |
|||
timeout: 10s |
|||
retries: 5 |
|||
volumes: |
|||
- data:/usr/src/paperless/data |
|||
- media:/usr/src/paperless/media |
|||
- ./export:/usr/src/paperless/export:z |
|||
- ./consume:/usr/src/paperless/consume:z |
|||
env_file: podman-compose.env |
|||
environment: |
|||
PAPERLESS_REDIS: redis://broker:6379 |
|||
PAPERLESS_DBHOST: db |
|||
|
|||
|
|||
volumes: |
|||
data: |
|||
media: |
|||
pgdata: |
|||
redisdata: |
|||
@ -0,0 +1 @@ |
|||
config |
|||
@ -0,0 +1,19 @@ |
|||
volumes: |
|||
downloads: |
|||
services: |
|||
qbittorrent: |
|||
image: lscr.io/linuxserver/qbittorrent:latest |
|||
container_name: qbittorrent |
|||
user: "10017:10000" |
|||
volumes: |
|||
- config:/config:z |
|||
- downloads:/downloads |
|||
ports: |
|||
- 8080:8080 |
|||
- 6881:6881 |
|||
- 6881:6881/udp |
|||
restart: unless-stopped |
|||
entrypoint: |
|||
- /usr/bin/qbittorrent-nox |
|||
command: |
|||
- --webui-port=8080 |
|||
@ -0,0 +1,59 @@ |
|||
volumes: |
|||
transmission-config: |
|||
downloads: |
|||
flood-config: |
|||
flood-runtime: |
|||
|
|||
services: |
|||
transmission: |
|||
image: lscr.io/linuxserver/transmission:latest |
|||
container_name: transmission |
|||
environment: |
|||
- PUID=1000 |
|||
- PGID=1000 |
|||
- TZ=Europe/Paris |
|||
- TRANSMISSION_WEB_HOME=/combustion-release/ |
|||
- USER=admin |
|||
- PASS=secret |
|||
- PEERPORT=6881 |
|||
volumes: |
|||
- transmission-config:/config:z |
|||
- downloads:/downloads:z |
|||
ports: |
|||
- 9091:9091 |
|||
- 6881:6881 |
|||
- 6881:6881/udp |
|||
expose: |
|||
- "9091" |
|||
restart: unless-stopped |
|||
flood: |
|||
image: docker.io/jesec/flood:latest |
|||
container_name: flood |
|||
environment: |
|||
- HOME=/home/flood |
|||
volumes: |
|||
- flood-config:/home/flood |
|||
- flood-runtime:/var/lib/flood |
|||
- downloads:/data |
|||
user: "1000:1000" |
|||
ports: |
|||
- 3000:3000 |
|||
link: |
|||
- transmission |
|||
command: |
|||
- --port |
|||
- "3000" |
|||
- --allowedpath |
|||
- "/data" |
|||
- --auth |
|||
- none |
|||
- --trurl |
|||
- http://transmission:9091/transmission/rpc |
|||
- --truser |
|||
- admin |
|||
- --trpass |
|||
- secret |
|||
- --rundir |
|||
- /var/lib/flood |
|||
- --host 0.0.0.0 |
|||
restart: unless-stopped |
|||
Loading…
Reference in new issue