adapt stirling-pdf to caddy

Stirling PDF under Tools
2025-03-16 17:46:36 +01:00 · 2025-03-16 17:26:47 +01:00
11 changed files with 106 additions and 269 deletions
--- a/auth/docker-compose.yml
+++ b/auth/docker-compose.yml
@ -1,90 +0,0 @@
-services:
-
-  authentik-server:
-    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
-    restart: unless-stopped
-    command: server
-    environment:
-      - AUTHENTIK_REDIS__HOST=redis
-      - AUTHENTIK_POSTGRESQL__HOST=postgresql
-      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
-      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
-      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
-      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
-    volumes:
-      - ${VOLUMES_PATH}/auth/media:/media
-      - ${VOLUMES_PATH}/auth/custom-templates:/templates
-    depends_on:
-      postgresql:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-    networks:
-      - web
-      - auth
-
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
-    restart: unless-stopped
-    command: worker
-    environment:
-      - AUTHENTIK_REDIS__HOST=redis
-      - AUTHENTIK_POSTGRESQL__HOST=postgresql
-      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
-      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
-      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
-      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
-    user: root
-    volumes:
-      # - /var/run/docker.sock:/var/run/docker.sock
-      - ${VOLUMES_PATH}/auth/media:/media
-      - ${VOLUMES_PATH}/auth/certs:/certs
-      - ${VOLUMES_PATH}/auth/custom-templates:/templates
-    depends_on:
-      postgresql:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-    networks:
-      - auth
-
-  postgresql:
-    image: postgres:${POSTGRES_VERSION}
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 5s
-    volumes:
-      - ${VOLUMES_PATH}/auth/postgres/:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_DB=${POSTGRES_DB}
-    networks:
-      - auth
-
-  redis:
-    image: redis:${REDIS_VERSION}
-    command: --save 60 1 --loglevel warning
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    volumes:
-      - ${VOLUMES_PATH}/auth/redis:/data
-    networks:
-      - auth
-
-
-networks:
-  auth:
-  web:
-    external: true
--- a/paperless/docker-compose.yaml
+++ b/paperless/docker-compose.yaml
@ -60,9 +60,6 @@ services:
      - USERMAP_GID=1000
      - PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py
      - PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON}
-      - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
-      - PAPERLESS_SOCIALACCOUNT_PROVIDERS=${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
-      - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://paperless.home.florianzirker.de,https://auth.home.florianzirker.de
    labels:
      - "docker.group=paperless"

--- a/proxy/Caddyfile
+++ b/proxy/Caddyfile
@ -1,112 +1,18 @@
 {
-	email {env.EMAIL}
+	auto_https disable_redirects
+	local_certs
+	pki {
+		ca local {
+			name "{$LOCAL_CA_NAME}"
+		}
+	}
 	log default {
 		output stdout
 		format console
 	}
-	auto_https disable_redirects
 }

-(proxy-auth) {
-	reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000
-	forward_auth http://authentik-server:9000 {
-		uri /outpost.goauthentik.io/auth/caddy
-		copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
-		trusted_proxies private_ranges
-	}
-}
-
-http://*.{$DOMAIN} {
-	redir https://{labels.3}.{$DOMAIN}{uri} permanent
-}
-
-http://*.{$OLD_DOMAIN} {
-	redir https://{labels.1}.{$DOMAIN}{uri} permanent
-}
-
-*.{$DOMAIN} {
-	tls {
-		dns netcup {
-			customer_number {env.NETCUP_CUSTOMER_NUMBER}
-			api_key {env.NETCUP_API_KEY}
-			api_password {env.NETCUP_API_PASSWORD}
-		}
-		propagation_timeout 900s
-		propagation_delay 600s
-		resolvers 9.9.9.9
-	}
-	#header Strict-Transport-Security "max-age=63072000"
-
-	@whoami host whoami.{$DOMAIN}
-	handle @whoami {
-		route {
-			import proxy-auth
-			reverse_proxy whoami:80
-		}
-	}
-
-	@dashboard host dashboard.{$DOMAIN}
-	handle @dashboard {
-		reverse_proxy homer:8080
-	}
-
-	@hassi host hassi.{$DOMAIN}
-	handle @hassi {
-		reverse_proxy homeassistant:8123
-	}
-
-	@zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
-	handle @zigbee2mqtt {
-		route {
-			import proxy-auth
-			reverse_proxy zigbee2mqtt:8080
-		}
-	}
-
-	@jellyfin host jellyfin.{$DOMAIN}
-	handle @jellyfin {
-		reverse_proxy jellyfin:8096
-	}
-
-	@paperless host paperless.{$DOMAIN}
-	handle @paperless {
-		reverse_proxy paperless-ngx:8000
-	}
-
-	@download host download.{$DOMAIN}
-	handle @download {
-		route {
-			import proxy-auth
-			reverse_proxy pyload:8000
-		}
-	}
-
-	@uptime host uptime.{$DOMAIN}
-	handle @uptime {
-		route {
-			import proxy-auth
-			reverse_proxy uptime-kuma:3001
-		}
-	}
-
-	@torrent host torrent.{$DOMAIN}
-	handle @torrent {
-		route {
-			import proxy-auth
-			reverse_proxy transmission:9091
-		}
-	}
-
-	@auth host auth.{$DOMAIN}
-	handle @auth {
-		reverse_proxy authentik-server:9000
-	}
-
-	# Fallback unhandled (sub)domains
-	handle {
-		error 404
-	}
-
+(errorhandler) {
 	handle_errors {
 		root * /usr/share/caddy/web
 		rewrite * /error.html
@ -116,3 +22,70 @@ http://*.{$OLD_DOMAIN} {
 		}
 	}
 }
+
+(localtls) {
+	tls internal
+}
+
+whoami.{$DOMAIN} http://whoami.{$DOMAIN} {
+	reverse_proxy whoami:80
+	import errorhandler
+}
+
+dashboard.{$DOMAIN}  http://dashboard.{$DOMAIN} {
+	reverse_proxy homer:8080
+	import errorhandler
+}
+
+hassi.{$DOMAIN} http://hassi.{$DOMAIN} {
+	# reverse_proxy homeassistant:8123
+	reverse_proxy {host}:8123
+	import errorhandler
+}
+
+zigbee2mqtt.{$DOMAIN} http://zigbee2mqtt.{$DOMAIN} {
+	reverse_proxy zigbee2mqtt:8080
+	import errorhandler
+}
+
+jellyfin.{$DOMAIN} http://jellyfin.{$DOMAIN} {
+	reverse_proxy jellyfin:8096
+	import errorhandler
+}
+
+paperless.{$DOMAIN} http://paperless.{$DOMAIN} {
+	reverse_proxy paperless-ngx:8000
+	import errorhandler
+}
+
+download.{$DOMAIN} http://download.{$DOMAIN} {
+	reverse_proxy pyload:8000
+	import errorhandler
+}
+
+uptime.{$DOMAIN} http://uptime.{$DOMAIN} {
+	reverse_proxy uptime-kuma:3001
+	import errorhandler
+}
+
+torrent.{$DOMAIN} http://torrent.{$DOMAIN} {
+	reverse_proxy transmission:9091
+	import errorhandler
+}
+
+pdf.{$DOMAIN} http://pdf.{$DOMAIN} {
+	reverse_proxy stirling-pdf:8080
+	import errorhandler
+}
+
+root-ca.{$DOMAIN} http://root-ca.{$DOMAIN} {
+	file_server * {
+		root /usr/share/caddy/web
+		hide .git Readme.md
+	}
+	file_server /root.crt {
+		root /data/caddy/pki/authorities/local/
+		hide *.key
+	}
+	import errorhandler
+}
--- a/proxy/Dockerfile
+++ b/proxy/Dockerfile
@ -1,7 +0,0 @@
-FROM caddy:2-builder AS builder
-
-RUN xcaddy build --with github.com/caddy-dns/netcup
-
-FROM caddy:2
-
-COPY --from=builder /usr/bin/caddy /usr/bin/caddy
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@ -1,7 +1,7 @@
 services:

  caddy:
-    build: ./
+    image: caddy:2
    restart: unless-stopped
    ports:
      - 80:80
@ -16,12 +16,7 @@ services:
      - web
    environment:
      - DOMAIN=${DOMAIN}
-      - OLD_DOMAIN=${OLD_DOMAIN}
      - LOCAL_CA_NAME=${LOCAL_CA_NAME}
-      - NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER}
-      - NETCUP_API_KEY=${NETCUP_API_KEY}
-      - NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD}
-      - EMAIL=${LETSENCRYPT_MAIL}
    cap_add:
      - cap_net_bind_service

@ -38,4 +33,6 @@ services:
 networks:
  web:
    external: true
+  dockersocket:
+    external: true

--- a/proxy/web/error.html
+++ b/proxy/web/error.html
@ -1,35 +0,0 @@
-<!DOCTYPE html>
-<html lang="de">
-
-<head>
-   <meta charset="UTF-8">
-   <title>Fehler</title>
-   <meta name="viewport" content="width=device-width, initial-scale=1">
-   <style>
-      :root {
-         max-width: 80ch;
-         padding: 3em 1em;
-         margin: auto;
-         font-size: 1.25em;
-         font-family: Arial, Helvetica, sans-serif;
-      }
-      footer {
-         position: absolute;
-         bottom: 0;
-         height: 50px;
-      }
-   </style>
-</head>
-
-<body>
-   <h1>{{placeholder "http.error.status_code"}}</h1>
-
-   {{placeholder "http.error.status_text"}}
-</body>
-
-<footer>
-   <a href="http://dashboard.home.florianzirker.de/">Dashboard</a>
-</footer>
-
-
-</html>
--- a/proxy/web/index.html
+++ b/proxy/web/index.html
@ -37,7 +37,7 @@

      <li>
         Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus:
-         <pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.home.florianzirker.de/</span>root.crt
+         <pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.lan/</span>root.crt
 sudo mkdir -p /usr/local/share/ca-certificates/extra
 sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/
 sudo update-ca-certificates
--- a/smartHome/docker-compose.yaml
+++ b/smartHome/docker-compose.yaml
@ -8,13 +8,11 @@ services:
    environment:
      - TZ=Europe/Berlin
    restart: unless-stopped
-    #network_mode: host
-    networks:
-       - web
-       - smarthome
+    network_mode: host
    labels:
      - "docker.group=smartHome"

+
  mqttbroker:
    image: eclipse-mosquitto:${MOSQUITTO_VERSION}
    restart: unless-stopped
@ -30,6 +28,7 @@ services:
    labels:
      - "docker.group=smartHome"

+
  zigbee2mqtt:
    restart: unless-stopped
    image: koenkk/zigbee2mqtt
@ -46,26 +45,6 @@ services:
    labels:
      - "docker.group=smartHome"

-  db:
-    image: postgres:${POSTGRES_VERSION}
-    restart: unless-stopped
-    networks:
-      - smarthome
-    volumes:
-      - ${VOLUMES_PATH}/smartHome/postgres:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_DB=${POSTGRES_DB}
-      - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 5s
-    labels:
-      - "docker.group=smartHome"
-

 networks:
  web:
--- a/start-all.sh
+++ b/start-all.sh
@ -6,7 +6,6 @@ function up {
 }

 up proxy;
-up auth;
 up monitoring;
 up smartHome;
 up dashboard;
--- a/tools/docker-compose.yml
+++ b/tools/docker-compose.yml
@ -0,0 +1,22 @@
+services:
+
+  stirling-pdf:
+    image: frooodle/s-pdf:latest
+    # ports:
+    #   - '8080:8080'
+    networks:
+      - web
+    volumes:
+      - ${VOLUMES_PATH}/tools/stirling-pdf/trainingData:/usr/share/tesseract-ocr/5/tessdata #Required for extra OCR languages
+      - ${VOLUMES_PATH}/tools/stirling-pdf/extraConfigs:/configs
+#      - ${VOLUMES_PATH}/tools/stirling-pdf/customFiles:/customFiles/
+#      - ${VOLUMES_PATH}/tools/stirling-pdf/logs:/logs/
+    environment:
+      - DOCKER_ENABLE_SECURITY=false
+
+
+networks:
+  paperless:
+  web:
+    external: true
+
--- a/torrent/docker-compose.yaml
+++ b/torrent/docker-compose.yaml
@ -4,6 +4,8 @@ services:
    image: lscr.io/linuxserver/transmission:${TRANSMISSION_VERSION}
    environment:
      - TZ=Etc/UTC
+      - USER=${USERNAME}
+      - PASS=${PASSWORD}
    volumes:
      - ${VOLUMES_PATH}/torrent/transmission:/config
      - ${DOWNLOAD_PATH}:/downloads
Author	SHA1	Message	Date
Florian Zirker	66f0eddb95	adapt stirling-pdf to caddy	2025-03-16 17:46:36 +01:00
Florian Zirker	128ddaa95f	Stirling PDF under Tools	2025-03-16 17:26:47 +01:00