fzirker/homeserver
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: fzirker:main
Branches Tags
fzirker:main
fzirker:stirling-pdf
..
compare: fzirker:stirling-pdf
Branches Tags
fzirker:main
fzirker:stirling-pdf

2 commits
main ... stirling-p

Author SHA1 Message Date
Florian Zirker
66f0eddb95 adapt stirling-pdf to caddy 2025-03-16 17:46:36 +01:00
Florian Zirker
128ddaa95f Stirling PDF under Tools 2025-03-16 17:26:47 +01:00
11 changed files with 106 additions and 269 deletions
Download patch file Download diff file Expand all files Collapse all files

90
auth/docker-compose.yml
View file

@ -1,90 +0,0 @@
services:
authentik-server:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
restart: unless-stopped
command: server
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
volumes:
- ${VOLUMES_PATH}/auth/media:/media
- ${VOLUMES_PATH}/auth/custom-templates:/templates
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- web
- auth
authentik-worker:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
restart: unless-stopped
command: worker
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
user: root
volumes:
# - /var/run/docker.sock:/var/run/docker.sock
- ${VOLUMES_PATH}/auth/media:/media
- ${VOLUMES_PATH}/auth/certs:/certs
- ${VOLUMES_PATH}/auth/custom-templates:/templates
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- auth
postgresql:
image: postgres:${POSTGRES_VERSION}
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ${VOLUMES_PATH}/auth/postgres/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_DB=${POSTGRES_DB}
networks:
- auth
redis:
image: redis:${REDIS_VERSION}
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- ${VOLUMES_PATH}/auth/redis:/data
networks:
- auth
networks:
auth:
web:
external: true

3
paperless/docker-compose.yaml
View file

@ -60,9 +60,6 @@ services:
- USERMAP_GID=1000 - USERMAP_GID=1000
- PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py - PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py
- PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON} - PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON}
- PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
- PAPERLESS_SOCIALACCOUNT_PROVIDERS=${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://paperless.home.florianzirker.de,https://auth.home.florianzirker.de
labels: labels:
- "docker.group=paperless" - "docker.group=paperless"

177
proxy/Caddyfile
View file

@ -1,112 +1,18 @@
{ {
email {env.EMAIL} auto_https disable_redirects
local_certs
pki {
ca local {
name "{$LOCAL_CA_NAME}"
}
}
log default { log default {
output stdout output stdout
format console format console
} }
auto_https disable_redirects
}
(proxy-auth) {
reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000
forward_auth http://authentik-server:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
}
}
http://*.{$DOMAIN} {
redir https://{labels.3}.{$DOMAIN}{uri} permanent
}
http://*.{$OLD_DOMAIN} {
redir https://{labels.1}.{$DOMAIN}{uri} permanent
}
*.{$DOMAIN} {
tls {
dns netcup {
customer_number {env.NETCUP_CUSTOMER_NUMBER}
api_key {env.NETCUP_API_KEY}
api_password {env.NETCUP_API_PASSWORD}
}
propagation_timeout 900s
propagation_delay 600s
resolvers 9.9.9.9
}
#header Strict-Transport-Security "max-age=63072000"
@whoami host whoami.{$DOMAIN}
handle @whoami {
route {
import proxy-auth
reverse_proxy whoami:80
}
}
@dashboard host dashboard.{$DOMAIN}
handle @dashboard {
reverse_proxy homer:8080
}
@hassi host hassi.{$DOMAIN}
handle @hassi {
reverse_proxy homeassistant:8123
}
@zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
handle @zigbee2mqtt {
route {
import proxy-auth
reverse_proxy zigbee2mqtt:8080
}
}
@jellyfin host jellyfin.{$DOMAIN}
handle @jellyfin {
reverse_proxy jellyfin:8096
}
@paperless host paperless.{$DOMAIN}
handle @paperless {
reverse_proxy paperless-ngx:8000
}
@download host download.{$DOMAIN}
handle @download {
route {
import proxy-auth
reverse_proxy pyload:8000
}
}
@uptime host uptime.{$DOMAIN}
handle @uptime {
route {
import proxy-auth
reverse_proxy uptime-kuma:3001
}
}
@torrent host torrent.{$DOMAIN}
handle @torrent {
route {
import proxy-auth
reverse_proxy transmission:9091
}
}
@auth host auth.{$DOMAIN}
handle @auth {
reverse_proxy authentik-server:9000
}
# Fallback unhandled (sub)domains
handle {
error 404
} }
(errorhandler) {
handle_errors { handle_errors {
root * /usr/share/caddy/web root * /usr/share/caddy/web
rewrite * /error.html rewrite * /error.html
@ -116,3 +22,70 @@ http://*.{$OLD_DOMAIN} {
} }
} }
} }
(localtls) {
tls internal
}
whoami.{$DOMAIN} http://whoami.{$DOMAIN} {
reverse_proxy whoami:80
import errorhandler
}
dashboard.{$DOMAIN} http://dashboard.{$DOMAIN} {
reverse_proxy homer:8080
import errorhandler
}
hassi.{$DOMAIN} http://hassi.{$DOMAIN} {
# reverse_proxy homeassistant:8123
reverse_proxy {host}:8123
import errorhandler
}
zigbee2mqtt.{$DOMAIN} http://zigbee2mqtt.{$DOMAIN} {
reverse_proxy zigbee2mqtt:8080
import errorhandler
}
jellyfin.{$DOMAIN} http://jellyfin.{$DOMAIN} {
reverse_proxy jellyfin:8096
import errorhandler
}
paperless.{$DOMAIN} http://paperless.{$DOMAIN} {
reverse_proxy paperless-ngx:8000
import errorhandler
}
download.{$DOMAIN} http://download.{$DOMAIN} {
reverse_proxy pyload:8000
import errorhandler
}
uptime.{$DOMAIN} http://uptime.{$DOMAIN} {
reverse_proxy uptime-kuma:3001
import errorhandler
}
torrent.{$DOMAIN} http://torrent.{$DOMAIN} {
reverse_proxy transmission:9091
import errorhandler
}
pdf.{$DOMAIN} http://pdf.{$DOMAIN} {
reverse_proxy stirling-pdf:8080
import errorhandler
}
root-ca.{$DOMAIN} http://root-ca.{$DOMAIN} {
file_server * {
root /usr/share/caddy/web
hide .git Readme.md
}
file_server /root.crt {
root /data/caddy/pki/authorities/local/
hide *.key
}
import errorhandler
}

7
proxy/Dockerfile
View file

@ -1,7 +0,0 @@
FROM caddy:2-builder AS builder
RUN xcaddy build --with github.com/caddy-dns/netcup
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

9
proxy/docker-compose.yaml
View file

@ -1,7 +1,7 @@
services: services:
caddy: caddy:
build: ./ image: caddy:2
restart: unless-stopped restart: unless-stopped
ports: ports:
- 80:80 - 80:80
@ -16,12 +16,7 @@ services:
- web - web
environment: environment:
- DOMAIN=${DOMAIN} - DOMAIN=${DOMAIN}
- OLD_DOMAIN=${OLD_DOMAIN}
- LOCAL_CA_NAME=${LOCAL_CA_NAME} - LOCAL_CA_NAME=${LOCAL_CA_NAME}
- NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER}
- NETCUP_API_KEY=${NETCUP_API_KEY}
- NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD}
- EMAIL=${LETSENCRYPT_MAIL}
cap_add: cap_add:
- cap_net_bind_service - cap_net_bind_service
@ -38,4 +33,6 @@ services:
networks: networks:
web: web:
external: true external: true
dockersocket:
external: true

35
proxy/web/error.html
View file

@ -1,35 +0,0 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<title>Fehler</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
:root {
max-width: 80ch;
padding: 3em 1em;
margin: auto;
font-size: 1.25em;
font-family: Arial, Helvetica, sans-serif;
}
footer {
position: absolute;
bottom: 0;
height: 50px;
}
</style>
</head>
<body>
<h1>{{placeholder "http.error.status_code"}}</h1>
{{placeholder "http.error.status_text"}}
</body>
<footer>
<a href="http://dashboard.home.florianzirker.de/">Dashboard</a>
</footer>
</html>

2
proxy/web/index.html
View file

@ -37,7 +37,7 @@
<li> <li>
Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus: Um das CA-Certifikat in den Linux-Truststore zu installieren führen Sie folgende Befehle aus:
<pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.home.florianzirker.de/</span>root.crt <pre><code>curl -o caddy-root-ca.crt <span id="url">http://example.lan/</span>root.crt
sudo mkdir -p /usr/local/share/ca-certificates/extra sudo mkdir -p /usr/local/share/ca-certificates/extra
sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/ sudo cp caddy-root-ca.crt /usr/local/share/ca-certificates/extra/
sudo update-ca-certificates sudo update-ca-certificates

27
smartHome/docker-compose.yaml
View file

@ -8,13 +8,11 @@ services:
environment: environment:
- TZ=Europe/Berlin - TZ=Europe/Berlin
restart: unless-stopped restart: unless-stopped
#network_mode: host network_mode: host
networks:
- web
- smarthome
labels: labels:
- "docker.group=smartHome" - "docker.group=smartHome"
mqttbroker: mqttbroker:
image: eclipse-mosquitto:${MOSQUITTO_VERSION} image: eclipse-mosquitto:${MOSQUITTO_VERSION}
restart: unless-stopped restart: unless-stopped
@ -30,6 +28,7 @@ services:
labels: labels:
- "docker.group=smartHome" - "docker.group=smartHome"
zigbee2mqtt: zigbee2mqtt:
restart: unless-stopped restart: unless-stopped
image: koenkk/zigbee2mqtt image: koenkk/zigbee2mqtt
@ -46,26 +45,6 @@ services:
labels: labels:
- "docker.group=smartHome" - "docker.group=smartHome"
db:
image: postgres:${POSTGRES_VERSION}
restart: unless-stopped
networks:
- smarthome
volumes:
- ${VOLUMES_PATH}/smartHome/postgres:/var/lib/postgresql/data
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
labels:
- "docker.group=smartHome"
networks: networks:
web: web:

1
start-all.sh
View file

@ -6,7 +6,6 @@ function up {
} }
up proxy; up proxy;
up auth;
up monitoring; up monitoring;
up smartHome; up smartHome;
up dashboard; up dashboard;

22
tools/docker-compose.yml Normal file
View file

@ -0,0 +1,22 @@
services:
stirling-pdf:
image: frooodle/s-pdf:latest
# ports:
# - '8080:8080'
networks:
- web
volumes:
- ${VOLUMES_PATH}/tools/stirling-pdf/trainingData:/usr/share/tesseract-ocr/5/tessdata #Required for extra OCR languages
- ${VOLUMES_PATH}/tools/stirling-pdf/extraConfigs:/configs
# - ${VOLUMES_PATH}/tools/stirling-pdf/customFiles:/customFiles/
# - ${VOLUMES_PATH}/tools/stirling-pdf/logs:/logs/
environment:
- DOCKER_ENABLE_SECURITY=false
networks:
paperless:
web:
external: true

2
torrent/docker-compose.yaml
View file

@ -4,6 +4,8 @@ services:
image: lscr.io/linuxserver/transmission:${TRANSMISSION_VERSION} image: lscr.io/linuxserver/transmission:${TRANSMISSION_VERSION}
environment: environment:
- TZ=Etc/UTC - TZ=Etc/UTC
- USER=${USERNAME}
- PASS=${PASSWORD}
volumes: volumes:
- ${VOLUMES_PATH}/torrent/transmission:/config - ${VOLUMES_PATH}/torrent/transmission:/config
- ${DOWNLOAD_PATH}:/downloads - ${DOWNLOAD_PATH}:/downloads