From 4ec1091d588bff2c4556e24655e32fb0dd71d188 Mon Sep 17 00:00:00 2001 From: Davide Polonio Date: Mon, 6 Jan 2025 21:44:18 +0100 Subject: [PATCH] feat: move Diary from external to vpn only --- diary/Caddyfile | 5 +++ diary/docker-compose.yml | 73 +++++++++++++++++++++++++++++++++------- 2 files changed, 66 insertions(+), 12 deletions(-) create mode 100644 diary/Caddyfile diff --git a/diary/Caddyfile b/diary/Caddyfile new file mode 100644 index 0000000..4516d59 --- /dev/null +++ b/diary/Caddyfile @@ -0,0 +1,5 @@ +https://diary.lan.poldebra.me { + tls /cert.crt /key.key + reverse_proxy app:80 { + } +} \ No newline at end of file diff --git a/diary/docker-compose.yml b/diary/docker-compose.yml index e75f097..e040475 100644 --- a/diary/docker-compose.yml +++ b/diary/docker-compose.yml @@ -1,19 +1,43 @@ -version: "3.9" - services: + mock: + image: nginx:alpine + restart: unless-stopped + env_file: + - .env + networks: + - proxy + + reverse_proxy: + image: caddy:alpine + restart: unless-stopped + network_mode: service:tailscale + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro + - /srv/docker/reverse_proxy/certs/diary.lan.poldebra.me/fullchain.pem:/cert.crt:ro + - /srv/docker/reverse_proxy/certs/diary.lan.poldebra.me/key.pem:/key.key:ro + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "https://diary.lan.poldebra.me"] + interval: 5s + timeout: 10s + retries: 3 + depends_on: + app: + condition: service_started + tailscale: + condition: service_healthy + app: image: monica:4-apache depends_on: - - db + db: + condition: service_started + tailscale: + condition: service_healthy env_file: - .monica.env - - .env volumes: - data:/var/www/html/storage restart: unless-stopped - networks: - - internal - - proxy cron: image: monica:4-apache @@ -23,7 +47,7 @@ services: - data:/var/www/html/storage command: cron.sh depends_on: - - db + - app db: image: mysql:8.0 @@ -32,8 +56,29 @@ services: volumes: - mysql:/var/lib/mysql restart: unless-stopped - networks: - - internal + + tailscale: + hostname: diary + image: tailscale/tailscale:latest + restart: unless-stopped + # ports: + # - "80:80" + healthcheck: + test: ["CMD-SHELL", "tailscale status"] + interval: 1s + timeout: 5s + retries: 60 + volumes: + - tailscale:/var/lib + - /lib/modules:/lib/modules:ro + devices: + - /dev/net/tun:/dev/net/tun + cap_add: + - net_admin + - sys_module + - net_raw + command: tailscaled + volumes: data: @@ -48,9 +93,13 @@ volumes: type: none o: bind device: "/srv/docker/diary/mysql" + tailscale: + driver: local + driver_opts: + type: none + o: bind + device: "/srv/docker/diary/tailscale" networks: proxy: external: true - internal: -