From f175d23e34d25f1b7ea4eedc0844e5fa844f32b1 Mon Sep 17 00:00:00 2001 From: Derek Crudgington Date: Tue, 13 Dec 2022 15:17:42 +0000 Subject: [PATCH] Fixes for each service, new proxy config, removing spare volumes, random things --- fstack/lib/dns.sh | 2 ++ fstack/lib/jitsi.sh | 65 +++++++++++++++++++++------------------ fstack/lib/listmonk.sh | 6 ++-- fstack/lib/matrix.sh | 19 +++++++++++- fstack/lib/network.sh.old | 19 ++++++++++++ fstack/lib/nextcloud.sh | 47 +++------------------------- fstack/lib/panel.sh | 20 +++--------- fstack/lib/postgresql.sh | 9 ++++-- fstack/lib/vaultwarden.sh | 4 +-- install-federated.sh | 7 +++-- start.sh | 6 ++-- stop.sh | 6 ++-- 12 files changed, 106 insertions(+), 104 deletions(-) create mode 100644 fstack/lib/network.sh.old diff --git a/fstack/lib/dns.sh b/fstack/lib/dns.sh index 3dbae25..5721f53 100644 --- a/fstack/lib/dns.sh +++ b/fstack/lib/dns.sh @@ -180,6 +180,8 @@ collabora IN A $EXTERNALIP jitsi IN A $EXTERNALIP matrix IN A $EXTERNALIP element IN A $EXTERNALIP +listmonk IN A $EXTERNALIP +vaultwarden IN A $EXTERNALIP $DOMAIN. IN A $EXTERNALIP EOF diff --git a/fstack/lib/jitsi.sh b/fstack/lib/jitsi.sh index f2a2dac..18c741b 100644 --- a/fstack/lib/jitsi.sh +++ b/fstack/lib/jitsi.sh @@ -10,11 +10,12 @@ config_jitsi() { SPINPID=$! if [ ! -d "fstack/jitsi" ]; then - mkdir -p fstack/jitsi/data/config/keys &> /dev/null - cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/jitsi/data/config/keys - mv fstack/jitsi/data/config/keys/fullchain1.pem fstack/jitsi/data/config/keys/cert.crt - mv fstack/jitsi/data/config/keys/privkey1.pem fstack/jitsi/data/config/keys/cert.key - chmod 644 fstack/jitsi/data/config/keys/*.pem + mkdir -p fstack/jitsi +# mkdir -p fstack/jitsi/data/config/keys &> /dev/null +# cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/jitsi/data/config/keys +# mv fstack/jitsi/data/config/keys/fullchain1.pem fstack/jitsi/data/config/keys/cert.crt +# mv fstack/jitsi/data/config/keys/privkey1.pem fstack/jitsi/data/config/keys/cert.key +# chmod 644 fstack/jitsi/data/config/keys/*.pem fi DOMAIN_ARRAY=(${DOMAIN//./ }) @@ -32,19 +33,19 @@ version: '3.7' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-7882} - restart: ${RESTART_POLICY:-unless-stopped} + image: jitsi/web:\${JITSI_IMAGE_VERSION:-stable-7882} + restart: \${RESTART_POLICY:-unless-stopped} ports: - - '${HTTP_PORT}:80' - - '${HTTPS_PORT}:443' + - '\${HTTP_PORT}:80' + - '\${HTTPS_PORT}:443' volumes: - - ${CONFIG}/web:/config:Z - - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z - - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z + - \${CONFIG}/web:/config:Z + - \${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z + - \${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z - ./data/config/keys:/config/keys:Z environment: - - VIRTUAL_PROTO=https - - VIRTUAL_PORT=443 + - VIRTUAL_PROTO=http + - VIRTUAL_PORT=80 - VIRTUAL_HOST=jitsi.$DOMAIN - AMPLITUDE_ID - ANALYTICS_SCRIPT_URLS @@ -184,15 +185,15 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-7882} - restart: ${RESTART_POLICY:-unless-stopped} + image: jitsi/prosody:\${JITSI_IMAGE_VERSION:-stable-7882} + restart: \${RESTART_POLICY:-unless-stopped} expose: - - '${XMPP_PORT:-5222}' + - '\${XMPP_PORT:-5222}' - '5347' - '5280' volumes: - - ${CONFIG}/prosody/config:/config:Z - - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z + - \${CONFIG}/prosody/config:/config:Z + - \${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z environment: - AUTH_TYPE - DISABLE_POLLS @@ -282,10 +283,10 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-7882} - restart: ${RESTART_POLICY:-unless-stopped} + image: jitsi/jicofo:\${JITSI_IMAGE_VERSION:-stable-7882} + restart: \${RESTART_POLICY:-unless-stopped} volumes: - - ${CONFIG}/jicofo:/config:Z + - \${CONFIG}/jicofo:/config:Z environment: - AUTH_TYPE - BRIDGE_AVG_PARTICIPANT_STRESS @@ -314,7 +315,7 @@ services: - JVB_BREWERY_MUC - MAX_BRIDGE_PARTICIPANTS - OCTO_BRIDGE_SELECTION_STRATEGY - - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" + - SENTRY_DSN="\${JICOFO_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ @@ -333,13 +334,13 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-7882} - restart: ${RESTART_POLICY:-unless-stopped} + image: jitsi/jvb:\${JITSI_IMAGE_VERSION:-stable-7882} + restart: \${RESTART_POLICY:-unless-stopped} ports: - - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' - - '127.0.0.1:${JVB_COLIBRI_PORT:-9090}:9090' + - '\${JVB_PORT:-10000}:\${JVB_PORT:-10000}/udp' + - '127.0.0.1:\${JVB_COLIBRI_PORT:-9090}:9090' volumes: - - ${CONFIG}/jvb:/config:Z + - \${CONFIG}/jvb:/config:Z environment: - DOCKER_HOST_ADDRESS - ENABLE_COLIBRI_WEBSOCKET @@ -360,7 +361,7 @@ services: - JVB_WS_DOMAIN - JVB_WS_SERVER_ID - PUBLIC_URL - - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" + - SENTRY_DSN="\${JVB_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - COLIBRI_REST_ENABLED @@ -375,6 +376,10 @@ services: networks: fstack: ipv4_address: 172.99.0.28 + +networks: + fstack: + external: true EOF # Create Jitsi .env file @@ -630,7 +635,7 @@ start_jitsi() { break else if [ "$RETRY" == 1 ]; then - cd fstack/jitsi && docker-compose -f docker-compose.yml -p jitsi down &> /dev/null + docker-compose -f docker-compose.yml -p jitsi down &> /dev/null kill -9 $SPINPID &> /dev/null fail "There was a problem starting service fstack/jitsi\nCheck the output of 'docker logs jitsi' or turn on\ndebug with -d" fi diff --git a/fstack/lib/listmonk.sh b/fstack/lib/listmonk.sh index 1af42d3..7b15bf4 100644 --- a/fstack/lib/listmonk.sh +++ b/fstack/lib/listmonk.sh @@ -10,7 +10,7 @@ config_listmonk() { SPINPID=$! if [ ! -d "fstack/listmonk" ]; then - mkdir -p fstack/listmonk/static + mkdir -p fstack/listmonk/static fstack/listmonk/data/listmonk fi DOMAIN_ARRAY=(${DOMAIN//./ }) @@ -76,10 +76,10 @@ start_listmonk() { if [ $DEBUG ]; then # Start fstack/listmonk with output to console for debug - docker-compose -f fstack/listmonk/docker-compose.yml -p listmonk up --build + docker-compose -f fstack/listmonk/docker-compose.yml -p listmonk up [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/listmonk" else - docker-compose -f fstack/listmonk/docker-compose.yml -p listmonk up --build -d &> /dev/null + docker-compose -f fstack/listmonk/docker-compose.yml -p listmonk up -d &> /dev/null # Keep trying listmonk port 9000 to make sure it's up # before we proceed diff --git a/fstack/lib/matrix.sh b/fstack/lib/matrix.sh index 01f6630..e24a179 100644 --- a/fstack/lib/matrix.sh +++ b/fstack/lib/matrix.sh @@ -10,7 +10,7 @@ config_matrix() { SPINPID=$! if [ ! -d "fstack/matrix" ]; then - mkdir -p fstack/matrix/data/root/certs fstack/matrix/data/matrix fstack/matrix/data/element &> /dev/null + mkdir -p fstack/matrix/data/matrix fstack/matrix/data/element &> /dev/null cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/matrix/data/matrix chmod 644 fstack/matrix/data/matrix/*.pem fi @@ -139,11 +139,28 @@ cat > fstack/matrix/data/element/element-config.json < /dev/null [ $? -ne 0 ] && fail "Couldn't run docker matrixdotorg/synapse:latest generate" +# Take out default Sqlite database config +sed -i 's!database: /data/homeserver.db!!g' fstack/matrix/data/matrix/homeserver.yaml +sed -i 's!database:!!g' fstack/matrix/data/matrix/homeserver.yaml +sed -i 's!name: sqlite3!!g' fstack/matrix/data/matrix/homeserver.yaml +sed -i 's!args:!!g' fstack/matrix/data/matrix/homeserver.yaml + +# Insert our Postgres and LDAP config cat >> fstack/matrix/data/matrix/homeserver.yaml < /dev/null + [ $? -ne 0 ] && fail "Couldn't run docker network create" + fi + + echo -ne "done." + kill -9 $SPINPID &> /dev/null +} diff --git a/fstack/lib/nextcloud.sh b/fstack/lib/nextcloud.sh index 152c007..1256deb 100644 --- a/fstack/lib/nextcloud.sh +++ b/fstack/lib/nextcloud.sh @@ -10,10 +10,7 @@ config_nextcloud() { SPINPID=$! if [ ! -d "fstack/nextcloud" ]; then - mkdir -p fstack/nextcloud/data/root/certs &> /dev/null mkdir -p fstack/nextcloud/data/var/www/html &> /dev/null - mkdir -p fstack/nextcloud/data/etc/apache2/sites-enabled &> /dev/null - cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/nextcloud/data/root/certs/ fi DOMAIN_ARRAY=(${DOMAIN//./ }) @@ -36,19 +33,13 @@ services: networks: fstack: ipv4_address: 172.99.0.15 - ports: - - "8000:80" - - "8444:443" extra_hosts: - "collabora.$DOMAIN:$EXTERNALIP" volumes: - - ./data/root:/root - - ./data/etc/apache2/sites-enabled:/etc/apache2/sites-enabled - ./data/var/www/html:/var/www/html environment: - - CERT_NAME=$DOMAIN - - VIRTUAL_PROTO=https - - VIRTUAL_PORT=443 + - VIRTUAL_PROTO=http + - VIRTUAL_PORT=80 - VIRTUAL_HOST=nextcloud.$DOMAIN - PHP_MEMORY_LIMIT=2048M - PHP_UPLOAD_LIMIT=2048M @@ -110,7 +101,7 @@ ENV NEXTCLOUD_UPDATE=1 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] EOF -cat > fstack/nextcloud/data/root/nextcloud.sh < fstack/nextcloud/data/nextcloud.sh < fstack/nextcloud/data/etc/apache2/sites-enabled/000-default.conf <<'EOF' -LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so - - - ServerAdmin admin@localhost - DocumentRoot /var/www/html - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - - - SSLEngine on - SSLCertificateFile /root/certs/fullchain1.pem - SSLCertificateKeyFile /root/certs/privkey1.pem - - ServerAdmin admin@localhost - DocumentRoot /var/www/html - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - -EOF +chmod +x fstack/nextcloud/data/nextcloud.sh kill -9 $SPINPID &> /dev/null echo -ne "done." @@ -233,7 +202,7 @@ start_nextcloud() { fi # Move nextcloud.sh and set nextcloud.sh executable - docker exec -it nextcloud mv /root/nextcloud.sh /var/www/html/ + mv fstack/nextcloud/data/nextcloud.sh fstack/nextcloud/data/var/www/html/ docker exec -it nextcloud chown www-data:root /var/www/html/nextcloud.sh docker exec -it nextcloud chmod 755 /var/www/html/nextcloud.sh [ $? -ne 0 ] && fail "Couldn't chown nextcloud.sh in fstack/nextcloud container" @@ -242,12 +211,6 @@ start_nextcloud() { docker exec -it -u 33 nextcloud /var/www/html/nextcloud.sh &> /dev/null [ $? -ne 0 ] && fail "Couldn't run nextcloud.sh inside fstack/nextcloud container" - # Enable SSL module in fstack/nextcloud - docker exec -it nextcloud a2enmod ssl &> /dev/null - [ $? -ne 0 ] && fail "Couldn't run a2enmod ssl in fstack/nextcloud container" - - docker exec -it nextcloud service apache2 restart &> /dev/null - kill -9 $SPINPID &> /dev/null echo -ne "done." } diff --git a/fstack/lib/panel.sh b/fstack/lib/panel.sh index 5b24407..9cb5ef7 100644 --- a/fstack/lib/panel.sh +++ b/fstack/lib/panel.sh @@ -10,8 +10,7 @@ config_panel() { SPINPID=$! if [ ! -d "fstack/panel" ]; then - mkdir -p fstack/panel/data/root/certs &> /dev/null - cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/panel/data/root/certs/ + mkdir -p fstack/panel fi DOMAIN_ARRAY=(${DOMAIN//./ }) @@ -59,15 +58,9 @@ services: networks: fstack: ipv4_address: 172.99.0.12 - ports: - - 8080:80 - - 8443:443 - volumes: - - ./data/root/certs:/opt/ssl environment: - - CERT_NAME=$DOMAIN - - VIRTUAL_PROTO=https - - VIRTUAL_PORT=443 + - VIRTUAL_PROTO=http + - VIRTUAL_PORT=80 - VIRTUAL_HOST=panel.$DOMAIN - SERVER_HOSTNAME=panel.$DOMAIN - LDAP_URI=ldap://ldap.$DOMAIN @@ -86,10 +79,7 @@ services: - SMTP_PASSWORD=$ADMINPASS - EMAIL_FROM_ADDRESS=admin@$DOMAIN - SMTP_USE_TLS=true - - NO_HTTPS=false - - SERVER_CERT_FILENAME=fullchain1.pem - - SERVER_KEY_FILENAME=privkey1.pem - - CA_CERT_FILENAME=chain1.pem + - NO_HTTPS=true networks: fstack: @@ -117,7 +107,7 @@ start_panel() { # before we proceed RETRY="30" while [ $RETRY -gt 0 ]; do - nc -z 172.99.0.12 443 &> /dev/null + nc -z 172.99.0.12 80 &> /dev/null if [ $? -eq 0 ]; then break else diff --git a/fstack/lib/postgresql.sh b/fstack/lib/postgresql.sh index 61f0117..a6fe9e8 100644 --- a/fstack/lib/postgresql.sh +++ b/fstack/lib/postgresql.sh @@ -38,10 +38,12 @@ services: - ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt - ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key - ./data/var/lib/postgresql/data:/var/lib/postgresql/data + - ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d environment: - POSTGRES_DB=nextcloud - POSTGRES_USER=nextcloud - POSTGRES_PASSWORD=$ADMINPASS + - POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C' command: > -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt @@ -65,6 +67,9 @@ GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden; CREATE USER listmonk WITH PASSWORD '$ADMINPASS'; CREATE DATABASE listmonk; GRANT ALL PRIVILEGES ON DATABASE listmonk TO listmonk; +CREATE USER matrix WITH PASSWORD '$ADMINPASS'; +CREATE DATABASE matrix; +GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix; EOF kill -9 $SPINPID &> /dev/null @@ -79,10 +84,10 @@ start_postgresql() { if [ $DEBUG ]; then # Start fstack/postgresql with output to console for debug - docker-compose -f fstack/postgresql/docker-compose.yml -p postgresql up --build + docker-compose -f fstack/postgresql/docker-compose.yml -p postgresql up [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/postgresql" else - docker-compose -f fstack/postgresql/docker-compose.yml -p postgresql up --build -d &> /dev/null + docker-compose -f fstack/postgresql/docker-compose.yml -p postgresql up -d &> /dev/null # Keep trying postgresql port 5432 to make sure it's up # before we proceed diff --git a/fstack/lib/vaultwarden.sh b/fstack/lib/vaultwarden.sh index d4db57b..53748d2 100644 --- a/fstack/lib/vaultwarden.sh +++ b/fstack/lib/vaultwarden.sh @@ -59,10 +59,10 @@ start_vaultwarden() { if [ $DEBUG ]; then # Start fstack/vaultwarden with output to console for debug - docker-compose -f fstack/vaultwarden/docker-compose.yml -p vaultwarden up --build + docker-compose -f fstack/vaultwarden/docker-compose.yml -p vaultwarden up [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/vaultwarden" else - docker-compose -f fstack/vaultwarden/docker-compose.yml -p vaultwarden up --build -d &> /dev/null + docker-compose -f fstack/vaultwarden/docker-compose.yml -p vaultwarden up -d &> /dev/null # Keep trying vaultwarden port 80 to make sure it's up # before we proceed diff --git a/install-federated.sh b/install-federated.sh index 6a0bdb5..158fa8a 100755 --- a/install-federated.sh +++ b/install-federated.sh @@ -47,12 +47,15 @@ get_config() { . fstack/lib/checks.sh . fstack/lib/network.sh . fstack/lib/dns.sh + . fstack/lib/postgresql.sh . fstack/lib/ldap.sh . fstack/lib/mail.sh . fstack/lib/collabora.sh . fstack/lib/nextcloud.sh . fstack/lib/matrix.sh . fstack/lib/jitsi.sh + . fstack/lib/listmonk.sh + . fstack/lib/vaultwarden.sh . fstack/lib/panel.sh . fstack/lib/proxy.sh @@ -85,9 +88,7 @@ check_ports config_network # Configure and start each federated service -#for i in dns ldap mail collabora nextcloud matrix jitsi panel proxy; do -#for i in ldap mail collabora nextcloud matrix jitsi panel proxy; do -for i in nextcloud; do +for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy; do config_$i start_$i done diff --git a/start.sh b/start.sh index 2f0caec..8cf4446 100755 --- a/start.sh +++ b/start.sh @@ -3,7 +3,7 @@ # Federated Start Script usage() { - echo "$0: all|dns|ldap|mail|collabora|nextcloud|matrix|jitsi|panel|proxy" + echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy" exit 2 } startservice() { @@ -11,7 +11,7 @@ startservice() { cd fstack/$SERVICE && docker-compose -f docker-compose.yml -p $SERVICE up -d } startservice_all() { - for i in dns ldap mail collabora nextcloud matrix jitsi panel proxy; do + for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy; do echo "* Starting $i.." cd fstack/$i && docker-compose -f docker-compose.yml -p $i up -d done @@ -22,6 +22,6 @@ SERVICE=$1 case "$SERVICE" in all) startservice_all;; - dns|ldap|mail|collabora|nextcloud|matrix|jitsi|panel|proxy) startservice;; + dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy) startservice;; *) usage;; esac diff --git a/stop.sh b/stop.sh index 3eb4728..2c9bb30 100755 --- a/stop.sh +++ b/stop.sh @@ -3,7 +3,7 @@ # Federated Stop Script usage() { - echo "$0: all|dns|ldap|mail|collabora|nextcloud|matrix|jitsi|panel|proxy" + echo "$0: all|dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy" exit 2 } stopservice() { @@ -11,7 +11,7 @@ stopservice() { docker-compose -f fstack/$SERVICE/docker-compose.yml -p $SERVICE down } stopservice_all() { - for i in dns ldap mail collabora nextcloud matrix jitsi panel proxy; do + for i in dns postgresql ldap mail collabora nextcloud matrix jitsi listmonk vaultwarden panel proxy; do echo "* Stopping $i.." docker-compose -f fstack/$i/docker-compose.yml -p $i down done @@ -22,6 +22,6 @@ SERVICE=$1 case "$SERVICE" in all) stopservice_all;; - dns|ldap|mail|collabora|nextcloud|matrix|jitsi|panel|proxy) stopservice;; + dns|postgresql|ldap|mail|collabora|nextcloud|matrix|jitsi|listmonk|vaultwarden|panel|proxy) stopservice;; *) usage;; esac