parent
f95cb64d7e
commit
8ea0e491cd
@ -0,0 +1,2 @@ |
||||
EMAIL=email@example.org |
||||
DOMAIN=MY-DOMAIN.com |
@ -0,0 +1,63 @@ |
||||
version: '3.8' |
||||
|
||||
networks: |
||||
net: |
||||
driver: bridge |
||||
|
||||
services: |
||||
safe: |
||||
image: lolisafe/lolisafe |
||||
volumes: |
||||
- ./config.js:/usr/src/lolisafe/config.js:ro |
||||
- ./uploads:/usr/src/lolisafe/uploads |
||||
restart: unless-stopped |
||||
networks: |
||||
- net |
||||
|
||||
nginx: |
||||
image: nginx |
||||
volumes: |
||||
- ./nginx.docker.conf:/etc/nginx/conf.d/default.conf:ro |
||||
- ./uploads:/uploads |
||||
expose: |
||||
- 80 |
||||
restart: unless-stopped |
||||
depends_on: |
||||
- safe |
||||
networks: |
||||
- net |
||||
labels: |
||||
- 'traefik.enable=true' |
||||
- 'traefik.http.routers.xml.rule=Host(`${DOMAIN}`)' |
||||
- 'traefik.http.routers.xml.entrypoints=https' |
||||
- 'traefik.http.routers.xml.tls=true' |
||||
- 'traefik.http.routers.xml.tls.certresolver=letsencrypt' |
||||
|
||||
traefik: |
||||
image: traefik:latest |
||||
container_name: traefik |
||||
volumes: |
||||
- ./traefik/acme.json:/acme.json |
||||
- /var/run/docker.sock:/var/run/docker.sock |
||||
networks: |
||||
- net |
||||
ports: |
||||
- 80:80 |
||||
- 443:443 |
||||
command: |
||||
- '--log.level=INFO' |
||||
- '--providers.docker=true' |
||||
- '--providers.docker.exposedByDefault=false' |
||||
- '--entrypoints.http=true' |
||||
- '--entrypoints.http.address=:80' |
||||
- '--certificatesresolvers.letsencrypt.acme.email=${EMAIL}' |
||||
- '--certificatesresolvers.letsencrypt.acme.storage=acme.json' |
||||
- '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http' |
||||
- '--entrypoints.http.http.redirections.entrypoint.to=https' |
||||
- '--entrypoints.http.http.redirections.entrypoint.scheme=https' |
||||
- '--entrypoints.https=true' |
||||
- '--entrypoints.https.address=:443' |
||||
restart: unless-stopped |
||||
depends_on: |
||||
- nginx |
||||
|
@ -0,0 +1,41 @@ |
||||
upstream backend { |
||||
server safe:9999; # Change to the port you specified on lolisafe |
||||
} |
||||
|
||||
map $sent_http_content_type $charset { |
||||
~^text/ utf-8; |
||||
} |
||||
|
||||
server { |
||||
listen 80; |
||||
|
||||
client_max_body_size 10000M; # Change this to the max file size you want to allow |
||||
|
||||
charset $charset; |
||||
charset_types *; |
||||
|
||||
# Uncomment if you are running lolisafe behind CloudFlare. |
||||
# This requires NGINX compiled from source with: |
||||
# --with-http_realip_module |
||||
#include /path/to/lolisafe/real-ip-from-cf; |
||||
|
||||
location / { |
||||
add_header Access-Control-Allow-Origin *; |
||||
root /uploads; |
||||
try_files $uri @proxy; |
||||
} |
||||
|
||||
location @proxy { |
||||
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for; |
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
proxy_set_header Host $http_host; |
||||
proxy_set_header X-NginX-Proxy true; |
||||
proxy_pass http://backend; |
||||
proxy_redirect off; |
||||
proxy_http_version 1.1; |
||||
proxy_set_header Upgrade $http_upgrade; |
||||
proxy_set_header Connection "upgrade"; |
||||
proxy_redirect off; |
||||
proxy_set_header X-Forwarded-Proto $scheme; |
||||
} |
||||
} |
Loading…
Reference in new issue