From 48607c9c22bbaeb10536f098ae99f7f4329bc6b8 Mon Sep 17 00:00:00 2001 From: meliurwen Date: Sun, 23 Aug 2020 21:03:53 +0200 Subject: [PATCH] Improved network security and customizability --- .env.example | 25 ++++++++++++++---- docker-compose.yml | 55 +++++++++++++++++++++++---------------- reverseproxy.env.example | 5 ++++ webircgateway.env.example | 3 +++ znc.env.example | 3 +++ 5 files changed, 64 insertions(+), 27 deletions(-) create mode 100644 reverseproxy.env.example create mode 100644 webircgateway.env.example create mode 100644 znc.env.example diff --git a/.env.example b/.env.example index 0e735e0..a7782bb 100644 --- a/.env.example +++ b/.env.example @@ -1,9 +1,24 @@ +# Global Settings +TZ=Etc/UTC LOCAL_STACK_DIR=/srv/docker/volumes/irc -TZ=Europe/Berlin +# Networks +NETWORK=webservices +IRC_NETWORK=irc-webservices +ZNC_INTERNET=znc-internet -VIRTUAL_HOST=example.tld -LETSENCRYPT_HOST=example.tld -LETSENCRYPT_EMAIL=username@example.tld +# znc (optional) +ZNC_CONTAINER_NAME= +ZNC_RESTART= -NETWORK=webservices +# reverseproxy (optional) +RP_CONTAINER_NAME= +RP_RESTART= + +# webircgateway (optional) +WI_CONTAINER_NAME= +WI_RESTART= + +# kiwiirc (optional) +KI_CONTAINER_NAME= +KI_RESTART= diff --git a/docker-compose.yml b/docker-compose.yml index 9428420..ee04997 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,64 +4,75 @@ services: znc: build: context: znc/ - container_name: znc - restart: unless-stopped + container_name: ${ZNC_CONTAINER_NAME:-znc} + restart: ${ZNC_RESTART:-unless-stopped} + networks: + - default + - znc-internet volumes: - ${LOCAL_STACK_DIR}/znc/config:/config - ${LOCAL_STACK_DIR}/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf + expose: + - 80 ports: - - "6501:6501" + - 6501:6501 + env_file: + - znc.env environment: - - PUID=1000 - - PGID=1000 - TZ=${TZ} - nginx-reverseproxy-irc: + reverseproxy: build: context: reverseproxy/ - container_name: nginx-reverseproxy-irc - restart: unless-stopped + container_name: ${RP_CONTAINER_NAME:-reverseproxy-irc} + restart: ${RP_RESTART:-unless-stopped} + networks: + - default + - main-webservices volumes: - ${LOCAL_STACK_DIR}/nginx/data/conf.d:/etc/nginx/conf.d expose: - 80 + env_file: + - reverseproxy.env environment: - TZ=${TZ} - - VIRTUAL_HOST=${VIRTUAL_HOST} - - VIRTUAL_PORT=80 - - LETSENCRYPT_HOST=${LETSENCRYPT_HOST} - - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} webircgateway: build: context: webircgateway/ - container_name: webircgateway - restart: unless-stopped + container_name: ${WI_CONTAINER_NAME:-webircgateway} + restart: ${WI_RESTART:-unless-stopped} volumes: - ${LOCAL_STACK_DIR}/webircgateway/config.conf:/app/config.conf:ro expose: - 80 + env_file: + - webircgateway.env environment: - - PUID=1000 - - PGID=1000 - TZ=${TZ} kiwiirc: build: context: kiwiirc/ - container_name: kiwiirc - restart: unless-stopped + container_name: ${KI_CONTAINER_NAME:-kiwiirc} + restart: ${KI_RESTART:-unless-stopped} volumes: - ${LOCAL_STACK_DIR}/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro - ${LOCAL_STACK_DIR}/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro - ${LOCAL_STACK_DIR}/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro - - ${LOCAL_STACK_DIR}/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro + - ${LOCAL_STACK_DIR}/kiwiirc/logo.svg:/usr/share/nginx/html/static/img/logo.svg:ro expose: - 80 environment: - TZ=${TZ} networks: - default: - external: - name: ${NETWORK} + default: + internal: true + name: ${IRC_NETWORK} + znc-internet: + name: ${ZNC_INTERNET} + main-webservices: + external: + name: ${NETWORK} diff --git a/reverseproxy.env.example b/reverseproxy.env.example new file mode 100644 index 0000000..8bd7fe7 --- /dev/null +++ b/reverseproxy.env.example @@ -0,0 +1,5 @@ +# Reverse-proxy and certbot +VIRTUAL_HOST=example.tld +VIRTUAL_PORT=80 +LETSENCRYPT_HOST=example.tld +LETSENCRYPT_EMAIL=username@example.tld diff --git a/webircgateway.env.example b/webircgateway.env.example new file mode 100644 index 0000000..e45f029 --- /dev/null +++ b/webircgateway.env.example @@ -0,0 +1,3 @@ +# webircgateway +PUID=1000 +PGID=1000 diff --git a/znc.env.example b/znc.env.example new file mode 100644 index 0000000..9724db0 --- /dev/null +++ b/znc.env.example @@ -0,0 +1,3 @@ +# znc +PUID=1000 +PGID=1000