Improved network security and customizability

4 years ago · 48607c9c22
parent 68861657e8
commit 48607c9c22
5 changed files with 64 additions and 27 deletions
--- a/.env.example
+++ b/.env.example
@ -1,9 +1,24 @@
+# Global Settings
+TZ=Etc/UTC
 LOCAL_STACK_DIR=/srv/docker/volumes/irc

-TZ=Europe/Berlin
+# Networks
+NETWORK=webservices
+IRC_NETWORK=irc-webservices
+ZNC_INTERNET=znc-internet

-VIRTUAL_HOST=example.tld
-LETSENCRYPT_HOST=example.tld
-LETSENCRYPT_EMAIL=username@example.tld
+# znc (optional)
+ZNC_CONTAINER_NAME=
+ZNC_RESTART=

-NETWORK=webservices
+# reverseproxy (optional)
+RP_CONTAINER_NAME=
+RP_RESTART=
+
+# webircgateway (optional)
+WI_CONTAINER_NAME=
+WI_RESTART=
+
+# kiwiirc (optional)
+KI_CONTAINER_NAME=
+KI_RESTART=
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,64 +4,75 @@ services:
  znc:
    build:
      context: znc/
-    container_name: znc
-    restart: unless-stopped
+    container_name: ${ZNC_CONTAINER_NAME:-znc}
+    restart: ${ZNC_RESTART:-unless-stopped}
+    networks:
+      - default
+      - znc-internet
    volumes:
      - ${LOCAL_STACK_DIR}/znc/config:/config
      - ${LOCAL_STACK_DIR}/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf
+    expose:
+      - 80
    ports:
-      - "6501:6501"
+      - 6501:6501
+    env_file:
+      - znc.env
    environment:
-      - PUID=1000
-      - PGID=1000
      - TZ=${TZ}

-  nginx-reverseproxy-irc:
+  reverseproxy:
    build:
      context: reverseproxy/
-    container_name: nginx-reverseproxy-irc
-    restart: unless-stopped
+    container_name: ${RP_CONTAINER_NAME:-reverseproxy-irc}
+    restart: ${RP_RESTART:-unless-stopped}
+    networks:
+      - default
+      - main-webservices
    volumes:
      - ${LOCAL_STACK_DIR}/nginx/data/conf.d:/etc/nginx/conf.d
    expose:
      - 80
+    env_file:
+      - reverseproxy.env
    environment:
      - TZ=${TZ}
-      - VIRTUAL_HOST=${VIRTUAL_HOST}
-      - VIRTUAL_PORT=80
-      - LETSENCRYPT_HOST=${LETSENCRYPT_HOST}
-      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}

  webircgateway:
    build:
      context: webircgateway/
-    container_name: webircgateway
-    restart: unless-stopped
+    container_name: ${WI_CONTAINER_NAME:-webircgateway}
+    restart: ${WI_RESTART:-unless-stopped}
    volumes:
      - ${LOCAL_STACK_DIR}/webircgateway/config.conf:/app/config.conf:ro
    expose:
      - 80
+    env_file:
+      - webircgateway.env
    environment:
-      - PUID=1000
-      - PGID=1000
      - TZ=${TZ}

  kiwiirc:
    build:
      context: kiwiirc/
-    container_name: kiwiirc
-    restart: unless-stopped
+    container_name: ${KI_CONTAINER_NAME:-kiwiirc}
+    restart: ${KI_RESTART:-unless-stopped}
    volumes:
      - ${LOCAL_STACK_DIR}/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro
      - ${LOCAL_STACK_DIR}/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro
      - ${LOCAL_STACK_DIR}/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro
-      - ${LOCAL_STACK_DIR}/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro
+      - ${LOCAL_STACK_DIR}/kiwiirc/logo.svg:/usr/share/nginx/html/static/img/logo.svg:ro
    expose:
      - 80
    environment:
      - TZ=${TZ}

 networks:    
-    default:
-       external:
-         name: ${NETWORK}
+  default:
+    internal: true
+    name: ${IRC_NETWORK}
+  znc-internet:
+    name: ${ZNC_INTERNET}
+  main-webservices:
+    external:
+      name: ${NETWORK}
--- a/reverseproxy.env.example
+++ b/reverseproxy.env.example
@ -0,0 +1,5 @@
+# Reverse-proxy and certbot
+VIRTUAL_HOST=example.tld
+VIRTUAL_PORT=80
+LETSENCRYPT_HOST=example.tld
+LETSENCRYPT_EMAIL=username@example.tld
--- a/webircgateway.env.example
+++ b/webircgateway.env.example
@ -0,0 +1,3 @@
+# webircgateway
+PUID=1000
+PGID=1000
--- a/znc.env.example
+++ b/znc.env.example
@ -0,0 +1,3 @@
+# znc
+PUID=1000
+PGID=1000