From 80a150681cace6c9ce5bdb3b931e59933d9ffe83 Mon Sep 17 00:00:00 2001 From: Morfusee Date: Wed, 30 Jul 2025 17:58:04 +0000 Subject: [PATCH 1/5] UPDATE: Added entrypoint for server port --- server/traefik/config/static.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/traefik/config/static.yml b/server/traefik/config/static.yml index 595b636..0e1c715 100644 --- a/server/traefik/config/static.yml +++ b/server/traefik/config/static.yml @@ -19,6 +19,8 @@ entryPoints: scheme: https websecure: address: ":443" + server: + address: ":3000" providers: docker: From 29f53b50594792c0d9072cfec2c2d87c35da8411 Mon Sep 17 00:00:00 2001 From: Morfusee Date: Wed, 30 Jul 2025 17:58:33 +0000 Subject: [PATCH 2/5] UPDATE: Added labels to apply newly added entrypoints --- server/compose.prod.yml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/server/compose.prod.yml b/server/compose.prod.yml index dd443c1..65ab246 100644 --- a/server/compose.prod.yml +++ b/server/compose.prod.yml @@ -19,6 +19,7 @@ services: ports: - "80:80" - "443:443" + - "3000:3000" volumes: - ./letsencrypt:/letsencrypt:rw # letsencrypt folder - ./traefik/config:/etc/traefik/config:ro # traefik folder @@ -66,16 +67,17 @@ services: - "traefik.enable=true" # Router Configuration - - "traefik.http.routers.server.rule=Host(`${BASE_URL_FQDN}`)" - - "traefik.http.routers.server.entrypoints=websecure" + # - "traefik.http.routers.server.rule=Host(`${BASE_URL_FQDN}`)" + - "traefik.http.routers.server.rule=PathPrefix(`/`)" + - "traefik.http.routers.server.entrypoints=server" - "traefik.http.routers.server.middlewares=cors,security,block-sensitive" - - "traefik.http.routers.server.tls.certresolver=tlsresolver" + # - "traefik.http.routers.server.tls.certresolver=tlsresolver" - # TLS Configuration - - "traefik.tls.options.default.minVersion=VersionTLS12" - - "traefik.tls.options.default.sniStrict=true" - - "traefik.tls.options.default.cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - - "traefik.tls.options.default.curvePreferences=CurveP521,CurveP384" + # # TLS Configuration + # - "traefik.tls.options.default.minVersion=VersionTLS12" + # - "traefik.tls.options.default.sniStrict=true" + # - "traefik.tls.options.default.cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + # - "traefik.tls.options.default.curvePreferences=CurveP521,CurveP384" # Middleware: CORS Headers - "traefik.http.middlewares.cors.headers.accesscontrolallowmethods=GET,POST,PATCH,DELETE" @@ -99,14 +101,16 @@ services: - "traefik.http.middlewares.block-sensitive.redirectregex.replacement=https://www.youtube.com/watch?v=xvFZjo5PgG0" - "traefik.http.middlewares.block-sensitive.redirectregex.permanent=true" + - "traefik.http.services.server.loadbalancer.server.port=3000" + # Auto update image - "com.centurylinklabs.watchtower.enable=true" restart: always networks: - server-network - deploy: - mode: replicated - replicas: 2 + # deploy: + # mode: replicated + # replicas: 2 depends_on: - mongo From b598b844ce17e013e6b609f8ba9741e33828beca Mon Sep 17 00:00:00 2001 From: Morfusee Date: Thu, 31 Jul 2025 14:45:43 +0000 Subject: [PATCH 3/5] Revert: Revert changes to compose.prod.yml --- server/compose.prod.yml | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/server/compose.prod.yml b/server/compose.prod.yml index 65ab246..c3adc68 100644 --- a/server/compose.prod.yml +++ b/server/compose.prod.yml @@ -19,7 +19,6 @@ services: ports: - "80:80" - "443:443" - - "3000:3000" volumes: - ./letsencrypt:/letsencrypt:rw # letsencrypt folder - ./traefik/config:/etc/traefik/config:ro # traefik folder @@ -67,17 +66,16 @@ services: - "traefik.enable=true" # Router Configuration - # - "traefik.http.routers.server.rule=Host(`${BASE_URL_FQDN}`)" - - "traefik.http.routers.server.rule=PathPrefix(`/`)" + - "traefik.http.routers.server.rule=Host(`${BASE_URL_FQDN}`)" - "traefik.http.routers.server.entrypoints=server" - "traefik.http.routers.server.middlewares=cors,security,block-sensitive" - # - "traefik.http.routers.server.tls.certresolver=tlsresolver" + - "traefik.http.routers.server.tls.certresolver=tlsresolver" - # # TLS Configuration - # - "traefik.tls.options.default.minVersion=VersionTLS12" - # - "traefik.tls.options.default.sniStrict=true" - # - "traefik.tls.options.default.cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - # - "traefik.tls.options.default.curvePreferences=CurveP521,CurveP384" + # TLS Configuration + - "traefik.tls.options.default.minVersion=VersionTLS12" + - "traefik.tls.options.default.sniStrict=true" + - "traefik.tls.options.default.cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + - "traefik.tls.options.default.curvePreferences=CurveP521,CurveP384" # Middleware: CORS Headers - "traefik.http.middlewares.cors.headers.accesscontrolallowmethods=GET,POST,PATCH,DELETE" @@ -101,16 +99,14 @@ services: - "traefik.http.middlewares.block-sensitive.redirectregex.replacement=https://www.youtube.com/watch?v=xvFZjo5PgG0" - "traefik.http.middlewares.block-sensitive.redirectregex.permanent=true" - - "traefik.http.services.server.loadbalancer.server.port=3000" - # Auto update image - "com.centurylinklabs.watchtower.enable=true" restart: always networks: - server-network - # deploy: - # mode: replicated - # replicas: 2 + deploy: + mode: replicated + replicas: 2 depends_on: - mongo From 416495accac37ffbaf753982bed64f10305b206e Mon Sep 17 00:00:00 2001 From: Morfusee Date: Thu, 31 Jul 2025 14:46:28 +0000 Subject: [PATCH 4/5] UPDATE: Add new compose file for hosting on home server --- server/compose.home.yml | 114 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 server/compose.home.yml diff --git a/server/compose.home.yml b/server/compose.home.yml new file mode 100644 index 0000000..42bf52a --- /dev/null +++ b/server/compose.home.yml @@ -0,0 +1,114 @@ +services: + + # To prevent mounting docker.sock, which is a security risk + socket-proxy: + image: tecnativa/docker-socket-proxy + environment: + CONTAINERS: 1 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + networks: + - socket-proxy-network + + reverse-proxy: + image: traefik:latest + command: + - "--configFile=/etc/traefik/config/static.yml" + security_opt: + - no-new-privileges:true + ports: + - "80:80" + - "443:443" + - "3000:3000" + volumes: + - ./letsencrypt:/letsencrypt:rw # letsencrypt folder + - ./traefik/config:/etc/traefik/config:ro # traefik folder + - ./traefik/logs:/logs # traefik folder + environment: + BASE_URL_FQDN: ${BASE_URL_FQDN} + CLIENT_URL: ${CLIENT_URL} + restart: always + networks: + - server-network + - socket-proxy-network + depends_on: + - socket-proxy + + mongo: + image: mongo:latest + environment: + MONGO_INITDB_ROOT_USERNAME: ${MONGO_USERNAME} + MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASSWORD} + MONGO_INITDB_DATABASE: FERD + INIT_MONGO_USERNAME: ${MONGO_USERNAME} + INIT_MONGO_PASSWORD: ${MONGO_PASSWORD} + INIT_MONGO_DATABASE: FERD + volumes: + - ./mongodb-data:/data/db + - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro + restart: always + networks: + - server-network + + server: + image: ghcr.io/morfusee/ferd-server:latest + environment: + SESSION_KEY: ${SESSION_KEY} + SERVICE_ACCOUNT: ${SERVICE_ACCOUNT} + GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID} + GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET} + CLIENT_URL: ${CLIENT_URL} + BASE_URL: ${BASE_URL} + MONGO_DOCKER_URI: ${MONGO_DOCKER_URI} + IS_DOCKERIZED: true + labels: + # Since you have two replicas, you can't put all of these inside dynamic.yml :( + # Enable Traefik for this service + - "traefik.enable=true" + + # Router Configuration + - "traefik.http.routers.server.rule=Host(`api.ferd.mcube.uk`)" + - "traefik.http.routers.server.entrypoints=web" + + # Auto update image + - "com.centurylinklabs.watchtower.enable=true" + restart: always + networks: + - server-network + deploy: + mode: replicated + replicas: 2 + depends_on: + - mongo + + watchtower: + image: containrrr/watchtower + command: + - "--label-enable" + - "--interval" + - "30" + - "--rolling-restart" + environment: + WATCHTOWER_CLEANUP: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + restart: always + + # cloudflared: + # image: cloudflare/cloudflared:latest + # restart: unless-stopped + # command: tunnel --no-autoupdate run + # environment: + # TUNNEL_TOKEN: ${TUNNEL_TOKEN} + # networks: # This should be set to enable http://server:3000 as a URL + # - server-network + +networks: + server-network: + driver: bridge + socket-proxy-network: + driver: bridge + +# When reusing this compose file, please create the following folders: +# - letsencrypt +# - traefik \ No newline at end of file From f56369da4c273ef284ee1cb9eab030db3c0f7c6f Mon Sep 17 00:00:00 2001 From: Morfusee Date: Thu, 31 Jul 2025 14:47:10 +0000 Subject: [PATCH 5/5] UPDATE: Comment redirection of HTTP to HTTPS in static.yml --- server/traefik/config/static.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/server/traefik/config/static.yml b/server/traefik/config/static.yml index 0e1c715..eedfb70 100644 --- a/server/traefik/config/static.yml +++ b/server/traefik/config/static.yml @@ -12,15 +12,13 @@ accessLog: entryPoints: web: address: ":80" - http: - redirections: - entryPoint: - to: websecure - scheme: https + # http: + # redirections: + # entryPoint: + # to: websecure + # scheme: https websecure: address: ":443" - server: - address: ":3000" providers: docker: