scoot/selfhosted2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VPN: wireguard sidecar, nginx upstreams to 10.0.0.2, backend ports bound to wg0, updated docs

Browse Source
This commit is contained in:
scoot
2026-05-24 14:48:52 +02:00
parent 5e97218dc8
commit a8a4567fd3
7 changed files with 38 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
23may2026-Q-server-prototype.md
Symlink
+1
View File
@@ -0,0 +1 @@
/home/allan/Raspen/Raspxfer/AI-tx/23may2026-Q-server-prototype.md
backend/docker-compose.yml
+4 -4
View File
@@ -29,7 +29,7 @@ services:
depends_on:
- postgres
ports:
- "8080:80"
- "10.0.0.2:8080:80"
networks:
- backend
@@ -52,8 +52,8 @@ services:
- GITEA__server__HTTP_PORT=3000
- GITEA__security__INSTALL_LOCK=true
ports:
- "3000:3000"
- "2222:22"
- "10.0.0.2:3000:3000"
- "10.0.0.2:2222:22"
networks:
- backend
@@ -67,7 +67,7 @@ services:
- POSTGRES_USER=${PG_USER}
- POSTGRES_PASSWORD=${PG_PASSWORD}
ports:
- "5432:5432"
- "10.0.0.2:5432:5432"
networks:
- backend
tebarbi@192.168.1.188
-83
View File
@@ -1,83 +0,0 @@
services:
postgres:
image: postgres:16-alpine
restart: unless-stopped
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
networks:
- backend
nextcloud:
image: nextcloud:latest
restart: unless-stopped
volumes:
- nextcloud_data:/var/www/html/data
- nextcloud_config:/var/www/html/config
environment:
- POSTGRES_HOST=postgres
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- TRUSTED_DOMAINS=${TRUSTED_DOMAINS}
- OVERWRITEPROTOCOL=https
depends_on:
- postgres
ports:
- "8080:80"
networks:
- backend
gitea:
image: gitea/gitea:latest
restart: unless-stopped
volumes:
- gitea_data:/data
expose:
- "3000"
- "2222"
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=sqlite3
- GITEA__server__PROTOCOL=http
- GITEA__server__DOMAIN=${GITEA_DOMAIN}
- GITEA__server__ROOT_URL=https://${GITEA_DOMAIN}/
- GITEA__server__SSH_PORT=2222
- GITEA__server__HTTP_PORT=3000
- GITEA__security__INSTALL_LOCK=true
ports:
- "3000:3000"
- "2222:22"
networks:
- backend
postgres_remote:
image: postgres:16-alpine
restart: unless-stopped
volumes:
- postgres_remote_data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=${PG_DB}
- POSTGRES_USER=${PG_USER}
- POSTGRES_PASSWORD=${PG_PASSWORD}
ports:
- "5432:5432"
networks:
- backend
networks:
backend:
driver: bridge
volumes:
postgres_data:
postgres_remote_data:
nextcloud_data:
nextcloud_config:
gitea_data:
vps/docker-compose.yml
+21 -11
View File
@@ -1,20 +1,30 @@
services:
wireguard:
image: linuxserver/wireguard
cap_add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
sysctls:
net.ipv4.conf.all.src_valid_mark: "1"
volumes:
- ./wireguard:/config
ports:
- "80:80"
- "443:443"
- "5432:5432"
- "51820:51820/udp"
restart: unless-stopped
nginx:
image: nginx:alpine
restart: unless-stopped
network_mode: "service:wireguard"
depends_on:
- wireguard
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro
- ./nginx/stream.d:/etc/nginx/stream.d:ro
- ./ssl:/etc/nginx/certs:ro
- ./html:/usr/share/nginx/html:ro
ports:
- "80:80"
- "443:443"
- "5432:5432"
networks:
- frontend
networks:
frontend:
driver: bridge
restart: unless-stopped
vps/nginx/conf.d/default.conf
+2 -2
View File
@@ -1,9 +1,9 @@
upstream nextcloud {
server 192.168.1.188:8080;
server 10.0.0.2:8080;
}
upstream gitea {
server 192.168.1.188:3000;
server 10.0.0.2:3000;
}
server {
vps/nginx/stream.d/postgres.conf
+1 -1
View File
@@ -1,5 +1,5 @@
upstream postgres_backend {
server 192.168.1.188:5432;
server 10.0.0.2:5432;
}
server {
vps/wireguard/wg_confs/wg0.conf
+9
View File
@@ -0,0 +1,9 @@
[Interface]
Address = 10.0.0.1/30
PrivateKey = 0Junydsr+YBVFgkHbDEEmWAXAhR7JCpSWyT1yzSzjFU=
[Peer]
PublicKey = 02k4BaH3iZTQnPZe7zifcaS9n8xxrwCLyIOLTBWLdgk=
Endpoint = 192.168.1.188:51820
AllowedIPs = 10.0.0.2/32
PersistentKeepalive = 25