From a8a4567fd30f53632cb1dab193cd67ea3c6495c4 Mon Sep 17 00:00:00 2001 From: scoot Date: Sun, 24 May 2026 14:48:52 +0200 Subject: [PATCH] VPN: wireguard sidecar, nginx upstreams to 10.0.0.2, backend ports bound to wg0, updated docs --- 23may2026-Q-server-prototype.md | 1 + backend/docker-compose.yml | 8 +-- tebarbi@192.168.1.188 | 83 -------------------------------- vps/docker-compose.yml | 32 +++++++----- vps/nginx/conf.d/default.conf | 4 +- vps/nginx/stream.d/postgres.conf | 2 +- vps/wireguard/wg_confs/wg0.conf | 9 ++++ 7 files changed, 38 insertions(+), 101 deletions(-) create mode 120000 23may2026-Q-server-prototype.md delete mode 100644 tebarbi@192.168.1.188 create mode 100644 vps/wireguard/wg_confs/wg0.conf diff --git a/23may2026-Q-server-prototype.md b/23may2026-Q-server-prototype.md new file mode 120000 index 0000000..78ddde6 --- /dev/null +++ b/23may2026-Q-server-prototype.md @@ -0,0 +1 @@ +/home/allan/Raspen/Raspxfer/AI-tx/23may2026-Q-server-prototype.md \ No newline at end of file diff --git a/backend/docker-compose.yml b/backend/docker-compose.yml index c17301d..3b9d8b9 100644 --- a/backend/docker-compose.yml +++ b/backend/docker-compose.yml @@ -29,7 +29,7 @@ services: depends_on: - postgres ports: - - "8080:80" + - "10.0.0.2:8080:80" networks: - backend @@ -52,8 +52,8 @@ services: - GITEA__server__HTTP_PORT=3000 - GITEA__security__INSTALL_LOCK=true ports: - - "3000:3000" - - "2222:22" + - "10.0.0.2:3000:3000" + - "10.0.0.2:2222:22" networks: - backend @@ -67,7 +67,7 @@ services: - POSTGRES_USER=${PG_USER} - POSTGRES_PASSWORD=${PG_PASSWORD} ports: - - "5432:5432" + - "10.0.0.2:5432:5432" networks: - backend diff --git a/tebarbi@192.168.1.188 b/tebarbi@192.168.1.188 deleted file mode 100644 index c17301d..0000000 --- a/tebarbi@192.168.1.188 +++ /dev/null @@ -1,83 +0,0 @@ -services: - postgres: - image: postgres:16-alpine - restart: unless-stopped - volumes: - - postgres_data:/var/lib/postgresql/data - environment: - - POSTGRES_DB=${POSTGRES_DB} - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - networks: - - backend - - nextcloud: - image: nextcloud:latest - restart: unless-stopped - volumes: - - nextcloud_data:/var/www/html/data - - nextcloud_config:/var/www/html/config - environment: - - POSTGRES_HOST=postgres - - POSTGRES_DB=${POSTGRES_DB} - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - - TRUSTED_DOMAINS=${TRUSTED_DOMAINS} - - OVERWRITEPROTOCOL=https - depends_on: - - postgres - ports: - - "8080:80" - networks: - - backend - - gitea: - image: gitea/gitea:latest - restart: unless-stopped - volumes: - - gitea_data:/data - expose: - - "3000" - - "2222" - environment: - - USER_UID=1000 - - USER_GID=1000 - - GITEA__database__DB_TYPE=sqlite3 - - GITEA__server__PROTOCOL=http - - GITEA__server__DOMAIN=${GITEA_DOMAIN} - - GITEA__server__ROOT_URL=https://${GITEA_DOMAIN}/ - - GITEA__server__SSH_PORT=2222 - - GITEA__server__HTTP_PORT=3000 - - GITEA__security__INSTALL_LOCK=true - ports: - - "3000:3000" - - "2222:22" - networks: - - backend - - postgres_remote: - image: postgres:16-alpine - restart: unless-stopped - volumes: - - postgres_remote_data:/var/lib/postgresql/data - environment: - - POSTGRES_DB=${PG_DB} - - POSTGRES_USER=${PG_USER} - - POSTGRES_PASSWORD=${PG_PASSWORD} - ports: - - "5432:5432" - networks: - - backend - -networks: - backend: - driver: bridge - -volumes: - postgres_data: - postgres_remote_data: - nextcloud_data: - nextcloud_config: - gitea_data: diff --git a/vps/docker-compose.yml b/vps/docker-compose.yml index b8d5d39..fd2410d 100644 --- a/vps/docker-compose.yml +++ b/vps/docker-compose.yml @@ -1,20 +1,30 @@ services: + wireguard: + image: linuxserver/wireguard + cap_add: + - NET_ADMIN + - NET_RAW + - SYS_MODULE + sysctls: + net.ipv4.conf.all.src_valid_mark: "1" + volumes: + - ./wireguard:/config + ports: + - "80:80" + - "443:443" + - "5432:5432" + - "51820:51820/udp" + restart: unless-stopped + nginx: image: nginx:alpine - restart: unless-stopped + network_mode: "service:wireguard" + depends_on: + - wireguard volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/conf.d:/etc/nginx/conf.d:ro - ./nginx/stream.d:/etc/nginx/stream.d:ro - ./ssl:/etc/nginx/certs:ro - ./html:/usr/share/nginx/html:ro - ports: - - "80:80" - - "443:443" - - "5432:5432" - networks: - - frontend - -networks: - frontend: - driver: bridge + restart: unless-stopped diff --git a/vps/nginx/conf.d/default.conf b/vps/nginx/conf.d/default.conf index 9439c5d..265aa27 100644 --- a/vps/nginx/conf.d/default.conf +++ b/vps/nginx/conf.d/default.conf @@ -1,9 +1,9 @@ upstream nextcloud { - server 192.168.1.188:8080; + server 10.0.0.2:8080; } upstream gitea { - server 192.168.1.188:3000; + server 10.0.0.2:3000; } server { diff --git a/vps/nginx/stream.d/postgres.conf b/vps/nginx/stream.d/postgres.conf index a5e8c6e..99cd840 100644 --- a/vps/nginx/stream.d/postgres.conf +++ b/vps/nginx/stream.d/postgres.conf @@ -1,5 +1,5 @@ upstream postgres_backend { - server 192.168.1.188:5432; + server 10.0.0.2:5432; } server { diff --git a/vps/wireguard/wg_confs/wg0.conf b/vps/wireguard/wg_confs/wg0.conf new file mode 100644 index 0000000..254f419 --- /dev/null +++ b/vps/wireguard/wg_confs/wg0.conf @@ -0,0 +1,9 @@ +[Interface] +Address = 10.0.0.1/30 +PrivateKey = 0Junydsr+YBVFgkHbDEEmWAXAhR7JCpSWyT1yzSzjFU= + +[Peer] +PublicKey = 02k4BaH3iZTQnPZe7zifcaS9n8xxrwCLyIOLTBWLdgk= +Endpoint = 192.168.1.188:51820 +AllowedIPs = 10.0.0.2/32 +PersistentKeepalive = 25