forked from chibisafe/chibisafe
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'evanmn-safe.fiery.me' into safe.fiery.me
- Loading branch information
Showing
5 changed files
with
130 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
EMAIL=email@example.org | ||
DOMAIN=MY-DOMAIN.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,23 @@ | ||
FROM node:9 | ||
FROM node:lts-alpine | ||
|
||
LABEL name "lolisafe" | ||
LABEL name "lolisafe-bobbywibowo" | ||
LABEL version "3.0.0" | ||
LABEL maintainer "iCrawl <icrawltogo@gmail.com>" | ||
LABEL maintainer "evanmn <docker@evan.mn>" | ||
|
||
WORKDIR /usr/src/lolisafe | ||
|
||
COPY package.json yarn.lock ./ | ||
|
||
RUN sh -c 'echo "deb http://www.deb-multimedia.org jessie main" >> /etc/apt/sources.list' \ | ||
&& apt-key adv --keyserver keyring.debian.org --recv-keys 5C808C2B65558117 \ | ||
&& apt-get update \ | ||
&& apt-get install -y ffmpeg graphicsmagick \ | ||
&& yarn install | ||
RUN apk add --no-cache --virtual build-dependencies python make g++ && apk add --no-cache ffmpeg | ||
|
||
COPY . . | ||
ADD config.sample.js config.js | ||
|
||
RUN yarn install | ||
|
||
RUN apk update | ||
|
||
RUN apk del build-dependencies | ||
|
||
COPY . . | ||
EXPOSE 9999 | ||
CMD ["node", "lolisafe.js"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
version: '3.8' | ||
|
||
networks: | ||
net: | ||
driver: bridge | ||
|
||
services: | ||
safe: | ||
image: lolisafe/lolisafe | ||
volumes: | ||
- ./config.js:/usr/src/lolisafe/config.js:ro | ||
- ./uploads:/usr/src/lolisafe/uploads | ||
restart: unless-stopped | ||
networks: | ||
- net | ||
|
||
nginx: | ||
image: nginx | ||
volumes: | ||
- ./nginx.docker.conf:/etc/nginx/conf.d/default.conf:ro | ||
- ./uploads:/uploads | ||
expose: | ||
- 80 | ||
restart: unless-stopped | ||
depends_on: | ||
- safe | ||
networks: | ||
- net | ||
labels: | ||
- 'traefik.enable=true' | ||
- 'traefik.http.routers.safe.rule=Host(`${DOMAIN}`)' | ||
- 'traefik.http.routers.safe.entrypoints=https' | ||
- 'traefik.http.routers.safe.tls=true' | ||
- 'traefik.http.routers.safe.tls.certresolver=letsencrypt' | ||
|
||
traefik: | ||
image: traefik:latest | ||
container_name: traefik | ||
volumes: | ||
- ./traefik/acme.json:/acme.json | ||
- /var/run/docker.sock:/var/run/docker.sock | ||
networks: | ||
- net | ||
ports: | ||
- 80:80 | ||
- 443:443 | ||
command: | ||
- '--log.level=INFO' | ||
- '--providers.docker=true' | ||
- '--providers.docker.exposedByDefault=false' | ||
- '--entrypoints.http=true' | ||
- '--entrypoints.http.address=:80' | ||
- '--certificatesresolvers.letsencrypt.acme.email=${EMAIL}' | ||
- '--certificatesresolvers.letsencrypt.acme.storage=acme.json' | ||
- '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http' | ||
- '--entrypoints.http.http.redirections.entrypoint.to=https' | ||
- '--entrypoints.http.http.redirections.entrypoint.scheme=https' | ||
- '--entrypoints.https=true' | ||
- '--entrypoints.https.address=:443' | ||
restart: unless-stopped | ||
depends_on: | ||
- nginx | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
upstream backend { | ||
server safe:9999; # Change to the port you specified on lolisafe | ||
} | ||
|
||
map $sent_http_content_type $charset { | ||
~^text/ utf-8; | ||
} | ||
|
||
server { | ||
listen 80; | ||
|
||
client_max_body_size 10000M; # Change this to the max file size you want to allow | ||
|
||
charset $charset; | ||
charset_types *; | ||
|
||
# Uncomment if you are running lolisafe behind CloudFlare. | ||
# This requires NGINX compiled from source with: | ||
# --with-http_realip_module | ||
#include /path/to/lolisafe/real-ip-from-cf; | ||
|
||
location / { | ||
add_header Access-Control-Allow-Origin *; | ||
root /uploads; | ||
try_files $uri @proxy; | ||
} | ||
|
||
location @proxy { | ||
proxy_pass http://backend; | ||
proxy_redirect off; | ||
proxy_http_version 1.1; | ||
|
||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection "upgrade"; | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $remote_addr; | ||
proxy_set_header X-Forwarded-Host $host; | ||
proxy_set_header X-Forwarded-Port $server_port; | ||
proxy_set_header X-Forwarded-Protocol $scheme; | ||
proxy_set_header X-NginX-Proxy true; | ||
|
||
# Enabling these may help with clients with slow upload speeds. | ||
#proxy_connect_timeout 300s; | ||
#proxy_send_timeout 300s; | ||
#proxy_read_timeout 600s; | ||
#end_timeout 300s; | ||
} | ||
} |