From d8cdf12ff7ef70548552b6b2ed4b95d2ffe644f2 Mon Sep 17 00:00:00 2001 From: simatec Date: Wed, 9 Mar 2022 14:28:14 +0100 Subject: [PATCH] (simatec) Let's Encrypt added --- README.md | 50 +------- .../piler-default.yml | 4 +- config/piler-ssl.yml | 109 ++++++++++++++++++ install-piler.sh | 97 +++++++++++++--- piler.conf | 13 +++ 5 files changed, 208 insertions(+), 65 deletions(-) rename docker-compose.yml => config/piler-default.yml (97%) create mode 100644 config/piler-ssl.yml diff --git a/README.md b/README.md index 93c2845..5a19405 100644 --- a/README.md +++ b/README.md @@ -49,12 +49,6 @@ chmod +x /usr/local/bin/docker-compose reboot now ``` -* remove postfix - -``` -apt purge postfix -y -``` - * Clone repository ``` @@ -78,53 +72,21 @@ bash install-piler.sh Congratulations your Piler is installed... -The Piler can now be reached at http://your-domain:8080. +If you have Let's Encrypt activated, you can reach the Piler at https://your-piler-domain + +If Let's Encrypt is disabled, the Piler is at http://your-piler-domain or at http://your-local-IP > After installation, any changes can be made in piler.conf at any time and the install script can then be run again. -****************************************************************************************************** - -### SSL certificates - -If you want to run your Piler with SSL certificates, which always makes sense if the Piler isn't running locally, then I recommend the Nginx proxy manager for Docker. - -I built my setup with the Nginx. - -The Ngnix can be installed with the following compose. - -Create a docker-compose.yml file similar to this: - -``` -version: '3' -services: - app: - image: 'jc21/nginx-proxy-manager:latest' - restart: unless-stopped - ports: - - '80:80' - - '81:81' - - '443:443' - volumes: - - ./data:/data - - ./letsencrypt:/etc/letsencrypt -``` - -``` -docker-compose up -d -``` - -Log in to the Admin UI -When your docker container is running, connect to it on port 81 for the admin interface. Sometimes this can take a little bit because of the entropy of keys. - -http://your-domain:81 - - ********************************************************************************************************** ## Changelog +### 0.2.0 (09.03.2022) +* (simatec) Let's Encrypt added + ### 0.1.0 (08.03.2022) * (simatec) first beta diff --git a/docker-compose.yml b/config/piler-default.yml similarity index 97% rename from docker-compose.yml rename to config/piler-default.yml index 2ad8eb8..8b6a471 100644 --- a/docker-compose.yml +++ b/config/piler-default.yml @@ -51,8 +51,8 @@ services: - TZ=Europe/Berlin ports: - "25:25" - - "8080:80" - - "8443:443" + - "80:80" + - "443:443" volumes: - piler_etc:/etc/piler - piler_var:/var/piler diff --git a/config/piler-ssl.yml b/config/piler-ssl.yml new file mode 100644 index 0000000..814c4c3 --- /dev/null +++ b/config/piler-ssl.yml @@ -0,0 +1,109 @@ +version: "3" +services: + nginx-proxy: + image: jwilder/nginx-proxy + container_name: nginx-proxy + restart: always + ports: + - "80:80" + - "443:443" + volumes: + - ./nginx-data/certs:/etc/nginx/certs + - ./nginx-data/vhost.d:/etc/nginx/vhost.d + - ./nginx-data/html:/usr/share/nginx/html + - /var/run/docker.sock:/tmp/docker.sock:ro + nginx-letsencrypt: + image: jrcs/letsencrypt-nginx-proxy-companion + container_name: nginx-letsencrypt + restart: always + volumes_from: + - nginx-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - DEFAULT_EMAIL=${LETSENCRYPT_EMAIL} + mysql: + image: mariadb:10.5 + container_name: mysql-piler + restart: unless-stopped + cap_drop: + - ALL + cap_add: + - dac_override + - setuid + - setgid + environment: + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_RANDOM_ROOT_PASSWORD=yes + - "TZ=Europe/Berlin" + command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci + healthcheck: + test: mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} piler --execute "show tables" + interval: "60s" + timeout: "5s" + start_period: "15s" + retries: 3 + volumes: + - db_data:/var/lib/mysql + + memcached: + image: memcached:latest + container_name: memcached-piler + restart: unless-stopped + cap_drop: + - ALL + command: -m 64 + + piler: + image: sutoj/piler:1.3.11 + container_name: piler + restart: unless-stopped + expose: + - "80" + hostname: ${PILER_DOMAIN} + init: true + environment: + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_HOSTNAME=mysql + - PILER_HOSTNAME=${PILER_DOMAIN} + - MEMCACHED_HOST=memcached + - TZ=Europe/Berlin + - VIRTUAL_HOST=${PILER_DOMAIN} + - LETSENCRYPT_HOST=${PILER_DOMAIN} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + ports: + - "25:25" + volumes: + - piler_etc:/etc/piler + - piler_var:/var/piler + - /etc/localtime:/etc/localtime + healthcheck: + test: curl -s smtp://localhost/ + interval: "60s" + timeout: "3s" + start_period: "15s" + retries: 3 + deploy: + resources: + reservations: + memory: 512M + limits: + memory: 512M + + depends_on: + - "memcached" + - "mysql" + +networks: + default: + external: + name: nginx-proxy + +volumes: + db_data: + piler_etc: + piler_var: diff --git a/install-piler.sh b/install-piler.sh index 51ccfa3..9ce83b2 100644 --- a/install-piler.sh +++ b/install-piler.sh @@ -1,22 +1,76 @@ #!/bin/bash +# Colors +if [ -z ${BASH_SOURCE} ]; then + blue=`echo "\e[1m\e[34m"` + green=`echo "\e[1m\e[32m"` + greenBold=`echo "\e[1m\e[1;32m"` + redBold=`echo "\e[1m\e[1;31m"` + red=`echo "\e[1m\e[31m"` + purple=`echo "\e[1m\e[35m"` + bold=`echo "\e[1m"` + normal=`echo "\e[0m"` +else + blue=`echo -e "\e[1m\e[34m"` + green=`echo -e "\e[1m\e[32m"` + greenBold=`echo -e "\e[1m\e[1;32m"` + redBold=`echo -e "\e[1m\e[1;31m"` + puple=`echo -e "\e[1m\e[35m"` + bold=`echo -e "\e[1m"` + normal=`echo -en "\e[0m"` +fi + +HLINE="==================================================================" + . ./piler.conf ln -s ./piler.conf .env +if [ -f /opt/piler-docker/docker-compose.yml ]; then + rm /opt/piler-docker/docker-compose.yml +fi + +if [ "$USE_LETSENCRYPT" = "yes" ]; then + cp /opt/piler-docker/config/piler-ssl.yml /opt/piler-docker/docker-compose.yml +else + cp /opt/piler-docker/config/piler-default.yml /opt/piler-docker/docker-compose.yml +fi + +while true; do + read -ep "Postfix must be uninstalled prior to installation. Do you want to uninstall Postfix now? (y/n): " yn + case $yn in + [Yy]* ) apt purge postfix -y; break;; + [Nn]* ) echo -e "${redBold} The installation process is aborted because Postfix has not been uninstalled.!! ${normal}"; exit;; + * ) echo -e "${red} Please confirm with y or n.";; + esac +done + # docker start echo -echo "===================================" -echo "start docker-compose for Piler" -echo "===================================" +echo "${greenBold}${HLINE}" +echo "${greenBold}start docker-compose for Piler" +echo "${greenBold}${HLINE}${normal}" echo cd /opt/piler-docker + +if [ "$USE_LETSENCRYPT" = "yes" ]; then + if ! docker network ls | grep -o "nginx-proxy"; then + docker network create nginx-proxy + + echo + echo "${blue}${HLINE}" + echo "${blue}docker network created" + echo "${blue}${HLINE}${normal}" + echo + fi +fi + docker-compose up -d echo -echo "===================================" -echo "backup the File config-site.php" -echo "===================================" +echo "${blue}${HLINE}" +echo "${blue}backup the File config-site.php" +echo "${blue}${HLINE}${normal}" echo if [ ! -f /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php.bak ]; then @@ -27,10 +81,11 @@ else fi echo -echo "===================================" -echo "set User settings ..." -echo "===================================" +echo "${blue}${HLINE}" +echo "${blue}set User settings ..." +echo "${blue}${HLINE}${normal}" echo + cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <