|Giles Bradshaw 116abd13ee||5 months ago|
|.drone||10 months ago|
|git-hooks||1 year ago|
|my-nginx||5 months ago|
|my-nginx-drone||10 months ago|
|ngrok-gitea||11 months ago|
|registry||1 year ago|
|.gitignore||1 year ago|
|.versionrc||1 year ago|
|CHANGELOG.md||11 months ago|
|README.md||6 months ago|
|docker-compose-80-drone.yml||11 months ago|
|docker-compose-80-git.yml||11 months ago|
|docker-compose-443-drone.yml||11 months ago|
|docker-compose-443-git.yml||11 months ago|
|docker-compose-letsencrypt-drone.yml||11 months ago|
|docker-compose-letsencrypt-git.yml||11 months ago|
|docker-compose-letsencrypt-huginn.yml||11 months ago|
|docker-compose-ngrok.yml||11 months ago|
|docker-compose.yml||6 months ago|
|make-ca.sh||1 year ago|
|make-cert.sh||11 months ago|
|package.json||11 months ago|
|renovate.json||1 year ago|
|yarn.lock||1 year ago|
Nginx reverse proxies to expose other services on the internet. These use the https://letsencrypt.org/ service to obtain and expose ssl certificates.
Ngrok service tunneling to https://ngrok.com/ this allows services to be given public URLs even though they have no fixed public IP (ie behind NAT router).
A docker registry for internal use.
This is the email address to use with letsencrypt.
The domain that drone will be served on. If using ngrok this will need to be configured in ngrok and your dns.
Leave blank if you have no drone.
The domain that huggin will be served on. If using ngrok this will need to be configured in ngrok and your dns.
Leave blank if you have no huginn.
The domain which all other services will be exposed on (either at the root or in sub folders.
This is the dns address of the local registry service.
note the trailing slash.
Password for the local docker registry.
Whatever you want.
If using ngrok this is the auth-token needed to access it.
git clone [repo] /stack/proxy
nb you only need ngrok if you are behind a nat router (ie on ‘home network’).
you need to manually set up the above secrets as environment variables capitalising them and replacing hyphens with underscores.
(you can leave out huginn domain, in fact you can leave out any of them). (set REGISTRY_PASSWORD and NEW_REGISTRY_PASSWORD the same).
Note the trailing slash on LOCAL_DOCKER_REGISTRY.
If using ngrok the domains should be setup there.
export CERTBOT_EMAILfirstname.lastname@example.org' export DRONE_DOMAIN='drone.example.com' export HUGINN_DOMAIN='huginn.example.com' export GIT_DOMAIN='example.com' export LOCAL_DOCKER_REGISTRY='pc-name.local-domain:5003/' export NGROK_AUTH_TOKEN='get this from ngrok' export REGISTRY_PASSWORD='make something up' export NEW_REGISTRY_PASSWORD='make something up'
The authorisation file configures the name and password needed to access registry
docker run --entrypoint htpasswd registry:2.7.0 -Bbn [user] [password] > .certificates/registry-password.txt
It makes a self signed certificate authority which gets copied to /etc/docker/certs.d for the registry domain and a tls certificate for the registry.
$REGISTRY_DOMAIN is the domain of the local registry eg registry.local-domain
sh make-ca.sh $REGISTRY_DOMAIN:5003 sh make-cert.sh $REGISTRY_DOMAIN registry
if you are going to use a self signed certificate to serve over the web:
(where $DOMAIN is the domain to be served - eg sigyl.com)
sh make-cert.sh $DOMAIN web
These are the images that are used in the stack.
This is the network that links all the stack together
docker network create --driver=overlay --attachable externalnet
you’ll be the manager
where IP is the IP address you want to use to communicate with other nodes (if there are any)
docker swarm init --advertise-addr $IP
(get your node id)
docker node ls
docker node update --label-add com.sigyl.git-stack=yes [node id]
curl to the domains you are using.