diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..ea3bec0 --- /dev/null +++ b/.env.example @@ -0,0 +1,2 @@ +EMAIL=email@example.org +DOMAIN=MY-DOMAIN.com diff --git a/config.sample.js b/config.sample.js index c2bf5d4..698df28 100644 --- a/config.sample.js +++ b/config.sample.js @@ -24,9 +24,11 @@ module.exports = { Both cases require you to type the domain where the files will be served on the `domain` key below. Which one you use is ultimately up to you. + + Leave this as "false" if using docker. */ serveFilesWithNode: false, - domain: 'https://lolisafe.moe', + domain: 'https://xml.bz', /* If you are serving your files with a different domain than your lolisafe homepage, @@ -36,7 +38,7 @@ module.exports = { homeDomain: null, /* - Port on which to run the server. + Port on which to run the server. Do not change this if using docker. Change in .env. */ port: 9999, diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..a882ebf --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,63 @@ +version: '3.8' + +networks: + net: + driver: bridge + +services: + safe: + image: lolisafe/lolisafe + volumes: + - ./config.js:/usr/src/lolisafe/config.js:ro + - ./uploads:/usr/src/lolisafe/uploads + restart: unless-stopped + networks: + - net + + nginx: + image: nginx + volumes: + - ./nginx.docker.conf:/etc/nginx/conf.d/default.conf:ro + - ./uploads:/uploads + expose: + - 80 + restart: unless-stopped + depends_on: + - safe + networks: + - net + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.xml.rule=Host(`${DOMAIN}`)' + - 'traefik.http.routers.xml.entrypoints=https' + - 'traefik.http.routers.xml.tls=true' + - 'traefik.http.routers.xml.tls.certresolver=letsencrypt' + + traefik: + image: traefik:latest + container_name: traefik + volumes: + - ./traefik/acme.json:/acme.json + - /var/run/docker.sock:/var/run/docker.sock + networks: + - net + ports: + - 80:80 + - 443:443 + command: + - '--log.level=INFO' + - '--providers.docker=true' + - '--providers.docker.exposedByDefault=false' + - '--entrypoints.http=true' + - '--entrypoints.http.address=:80' + - '--certificatesresolvers.letsencrypt.acme.email=${EMAIL}' + - '--certificatesresolvers.letsencrypt.acme.storage=acme.json' + - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http' + - '--entrypoints.http.http.redirections.entrypoint.to=https' + - '--entrypoints.http.http.redirections.entrypoint.scheme=https' + - '--entrypoints.https=true' + - '--entrypoints.https.address=:443' + restart: unless-stopped + depends_on: + - nginx + diff --git a/nginx.docker.conf b/nginx.docker.conf new file mode 100644 index 0000000..941f172 --- /dev/null +++ b/nginx.docker.conf @@ -0,0 +1,41 @@ +upstream backend { + server safe:9999; # Change to the port you specified on lolisafe +} + +map $sent_http_content_type $charset { + ~^text/ utf-8; +} + +server { + listen 80; + + client_max_body_size 10000M; # Change this to the max file size you want to allow + + charset $charset; + charset_types *; + + # Uncomment if you are running lolisafe behind CloudFlare. + # This requires NGINX compiled from source with: + # --with-http_realip_module + #include /path/to/lolisafe/real-ip-from-cf; + + location / { + add_header Access-Control-Allow-Origin *; + root /uploads; + try_files $uri @proxy; + } + + location @proxy { + proxy_set_header X-Real-IP $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass http://backend; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + proxy_set_header X-Forwarded-Proto $scheme; + } +}