commit 468974927cea6f3394c844dbeb1994ddebdeb851 Author: Ludwig Lehnert Date: Mon Jan 12 16:16:35 2026 +0100 initial commit diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..a1e2ea7 --- /dev/null +++ b/.env.example @@ -0,0 +1,2 @@ +SERVICE_FQDN=files.example.com +LETSENCRYPT_EMAIL=user@example.com diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c998df3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.env +.logins +traefik/ diff --git a/.logins.example b/.logins.example new file mode 100644 index 0000000..884e0fc --- /dev/null +++ b/.logins.example @@ -0,0 +1,8 @@ +# This file stores user logins (and this file only) +# There is no other way to add user logins +# Comments in this file may only start at the very beginning of a line + +# password is bcrypt of 123456 +# the format per line is ;; +foo@example.com;;$2a$12$JchPr84/tmKH2muqomK1qe/cj/X0PwcooA5ugynNn3HjU/wpxoNEe + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..82ec578 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,55 @@ +services: + traefik: + image: docker.io/library/traefik:v3.6 + container_name: traefik + command: + # Core + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + # Entry points + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + # Let's Encrypt + - "--certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" + + ports: + - "80:80" + - "443:443" + + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "./traefik/acme.json:/letsencrypt/acme.json" + + restart: unless-stopped + + webserver: + build: + context: . + dockerfile: webserver.Dockerfile + + container_name: webserver + + volumes: + # - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "/storagebox:/usr/local/apache2/htdocs:ro" + + labels: + - "traefik.enable=true" + # HTTPS router for apache subpath + - "traefik.http.routers.webserver.rule=Host(`${SERVICE_FQDN}`)" + - "traefik.http.routers.webserver.entrypoints=websecure" + - "traefik.http.routers.webserver.tls=true" + - "traefik.http.routers.webserver.tls.certresolver=letsencrypt" + - "traefik.http.routers.webserver.service=webserver-svc" + # Optional HTTP redirect + - "traefik.http.routers.webserver-http.rule=Host(`${SERVICE_FQDN}`)" + - "traefik.http.routers.webserver-http.entrypoints=web" + - "traefik.http.routers.webserver-http.middlewares=webserver-https-redirect" + - "traefik.http.middlewares.webserver-https-redirect.redirectscheme.scheme=https" + # Service definition: tell Traefik which port webserver listens on inside the container + - "traefik.http.services.webserver-svc.loadbalancer.server.port=80" + + restart: unless-stopped diff --git a/initialize.sh b/initialize.sh new file mode 100755 index 0000000..dee63b9 --- /dev/null +++ b/initialize.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +cd "$(dirname "$0")" + +mkdir -p ./traefik +touch traefik/acme.json +chmod 600 traefik/acme.json + +if [ ! -f .logins ]; then + cp .logins.example .logins +fi + +if [ ! -f .env ]; then + cp .env.example .env +fi diff --git a/webserver.Dockerfile b/webserver.Dockerfile new file mode 100644 index 0000000..72b1cfe --- /dev/null +++ b/webserver.Dockerfile @@ -0,0 +1,24 @@ +FROM httpd:2.4 + +# Enable modules + configure DocumentRoot permissions, .htaccess, and icons for autoindex +RUN sed -i \ + -e 's/^#LoadModule rewrite_module/LoadModule rewrite_module/' \ + -e 's/^#LoadModule headers_module/LoadModule headers_module/' \ + -e 's/^#LoadModule autoindex_module/LoadModule autoindex_module/' \ + -e 's/^#LoadModule alias_module/LoadModule alias_module/' \ + /usr/local/apache2/conf/httpd.conf \ + && printf '\n# --- Custom for file listing + .htaccess ---\n\ +Include conf/extra/httpd-autoindex.conf\n\ +\n\ +Alias /icons/ "/usr/local/apache2/icons/"\n\ +\n\ + Require all granted\n\ +\n\ +\n\ +\n\ + Options Indexes FollowSymLinks\n\ + AllowOverride All\n\ + Require all granted\n\ +\n' >> /usr/local/apache2/conf/httpd.conf + +EXPOSE 80