crt
/
m169
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Finished Nginx Documentation

This commit is contained in:
crt 2024-07-11 03:40:18 +02:00
parent 61e01998f9
commit 7d05a9d5d5
8 changed files with 277 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -31,3 +31,4 @@ See [Image Builder Readme](image-builder/README.md)
### Project specific image_builder files
All Project files that achieved the goals listen in the [JOURNAL.md](JOURNAL.md) are Documented here : [Realizing Projects](image-builder/README.md)
* With Critical Infrastructure Data left out as it will be used in Production and therefore shouldn't have all its infos displayed publicly

15
image-builder-512mb/README.md
View File

@ -3,7 +3,7 @@
## Nginx Proxy manager
Requirements :
- Nginx WebUI : https://github.com/0xJacky/nginx-ui/tree/dev
- Configs and Websites Stored on seperate Mountpoint for easy reassignement
- Configs and Websites Stored Webserver for easy redeployment and changes
Distro of Choice : Debian
- Why ? : Eases installation of Nginx Plugins if needed and more up to date Nginx versions available compared to alpine
@ -13,21 +13,18 @@ The easiest way to do this is to manually install and configure things how you w
1. Making our Temporary Debian VM, adding the data directory and starting it : `pct create 201 adastor:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst --rootfs local-btrfs:8 --cores 2 --memory 1024 --swap 512 --net0 name=eth0,bridge=vmbr0,ip=dhcp --hostname debian-nginx-temp && pct set 201 -mp0 local-btrfs:8,mp=/data,size=8G && pct start 201`
2. Entering our container : `pct enter 201`
3. Completing a Manual Installation :
3. Completing a Manual Installation of the basics :
```
apt update
apt upgrade
apt autoremove
apt clean
apt upgrade -y
apt install nginx-full curl -y
systemctl enable --now nginx
bash <(curl -L -s https://raw.githubusercontent.com/0xJacky/nginx-ui/master/install.sh) install
systemctl enable --now nginx-ui
sed -i '/include \/etc\/nginx\/sites-enabled\/\*;/a include \/data\/configs\/\*conf;' /etc/nginx/nginx.conf
```
4. Making it a bash script :
See debian-nginx.sh
4. Making it a bash script and implementing our config files aswell as website files :
See debian-nginx.conf
5. Building the Container Image : `./image_builder.sh --param-file debian-nginx.conf`
6. Move to your CT Template dir of choice :`mv ./vzdump-lxc-202-2024_06_29-10_52_05.tar.gz /mnt/pve/adastor/template/cache/debian-nginx-2024-06-29.tar.gz`
7. Enjoy our success and Deploy where needed with our configs in a mountpoint
7. Enjoy our success and Deploy where needed

43
image-builder-512mb/debian-nginx.conf
View File

@ -1,43 +0,0 @@
TEMPLATE=adastor:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst
# Set your Baseimage here
RAM=1024
# Define RAM during setup
SWAP=512
# Define SWAP during setup
CORES=2
# Define Cores during setup
BRIDGE=vmbr0
# Define Network interface during Installation
IP=dhcp
# Define IP During installation (use DHCP, proper static V4 not implemented)
CTID=
# Manually Override CTID, not needed usually
HOSTNAME=debian-nginx
# Set Temporary Hostname
EXPORT_NAME=debian-nginx-image
# Doesnt work anyways so yea
EXPORT_PATH=
# Leave this empty to use the current directory
SCRIPT=debian-nginx.sh
# Leave this empty to use script.sh in the current directory
MIN_ID=200
# Define minimum ID for CT to avoid conflicts with other nodes if in a cluster
STORAGE=local-btrfs
# Set what storage pool to use
DISK_SIZE=8
# Set the default disk size for the container

21
image-builder-512mb/debian-nginx.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
# Ensure the locale environment variables are set correctly
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
# Install locales and configure locale settings
apt-get update
apt-get install -y locales
locale-gen en_US.UTF-8
apt update
apt upgrade -y
apt autoremove -y
apt clean
apt install nginx-full curl -y
systemctl enable --now nginx
bash <(curl -L -s https://raw.githubusercontent.com/0xJacky/nginx-ui/master/install.sh) install
systemctl enable --now nginx-ui
sed -i '/include \/etc\/nginx\/sites-enabled\/\*;/a include \/data\/configs\/\*conf;' /etc/nginx/nginx.conf

30
image-builder-512mb/image_builder.sh
View File

@ -37,7 +37,6 @@ while [[ "$#" -gt 0 ]]; do
--hostname) HOSTNAME="$2"; shift ;;
--export-name) EXPORT_NAME="$2"; shift ;;
--export-path) EXPORT_PATH="$2"; shift ;;
--script) SCRIPT="$2"; shift ;;
--min-id) MIN_ID="$2"; shift ;;
--storage) STORAGE="$2"; shift ;;
--disk-size) DISK_SIZE="$2"; shift ;;
@ -64,7 +63,6 @@ HOSTNAME=${HOSTNAME:-nginx-debian}
EXPORT_NAME=${EXPORT_NAME:-mycontainer_backup}
CURRENT_DIR=$(pwd)
EXPORT_PATH=${EXPORT_PATH:-$CURRENT_DIR}
SCRIPT=${SCRIPT:-$CURRENT_DIR/script.sh}
MIN_ID=${MIN_ID:-200}
STORAGE=${STORAGE:-local-btrfs}
DISK_SIZE=${DISK_SIZE:-8}
@ -72,21 +70,28 @@ MOUNT_POINT=${MOUNT_POINT:-}
PRIVILEGED=${PRIVILEGED:-0}
ROOTFS="${STORAGE}:${DISK_SIZE}"
# Check if the script file exists
if [ ! -f "$SCRIPT" ]; then
echo "Script file $SCRIPT does not exist."
# Check if the script content is provided
if [ -z "$SCRIPT_CONTENT" ]; then
echo "Script content not provided in the parameter file."
exit 1
fi
# Write the script content to a temporary file
TEMP_SCRIPT=$(mktemp)
echo "$SCRIPT_CONTENT" > "$TEMP_SCRIPT"
chmod +x "$TEMP_SCRIPT"
# Check if the container already exists on the local node
if pct status $CTID &>/dev/null; then
echo "VM $CTID already exists on this node."
rm "$TEMP_SCRIPT"
exit 1
fi
# Create the container with the correct storage format
if ! pct create $CTID $TEMPLATE --rootfs $ROOTFS --cores $CORES --memory $RAM --swap $SWAP --net0 name=eth0,bridge=$BRIDGE,ip=$IP --hostname $HOSTNAME --unprivileged $PRIVILEGED; then
echo "Failed to create the container."
rm "$TEMP_SCRIPT"
exit 1
fi
@ -94,6 +99,7 @@ fi
if [ -n "$MOUNT_POINT" ]; then
if ! pct set $CTID -mp0 $MOUNT_POINT,backup=1; then
echo "Failed to set the mount point."
rm "$TEMP_SCRIPT"
exit 1
fi
fi
@ -101,19 +107,25 @@ fi
# Start the container
if ! pct start $CTID; then
echo "Failed to start the container."
rm "$TEMP_SCRIPT"
exit 1
fi
# Run the shell script in the container
if ! pct exec $CTID -- /bin/bash -c "$(cat $SCRIPT)"; then
# Copy the temporary script file to the container
pct push $CTID $TEMP_SCRIPT /root/script.sh -perms 755
# Run the script inside the container
if ! pct exec $CTID -- /root/script.sh; then
echo "Failed to run the script inside the container."
pct stop $CTID
rm "$TEMP_SCRIPT"
exit 1
fi
# Stop the container
if ! pct stop $CTID; then
echo "Failed to stop the container."
rm "$TEMP_SCRIPT"
exit 1
fi
@ -121,7 +133,11 @@ fi
BACKUP_FILE=$EXPORT_PATH/$EXPORT_NAME.tar.gz
if ! vzdump $CTID --dumpdir $EXPORT_PATH --compress gzip; then
echo "Failed to export the container."
rm "$TEMP_SCRIPT"
exit 1
fi
# Cleanup
rm "$TEMP_SCRIPT"
echo "Container $CTID has been created, configured, and exported to $BACKUP_FILE"

247
image-builder-512mb/nginx-debian.conf Normal file
View File

@ -0,0 +1,247 @@
TEMPLATE=adastor:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst
# Set your Baseimage here
RAM=1024
# Define RAM during setup
SWAP=512
# Define SWAP during setup
CORES=2
# Define Cores during setup
BRIDGE=vmbr0
# Define Network interface during Installation
IP=dhcp
# Define IP During installation (use DHCP, proper static V4 not implemented)
CTID=
# Manually Override CTID, not needed usually
HOSTNAME=nginx-512mb
# Set Temporary Hostname
EXPORT_NAME=MB-NGINX
# Doesnt work properly, ignore for now
EXPORT_PATH=
# Leave this empty to use the current directory
MIN_ID=200
# Define minimum ID for CT to avoid conflicts with other nodes if in a cluster
STORAGE=local-btrfs
# Set what storage pool to use
DISK_SIZE=8
# Set the default disk size for the container
MOUNT_POINT=local-lvm:8,mp=/data,size=8G
# Specify your mount point here
PRIVILEGED=0
# Set to 1 for privileged container, 0 for unprivileged
SCRIPT_CONTENT=$(cat <<'EOF'
#!/bin/bash
# Update package list and install nginx, unzip and curl
apt-get update
apt-get upgrade -y
apt-get install -y nginx-full unzip curl
# Start nginx and enable service
systemctl start nginx
systemctl enable nginx
# Setting Nginx Config Files
cat << 'EOT' > /etc/nginx/conf.d/512mb.ch.conf
server {
###################################
# Website stuff and basic configs #
###################################
root /var/www/512mb.org;
index index.html;
server_name 512mb.ch;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
location / {
try_files $uri $uri/ =404;
}
###############################
# Vaultwarden Passwordmanager #
###############################
location /pass/ {
proxy_pass http://123.123.123.123/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
sub_filter_once off;
sub_filter 'href="/' 'href="/pass/';
sub_filter 'src="/' 'src="/pass/';
}
##############
# Mail Stuff #
##############
# Allow Clients to automatically pick up CalDAV (like Thunderbird for example)
location /.well-known/caldav {
proxy_pass http://123.123.123.124/.well-known/caldav;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Allow Client to automatically pick up CarDAV
location /.well-known/carddav {
proxy_pass http://123.123.123.124/.well-known/carddav;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Attempt at making sogo served at /mail but it will redirect to /SOGo anyways but ey dont care enough
location /mail/ {
proxy_pass http://123.123.123.124/SOGo/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
sub_filter_once off;
sub_filter 'href="/SOGo/' 'href="/mail/SOGo/';
sub_filter 'src="/SOGo/' 'src="/mail/SOGo/';
sub_filter 'action="/SOGo/' 'action="/mail/SOGo/';
sub_filter 'action="/SOGo/' 'action="/mail/SOGo/';
sub_filter 'window.location="/SOGo/' 'window.location="/mail/SOGo/';
sub_filter 'form action="/SOGo/' 'form action="/mail/SOGo/';
}
# Allows SOGo stuff to be passed
location /SOGo.woa/ {
proxy_pass http://123.123.123.123/SOGo.woa/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Makes sogo happy and makes it work
location /SOGo/ {
proxy_pass http://123.123.123.124/SOGo/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
###################
# Nextcloud Stuff #
###################
location /cloud/ {
proxy_pass http://123.123.123.124/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
sub_filter_once off;
sub_filter 'href="/' 'href="/cloud/';
sub_filter 'src="/' 'src="/cloud/';
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
client_max_body_size 0;
}
######################
# Media Server Stuff #
######################
location /media {
return 302 $scheme://$host/media/;
}
location /media/ {
# Proxy main Jellyfin traffic
proxy_pass http://123.123.123.125/;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location = /media/web/ {
proxy_pass http://123.123.123.125/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
proxy_pass http://123.123.123.125/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
#############
# SSL Stuff #
#############
ssl_certificate /var/www/ssl/fullchain.pem; # managed by Certbot
ssl_certificate_key /var/www/ssl/privkey.pem; # managed by Certbot
include /var/www/ssl/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /var/www/ssl/ssl-dhparams.pem; # managed by Certbot
}
##################
# HTTPS Redirect #
##################
server {
if ($host = 512mb.ch) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name 512mb.ch;
return 404; # managed by Certbot
}
EOT
cat << 'EOT' > /var/www/ssl/fullchain.pem
CERTIFICATE-FULLCHAIN-HERE
EOT
cat << 'EOT' > /var/www/ssl/privkey.pem
CERTIFICATE-PRIVATEKEY-HERE
EOT
cat << 'EOT' > /var/www/ssl/options-ssl-nginx.conf
SSL-OPTIONS-HERE
EOT
cat << 'EOT' > /var/www/ssl/ssl-dhparams.pem
DHPARAMS-HERE
EOT
bash <(curl -L -s https://raw.githubusercontent.com/0xJacky/nginx-ui/master/install.sh) install
systemctl start nginx-ui
systemctl enable nginx-ui
echo "Nginx has been installed and configured."
EOF
)

22
image-builder-512mb/script.sh
View File

@ -1,22 +0,0 @@
#!/bin/sh
# Ensure the locale environment variables are set correctly
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
# Install locales and configure locale settings
apt-get update
apt-get install -y locales
locale-gen en_US.UTF-8
# Update and install packages for Debian
apt-get update
apt-get upgrade -y
apt-get install -y nginx
# Enable nginx service
systemctl enable nginx
# Clean up
apt-get clean

47
image-builder-512mb/settings.conf
View File

@ -1,47 +0,0 @@
TEMPLATE=adastor:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst
# Set your Baseimage here
RAM=1024
# Define RAM during setup
SWAP=512
# Define SWAP during setup
CORES=2
# Define Cores during setup
BRIDGE=vmbr0
# Define Network interface during Installation
IP=dhcp
# Define IP During installation (use DHCP, proper static V4 not implemented)
CTID=
# Manually Override CTID, not needed usually
HOSTNAME=nginx-debian
# Set Temporary Hostname
EXPORT_NAME=mycontainer_backup
# Doesnt work anyways so yea
EXPORT_PATH=
# Leave this empty to use the current directory
SCRIPT=install_nginx.sh
# Leave this empty to use script.sh in the current directory
MIN_ID=200
# Define minimum ID for CT to avoid conflicts with other nodes if in a cluster
STORAGE=local-btrfs
# Set what storage pool to use
DISK_SIZE=8
# Set the default disk size for the container
MOUNT_POINT=local-lvm:8,mp=/data,size=8G
# Specify your mount point here
PRIVILEGED=0
# Set to 1 for privileged container, 0 for unprivileged