commit 4dce244532e3eb5e9e901a82767e918b01955c36 Author: Ronggo Radityo Date: Sun Sep 12 19:05:00 2021 +0700 First commit. Konfigurasi yang saat ini dipakai di git.magelangkota.go.id diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..f7d0d50 --- /dev/null +++ b/.env.example @@ -0,0 +1,4 @@ +DB_USER=gitea +DB_PASSWORD=gitea +DB_NAME=gitea +SITE_URL=nama.domain.anda diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a6be43f --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +/.vscode +/.env +/traefik/.users + diff --git a/README.md b/README.md new file mode 100644 index 0000000..cbfcb44 --- /dev/null +++ b/README.md @@ -0,0 +1,37 @@ +# GIT SERVER MAGELANG + +Konfigurasi docker-compose untuk menjalankan GIT SERVER MAGELANG. + +## Kebutuhan + +Server yang telah dikonfigurasi dengan: + +* docker +* docker-compose + +## Penggunaan + +1. clone repository + + ``` + git clone https://git.magelangkota.go.id/radityo/gitea-docker.git + cd gitea-docker + ``` + +2. salin **.env.example** ke **.env** dan ubah sesuai dengan konfigurasi yang diperlukan + +3. Buat file **.users** di direktori **traefik** berisi pengguna yang akan diberi akses ke dashboard traefik. + + Untuk membuat pengguna dapat menggunakan program **htpasswd**. + + ``` + htpasswd -c .users + ``` + + Sebagai contoh, file **.users.example** berisi pengguna **admin** dengan password **admin**. + +4. Jalankan aplikasi dengan **docker-compose** + + ``` + docker-compose up -d + ``` diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..16d2195 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,87 @@ +version: "3" + +networks: + gitnet: + +volumes: + gitea-data: + pg-db: + traefik-acme: + + +services: + gitea: + image: gitea/gitea:latest + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - RUN_MODE= prod + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=db:5432 + - GITEA__database__USER=${DB_USER} + - GITEA__database__PASSWD=${DB_PASSWORD} + - GITEA__database__NAME=${DB_NAME} + - SSH_PORT=2222 + - SSH_LISTEN_PORT=22 + - ROOT_URL=https://${SITE_URL} + restart: unless-stopped + networks: + - gitnet + volumes: + - gitea-data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`${SITE_URL}`)" + - "traefik.http.routers.gitea.service=gitea" + - "traefik.http.routers.gitea.tls.certresolver=letsencrypt" + - "traefik.http.routers.gitea.entrypoints=websecure" + - "traefik.http.services.gitea.loadbalancer.passhostheader=true" + - "traefik.http.services.gitea.loadbalancer.server.port=3000" + ports: + - "3000:3000" + - "2222:22" + depends_on: + - db + + db: + image: postgres:13 + container_name: db + restart: unless-stopped + environment: + - POSTGRES_USER=${DB_USER} + - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_DB=${DB_NAME} + networks: + - gitnet + volumes: + - pg-db:/var/lib/postgresql/data + + traefik: + image: traefik:2.5 + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + networks: + - gitnet + ports: + - 80:80 + - 443:443 + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik/traefik.yml:/traefik.yml:ro + - ./traefik/dynamic.yml:/dynamic.yml + - ./traefik/.users:/.users + - traefik-acme:/acme/ + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik-secure.entrypoints=websecure" + - "traefik.http.routers.traefik-secure.rule=Host(`traefik.${SITE_URL}`)" + - "traefik.http.routers.traefik-secure.middlewares=user-auth@file" + - "traefik.http.routers.traefik-secure.service=api@internal" + + \ No newline at end of file diff --git a/traefik/.users.example b/traefik/.users.example new file mode 100644 index 0000000..5dd9502 --- /dev/null +++ b/traefik/.users.example @@ -0,0 +1 @@ +admin:$apr1$GvISg7Bo$nbqoZm9jQL1K76E.sGVI1/ diff --git a/traefik/dynamic.yml b/traefik/dynamic.yml new file mode 100644 index 0000000..f9dd5d6 --- /dev/null +++ b/traefik/dynamic.yml @@ -0,0 +1,25 @@ +# Dynamic configuration +http: + middlewares: + secureHeaders: + headers: + sslRedirect: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 31536000 + + user-auth: + basicAuth: + usersFile: /.users + +tls: + options: + default: + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 diff --git a/traefik/traefik.yml b/traefik/traefik.yml new file mode 100644 index 0000000..c6b3d33 --- /dev/null +++ b/traefik/traefik.yml @@ -0,0 +1,34 @@ +api: + dashboard: true + +entryPoints: + web: + address: :80 + http: + redirections: + entryPoint: + to: websecure + + websecure: + address: :443 + http: + middlewares: + - secureHeaders@file + tls: + certResolver: letsencrypt + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + filename: /dynamic.yml + +certificatesResolvers: + letsencrypt: + acme: + email: git@magelangkota.go.id + storage: /acme/acme.json + keyType: EC384 + httpChallenge: + entryPoint: web