KeyArgo
/
seedbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove OpenVPN + Sickrage + Syncthing, then adapt other resources

This commit is contained in:
Jean Froment 2017-03-06 20:55:19 +01:00
parent 76822df992
commit dd589dbe19
23 changed files with 18 additions and 344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfiles/frontend/Dockerfile
View File

@ -1,5 +1,5 @@
FROM nginx:1.11-alpine
MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
MAINTAINER Jean Froment <froment.je@gmail.com>
RUN apk add --no-cache apache2-utils openssl
@ -9,7 +9,7 @@ EXPOSE 80 443
ENV USERNAME=user \
PASSWORD=hunter2 \
USE_SSL=false
USE_SSL=true
COPY nginx.conf common_default.conf ssl.conf /etc/nginx/
COPY init /

20
Dockerfiles/frontend/nginx.conf
View File

@ -47,26 +47,6 @@ http {
}
}
server {
include common.conf;
server_name ~^(sickrage)(\.\w+)+$;
location / {
set $sickrage http://sickrage:8081;
proxy_pass $sickrage;
}
}
server {
include common.conf;
server_name ~^(syncthing)(\.\w+)+$;
location / {
set $syncthing http://syncthing:8384;
proxy_pass $syncthing;
}
}
server {
include common.conf;
server_name ~^(plex)(\.\w+)+$;

24
Dockerfiles/openvpn/Dockerfile
View File

@ -1,24 +0,0 @@
FROM buildpack-deps:xenial-curl
MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
# Install OpenVPN
RUN curl -sL "https://github.com/just-containers/s6-overlay/releases/download/v1.18.1.5/s6-overlay-amd64.tar.gz" \
| tar xz -C / \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
openvpn \
easy-rsa \
iptables \
bridge-utils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
WORKDIR /usr/share/easy-rsa
EXPOSE 1194/udp
VOLUME /config
COPY container-root/ /
CMD ["/init"]

9
Dockerfiles/openvpn/container-root/etc/cont-init.d/10-mknod
View File

@ -1,9 +0,0 @@
#!/usr/bin/with-contenv bash
mkdir -p /dev/net
if [ ! -c /dev/net/tun ]; then
mknod /dev/net/tun c 10 200
fi
chmod 600 /dev/net/tun

3
Dockerfiles/openvpn/container-root/etc/cont-init.d/20-iptables
View File

@ -1,3 +0,0 @@
#!/usr/bin/with-contenv bash
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

19
Dockerfiles/openvpn/container-root/etc/cont-init.d/30-ovpn
View File

@ -1,19 +0,0 @@
#!/usr/bin/with-contenv bash
# Make sure OpenVPN config directory exists.
mkdir -p /config/openvpn/
# Copy over the default OpenVPN config if it does not exist
cp -n /etc/defaults/openvpn.conf /config/openvpn/
# Create server CA/keys and keys for client "client" if they do not exist
if [ ! -d "/config/openvpn/keys" ]; then
cd /usr/share/easy-rsa
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
./pkitool client
openvpn --genkey --secret /config/openvpn/keys/ta.key
fi

22
Dockerfiles/openvpn/container-root/etc/defaults/client.ovpn
View File

@ -1,22 +0,0 @@
client
nobind
remote MYSERVER_HOST 1194
proto udp
dev tun
resolv-retry infinite
cipher AES-256-CBC
auth SHA512
tls-client
# comp-lzo
persist-tun
persist-key
sndbuf 393216
rcvbuf 393216

36
Dockerfiles/openvpn/container-root/etc/defaults/openvpn.conf
View File

@ -1,36 +0,0 @@
# vim: ft=conf
port 1194
proto udp
dev tun
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/server.crt
key /config/openvpn/keys/server.key
dh /config/openvpn/keys/dh2048.pem
tls-auth /config/openvpn/keys/ta.key 0
cipher AES-256-CBC
auth SHA512
tls-server
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /config/openvpn/ipp.txt
keepalive 10 120
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# comp-lzo
persist-key
persist-tun
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

3
Dockerfiles/openvpn/container-root/etc/services.d/openvpn/run
View File

@ -1,3 +0,0 @@
#!/usr/bin/with-contenv sh
exec openvpn /config/openvpn/openvpn.conf

21
Dockerfiles/openvpn/container-root/usr/local/bin/export-client
View File

@ -1,21 +0,0 @@
#!/usr/bin/env bash
KEYDIR="/config/openvpn/keys"
CLIENT=${1:-client}
echo "
$(cat /etc/defaults/client.ovpn)
<ca>
$(cat $KEYDIR/ca.crt)
</ca>
<cert>
$(cat $KEYDIR/$CLIENT.crt)
</cert>
<key>
$(cat $KEYDIR/$CLIENT.key)
</key>
<tls-auth>
$(cat $KEYDIR/ta.key)
</tls-auth>
key-direction 1
"

61
Dockerfiles/openvpn/container-root/usr/share/easy-rsa/vars
View File

@ -1,61 +0,0 @@
# easy-rsa parameter settings
export EASY_RSA="/usr/share/easy-rsa"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="/config/openvpn/keys"
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="MyCity"
export KEY_ORG="MyOrg"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234
# If you'd like to sign all keys with the same Common Name, uncomment the
# KEY_CN export below. You will also need to make sure your OpenVPN server
# config has the duplicate-cn option set
# export KEY_CN="CommonName"

2
Dockerfiles/plex/Dockerfile
View File

@ -1,5 +1,5 @@
FROM buildpack-deps:xenial-scm
MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
MAINTAINER Jean Froment <froment.je@gmail.com>
# Download plexupdate script and install Plex
# This script can be later used to update Plex directly in the container

2
Dockerfiles/rtorrent/Dockerfile
View File

@ -1,5 +1,5 @@
FROM buildpack-deps:xenial-scm
MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
MAINTAINER Jean Froment <froment.je@gmail.com>
# For rtorrent
ENV TERM=xterm

16
Dockerfiles/sickrage/Dockerfile
View File

@ -1,16 +0,0 @@
FROM buildpack-deps:xenial-scm
MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
RUN apt-get update \
&& apt-get install --no-install-recommends -y python-cheetah \
&& git clone --depth=1 \
https://github.com/SickRage/SickRage.git \
/opt/sickrage \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
VOLUME /config
EXPOSE 8081
CMD python /opt/sickrage/SickBeard.py --nolaunch --datadir \
/config/sickrage >> /dev/null 2>&1

2
Dockerfiles/sonarr/Dockerfile
View File

@ -1,5 +1,5 @@
FROM buildpack-deps:xenial-scm
MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
MAINTAINER Jean Froment <froment.je@gmail.com>
# Install Sonarr, S6, and Jackett
RUN echo "deb http://apt.sonarr.tv/ master main" \

20
Dockerfiles/syncthing/Dockerfile
View File

@ -1,20 +0,0 @@
FROM buildpack-deps:xenial-curl
MAINTAINER Kelvin Chen <kelvin@kelvinchen.org>
RUN apt-get update \
&& apt-get install -y apt-transport-https \
&& curl -sL https://syncthing.net/release-key.txt | apt-key add - \
&& echo "deb https://apt.syncthing.net/ syncthing release" >> \
/etc/apt/sources.list.d/syncthing.list \
&& apt-get update \
&& apt-get install -y syncthing \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
VOLUME /config
EXPOSE 8384 22000 21027/udp
COPY init config.xml /
CMD ["/init"]

10
Dockerfiles/syncthing/config.xml
View File

@ -1,10 +0,0 @@
<configuration version="11">
<gui enabled="true" tls="false">
<address>0.0.0.0:8384</address>
</gui>
<options>
<listenAddress>0.0.0.0:22000</listenAddress>
<startBrowser>false</startBrowser>
<upnpEnabled>false</upnpEnabled>
</options>
</configuration>

7
Dockerfiles/syncthing/init
View File

@ -1,7 +0,0 @@
#!/usr/bin/env bash
mkdir -p /config/syncthing
cp -n /config.xml /config/syncthing
exec syncthing -home /config/syncthing -no-browser >> /dev/null 2>&1

14
README.md
View File

@ -6,10 +6,8 @@ seedbox and personal media server.
Go to `x.hostname` where `x` is the service you want to access.
Included services are:
- rtorrent
- sickrage
- sonarr
- jackett (included in the sonarr image)
- syncthing
- plex
The front-end reverse proxy routes based on the lowest level subdomain (e.g.
@ -62,15 +60,3 @@ All data are saved in the docker volumes `seedbox_config` or
You can also replace these docker volumes with static path if you want to
handle manually where files are stored on your server. You can do this by
editing the volumes settings in the `docker-compose.yml` file.
## OpenVPN
The OpenVPN container generates a single client key/cert pair by default.
Run the command below to get your OpenVPN config file:
```sh
$ docker-compose exec openvpn export-client client >> client.ovpn
```
Edit the `client.ovpn` and replace the line `remote MYSERVER_HOST 1194` with
the hostname or IP address of your server.
You can also create more certs by by docker exec-ing into the container and
using easy-rsa.

10
build-all.sh
View File

@ -22,11 +22,9 @@ while getopts ":nq" opt; do
esac
done
docker build -t kelvinchen/seedbox:frontend $ARGS Dockerfiles/frontend &
docker build -t kelvinchen/seedbox:plex $ARGS Dockerfiles/plex &
docker build -t kelvinchen/seedbox:rtorrent $ARGS Dockerfiles/rtorrent &
docker build -t kelvinchen/seedbox:sickrage $ARGS Dockerfiles/sickrage &
docker build -t kelvinchen/seedbox:syncthing $ARGS Dockerfiles/syncthing &
docker build -t kelvinchen/seedbox:openvpn $ARGS Dockerfiles/openvpn &
docker build -t fromenje/seedbox:frontend $ARGS Dockerfiles/frontend &
docker build -t fromenje/seedbox:plex $ARGS Dockerfiles/plex &
docker build -t fromenje/seedbox:rtorrent $ARGS Dockerfiles/rtorrent &
docker build -t fromenje/seedbox:sonarr $ARGS Dockerfiles/sonarr &
wait

2
config.default
View File

@ -1,6 +1,6 @@
USERNAME=username
PASSWORD=hunter2
USE_SSL=false
USE_SSL=true
# For Plex Pass download
PLEX_EMAIL=

45
docker-compose.yml
View File

@ -11,7 +11,7 @@ volumes:
services:
frontend:
image: kelvinchen/seedbox:frontend
image: fromenje/seedbox:frontend
build: Dockerfiles/frontend
restart: always
networks:
@ -25,7 +25,7 @@ services:
- config
rtorrent:
image: kelvinchen/seedbox:rtorrent
image: fromenje/seedbox:rtorrent
build: Dockerfiles/rtorrent
restart: always
networks:
@ -39,7 +39,7 @@ services:
- torrents:/torrents
plex:
image: kelvinchen/seedbox:plex
image: fromenje/seedbox:plex
build: Dockerfiles/plex
restart: always
networks:
@ -52,18 +52,8 @@ services:
env_file:
- config
sickrage:
image: kelvinchen/seedbox:sickrage
build: Dockerfiles/sickrage
restart: always
networks:
- main
volumes:
- config:/config
- torrents:/torrents
sonarr:
image: kelvinchen/seedbox:sonarr
image: fromenje/seedbox:sonarr
build: Dockerfiles/sonarr
restart: always
networks:
@ -71,30 +61,3 @@ services:
volumes:
- config:/config
- torrents:/torrents
syncthing:
image: kelvinchen/seedbox:syncthing
build: Dockerfiles/syncthing
restart: always
networks:
- main
ports:
- "22000:22000"
- "21027:21027/udp"
volumes:
- config:/config
- torrents:/torrents
openvpn:
image: kelvinchen/seedbox:openvpn
build: Dockerfiles/openvpn
restart: always
networks:
- main
ports:
- "1194:1194/udp"
volumes:
- config:/config
- torrents:/torrents
cap_add:
- NET_ADMIN

10
push-images.sh
View File

@ -2,9 +2,7 @@
# Push all images to the docker registry.
docker push kelvinchen/seedbox:frontend
docker push kelvinchen/seedbox:plex
docker push kelvinchen/seedbox:rtorrent
docker push kelvinchen/seedbox:sickrage
docker push kelvinchen/seedbox:syncthing
docker push kelvinchen/seedbox:openvpn
docker push fromenje/seedbox:frontend
docker push fromenje/seedbox:plex
docker push fromenje/seedbox:rtorrent
docker push fromenje/seedbox:sonarr