diff --git a/Ente/config/museum.yaml b/Ente/config/museum.yaml new file mode 100644 index 0000000..e68b0f8 --- /dev/null +++ b/Ente/config/museum.yaml @@ -0,0 +1,46 @@ +# HTTP connection parameters +http: + # If true, bind to 443 and use TLS. + # By default, this is false, and museum will bind to 8080 without TLS. + # use-tls: true + +# Specify the base endpoints for various apps +apps: + # Default is https://albums.ente.io + # + # If you're running a self hosted instance and wish to serve public links, + # set this to the URL where your albums web app is running. + public-albums: https://ente.jimsgarage.co.uk + +# SMTP configuration (optional) +# +# Configure credentials here for sending mails from museum (e.g. OTP emails). +# +# The smtp credentials will be used if the host is specified. Otherwise it will +# try to use the transmail credentials. Ideally, one of smtp or transmail should +# be configured for a production instance. +# +# username and password are optional (e.g. if you're using a local relay server +# and don't need authentication). +#smtp: +# host: +# port: +# username: +# password: +# # The email address from which to send the email. Set this to an email +# # address whose credentials you're providing. +# email: + +s3: + are_local_buckets: true + b2-eu-cen: + key: test + secret: testtest + endpoint: https://minio.jimsgarage.co.uk + region: eu-central-2 + bucket: b2-eu-cen + +# Add this once you have done the CLI part +#internal: +# admins: +# - 1580559962386438 \ No newline at end of file diff --git a/Ente/config/scripts/compose/credentials.yaml b/Ente/config/scripts/compose/credentials.yaml new file mode 100644 index 0000000..0c56ee9 --- /dev/null +++ b/Ente/config/scripts/compose/credentials.yaml @@ -0,0 +1,28 @@ +db: + host: postgres + port: 5432 + name: ente_db + user: pguser + password: pgpass + +s3: + are_local_buckets: true + b2-eu-cen: + key: test + secret: testtest + endpoint: https://minio.jimsgarage.co.uk + region: eu-central-2 + bucket: b2-eu-cen + wasabi-eu-central-2-v3: + key: test + secret: testtest + endpoint: localhost:3200 + region: eu-central-2 + bucket: wasabi-eu-central-2-v3 + compliance: false + scw-eu-fr-v3: + key: test + secret: testtest + endpoint: localhost:3200 + region: eu-central-2 + bucket: scw-eu-fr-v3 \ No newline at end of file diff --git a/Ente/config/scripts/compose/minio-provision.sh b/Ente/config/scripts/compose/minio-provision.sh new file mode 100644 index 0000000..9fc197d --- /dev/null +++ b/Ente/config/scripts/compose/minio-provision.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# Script used to prepare the minio instance that runs as part of the development +# Docker compose cluster. + +while ! mc config host add h0 http://minio:3200 test testtest +do + echo "waiting for minio..." + sleep 0.5 +done + +cd /data + +mc mb -p b2-eu-cen +mc mb -p wasabi-eu-central-2-v3 +mc mb -p scw-eu-fr-v3 \ No newline at end of file diff --git a/Ente/docker-compose-traefik.yaml b/Ente/docker-compose-traefik.yaml new file mode 100644 index 0000000..f8af3a8 --- /dev/null +++ b/Ente/docker-compose-traefik.yaml @@ -0,0 +1,133 @@ +services: + museum: + # Uncomment below if you prefer to build + #build: + #context: . + #args: + #GIT_COMMIT: development-cluster + image: ghcr.io/ente-io/server + #ports: + # - 8080:8080 # API + # - 2112:2112 # Prometheus metrics + depends_on: + postgres: + condition: service_healthy + environment: + # Pass-in the config to connect to the DB and MinIO + ENTE_CREDENTIALS_FILE: /credentials.yaml + # ENTE_CLI_SECRETS_PATH: /cli-data/secret.txt + # ENTE_CLI_CONFIG_PATH: /cli-data/ + volumes: + - /home/ubuntu/docker/ente/custom-logs:/var/logs + - /home/ubuntu/docker/ente/museum.yaml:/museum.yaml:ro + - /home/ubuntu/docker/ente/scripts/compose/credentials.yaml:/credentials.yaml:ro + #- /home/ubuntu/docker/ente/cli-data:/cli-data + # - /home/ubuntu/docker/ente/exports/ente-photos:/exports + - /home/ubuntu/docker/ente/data:/data:ro + networks: + - ente + - proxy + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.routers.ente.entrypoints=http" + - "traefik.http.routers.ente.rule=Host(`ente.jimsgarage.co.uk`)" + - "traefik.http.middlewares.ente-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.ente.middlewares=ente-https-redirect" + - "traefik.http.routers.ente-secure.entrypoints=https" + - "traefik.http.routers.ente-secure.rule=Host(`ente.jimsgarage.co.uk`)" + - "traefik.http.routers.ente-secure.tls=true" + - "traefik.http.routers.ente-secure.tls.certresolver=cloudflare" + - "traefik.http.routers.ente-secure.service=ente" + - "traefik.http.services.ente.loadbalancer.server.port=8080" # make sure the loadbalancer is the last line!!! + # Configure CORS middleware if needed + - "traefik.http.middlewares.ente-secure-cors.headers.accesscontrolallowmethods=GET,HEAD,POST,PUT,DELETE" + - "traefik.http.middlewares.ente-secure-cors.headers.accesscontrolallowheaders=*" + - "traefik.http.middlewares.ente-secure-cors.headers.accesscontrolalloworiginlist=https://ente.jimsgarage.co.uk,https://minio.jimsgarage.co.uk" # Add other origins if needed + - "traefik.http.middlewares.ente-secure-cors.headers.accesscontrolmaxage=3000" + - "traefik.http.middlewares.ente-secure-cors.headers.accessControlExposeHeaders=ETag" + - "traefik.http.middlewares.ente-secure-cors.headers.addvaryheader=true" + - "traefik.http.routers.ente-secure.middlewares=ente-secure-cors" + + +# # Resolve "localhost:3200" in the museum container to the minio container. + socat: + image: alpine/socat + network_mode: service:museum + depends_on: + - museum + command: "TCP-LISTEN:3200,fork,reuseaddr TCP:minio:3200" + + postgres: + image: postgres:15 + ports: + - 5432:5432 + environment: + POSTGRES_USER: pguser + POSTGRES_PASSWORD: pgpass + POSTGRES_DB: ente_db + # Wait for postgres to be accept connections before starting museum. + healthcheck: + test: + [ + "CMD", + "pg_isready", + "-q", + "-d", + "ente_db", + "-U", + "pguser" + ] + start_period: 40s + start_interval: 1s + volumes: + - /home/ubuntu/docker/ente/postgres-data:/var/lib/postgresql/data + networks: + - ente + + minio: + image: minio/minio + # Use different ports than the minio defaults to avoid conflicting + # with the ports used by Prometheus. + ports: + - 3200:3200 # API + - 3201:3201 # Console + environment: + MINIO_ROOT_USER: test + MINIO_ROOT_PASSWORD: testtest + MINIO_SERVER_URL: https://minio.jimsgarage.co.uk + command: server /data --address ":3200" --console-address ":3201" + volumes: + - /home/ubuntu/docker/ente/minio-data:/data + networks: + - ente + - proxy + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.routers.minio.entrypoints=http" + - "traefik.http.routers.minio.rule=Host(`minio.jimsgarage.co.uk`)" + - "traefik.http.middlewares.minio-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.minio.middlewares=minio-https-redirect" + - "traefik.http.routers.minio-secure.entrypoints=https" + - "traefik.http.routers.minio-secure.rule=Host(`minio.jimsgarage.co.uk`)" + - "traefik.http.routers.minio-secure.tls=true" + - "traefik.http.routers.minio-secure.tls.certresolver=cloudflare" + - "traefik.http.routers.minio-secure.service=minio" + - "traefik.http.services.minio.loadbalancer.server.port=3200" + + minio-provision: + image: minio/mc + depends_on: + - minio + volumes: + - /home/ubuntu/docker/ente/scripts/compose/minio-provision.sh:/provision.sh:ro + - /home/ubuntu/docker/ente/minio-data:/data + networks: + - ente + entrypoint: sh /provision.sh + +networks: + ente: + proxy: + external: true \ No newline at end of file diff --git a/Ente/docker-compose.yaml b/Ente/docker-compose.yaml new file mode 100644 index 0000000..581c3e2 --- /dev/null +++ b/Ente/docker-compose.yaml @@ -0,0 +1,89 @@ +services: + museum: + # Uncomment below if you prefer to build + #build: + #context: . + #args: + #GIT_COMMIT: development-cluster + image: ghcr.io/ente-io/server + ports: + - 8080:8080 # API + - 2112:2112 # Prometheus metrics + depends_on: + postgres: + condition: service_healthy + environment: + # Pass-in the config to connect to the DB and MinIO + ENTE_CREDENTIALS_FILE: /credentials.yaml + volumes: + - /home/ubuntu/docker/ente/custom-logs:/var/logs + - /home/ubuntu/docker/ente/museum.yaml:/museum.yaml:ro + - /home/ubuntu/docker/ente/scripts/compose/credentials.yaml:/credentials.yaml:ro + - /home/ubuntu/docker/ente/data:/data:ro + networks: + - ente + + # Resolve "localhost:3200" in the museum container to the minio container. + socat: + image: alpine/socat + network_mode: service:museum + depends_on: + - museum + command: "TCP-LISTEN:3200,fork,reuseaddr TCP:minio:3200" + + postgres: + image: postgres:15 + ports: + - 5432:5432 + environment: + POSTGRES_USER: pguser + POSTGRES_PASSWORD: pgpass + POSTGRES_DB: ente_db + # Wait for postgres to be accept connections before starting museum. + healthcheck: + test: + [ + "CMD", + "pg_isready", + "-q", + "-d", + "ente_db", + "-U", + "pguser" + ] + start_period: 40s + start_interval: 1s + volumes: + - /home/ubuntu/docker/ente/postgres-data:/var/lib/postgresql/data + networks: + - ente + + minio: + image: minio/minio + # Use different ports than the minio defaults to avoid conflicting + # with the ports used by Prometheus. + ports: + - 3200:3200 # API + - 3201:3201 # Console + environment: + MINIO_ROOT_USER: test + MINIO_ROOT_PASSWORD: testtest + command: server /data --address ":3200" --console-address ":3201" + volumes: + - /home/ubuntu/docker/ente/minio-data:/data + networks: + - ente + + minio-provision: + image: minio/mc + depends_on: + - minio + volumes: + - /home/ubuntu/docker/ente/scripts/compose/minio-provision.sh:/provision.sh:ro + - /home/ubuntu/docker/ente/minio-data:/data + networks: + - ente + entrypoint: sh /provision.sh + +networks: + ente: \ No newline at end of file