mit bitwarden und mailcow
This commit is contained in:
christian
parent
e8527e9391
commit
843d8bae39
|
|
@ -0,0 +1,92 @@
|
|||
#
|
||||
# Note: After making changes to this file you need to run the `rebuild` or `update`
|
||||
# command for them to be applied.
|
||||
#
|
||||
# Full URL for accessing the installation from a browser. (Required)
|
||||
url: http://bitwarden.herrmann.es
|
||||
#
|
||||
# Auto-generate the `./docker/docker-compose.yml` config file.
|
||||
# WARNING: Disabling generated config files can break future updates. You will be
|
||||
# responsible for maintaining this config file.
|
||||
# Template: https://github.com/bitwarden/server/blob/master/util/Setup/Templates/DockerCompose.hbs
|
||||
generate_compose_config: true
|
||||
#
|
||||
# Auto-generate the `./nginx/default.conf` file.
|
||||
# WARNING: Disabling generated config files can break future updates. You will be
|
||||
# responsible for maintaining this config file.
|
||||
# Template: https://github.com/bitwarden/server/blob/master/util/Setup/Templates/NginxConfig.hbs
|
||||
generate_nginx_config: true
|
||||
#
|
||||
# Docker compose file port mapping for HTTP. Leave empty to remove the port mapping.
|
||||
# Learn more: https://docs.docker.com/compose/compose-file/#ports
|
||||
http_port: 445
|
||||
#
|
||||
# Docker compose file port mapping for HTTPS. Leave empty to remove the port mapping.
|
||||
# Learn more: https://docs.docker.com/compose/compose-file/#ports
|
||||
https_port: 444
|
||||
#
|
||||
# Configure Nginx for Captcha.
|
||||
captcha: false
|
||||
#
|
||||
# Configure Nginx for SSL.
|
||||
ssl: false
|
||||
#
|
||||
# SSL versions used by Nginx (ssl_protocols). Leave empty for recommended default.
|
||||
# Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||
ssl_versions:
|
||||
#
|
||||
# SSL ciphersuites used by Nginx (ssl_ciphers). Leave empty for recommended default.
|
||||
# Learn more: https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||
ssl_ciphersuites:
|
||||
#
|
||||
# Installation uses a managed Let's Encrypt certificate.
|
||||
ssl_managed_lets_encrypt: false
|
||||
#
|
||||
# The actual certificate. (Required if using SSL without managed Let's Encrypt)
|
||||
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
|
||||
# `/etc/ssl` within the container.
|
||||
ssl_certificate_path:
|
||||
#
|
||||
# The certificate's private key. (Required if using SSL without managed Let's Encrypt)
|
||||
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
|
||||
# `/etc/ssl` within the container.
|
||||
ssl_key_path:
|
||||
#
|
||||
# If the certificate is trusted by a CA, you should provide the CA's certificate.
|
||||
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
|
||||
# `/etc/ssl` within the container.
|
||||
ssl_ca_path:
|
||||
#
|
||||
# Diffie Hellman ephemeral parameters
|
||||
# Learn more: https://security.stackexchange.com/q/94390/79072
|
||||
# Note: Path uses the container's ssl directory. The `./ssl` host directory is mapped to
|
||||
# `/etc/ssl` within the container.
|
||||
ssl_diffie_hellman_path:
|
||||
#
|
||||
# Nginx Header Content-Security-Policy parameter
|
||||
# WARNING: Reconfiguring this parameter may break features. By changing this parameter
|
||||
# you become responsible for maintaining this value.
|
||||
nginx_header_content_security_policy:
|
||||
#
|
||||
# Communicate with the Bitwarden push relay service (push.bitwarden.com) for mobile
|
||||
# app live sync.
|
||||
push_notifications: true
|
||||
#
|
||||
# Use a docker volume (`mssql_data`) instead of a host-mapped volume for the persisted database.
|
||||
# WARNING: Changing this value will cause you to lose access to the existing persisted database.
|
||||
# Learn more: https://docs.docker.com/storage/volumes/
|
||||
database_docker_volume: false
|
||||
#
|
||||
# Defines "real" IPs in nginx.conf. Useful for defining proxy servers that forward the
|
||||
# client IP address.
|
||||
# Learn more: https://nginx.org/en/docs/http/ngx_http_realip_module.html
|
||||
#
|
||||
# Defined as a dictionary, e.g.:
|
||||
# real_ips: ['10.10.0.0/24', '172.16.0.0/16']
|
||||
real_ips:
|
||||
#
|
||||
# Enable Key Connector (https://bitwarden.com/help/article/deploy-key-connector)
|
||||
enable_key_connector: false
|
||||
#
|
||||
# Enable SCIM
|
||||
enable_scim: false
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
services:
|
||||
nginx:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.middlewares.nginx-redirect-websecure.redirectscheme.scheme=https
|
||||
- traefik.http.routers.nginx-web.rule=Host(`bitwarden.herrmann.es`)
|
||||
- traefik.http.routers.nginx-web.entrypoints=web
|
||||
- traefik.http.routers.nginx-web.middlewares=nginx-redirect-websecure
|
||||
- traefik.http.routers.nginx-websecure.entrypoints=websecure
|
||||
- traefik.http.routers.nginx-websecure.rule=Host(`bitwarden.herrmann.es`)
|
||||
- traefik.tags= traefik-public
|
||||
- traefik.docker.network=traefik-public
|
||||
- traefik.http.routers.nginx-websecure.tls=true
|
||||
- traefik.http.routers.nginx-websecure.tls.certresolver=myresolver
|
||||
- traefik.http.services.bitwarden-nginx.loadbalancer.server.port=8080
|
||||
|
||||
networks:
|
||||
- traefik-public
|
||||
|
||||
networks:
|
||||
traefik-public:
|
||||
name: traefik-public
|
||||
external: true
|
||||
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
globalSettings__baseServiceUri__vault=https://bitwarden.herrmann.es
|
||||
globalSettings__baseServiceUri__cloudRegion=US
|
||||
globalSettings__sqlServer__connectionString="Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=pRA6ibAm7ODCpZSyvKpDpyvKJFOaa0uv;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
|
||||
globalSettings__identityServer__certificatePassword=yQeVOvf9JDpflyOrIQMQIe2CJOGtvNvM
|
||||
globalSettings__internalIdentityKey=9iPt4ERlWJNVzYQ1K1Jz3CK0UhEne4ru2V3tFLKawWbjrvwDuObE7ZMkJu3UeJUF
|
||||
globalSettings__oidcIdentityClientKey=WXcaXid68p1iaa24NBm8W60yQtN0P0wVcY8WOyXOFS7j6SviI2PmKS6vxzbItqQW
|
||||
globalSettings__duo__aKey=JwXxgffEh2TD6WBIgXgOJf4CihypMS0kN7Bqyx9nxisVuvwujK1JINyfDPgwMxIc
|
||||
globalSettings__installation__id=b644b86f-99bb-4aca-9d35-ac4b00808148
|
||||
globalSettings__installation__key=gEyWjSRa8C3mfuWqiV2W
|
||||
globalSettings__yubico__clientId=REPLACE
|
||||
globalSettings__yubico__key=REPLACE
|
||||
globalSettings__mail__replyToEmail=no-reply@bitwarden.herrmann.es
|
||||
globalSettings__mail__smtp__host=mail.herrmann.es
|
||||
globalSettings__mail__smtp__port=25
|
||||
globalSettings__mail__smtp__ssl=false
|
||||
globalSettings__mail__smtp__username=
|
||||
globalSettings__mail__smtp__password=
|
||||
globalSettings__disableUserRegistration=false
|
||||
globalSettings__hibpApiKey=REPLACE
|
||||
adminSettings__admins=bitwarden@herrmann.es
|
||||
globalSettings__baseServiceUri__cloudVaultRegion=US
|
||||
globalSettings__baseServiceUri__api=https://bitwarden.herrmann.es/api
|
||||
globalSettings__baseServiceUri__identity=https://bitwarden.herrmann.es/identity
|
||||
globalSettings__baseServiceUri__admin=https://bitwarden.herrmann.es/admin
|
||||
globalSettings__baseServiceUri__notifications=https://bitwarden.herrmann.es/notifications
|
||||
globalSettings__baseServiceUri__sso=https://bitwarden.herrmann.es/sso
|
||||
globalSettings__baseServiceUri__portal=https://bitwarden.herrmann.es/portal
|
||||
globalSettings__attachment__baseDirectory=/etc/bitwarden/core/attachments
|
||||
globalSettings__attachment__baseUrl=https://bitwarden.herrmann.es/attachments
|
||||
globalSettings__send__baseDirectory=/etc/bitwarden/core/attachments/send
|
||||
globalSettings__send__baseUrl=https://bitwarden.herrmann.es/attachments/send
|
||||
globalSettings__dataProtection__directory=/etc/bitwarden/core/aspnet-dataprotection
|
||||
globalSettings__logDirectory=/etc/bitwarden/logs
|
||||
globalSettings__logRollBySizeLimit=
|
||||
globalSettings__syslog__destination=
|
||||
globalSettings__licenseDirectory=/etc/bitwarden/core/licenses
|
||||
Binary file not shown.
|
|
@ -8,8 +8,10 @@ services:
|
|||
# image: "traefik:v2.2"
|
||||
image: "traefik:latest"
|
||||
command:
|
||||
- --log.level=DEBUG
|
||||
- --accesslog=true
|
||||
- "--accesslog=true"
|
||||
- "--log.level=DEBUG"
|
||||
- "--providers.docker"
|
||||
- "--log.filePath=/logs/traefik.log"
|
||||
container_name: "traefik"
|
||||
restart: always
|
||||
ports:
|
||||
|
|
@ -21,6 +23,7 @@ services:
|
|||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
- "${PWD}/traefik.toml:/etc/traefik/traefik.toml"
|
||||
- "${PWD}/dynamic.toml:/etc/traefik/dynamic.toml"
|
||||
- "traefik_logs:/logs/"
|
||||
networks:
|
||||
- internal
|
||||
- traefik-public
|
||||
|
|
@ -121,6 +124,7 @@ volumes:
|
|||
letsencrypt:
|
||||
portainer_data:
|
||||
gitea_data:
|
||||
traefik_logs:
|
||||
networks:
|
||||
# das Netzwerk traefik-public muss extern true haben, es wird nicht von dem Dockerfile hier erstellt
|
||||
# Es haben alle container Zugriff darauf.
|
||||
|
|
|
|||
Loading…
Reference in New Issue