Work on nginx loadbalancer and photoprism

.idea/deployment.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PublishConfigData" serverName="QNAP nginx-lb" remoteFilesAllowedToDisappearOnAutoupload="false">
+    <serverData>
+      <paths name="QNAP nginx-lb">
+        <serverdata>
+          <mappings>
+            <mapping local="$PROJECT_DIR$" web="/" />
+          </mappings>
+        </serverdata>
+      </paths>
+    </serverData>
+  </component>
+</project>

.idea/webServers.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="WebServers">
+    <option name="servers">
+      <webServer id="d0836cab-307d-46fb-a18d-9b51387b1dc4" name="QNAP nginx-lb" url="http://192.168.2.64">
+        <fileTransfer rootFolder="/appdata/nginx-lb" host="192.168.2.64" port="21">
+          <advancedOptions>
+            <advancedOptions dataProtectionLevel="Private" passiveMode="true" shareSSLContext="true" />
+          </advancedOptions>
+        </fileTransfer>
+      </webServer>
+    </option>
+  </component>
+</project>

_disabled/nginx-lb-certbot.tf

@@ -27,6 +27,11 @@ resource "docker_container" "nginx-lb-certbot" {
     type = "bind"
   }
 
+  mounts {
+    target = "/var/log/letsencrypt/letsencrypt.log"
+    source = "share/appdata/nginx-lb/"
+  }
+
   # Triggered by ofelia
 
   lifecycle {

_disabled/nginx-lb.tf

@@ -0,0 +1,55 @@
+data "docker_registry_image" "nginx-lb" {
+  name = "nginx:alpine"
+}
+
+resource "docker_image" "nginx-lb" {
+  name = data.docker_registry_image.nginx-lb.name
+  pull_triggers = [data.docker_registry_image.nginx-lb.sha256_digest]
+}
+
+resource "docker_network" "nginx-lb" {
+  name = "nginx-lb"
+}
+
+resource "docker_container" "nginx-lb" {
+  image = docker_image.nginx-lb.image_id
+  name = "nginx-lb"
+
+  mounts {
+    target = "/etc/nginx/nginx.conf"
+    source = "/share/appdata/nginx-lb/nginx.conf"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/etc/nginx/config"
+    source = "/share/appdata/nginx-lb/conf"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/etc/nginx/certs"
+    source = "/share/appdata/nginx-lb/certs"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/www/acme-challenge-root"
+    source = "/share/appdata/nginx-lb/certbot"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.115"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

nginx-lb.tf

@@ -1,5 +1,5 @@
 data "docker_registry_image" "nginx-lb" {
-  name = "nginx:alpine"
+  name = "jonasal/nginx-certbot:latest"
 }
 
 resource "docker_image" "nginx-lb" {
@@ -15,6 +15,10 @@ resource "docker_container" "nginx-lb" {
   image = docker_image.nginx-lb.image_id
   name = "nginx-lb"
 
+  env = [
+    "CERTBOT_EMAIL=letsencrypt@xz1.nl"
+  ]
+
   mounts {
     target = "/etc/nginx/nginx.conf"
     source = "/share/appdata/nginx-lb/nginx.conf"
@@ -28,14 +32,15 @@ resource "docker_container" "nginx-lb" {
   }
 
   mounts {
-    target = "/etc/nginx/certs"
+    target = "/etc/nginx/user_conf.d"
-    source = "/share/appdata/nginx-lb/certs"
+    source = "/share/appdata/nginx-lb/user_conf.d"
     type = "bind"
   }
 
+
   mounts {
-    target = "/var/www/acme-challenge-root"
+    target = "/etc/letsencrypt"
-    source = "/share/appdata/nginx-lb/certbot"
+    source = "/share/appdata/nginx-lb/secrets"
     type = "bind"
   }
 

photoprism-tineke.tf

@@ -0,0 +1,38 @@
+resource "docker_container" "photoprism-tineke" {
+  image = docker_image.photoprism.image_id
+  name = "photoprism-tineke"
+
+  restart = "always"
+
+  env = [
+    "PHOTOPRISM_UPLOAD_NSFW=true",
+    "PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism-tineke.rescla.me",
+    "PHOTOPRISM_HTTP_HOST=192.168.2.132",
+    "PHOTOPRISM_DISABLE_TLS=true"
+  ]
+
+  mounts {
+    target = "/photoprism/originals/capture-one-variants"
+    source = "/share/CaptureOne/Variants"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/photoprism/storage"
+    source = "/share/appdata/photoprism-tineke/storage"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.132"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

photoprism.tf

@@ -16,7 +16,7 @@ resource "docker_container" "photoprism" {
   env = [
     "PHOTOPRISM_UPLOAD_NSFW=true",
     "PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",
-    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.xz1.nl",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.rescla.me",
     "PHOTOPRISM_HTTP_HOST=192.168.2.116",
     "PHOTOPRISM_DISABLE_TLS=true"
   ]