Work on nginx loadbalancer and photoprism

2024-07-18 22:37:45 +02:00
parent cad0dc7f50
commit 00b369124d
9 changed files with 945 additions and 977 deletions
--- a/.idea/deployment.xml
+++ b/.idea/deployment.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PublishConfigData" serverName="QNAP nginx-lb" remoteFilesAllowedToDisappearOnAutoupload="false">
+    <serverData>
+      <paths name="QNAP nginx-lb">
+        <serverdata>
+          <mappings>
+            <mapping local="$PROJECT_DIR$" web="/" />
+          </mappings>
+        </serverdata>
+      </paths>
+    </serverData>
+  </component>
+</project>
--- a/.idea/webServers.xml
+++ b/.idea/webServers.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="WebServers">
+    <option name="servers">
+      <webServer id="d0836cab-307d-46fb-a18d-9b51387b1dc4" name="QNAP nginx-lb" url="http://192.168.2.64">
+        <fileTransfer rootFolder="/appdata/nginx-lb" host="192.168.2.64" port="21">
+          <advancedOptions>
+            <advancedOptions dataProtectionLevel="Private" passiveMode="true" shareSSLContext="true" />
+          </advancedOptions>
+        </fileTransfer>
+      </webServer>
+    </option>
+  </component>
+</project>
--- a/_disabled/nginx-lb-certbot.tf
+++ b/_disabled/nginx-lb-certbot.tf
@@ -27,6 +27,11 @@ resource "docker_container" "nginx-lb-certbot" {
    type = "bind"
  }

+  mounts {
+    target = "/var/log/letsencrypt/letsencrypt.log"
+    source = "share/appdata/nginx-lb/"
+  }
+
  # Triggered by ofelia

  lifecycle {
--- a/_disabled/nginx-lb.tf
+++ b/_disabled/nginx-lb.tf
@@ -0,0 +1,55 @@
+data "docker_registry_image" "nginx-lb" {
+  name = "nginx:alpine"
+}
+
+resource "docker_image" "nginx-lb" {
+  name = data.docker_registry_image.nginx-lb.name
+  pull_triggers = [data.docker_registry_image.nginx-lb.sha256_digest]
+}
+
+resource "docker_network" "nginx-lb" {
+  name = "nginx-lb"
+}
+
+resource "docker_container" "nginx-lb" {
+  image = docker_image.nginx-lb.image_id
+  name = "nginx-lb"
+
+  mounts {
+    target = "/etc/nginx/nginx.conf"
+    source = "/share/appdata/nginx-lb/nginx.conf"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/etc/nginx/config"
+    source = "/share/appdata/nginx-lb/conf"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/etc/nginx/certs"
+    source = "/share/appdata/nginx-lb/certs"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/www/acme-challenge-root"
+    source = "/share/appdata/nginx-lb/certbot"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.115"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
--- a/nginx-lb.tf
+++ b/nginx-lb.tf
@@ -1,5 +1,5 @@
 data "docker_registry_image" "nginx-lb" {
-  name = "nginx:alpine"
+  name = "jonasal/nginx-certbot:latest"
 }

 resource "docker_image" "nginx-lb" {
@@ -15,6 +15,10 @@ resource "docker_container" "nginx-lb" {
  image = docker_image.nginx-lb.image_id
  name = "nginx-lb"

+  env = [
+    "CERTBOT_EMAIL=letsencrypt@xz1.nl"
+  ]
+
  mounts {
    target = "/etc/nginx/nginx.conf"
    source = "/share/appdata/nginx-lb/nginx.conf"
@@ -28,14 +32,15 @@ resource "docker_container" "nginx-lb" {
  }

  mounts {
-    target = "/etc/nginx/certs"
-    source = "/share/appdata/nginx-lb/certs"
+    target = "/etc/nginx/user_conf.d"
+    source = "/share/appdata/nginx-lb/user_conf.d"
    type = "bind"
  }

+
  mounts {
-    target = "/var/www/acme-challenge-root"
-    source = "/share/appdata/nginx-lb/certbot"
+    target = "/etc/letsencrypt"
+    source = "/share/appdata/nginx-lb/secrets"
    type = "bind"
  }

--- a/photoprism-tineke.tf
+++ b/photoprism-tineke.tf
@@ -0,0 +1,38 @@
+resource "docker_container" "photoprism-tineke" {
+  image = docker_image.photoprism.image_id
+  name = "photoprism-tineke"
+
+  restart = "always"
+
+  env = [
+    "PHOTOPRISM_UPLOAD_NSFW=true",
+    "PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism-tineke.rescla.me",
+    "PHOTOPRISM_HTTP_HOST=192.168.2.132",
+    "PHOTOPRISM_DISABLE_TLS=true"
+  ]
+
+  mounts {
+    target = "/photoprism/originals/capture-one-variants"
+    source = "/share/CaptureOne/Variants"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/photoprism/storage"
+    source = "/share/appdata/photoprism-tineke/storage"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.132"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
--- a/photoprism.tf
+++ b/photoprism.tf
@@ -16,7 +16,7 @@ resource "docker_container" "photoprism" {
  env = [
    "PHOTOPRISM_UPLOAD_NSFW=true",
    "PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",
-    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.xz1.nl",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.rescla.me",
    "PHOTOPRISM_HTTP_HOST=192.168.2.116",
    "PHOTOPRISM_DISABLE_TLS=true"
  ]
--- a/terraform.tfstate
+++ b/terraform.tfstate
--- a/terraform.tfstate.backup
+++ b/terraform.tfstate.backup