diff --git a/bind9/guiotte.db b/bind9/guiotte.db index 6d596e9..fc4d9bd 100644 --- a/bind9/guiotte.db +++ b/bind9/guiotte.db @@ -12,21 +12,24 @@ $TTL 604800 @ IN NS dm.guiotte.fr. ; OVH -guiotte.fr. IN A 37.59.61.141 -*.guiotte.fr. IN CNAME guiotte.fr. +guiotte.fr. IN A 37.59.61.141 +*.guiotte.fr. IN CNAME guiotte.fr. ; LAN -dm.guiotte.fr. IN A 192.168.1.2 -money.guiotte.fr. IN CNAME dm.guiotte.fr. -photos.guiotte.fr. IN CNAME dm.guiotte.fr. -dl.guiotte.fr. IN CNAME dm.guiotte.fr. -kdoc.guiotte.fr. IN CNAME dm.guiotte.fr. -sync.guiotte.fr. IN CNAME dm.guiotte.fr. -pad.guiotte.fr. IN CNAME dm.guiotte.fr. -home.guiotte.fr. IN CNAME dm.guiotte.fr. -zotero.guiotte.fr. IN CNAME dm.guiotte.fr. -git.guiotte.fr. IN CNAME dm.guiotte.fr. -db.guiotte.fr. IN CNAME dm.guiotte.fr. -flix.guiotte.fr. IN CNAME dm.guiotte.fr. -task.guiotte.fr. IN CNAME dm.guiotte.fr. -todo.guiotte.fr. IN CNAME dm.guiotte.fr. +dm.guiotte.fr. IN A 192.168.1.2 +money.guiotte.fr. IN CNAME dm.guiotte.fr. +dl.guiotte.fr. IN CNAME dm.guiotte.fr. +kdoc.guiotte.fr. IN CNAME dm.guiotte.fr. +sync.guiotte.fr. IN CNAME dm.guiotte.fr. +pad.guiotte.fr. IN CNAME dm.guiotte.fr. +home.guiotte.fr. IN CNAME dm.guiotte.fr. +zotero.guiotte.fr. IN CNAME dm.guiotte.fr. +git.guiotte.fr. IN CNAME dm.guiotte.fr. +db.guiotte.fr. IN CNAME dm.guiotte.fr. +flix.guiotte.fr. IN CNAME dm.guiotte.fr. +task.guiotte.fr. IN CNAME dm.guiotte.fr. +todo.guiotte.fr. IN CNAME dm.guiotte.fr. +pics.guiotte.fr. IN CNAME dm.guiotte.fr. +photos.guiotte.fr. IN CNAME dm.guiotte.fr. +ente.guiotte.fr. IN CNAME dm.guiotte.fr. +s3.guiotte.fr. IN CNAME dm.guiotte.fr. diff --git a/ddclient/ddclient.conf b/ddclient/ddclient.conf index 319e106..69a0f23 100644 Binary files a/ddclient/ddclient.conf and b/ddclient/ddclient.conf differ diff --git a/docker-compose.yml b/docker-compose.yml index 5133299..ee0c93b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -181,7 +181,7 @@ services: DB_USERNAME: lychee DB_DATABASE: lychee DB_PORT: 3306 - APP_URL: https://photos.guiotte.fr + APP_URL: https://pics.guiotte.fr TRUSTED_PROXIES: 172.22.0.0/24 secrets: - lychee-db-pw @@ -484,8 +484,8 @@ services: image: ghcr.io/ente-io/server container_name: ente-server restart: unless-stopped - ports: - - 8080:8080 # API + #ports: + # - 8080:8080 # API depends_on: ente-db: condition: service_healthy @@ -494,13 +494,15 @@ services: ENTE_DB_HOST: ente-db ENTE_DB_NAME: ente_db ENTE_DB_USER: pguser - ENTE_S3_B2_EU_CEN_ENDPOINT: garage:3900 + ENTE_S3_ARE_LOCAL_BUCKETS: false + ENTE_S3_USE_PATH_STYLE_URLS: true + ENTE_S3_B2_EU_CEN_ENDPOINT: https://s3.guiotte.fr ENTE_S3_B2_EU_CEN_REGION: garage ENTE_S3_B2_EU_CEN_BUCKET: ente - ENTE_APPS_PUBLIC_ALBUMS: http://dm:3002 - ENTE_APPS_CAST: http://dm:3004 - ENTE_APPS_EMBED_ALBUMS: http://dm:3005 - ENTE_APPS_ACCOUNTS: http://dm:3001 + ENTE_APPS_PUBLIC_ALBUMS: https://albums.photos.guiotte.fr + ENTE_APPS_CAST: https://cast.photos.guiotte.fr + ENTE_APPS_EMBED_ALBUMS: https://embed.photos.guiotte.fr + ENTE_APPS_ACCOUNTS: https://accounts.photos.guiotte.fr secrets: - ente-db-pw - ente-s3-key @@ -521,7 +523,6 @@ services: retries: 3 start_period: 120s - ente-web: image: ghcr.io/ente-io/web container_name: ente-web @@ -538,9 +539,9 @@ services: # Modify these values to your custom subdomains, if using any environment: <<: *common-environment - ENTE_API_ORIGIN: http://localhost:8080 - ENTE_ALBUMS_ORIGIN: https://dm:3002 - ENTE_PHOTOS_ORIGIN: http://dm:3000 + ENTE_API_ORIGIN: https://ente.guiotte.fr + ENTE_ALBUMS_ORIGIN: https://albums.photos.guiotte.fr + ENTE_PHOTOS_ORIGIN: https://photos.guiotte.fr/ volumes: diff --git a/swag/nginx/nginx.conf b/swag/nginx/nginx.conf index 5f59482..f1130a8 100644 --- a/swag/nginx/nginx.conf +++ b/swag/nginx/nginx.conf @@ -75,6 +75,14 @@ http { # Includes virtual hosts configs. include /etc/nginx/http.d/*.conf; include /config/nginx/site-confs/*.conf; + + # For garage CORS + map $http_origin $cors_origin { + default ""; + "https://photos.guiotte.fr" $http_origin; + "https://ente.guiotte.fr" $http_origin; + } + } daemon off; diff --git a/swag/nginx/proxy-confs/ente-server.subdomain.conf b/swag/nginx/proxy-confs/ente-server.subdomain.conf new file mode 100644 index 0000000..c7789b1 --- /dev/null +++ b/swag/nginx/proxy-confs/ente-server.subdomain.conf @@ -0,0 +1,22 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name ente.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-server; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} + diff --git a/swag/nginx/proxy-confs/ente-web.subdomain.conf b/swag/nginx/proxy-confs/ente-web.subdomain.conf new file mode 100644 index 0000000..990c068 --- /dev/null +++ b/swag/nginx/proxy-confs/ente-web.subdomain.conf @@ -0,0 +1,153 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-web; + set $upstream_port 3000; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name accounts.photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-web; + set $upstream_port 3001; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name public.photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-web; + set $upstream_port 3002; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name auth.photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-web; + set $upstream_port 3003; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name cast.photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-web; + set $upstream_port 3004; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name share.photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-web; + set $upstream_port 3005; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name embed.photos.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_app ente-web; + set $upstream_port 3006; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } +} diff --git a/swag/nginx/proxy-confs/garage.subdomain.conf b/swag/nginx/proxy-confs/garage.subdomain.conf new file mode 100644 index 0000000..c0dd43f --- /dev/null +++ b/swag/nginx/proxy-confs/garage.subdomain.conf @@ -0,0 +1,49 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name s3.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + location / { + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + + set $upstream_app garage; + set $upstream_port 3900; + set $upstream_proto http; + + # --- Handle CORS preflight --- + if ($request_method = OPTIONS) { + add_header 'Access-Control-Allow-Origin' "*" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always; + add_header 'Access-Control-Allow-Headers' '*' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Max-Age' 3000; + add_header 'Content-Length' 0; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + return 204; + } + + # --- Proxy normal requests --- + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + # Prevent backend from sending conflicting CORS headers (optional) + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header Access-Control-Expose-Headers; + + # --- Add CORS headers for actual responses --- + add_header 'Access-Control-Allow-Origin' "*" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always; + add_header 'Access-Control-Allow-Headers' '*' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Expose-Headers' 'Etag' always;# + } +} + diff --git a/swag/nginx/proxy-confs/lychee.subdomain.conf b/swag/nginx/proxy-confs/lychee.subdomain.conf index 2f9afea..b604eb0 100644 --- a/swag/nginx/proxy-confs/lychee.subdomain.conf +++ b/swag/nginx/proxy-confs/lychee.subdomain.conf @@ -6,7 +6,7 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name photos.*; + server_name pics.*; include /config/nginx/ssl.conf;