WIP setup ente and garage

bind9/guiotte.db

@@ -12,21 +12,24 @@ $TTL  604800
 @  IN  NS  dm.guiotte.fr.
 
 ; OVH
-guiotte.fr.        IN  A       37.59.61.141
+guiotte.fr.            IN  A       37.59.61.141
-*.guiotte.fr.      IN  CNAME   guiotte.fr.
+*.guiotte.fr.          IN  CNAME   guiotte.fr.
 
 ; LAN
-dm.guiotte.fr.     IN  A       192.168.1.2
+dm.guiotte.fr.         IN  A       192.168.1.2
-money.guiotte.fr.  IN  CNAME   dm.guiotte.fr.
+money.guiotte.fr.      IN  CNAME   dm.guiotte.fr.
-photos.guiotte.fr. IN  CNAME   dm.guiotte.fr.
+dl.guiotte.fr.         IN  CNAME   dm.guiotte.fr.
-dl.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
+kdoc.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
-kdoc.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+sync.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
-sync.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+pad.guiotte.fr.        IN  CNAME   dm.guiotte.fr.
-pad.guiotte.fr.    IN  CNAME   dm.guiotte.fr.
+home.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
-home.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+zotero.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
-zotero.guiotte.fr. IN  CNAME   dm.guiotte.fr.
+git.guiotte.fr.        IN  CNAME   dm.guiotte.fr.
-git.guiotte.fr.    IN  CNAME   dm.guiotte.fr.
+db.guiotte.fr.         IN  CNAME   dm.guiotte.fr.
-db.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
+flix.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
-flix.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+task.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
-task.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+todo.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
-todo.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+pics.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
+photos.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
+ente.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
+s3.guiotte.fr.         IN  CNAME   dm.guiotte.fr.

docker-compose.yml

@@ -181,7 +181,7 @@ services:
       DB_USERNAME: lychee
       DB_DATABASE: lychee
       DB_PORT: 3306
-      APP_URL: https://photos.guiotte.fr
+      APP_URL: https://pics.guiotte.fr
       TRUSTED_PROXIES: 172.22.0.0/24
     secrets:
       - lychee-db-pw
@@ -484,8 +484,8 @@ services:
     image: ghcr.io/ente-io/server
     container_name: ente-server
     restart: unless-stopped
-    ports:
+    #ports:
-      - 8080:8080 # API
+    #  - 8080:8080 # API
     depends_on:
       ente-db:
         condition: service_healthy
@@ -494,13 +494,15 @@ services:
       ENTE_DB_HOST: ente-db
       ENTE_DB_NAME: ente_db
       ENTE_DB_USER: pguser
-      ENTE_S3_B2_EU_CEN_ENDPOINT: garage:3900
+      ENTE_S3_ARE_LOCAL_BUCKETS: false
+      ENTE_S3_USE_PATH_STYLE_URLS: true
+      ENTE_S3_B2_EU_CEN_ENDPOINT: https://s3.guiotte.fr
       ENTE_S3_B2_EU_CEN_REGION: garage
       ENTE_S3_B2_EU_CEN_BUCKET: ente
-      ENTE_APPS_PUBLIC_ALBUMS: http://dm:3002
+      ENTE_APPS_PUBLIC_ALBUMS: https://albums.photos.guiotte.fr
-      ENTE_APPS_CAST: http://dm:3004
+      ENTE_APPS_CAST: https://cast.photos.guiotte.fr
-      ENTE_APPS_EMBED_ALBUMS: http://dm:3005
+      ENTE_APPS_EMBED_ALBUMS: https://embed.photos.guiotte.fr
-      ENTE_APPS_ACCOUNTS: http://dm:3001
+      ENTE_APPS_ACCOUNTS: https://accounts.photos.guiotte.fr
     secrets:
       - ente-db-pw
       - ente-s3-key
@@ -521,7 +523,6 @@ services:
       retries: 3
       start_period: 120s
 
-
   ente-web:
     image: ghcr.io/ente-io/web
     container_name: ente-web
@@ -538,9 +539,9 @@ services:
     # Modify these values to your custom subdomains, if using any
     environment:
       <<: *common-environment
-      ENTE_API_ORIGIN: http://localhost:8080
+      ENTE_API_ORIGIN: https://ente.guiotte.fr
-      ENTE_ALBUMS_ORIGIN: https://dm:3002
+      ENTE_ALBUMS_ORIGIN: https://albums.photos.guiotte.fr
-      ENTE_PHOTOS_ORIGIN: http://dm:3000
+      ENTE_PHOTOS_ORIGIN: https://photos.guiotte.fr/
 
 
 volumes:

swag/nginx/nginx.conf

@@ -75,6 +75,14 @@ http {
     # Includes virtual hosts configs.
     include /etc/nginx/http.d/*.conf;
     include /config/nginx/site-confs/*.conf;
+
+    # For garage CORS
+    map $http_origin $cors_origin {
+        default "";
+        "https://photos.guiotte.fr" $http_origin;
+        "https://ente.guiotte.fr" $http_origin;
+    }
+
 }
 
 daemon off;

swag/nginx/proxy-confs/ente-server.subdomain.conf

@@ -0,0 +1,22 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ente.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-server;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+

swag/nginx/proxy-confs/ente-web.subdomain.conf

@@ -0,0 +1,153 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name accounts.photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3001;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name public.photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3002;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name auth.photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3003;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name cast.photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3004;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name share.photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3005;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name embed.photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3006;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

swag/nginx/proxy-confs/garage.subdomain.conf

@@ -0,0 +1,49 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name s3.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+
+        set $upstream_app garage;
+        set $upstream_port 3900;
+        set $upstream_proto http;
+
+        # --- Handle CORS preflight ---
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' "*" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always;
+            add_header 'Access-Control-Allow-Headers' '*' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 3000;
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            return 204;
+        }
+
+        # --- Proxy normal requests ---
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # Prevent backend from sending conflicting CORS headers (optional)
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Expose-Headers;
+
+        # --- Add CORS headers for actual responses ---
+        add_header 'Access-Control-Allow-Origin' "*" always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always;
+        add_header 'Access-Control-Allow-Headers' '*' always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Expose-Headers' 'Etag' always;#
+    }
+}
+

swag/nginx/proxy-confs/lychee.subdomain.conf

@@ -6,7 +6,7 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
 
-    server_name photos.*;
+    server_name pics.*;
 
     include /config/nginx/ssl.conf;