Add subdomains for ente

WIP setup ente and garage
2026-01-04 13:04:22 +01:00 · 2026-01-04 12:23:34 +01:00
7 changed files with 262 additions and 29 deletions
--- a/bind9/guiotte.db
+++ b/bind9/guiotte.db
@ -12,21 +12,29 @@ $TTL  604800
@  IN  NS  dm.guiotte.fr.

 ; OVH
-guiotte.fr.        IN  A       37.59.61.141
-*.guiotte.fr.      IN  CNAME   guiotte.fr.
+guiotte.fr.                     IN  A       37.59.61.141
+*.guiotte.fr.                   IN  CNAME   guiotte.fr.

 ; LAN
-dm.guiotte.fr.     IN  A       192.168.1.2
-money.guiotte.fr.  IN  CNAME   dm.guiotte.fr.
-photos.guiotte.fr. IN  CNAME   dm.guiotte.fr.
-dl.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
-kdoc.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
-sync.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
-pad.guiotte.fr.    IN  CNAME   dm.guiotte.fr.
-home.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
-zotero.guiotte.fr. IN  CNAME   dm.guiotte.fr.
-git.guiotte.fr.    IN  CNAME   dm.guiotte.fr.
-db.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
-flix.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
-task.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
-todo.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+dm.guiotte.fr.                  IN  A       192.168.1.2
+money.guiotte.fr.               IN  CNAME   dm.guiotte.fr.
+dl.guiotte.fr.                  IN  CNAME   dm.guiotte.fr.
+kdoc.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+sync.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+pad.guiotte.fr.                 IN  CNAME   dm.guiotte.fr.
+home.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+zotero.guiotte.fr.              IN  CNAME   dm.guiotte.fr.
+git.guiotte.fr.                 IN  CNAME   dm.guiotte.fr.
+db.guiotte.fr.                  IN  CNAME   dm.guiotte.fr.
+flix.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+task.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+todo.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+pics.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+photos.guiotte.fr.              IN  CNAME   dm.guiotte.fr.
+ente.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+s3.guiotte.fr.                  IN  CNAME   dm.guiotte.fr.
+comptes-photos.guiotte.fr.      IN  CNAME   dm.guiotte.fr.
+albums-photos.guiotte.fr.       IN  CNAME   dm.guiotte.fr.
+auth.guiotte.fr.                IN  CNAME   dm.guiotte.fr.
+capsule-photos.guiotte.fr.      IN  CNAME   dm.guiotte.fr.
+tele-photos.guiotte.fr.         IN  CNAME   dm.guiotte.fr.
--- a/ddclient/ddclient.conf
+++ b/ddclient/ddclient.conf
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -181,7 +181,7 @@ services:
      DB_USERNAME: lychee
      DB_DATABASE: lychee
      DB_PORT: 3306
-      APP_URL: https://photos.guiotte.fr
+      APP_URL: https://pics.guiotte.fr
      TRUSTED_PROXIES: 172.22.0.0/24
    secrets:
      - lychee-db-pw
@ -484,8 +484,8 @@ services:
    image: ghcr.io/ente-io/server
    container_name: ente-server
    restart: unless-stopped
-    ports:
-      - 8080:8080 # API
+    #ports:
+    #  - 8080:8080 # API
    depends_on:
      ente-db:
        condition: service_healthy
@ -494,13 +494,15 @@ services:
      ENTE_DB_HOST: ente-db
      ENTE_DB_NAME: ente_db
      ENTE_DB_USER: pguser
-      ENTE_S3_B2_EU_CEN_ENDPOINT: garage:3900
+      ENTE_S3_ARE_LOCAL_BUCKETS: false
+      ENTE_S3_USE_PATH_STYLE_URLS: true
+      ENTE_S3_B2_EU_CEN_ENDPOINT: https://s3.guiotte.fr
      ENTE_S3_B2_EU_CEN_REGION: garage
      ENTE_S3_B2_EU_CEN_BUCKET: ente
-      ENTE_APPS_PUBLIC_ALBUMS: http://dm:3002
-      ENTE_APPS_CAST: http://dm:3004
-      ENTE_APPS_EMBED_ALBUMS: http://dm:3005
-      ENTE_APPS_ACCOUNTS: http://dm:3001
+      ENTE_APPS_PUBLIC_ALBUMS: https://albums-photos.guiotte.fr
+      ENTE_APPS_CAST: https://tele-photos.guiotte.fr
+      ENTE_APPS_EMBED_ALBUMS: https://capsule-photos.guiotte.fr
+      ENTE_APPS_ACCOUNTS: https://comptes-photos.guiotte.fr
    secrets:
      - ente-db-pw
      - ente-s3-key
@ -521,7 +523,6 @@ services:
      retries: 3
      start_period: 120s

-
  ente-web:
    image: ghcr.io/ente-io/web
    container_name: ente-web
@ -538,9 +539,9 @@ services:
    # Modify these values to your custom subdomains, if using any
    environment:
      <<: *common-environment
-      ENTE_API_ORIGIN: http://localhost:8080
-      ENTE_ALBUMS_ORIGIN: https://dm:3002
-      ENTE_PHOTOS_ORIGIN: http://dm:3000
+      ENTE_API_ORIGIN: https://ente.guiotte.fr
+      ENTE_ALBUMS_ORIGIN: https://albums-photos.guiotte.fr
+      ENTE_PHOTOS_ORIGIN: https://photos.guiotte.fr/


 volumes:
--- a/swag/nginx/proxy-confs/ente-server.subdomain.conf
+++ b/swag/nginx/proxy-confs/ente-server.subdomain.conf
@ -0,0 +1,22 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ente.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-server;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
--- a/swag/nginx/proxy-confs/ente-web.subdomain.conf
+++ b/swag/nginx/proxy-confs/ente-web.subdomain.conf
@ -0,0 +1,153 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name comptes-photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3001;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name albums-photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3002;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name auth.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3003;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name tele-photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3004;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
+
+#server {
+#    listen 443 ssl;
+#    listen [::]:443 ssl;
+#
+#    server_name partage-photos.*; # This is Ente Locker for files, not only photos
+#
+#    include /config/nginx/ssl.conf;
+#
+#    client_max_body_size 0;
+#
+#    location / {
+#
+#        include /config/nginx/proxy.conf;
+#        include /config/nginx/resolver.conf;
+#        set $upstream_app ente-web;
+#        set $upstream_port 3005;
+#        set $upstream_proto http;
+#        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+#
+#    }
+#}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name capsule-photos.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app ente-web;
+        set $upstream_port 3006;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
--- a/swag/nginx/proxy-confs/garage.subdomain.conf
+++ b/swag/nginx/proxy-confs/garage.subdomain.conf
@ -0,0 +1,49 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name s3.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+
+        set $upstream_app garage;
+        set $upstream_port 3900;
+        set $upstream_proto http;
+
+        # --- Handle CORS preflight ---
+        if ($request_method = OPTIONS) {
+            add_header 'Access-Control-Allow-Origin' "*" always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always;
+            add_header 'Access-Control-Allow-Headers' '*' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 3000;
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            return 204;
+        }
+
+        # --- Proxy normal requests ---
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # Prevent backend from sending conflicting CORS headers (optional)
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Expose-Headers;
+
+        # --- Add CORS headers for actual responses ---
+        add_header 'Access-Control-Allow-Origin' "*" always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always;
+        add_header 'Access-Control-Allow-Headers' '*' always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Expose-Headers' 'Etag' always;#
+    }
+}
+
--- a/swag/nginx/proxy-confs/lychee.subdomain.conf
+++ b/swag/nginx/proxy-confs/lychee.subdomain.conf
@ -6,7 +6,7 @@ server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

-    server_name photos.*;
+    server_name pics.*;

    include /config/nginx/ssl.conf;
Author	SHA1	Message	Date
Florent Guiotte	274a733dae	Add subdomains for ente	2026-01-04 13:04:22 +01:00
Florent Guiotte	c5fc801fd3	WIP setup ente and garage	2026-01-04 12:23:34 +01:00