From 75cc2e473859f4aaaf7e7db56137b07f314cf1be Mon Sep 17 00:00:00 2001 From: PAPAMICA Date: Sat, 4 Sep 2021 10:23:21 +0200 Subject: [PATCH] Add Keycloak + OpenVPN + HealthCheck --- cachethq.yml | 8 ++++ filebrowser.yml | 5 ++ grafana.yml | 6 +++ hastebin.yml | 7 +++ jirafeau.yml | 6 +++ keycloak.yml | 56 ++++++++++++++++++++++ openvpn.yml | 55 +++++++++++++++++++++ projectsend.yml | 7 +++ templates-portainer.json | 101 +++++++++++++++++++++++++++++++++++++++ wikijs.yml | 7 +++ zabbix-cachethq.yml | 6 +++ zabbix-proxy.yml | 59 +++++++++++++++++++++++ zabbix.yml | 12 +++++ 13 files changed, 335 insertions(+) create mode 100644 keycloak.yml create mode 100644 openvpn.yml create mode 100644 zabbix-proxy.yml diff --git a/cachethq.yml b/cachethq.yml index ad2fa8b..e6566d6 100644 --- a/cachethq.yml +++ b/cachethq.yml @@ -25,6 +25,14 @@ services: - POSTGRES_PASSWORD=$DB_PASSWORD restart: always + #HealthCheck + healthcheck: + test: curl --fail http://localhost:8000 || exit 1 + interval: 1m + timeout: 30s + retries: 3 + + # Facultatif networks: - proxy diff --git a/filebrowser.yml b/filebrowser.yml index d6db17d..c673105 100644 --- a/filebrowser.yml +++ b/filebrowser.yml @@ -23,6 +23,11 @@ services: - $DATA_LOCATION/database.db:/database.db # ports: # - 8080:80 + healthcheck: + test: wget -nv -t1 --spider 'http://localhost:80' + interval: 1m + timeout: 30s + retries: 3 networks: diff --git a/grafana.yml b/grafana.yml index 8c384ff..5a3ec0c 100644 --- a/grafana.yml +++ b/grafana.yml @@ -27,6 +27,12 @@ services: - GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS=alexanderzobnin-zabbix-datasource # ports: # - 3001:3000 + healthcheck: + test: wget -nv -t1 --spider 'http://localhost:3000/' + interval: 1m + timeout: 30s + retries: 3 + # Facultatif networks: diff --git a/hastebin.yml b/hastebin.yml index 9983aaf..ac8093e 100644 --- a/hastebin.yml +++ b/hastebin.yml @@ -22,6 +22,13 @@ services: # ports: # - 8080:80 + healthcheck: + test: wget -s 'http://localhost:7777' + interval: 1m + timeout: 30s + retries: 3 + + # Facultatif networks: - proxy diff --git a/jirafeau.yml b/jirafeau.yml index 09cd678..58cfe42 100644 --- a/jirafeau.yml +++ b/jirafeau.yml @@ -19,6 +19,12 @@ services: - $DATA_LOCATION/cfg:/cfg - $DATA_LOCATION/data:/data - $DATA_LOCATION/media:/jirafeau/media + healthcheck: + test: wget -nv -t1 --spider 'http://localhost:80' + interval: 1m + timeout: 30s + retries: 3 + networks: - proxy logging: diff --git a/keycloak.yml b/keycloak.yml new file mode 100644 index 0000000..801a548 --- /dev/null +++ b/keycloak.yml @@ -0,0 +1,56 @@ +# Docker-compose mis à disposition par Mickael "PAPAMICA" Asseline +# Date de mise à jour : 04/09/2021 + +# Variables d'environnement à déclarer : +# - SERVICE : nom du service (exemple : mariadb) +# - KC_USER : utilisteur admin +# - KC_PASSWORD : mot de passe de l'utilisateur admin +# - KC_DB_HOST : nom du conteneur du SGBD +# - KC_DATABASE : nom de la BDD +# - KC_DB_USER : nom utilisateur BDD +# - KC_DB_PASSWORD : mot de passe de la BDD +# - NDD : Nom de domaine de l'application (ex : auth.papamica.com) + +# Fonctionne avec Portainer + +version: "2" +services: + keycloak: + image: jboss/keycloak:latest + container_name: $SERVICE + restart: unless-stopped + environment: + KEYCLOAK_USER: $KC_USER + KEYCLOAK_PASSWORD: $KC_PASSWORD + PROXY_ADDRESS_FORWARDING: 'true' + DB_ADDR: $KC_DB_HOST + DB_DATABASE: $KC_DATABASE + DB_USER: $KC_DB_USER + DB_PASSWORD: $KC_DB_PASSWORD + healthcheck: + test: curl --fail http://localhost:8080/auth/realms/master + interval: 1m + timeout: 30s + retries: 3 + logging: + driver: loki + options: + loki-url: "$URL_LOKI" + loki-external-labels: service={{.Name}} + labels: + - "traefik.enable=true" + - "traefik.http.routers.$SERVICE.entrypoints=http" + - "traefik.http.routers.$SERVICE.rule=Host(`$NDD`)" + - "traefik.http.middlewares.$SERVICE-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.$SERVICE.middlewares=$SERVICE-https-redirect" + - "traefik.http.routers.$SERVICE-secure.entrypoints=https" + - "traefik.http.routers.$SERVICE-secure.rule=Host(`$NDD`)" + - "traefik.http.routers.$SERVICE-secure.tls=true" + - "traefik.http.routers.$SERVICE-secure.tls.certresolver=http" + - "traefik.docker.network=proxy" + networks: + - proxy +networks: + proxy: + external: + name: proxy diff --git a/openvpn.yml b/openvpn.yml new file mode 100644 index 0000000..049370f --- /dev/null +++ b/openvpn.yml @@ -0,0 +1,55 @@ +# Docker-compose mis à disposition par Mickael "PAPAMICA" Asseline +# Date de mise à jour : 04/09/2021 + +# Variables d'environnement à déclarer : +# - SERVICE : nom du service (exemple : pgadmin) +# - PUID : uid de l'utilisateur système (exemple : 1001) +# - GUID : gid du groupe système (exemple : 1001) +# - INTERFACE: nom de l'interface réseau +# - TZ : Timezone du service (exemple : Europe/Paris) +# - DATA_LOCATION : localisation des données (exemple /apps/"service") +# - NDD : nom de domaine de l'application (ex : vpn.papamica.com) + +# Fonctionne avec Portainer + +version: "2" +services: + openvpn-as: + image: linuxserver/openvpn-as:latest + container_name: $SERVICE + cap_add: + - NET_ADMIN + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + - INTERFACE=$INTERFACE + healthcheck: + test: curl --fail --insecure https://localhost:943 || exit 1 + interval: 1m + timeout: 30s + retries: 3 + logging: + driver: loki + options: + loki-url: "$URL_LOKI" + loki-external-labels: service={{.Name}} + volumes: + - $DATA_LOCATION:/config + ports: + - 9443:9443 + - 1194:1194/udp + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.$SERVICE.entrypoints=https" + - "traefik.http.routers.$SERVICE.rule=Host(`$NDD`)" + - "traefik.http.services.$SERVICE.loadbalancer.server.port=943" + - "traefik.http.services.$SERVICE.loadbalancer.server.scheme=https" + - "traefik.docker.network=proxy" + networks: + - proxy +networks: + proxy: + external: + name: proxy diff --git a/projectsend.yml b/projectsend.yml index 262baef..c12aa87 100644 --- a/projectsend.yml +++ b/projectsend.yml @@ -28,6 +28,13 @@ services: - $DATA:/data # ports: # - 80:80 + + healthcheck: + test: curl --fail http://localhost:80 || exit 1 + interval: 1m + timeout: 30s + retries: 3 + # Facultatif networks: diff --git a/templates-portainer.json b/templates-portainer.json index e43d3d9..45af348 100644 --- a/templates-portainer.json +++ b/templates-portainer.json @@ -397,6 +397,107 @@ "label": "Url du service loki" }] }, +{ + "type": 3, + "title": "OpenVPN AS", + "description": "Serveur VPN", + "note": "

Site de l'application : openvpn.net<\/a>", + "categories": [ + "Sécurité", + "PAPAMICA" + ], + "platform": "linux", + "logo": "https://gitlab.com/kallioli/docker-server-container/-/raw/master/img/openvpn_logo.png", + "repository": { + "url": "https://github.com/PAPAMICA/docker-compose-collection", + "stackfile": "openvpn.yml" + }, + "env": [{ + "name": "SERVICE", + "label": "Nom du service" + }, + { + "name": "PUID", + "label": "Identifiant utilisateur openvpn" + }, + { + "name": "PGID", + "label": "Identifiant du groupe openvpn" + }, + { + "name": "TZ", + "label": "Timezone du service" + }, + { + "name": "INTERFACE", + "label": "Nom de l'interface réseau" + }, + { + "name": "DATA_LOCATION", + "label": "Localisation des données du service" + }, + { + "name": "URL_LOKI", + "label": "Url du service loki" + }, + { + "name": "NDD", + "label": "Nom de domaine" + }] +}, +{ + "type": 3, + "title": "Keycloak", + "description": "Serveur d'authentification SSO", + "note": "

Site de l'application : keycloak.org<\/a>", + "categories": [ + "Sécurité", + "PAPAMICA" + ], + "platform": "linux", + "logo": "https://gitlab.com/kallioli/docker-server-container/-/raw/master/img/keycloak_logo.png", + "repository": { + "url": "https://github.com/PAPAMICA/docker-compose-collection", + "stackfile": "keycloak.yml" + }, + "env": [{ + "name": "SERVICE", + "label": "Nom du service" + }, + { + "name": "KC_USER", + "label": "Nom de l'utilisateur administrateur" + }, + { + "name": "KC_PASSWORD", + "label": "Mot de passe administrateur" + }, + { + "name": "KC_DB_HOST", + "label": "Serveur SGBD" + }, + { + "name": "KC_DATABASE", + "label": "Nom de la BDD" + }, + { + "name": "KC_DB_USER", + "label": "Utilisateur de la BDD" + }, + { + "name": "KC_DB_PASSWORD", + "label": "Mot de passe de la BDD" + }, + { + "name": "URL_LOKI", + "label": "Url du service loki" + }, + { + "name": "NDD", + "label": "Nom de domaine" + }] +}, + { "type": 3, diff --git a/wikijs.yml b/wikijs.yml index 4d1da55..fad6f54 100644 --- a/wikijs.yml +++ b/wikijs.yml @@ -45,6 +45,13 @@ services: DB_PASS: $DB_PASSWORD DB_NAME: wiki restart: unless-stopped + + healthcheck: + test: curl --fail http://localhost:3000 || exit 1 + interval: 1m + timeout: 30s + retries: 3 + # Facultatif networks: - proxy diff --git a/zabbix-cachethq.yml b/zabbix-cachethq.yml index fc386c5..1b02987 100644 --- a/zabbix-cachethq.yml +++ b/zabbix-cachethq.yml @@ -19,6 +19,12 @@ services: volumes: - $DATA_LOCATION/config.yml:/config.yml restart: always + healthcheck: + test: grep -qr "python" /proc/*/status || exit 1 + interval: 1m + timeout: 30s + retries: 3 + # Facultatif networks: diff --git a/zabbix-proxy.yml b/zabbix-proxy.yml new file mode 100644 index 0000000..5256285 --- /dev/null +++ b/zabbix-proxy.yml @@ -0,0 +1,59 @@ +# Docker-compose provided by Mickael "PAPAMICA" Asseline +# Last update : 04/09/2021 +# Environment variables to declare : +# - SERVICE : name of the service (example : zabbix-proxy) +# - HOSTNAME : name of zabbix proxy (example : zabbix-proxy) +# - ZABBIX_SERVER : FQDN of zabbix server (example : zabbic.domain.tld) +# - TLSPSKIDENTITY : ID of psk in zabbix server (example : PSK001) +# - TLSPSKFILE : PSK file (example : zabbix_agentd.psk) +# - URL_LOKI : loki service URL (example : http://ip:3100/loki/api/v1/push) +# - DATA_LOCATION : location of service configuration data (example /app/"service") +# - NETWORK_APP : application network name +# Work with Portainer +version: '2' +services: + zabbix-proxy: + image: zabbix/zabbix-proxy-sqlite3:ubuntu-5.4-latest + restart: unless-stopped + container_name: $SERVICE + environment: + ZBX_PROXYMODE: 0 + ZBX_HOSTNAME: $PROXY_HOSTNAME + ZBX_SERVER_HOST: $ZABBIX_SERVER + ZBX_ENABLEREMOTECOMMANDS: 1 + ZBX_STARTPOLLERS: 5 + ZBX_IPMIPOLLERS: 1 + ZBX_STARTPOLLERSUNREACHABLE: 1 + ZBX_STARTTRAPPERS: 5 + ZBX_STARTPINGERS: 1 + ZBX_STARTDISCOVERERS: 1 + ZBX_STARTHTTPPOLLERS: 1 + ZBX_STARTVMWARECOLLECTORS: 10 + ZBX_TLSCONNECT: psk + ZBX_TLSACCEPT: psk + ZBX_TLSPSKIDENTITY: $TLSPSKIDENTITY + ZBX_TLSPSKFILE: $TLSPSKFILE + ZBX_VMWAREFREQUENCY: 60 + ZBX_VMWAREPERFFREQUENCY: 60 + ZBX_VMWARECACHESIZE: 8M + ZBX_VMWARETIMEOUT: 10 + healthcheck: + test: grep -qr "zabbix_proxy" /proc/*/status || exit 1 + interval: 1m + timeout: 30s + retries: 3 + logging: + driver: loki + options: + loki-url: "$URL_LOKI" + loki-external-labels: service={{.Name}} + volumes: + - $DATA_LOCATION/enc:/var/lib/zabbix/enc + ports: + - 10051:10051 + networks: + - proxy +networks: + proxy: + external: + name: proxy diff --git a/zabbix.yml b/zabbix.yml index 0918db4..b49b61c 100644 --- a/zabbix.yml +++ b/zabbix.yml @@ -58,6 +58,12 @@ services: - 10051:10051 volumes: # Volumes for scripts and related files you can add - $DATA_LOCATION/alertscripts:/usr/lib/zabbix/alertscripts + healthcheck: + test: grep -qr "zabbix_server" /proc/*/status || exit 1 + interval: 1m + timeout: 30s + retries: 3 + # Facultatif networks: @@ -85,6 +91,12 @@ services: - zabbix-server # ports: # Port where Zabbix UI is available # - 8090:8080 + healthcheck: + test: curl --fail http://localhost:8080 || exit 1 + interval: 1m + timeout: 30s + retries: 3 + # Facultatif networks: