diff --git a/.env.example b/.env.example index fb55f26..7f644fa 100644 --- a/.env.example +++ b/.env.example @@ -1,5 +1,5 @@ COMPOSE_PROFILES= -COMPOSE_FILE=docker-compose.yml:adguardhome/docker-compose.yml:flaresolverr/docker-compose.yml:sabnzbd/docker-compose.yml +COMPOSE_FILE=docker-compose.yml:adguardhome/docker-compose.yml:flaresolverr/docker-compose.yml:sabnzbd/docker-compose.yml:tandoor/docker-compose.yml USER_ID=1000 GROUP_ID=1000 TIMEZONE="America/New_York" diff --git a/README.md b/README.md index e6b2772..4d8c1fd 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ I am running it in Ubuntu Server 22.04; I also tested this setup on a [Synology * [Encryption](#encryption) * [DHCP](#dhcp) * [Expose DNS Server with Tailscale](#expose-dns-server-with-tailscale) + * [Tandoor](#tandoor) * [Customization](#customization) * [Optional: Using the VPN for *arr apps](#optional-using-the-vpn-for-arr-apps) * [Synology Quirks](#synology-quirks) @@ -52,28 +53,27 @@ I am running it in Ubuntu Server 22.04; I also tested this setup on a [Synology ## Applications -| **Application** | **Description** | **Image** | **URL** | -|----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|--------------| -| [Sonarr](https://sonarr.tv) | PVR for newsgroup and bittorrent users | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr) | /sonarr | -| [Radarr](https://radarr.video) | Movie collection manager for Usenet and BitTorrent users | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr) | /radarr | -| [Lidarr](https://lidarr.audio) | Music collection manager for Usenet and BitTorrent users | [linuxserver/lidarr](https://hub.docker.com/r/linuxserver/lidarr) | /lidarr | -| [Prowlarr](https://github.com/Prowlarr/Prowlarr) | Indexer aggregator for Sonarr and Radarr | [linuxserver/prowlarr:latest](https://hub.docker.com/r/linuxserver/prowlarr) | /prowlarr | -| [PIA WireGuard VPN](https://github.com/thrnz/docker-wireguard-pia) | Encapsulate qBittorrent traffic in [PIA](https://www.privateinternetaccess.com/) using [WireGuard](https://www.wireguard.com/) with port forwarding. | [thrnz/docker-wireguard-pia](https://hub.docker.com/r/thrnz/docker-wireguard-pia) | | -| [qBittorrent](https://www.qbittorrent.org) | Bittorrent client with a complete web UI
Uses VPN network
Using Libtorrent 1.x | [linuxserver/qbittorrent:libtorrentv1](https://hub.docker.com/r/linuxserver/qbittorrent) | /qbittorrent | -| [Unpackerr](https://unpackerr.zip) | Automated Archive Extractions | [golift/unpackerr](https://hub.docker.com/r/golift/unpackerr) | | -| [Jellyfin](https://jellyfin.org) | Media server designed to organize, manage, and share digital media files to networked devices | [linuxserver/jellyfin](https://hub.docker.com/r/linuxserver/jellyfin) | /jellyfin | -| [Jellyseer](https://jellyfin.org) | Manages requests for your media library | [fallenbagel/jellyseerr](https://hub.docker.com/r/fallenbagel/jellyseerr) | /jellyseer | -| [Homepage](https://gethomepage.dev) | Application dashboard | [gethomepage/homepage](https://github.com/gethomepage/homepage/pkgs/container/homepage) | / | -| [Traefik](https://traefik.io) | Reverse proxy | [traefik](https://hub.docker.com/_/traefik) | | -| [Watchtower](https://containrrr.dev/watchtower/) | Automated Docker images update | [containrrr/watchtower](https://hub.docker.com/r/containrrr/watchtower) | | -| [Autoheal](https://github.com/willfarrell/docker-autoheal/) | Monitor and restart unhealthy Docker containers | [willfarrell/autoheal](https://hub.docker.com/r/willfarrell/autoheal) | | -| [SABnzbd](https://sabnzbd.org/) | Optional - Free and easy binary newsreader
Enable with `COMPOSE_PROFILES=sabnzbd` | [linuxserver/sabnzbd](https://hub.docker.com/r/linuxserver/sabnzbd) | /sabnzbd | -| [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr) | Optional - Proxy server to bypass Cloudflare protection in Prowlarr
Enable with `COMPOSE_PROFILES=flaresolverr` | [flaresolverr/flaresolverr](https://hub.docker.com/r/flaresolverr/flaresolverr) | | -| [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) | Optional - Network-wide software for blocking ads & tracking
Enable with `COMPOSE_PROFILES=adguardhome` | [adguard/adguardhome](https://hub.docker.com/r/adguard/adguardhome) | | -| [DHCP Relay](https://github.com/modem7/DHCP-Relay) | Optional - Docker DHCP Relay | [modem7/dhcprelay](https://hub.docker.com/r/modem7/dhcprelay) | | -| [Traefik Certs Dumper](https://github.com/ldez/traefik-certs-dumper) | Optional - Dump ACME data from Traefik to certificates | [ldez/traefik-certs-dumper](https://hub.docker.com/r/ldez/traefik-certs-dumper) | | - -Optional containers are not run by default, they need to be enabled, +| **Application** | **Description** | **Image** | **URL** | +|--------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|--------------| +| [Sonarr](https://sonarr.tv) | PVR for newsgroup and bittorrent users | [linuxserver/sonarr](https://hub.docker.com/r/linuxserver/sonarr) | /sonarr | +| [Radarr](https://radarr.video) | Movie collection manager for Usenet and BitTorrent users | [linuxserver/radarr](https://hub.docker.com/r/linuxserver/radarr) | /radarr | +| [Prowlarr](https://github.com/Prowlarr/Prowlarr) | Indexer aggregator for Sonarr and Radarr | [linuxserver/prowlarr:latest](https://hub.docker.com/r/linuxserver/prowlarr) | /prowlarr | +| [PIA WireGuard VPN](https://github.com/thrnz/docker-wireguard-pia) | Encapsulate qBittorrent traffic in [PIA](https://www.privateinternetaccess.com/) using [WireGuard](https://www.wireguard.com/) with port forwarding. | [thrnz/docker-wireguard-pia](https://hub.docker.com/r/thrnz/docker-wireguard-pia) | | +| [qBittorrent](https://www.qbittorrent.org) | Bittorrent client with a complete web UI
Uses VPN network
Using Libtorrent 1.x | [linuxserver/qbittorrent:libtorrentv1](https://hub.docker.com/r/linuxserver/qbittorrent) | /qbittorrent | +| [Unpackerr](https://unpackerr.zip) | Automated Archive Extractions | [golift/unpackerr](https://hub.docker.com/r/golift/unpackerr) | | +| [Jellyfin](https://jellyfin.org) | Media server designed to organize, manage, and share digital media files to networked devices | [linuxserver/jellyfin](https://hub.docker.com/r/linuxserver/jellyfin) | /jellyfin | +| [Jellyseer](https://jellyfin.org) | Manages requests for your media library | [fallenbagel/jellyseerr](https://hub.docker.com/r/fallenbagel/jellyseerr) | /jellyseer | +| [Homepage](https://gethomepage.dev) | Application dashboard | [gethomepage/homepage](https://github.com/gethomepage/homepage/pkgs/container/homepage) | / | +| [Traefik](https://traefik.io) | Reverse proxy | [traefik](https://hub.docker.com/_/traefik) | | +| [Watchtower](https://containrrr.dev/watchtower/) | Automated Docker images update | [containrrr/watchtower](https://hub.docker.com/r/containrrr/watchtower) | | +| [Autoheal](https://github.com/willfarrell/docker-autoheal/) | Monitor and restart unhealthy Docker containers | [willfarrell/autoheal](https://hub.docker.com/r/willfarrell/autoheal) | | +| [Lidarr](https://lidarr.audio) | Optional - Music collection manager for Usenet and BitTorrent users
Enable with `COMPOSE_PROFILES=lidarr` | [linuxserver/lidarr](https://hub.docker.com/r/linuxserver/lidarr) | /lidarr | +| [SABnzbd](https://sabnzbd.org/) | Optional - Free and easy binary newsreader
Enable with `COMPOSE_PROFILES=sabnzbd` | [linuxserver/sabnzbd](https://hub.docker.com/r/linuxserver/sabnzbd) | /sabnzbd | +| [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr) | Optional - Proxy server to bypass Cloudflare protection in Prowlarr
Enable with `COMPOSE_PROFILES=flaresolverr` | [flaresolverr/flaresolverr](https://hub.docker.com/r/flaresolverr/flaresolverr) | | +| [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) | Optional - Network-wide software for blocking ads & tracking
Enable with `COMPOSE_PROFILES=adguardhome` | [adguard/adguardhome](https://hub.docker.com/r/adguard/adguardhome) | | +| [Tandoor](https://tandoor.dev) | Optional - Smart recipe management
Enable with `COMPOSE_PROFILES=tandoor` | [vabene1111/recipes](https://hub.docker.com/r/vabene1111/recipes) | /recipes | +[README.md](README.md) +Optional containers are not enabled by default, they need to be enabled, see [Optional Services](#optional-services) for more information. ## Quick Start @@ -183,7 +183,7 @@ place in the VPN container, the hostname for qBittorrent is the hostname of the The indexers are configured through Prowlarr. They synchronize automatically to Radarr and Sonarr. Radarr and Sonarr may then be added via Settings > Apps. The Prowlarr server is `http://prowlarr:9696/prowlarr`, the Radarr server -is `http://radarr:7878/radarr` Sonarr `http://sonarr:8989/sonarr`, and Lidarr `http://lidarr:8686/lidarr`: +is `http://radarr:7878/radarr` Sonarr `http://sonarr:8989/sonarr`, and Lidarr `http://lidarr:8686/lidarr`. Their API keys can be found in Settings > Security > API Key. @@ -365,6 +365,10 @@ dhcp: Based on [Tailscale's documentation](https://tailscale.com/kb/1114/pi-hole), it is easy to use your AdGuard server everywhere. Just make sure that AdGuard Home listens to all interfaces. +### Tandoor + +See [here](./tandoor/README.md). + ## Customization You can override the configuration of a service or add new services by creating a new `docker-compose.override.yml` file, diff --git a/docker-compose.yml b/docker-compose.yml index f027454..912732b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,5 @@ -version: "3.9" +version: '3.9' + services: traefik: image: traefik:v2.10 @@ -128,6 +129,8 @@ services: - homepage.widget.type=lidarr - homepage.widget.url=http://lidarr:8686/lidarr - homepage.widget.key=${LIDARR_API_KEY} + profiles: + - lidarr jellyseerr: image: fallenbagel/jellyseerr:latest container_name: jellyseerr @@ -316,8 +319,6 @@ services: - UN_SONARR_0_API_KEY=${SONARR_API_KEY} - UN_RADARR_0_URL=http://radarr:7878/radarr - UN_RADARR_0_API_KEY=${RADARR_API_KEY} - - UN_LIDARR_0_URL=http://lidarr:8686/lidarr - - UN_LIDARR_0_API_KEY=${LIDARR_API_KEY} security_opt: - no-new-privileges:true jellyfin: diff --git a/tandoor/.env.example b/tandoor/.env.example new file mode 100644 index 0000000..646356a --- /dev/null +++ b/tandoor/.env.example @@ -0,0 +1,191 @@ +# only set this to true when testing/debugging +# when unset: 1 (true) - dont unset this, just for development +DEBUG=0 +SQL_DEBUG=0 +DEBUG_TOOLBAR=0 +# Gunicorn log level for debugging (default value is "info" when unset) +# (see https://docs.gunicorn.org/en/stable/settings.html#loglevel for available settings) +# GUNICORN_LOG_LEVEL="debug" + +# HTTP port to bind to +# TANDOOR_PORT=8080 + +# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,... +ALLOWED_HOSTS=* + +# Cross Site Request Forgery protection +# (https://docs.djangoproject.com/en/4.2/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS) +# CSRF_TRUSTED_ORIGINS = [] + +# Cross Origin Resource Sharing +# (https://github.com/adamchainz/django-cors-header) +# CORS_ALLOW_ALL_ORIGINS = True + +# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one +# ---------------------------- AT LEAST ONE REQUIRED ------------------------- +SECRET_KEY= +SECRET_KEY_FILE= +# --------------------------------------------------------------- + +# your default timezone See https://timezonedb.com/time-zones for a list of timezones +TZ=America/New_York + +# add only a database password if you want to run with the default postgres, otherwise change settings accordingly +DB_ENGINE=django.db.backends.sqlite3 +# DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl +#POSTGRES_HOST=db_recipes +#POSTGRES_PORT=5432 +#POSTGRES_USER=djangouser +# ---------------------------- AT LEAST ONE REQUIRED ------------------------- +#POSTGRES_PASSWORD= +#POSTGRES_PASSWORD_FILE= +# --------------------------------------------------------------- +POSTGRES_DB=/opt/recipes/database/recipes.db + +# database connection string, when used overrides other database settings. +# format might vary depending on backend +# DATABASE_URL = engine://username:password@host:port/dbname + +# the default value for the user preference 'fractions' (enable/disable fraction support) +# default: disabled=0 +FRACTION_PREF_DEFAULT=0 + +# the default value for the user preference 'comments' (enable/disable commenting system) +# default comments enabled=1 +COMMENT_PREF_DEFAULT=1 + +# Users can set a amount of time after which the shopping list is refreshed when they are in viewing mode +# This is the minimum interval users can set. Setting this to low will allow users to refresh very frequently which +# might cause high load on the server. (Technically they can obviously refresh as often as they want with their own scripts) +SHOPPING_MIN_AUTOSYNC_INTERVAL=5 + +# Default for user setting sticky navbar +# STICKY_NAV_PREF_DEFAULT=1 + +# If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/) +# Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/' +SCRIPT_NAME=/recipes + +# If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN / +# this is not required if you are just using a subfolder +# This can either be a relative path from the applications base path or the url of an external host +STATIC_URL=/recipes/static/ + +# If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN / +# this is not required if you are just using a subfolder +# This can either be a relative path from the applications base path or the url of an external host +MEDIA_URL=/recipes/media/ + +# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples +# provided that include an additional nxginx container to handle media file serving. +# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method. +# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate +GUNICORN_MEDIA=0 + +# GUNICORN SERVER RELATED SETTINGS (see https://docs.gunicorn.org/en/stable/design.html#how-many-workers for recommended settings) +# GUNICORN_WORKERS=1 +# GUNICORN_THREADS=1 + +# S3 Media settings: store mediafiles in s3 or any compatible storage backend (e.g. minio) +# as long as S3_ACCESS_KEY is not set S3 features are disabled +# S3_ACCESS_KEY= +# S3_SECRET_ACCESS_KEY= +# S3_BUCKET_NAME= +# S3_REGION_NAME= # default none, set your region might be required +# S3_QUERYSTRING_AUTH=1 # default true, set to 0 to serve media from a public bucket without signed urls +# S3_QUERYSTRING_EXPIRE=3600 # number of seconds querystring are valid for +# S3_ENDPOINT_URL= # when using a custom endpoint like minio +# S3_CUSTOM_DOMAIN= # when using a CDN/proxy to S3 (see https://github.com/TandoorRecipes/recipes/issues/1943) + +# Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host +# Required for email confirmation and password reset (automatically activates if host is set) +# EMAIL_HOST= +# EMAIL_PORT= +# EMAIL_HOST_USER= +# EMAIL_HOST_PASSWORD= +# EMAIL_USE_TLS=0 +# EMAIL_USE_SSL=0 +# email sender address (default 'webmaster@localhost') +# DEFAULT_FROM_EMAIL= +# prefix used for account related emails (default "[Tandoor Recipes] ") +# ACCOUNT_EMAIL_SUBJECT_PREFIX= + +# allow authentication via the REMOTE-USER header (can be used for e.g. authelia). +# ATTENTION: Leave off if you don't know what you are doing! Enabling this without proper configuration will enable anybody +# to login with any username! +# See docs for additional information: https://docs.tandoor.dev/features/authentication/#reverse-proxy-authentication +# when unset: 0 (false) +REMOTE_USER_AUTH=0 + +# Default settings for spaces, apply per space and can be changed in the admin view +# SPACE_DEFAULT_MAX_RECIPES=0 # 0=unlimited recipes +# SPACE_DEFAULT_MAX_USERS=0 # 0=unlimited users per space +# SPACE_DEFAULT_MAX_FILES=0 # Maximum file storage for space in MB. 0 for unlimited, -1 to disable file upload. +# SPACE_DEFAULT_ALLOW_SHARING=1 # Allow users to share recipes with public links + +# allow people to create local accounts on your application instance (without an invite link) +# social accounts will always be able to sign up +# when unset: 0 (false) +# ENABLE_SIGNUP=0 + +# If signup is enabled you might want to add a captcha to it to prevent spam +# HCAPTCHA_SITEKEY= +# HCAPTCHA_SECRET= + +# if signup is enabled you might want to provide urls to data protection policies or terms and conditions +# TERMS_URL= +# PRIVACY_URL= +# IMPRINT_URL= + +# enable serving of prometheus metrics under the /metrics path +# ATTENTION: view is not secured (as per the prometheus default way) so make sure to secure it +# trough your web server (or leave it open of you dont care if the stats are exposed) +# ENABLE_METRICS=0 + +# allows you to setup OAuth providers +# see docs for more information https://docs.tandoor.dev/features/authentication/ +# SOCIAL_PROVIDERS = allauth.socialaccount.providers.github, allauth.socialaccount.providers.nextcloud, + +# Should a newly created user from a social provider get assigned to the default space and given permission by default ? +# ATTENTION: This feature might be deprecated in favor of a space join and public viewing system in the future +# default 0 (false), when 1 (true) users will be assigned space and group +# SOCIAL_DEFAULT_ACCESS = 1 + +# if SOCIAL_DEFAULT_ACCESS is used, which group should be added +# SOCIAL_DEFAULT_GROUP=guest + +# Django session cookie settings. Can be changed to allow a single django application to authenticate several applications +# when running under the same database +# SESSION_COOKIE_DOMAIN=.example.com +# SESSION_COOKIE_NAME=sessionid # use this only to not interfere with non unified django applications under the same top level domain + +# by default SORT_TREE_BY_NAME is disabled this will store all Keywords and Food in the order they are created +# enabling this setting makes saving new keywords and foods very slow, which doesn't matter in most usecases. +# however, when doing large imports of recipes that will create new objects, can increase total run time by 10-15x +# Keywords and Food can be manually sorted by name in Admin +# This value can also be temporarily changed in Admin, it will revert the next time the application is started +# This will be fixed/changed in the future by changing the implementation or finding a better workaround for sorting +# SORT_TREE_BY_NAME=0 +# LDAP authentication +# default 0 (false), when 1 (true) list of allowed users will be fetched from LDAP server +#LDAP_AUTH= +#AUTH_LDAP_SERVER_URI= +#AUTH_LDAP_BIND_DN= +#AUTH_LDAP_BIND_PASSWORD= +#AUTH_LDAP_USER_SEARCH_BASE_DN= +#AUTH_LDAP_TLS_CACERTFILE= +#AUTH_LDAP_START_TLS= + +# Enables exporting PDF (see export docs) +# Disabled by default, uncomment to enable +# ENABLE_PDF_EXPORT=1 + +# Recipe exports are cached for a certain time by default, adjust time if needed +# EXPORT_FILE_CACHE_DURATION=600 + +# if you want to do many requests to the FDC API you need to get a (free) API key. Demo key is limited to 30 requests / hour or 50 requests / day +#FDC_API_KEY=DEMO_KEY + +# API throttle limits +# you may use X per second, minute, hour or day +# DRF_THROTTLE_RECIPE_URL_IMPORT=60/hour \ No newline at end of file diff --git a/tandoor/.gitignore b/tandoor/.gitignore new file mode 100644 index 0000000..d6049ae --- /dev/null +++ b/tandoor/.gitignore @@ -0,0 +1,8 @@ +.env +backup.env +/backup +!/backup/.gitkeep +/database +!/database/.gitkeep +/mediafiles +!/mediafiles/.gitkeep diff --git a/tandoor/README.md b/tandoor/README.md new file mode 100644 index 0000000..7c325a2 --- /dev/null +++ b/tandoor/README.md @@ -0,0 +1,39 @@ +# Tandoor + +Tandoor is a recipe manager that allows you to manage your ever growing collection of digital recipes. + +## Installation + +Enable Tandoor by setting `COMPOSE_PROFILES=tandoor`. It will be accessible at `/recipes`. + +Copy the example environment file and edit as needed before running Tandoor: `cp tandoor/env.example tandoor/.env`. + +## Backup + +Tandoor's database and media files can be backed up in the cloud storage product of your choice with [Rclone](https://rclone.org/). + +Before a backup can be made, `rclone config` must be run to generate the configuration file: + +```shell +docker compose run --rm -it tandoor-backup rclone config +``` + +It will generate a `rclone.conf` configuration file in ./tandoor/rclone/rclone.conf. + +Copy the backup environment file to `backup.env` and fill it as needed: +`cp backup.env.exmple backup.env` + +| Variable | Description | Default | +|----------------------|---------------------------------------------------------------------|---------------------------| +| `RCLONE_REMOTE_NAME` | Name of the remote you chose during rclone config | | +| `RCLONE_REMOTE_DIR` | Name of the rclone remote dir, eg: S3 bucket name, folder name, etc | | +| `CRON` | How often to run the backup | `@daily` backup every day | +| `TIMEZONE` | Timezone, used for cron times | `America/New_York` | +| `ZIP_PASSWORD` | Password to protect the backup archive with | `123456` | +| `BACKUP_KEEP_DAYS` | How long to keep the backup in the destination | `31` days | + +You can test your backup manually with: + +```shell +docker compose run --rm -it tandoor-backup backup +``` diff --git a/tandoor/backup.env.example b/tandoor/backup.env.example new file mode 100644 index 0000000..d32fc9d --- /dev/null +++ b/tandoor/backup.env.example @@ -0,0 +1,6 @@ +RCLONE_REMOTE_NAME= +RCLONE_REMOTE_DIR= +CRON=@daily +TIMEZONE=America/New_York +ZIP_PASSWORD=123456 +BACKUP_KEEP_DAYS=31 diff --git a/tandoor/backup/.gitkeep b/tandoor/backup/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tandoor/database/.gitkeep b/tandoor/database/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tandoor/docker-compose.yml b/tandoor/docker-compose.yml new file mode 100644 index 0000000..97fee6a --- /dev/null +++ b/tandoor/docker-compose.yml @@ -0,0 +1,71 @@ +version: '3.9' + +services: + tandoor: + image: vabene1111/recipes:latest + container_name: tandoor + restart: always + env_file: + - ./tandoor/.env + volumes: + - ./tandoor/database:/opt/recipes/database + - ./tandoor/mediafiles:/opt/recipes/mediafiles + - tandoor-staticfiles:/opt/recipes/staticfiles + healthcheck: + test: ["CMD", "wget", "http://127.0.0.1:8080/recipes", "-qO", "/dev/null"] + interval: 5s + retries: 10 + profiles: + - tandoor + + tandoor-nginx: + image: nginx:mainline-alpine + container_name: tandoor-nginx + restart: always + env_file: + - ./tandoor/.env + volumes: + - ./tandoor/nginx:/etc/nginx/conf.d:ro + - ./tandoor/mediafiles:/media:ro + - tandoor-staticfiles:/static:ro + healthcheck: + test: ["CMD", "wget", "http://127.0.0.1/recipes", "-qO", "/dev/null"] + interval: 5s + retries: 10 + depends_on: + - tandoor + labels: + - traefik.enable=true + - traefik.http.routers.tandoor.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/recipes`)) + - traefik.http.routers.tandoor.tls=true + - traefik.http.routers.tandoor.tls.certresolver=myresolver + - traefik.http.services.tandoor.loadbalancer.server.port=80 + - homepage.group=Apps + - homepage.name=Tandoor + - homepage.icon=tandoor.png + - homepage.href=/recipes + - homepage.description=Smart recipe management + - homepage.weight=1 + profiles: + - tandoor + + tandoor-backup: + image: adrienpoupa/rclone-backup:latest + container_name: tandoor-backup + restart: always + env_file: + - ./tandoor/backup.env + environment: + - BACKUP_FOLDER_NAME=mediafiles + - BACKUP_FOLDER_PATH=/data/mediafiles + - DB_TYPE=sqlite + - SQLITE_DATABASE=/database/recipes.db + volumes: + - ./tandoor/database:/database + - ./tandoor/mediafiles:/data/mediafiles + - ./tandoor/backup:/config + profiles: + - tandoor + +volumes: + tandoor-staticfiles: diff --git a/tandoor/mediafiles/.gitkeep b/tandoor/mediafiles/.gitkeep new file mode 100755 index 0000000..e69de29 diff --git a/tandoor/nginx/errorpages/http502.html b/tandoor/nginx/errorpages/http502.html new file mode 100644 index 0000000..d5fa4e2 --- /dev/null +++ b/tandoor/nginx/errorpages/http502.html @@ -0,0 +1,20 @@ + + + + + + 502 - Webservice currently unavailable + + + +

Tandoor Recipes is not yet available 502

+

+ Services are still trying to start.
+ Please allow up to 3 minutes after you started the application on your server.

+ If this status persists, check the application or docker logs for further information.
+ After checking and trying everything mentioned in the docs, you can request help on the project's GitHub page. +

+
+ + + \ No newline at end of file diff --git a/tandoor/nginx/recipes.conf b/tandoor/nginx/recipes.conf new file mode 100644 index 0000000..542a41d --- /dev/null +++ b/tandoor/nginx/recipes.conf @@ -0,0 +1,29 @@ +server { + listen 80; + server_name localhost; + + client_max_body_size 128M; + + # serve media files + location /recipes/media/ { + alias /media/; + } + location /recipes/static/ { + alias /static/; + } + # pass requests for dynamic content to gunicorn + location / { + proxy_set_header Host $http_host; + proxy_pass http://tandoor:8080; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Script-Name /recipes; + proxy_cookie_path / /recipes; + + error_page 502 /errors/http502.html; + } + + location /recipes/errors/ { + alias /etc/nginx/conf.d/errorpages/; + internal; + } +} \ No newline at end of file