dockerized-kdbx/docker-compose.yaml at master · daveschafer/dockerized-kdbx · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
version: '3.8'
services:
  #this is the nginx KDBX Container / auto-updated on 1.21 branch
  nginx:
    image: nginx:1.21
    container_name: DK-nginx
    ports:
      - '80:80'
      - '443:443'
    networks:
      - DK-network
    restart: unless-stopped
    volumes:
      - ./data/nginx/static:/static
      - ./data/database:/data/www # alternatively: ./data/database/secrets.kdbx:/data/www/secrets.kdbx #this is your kdbx folder
      - ./log/nginx:/var/log/nginx
      - ./env/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
      - ./env/certbot/conf:/etc/letsencrypt
      - ./env/certbot/www:/var/www/certbot
      - ./env/htpasswd/htpasswd:/etc/nginx/htpasswd
    labels:
      - 'com.centurylinklabs.watchtower.enable=true'
    command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
  #this container creates and auto updates the LE certificate if due.
  certbot:
    image: certbot/certbot
    container_name: DK-certbot
    networks:
      - DK-network
    restart: unless-stopped
    volumes:
      - ./env/certbot/conf:/etc/letsencrypt
      - ./env/certbot/www:/var/www/certbot
    labels:
      - 'com.centurylinklabs.watchtower.enable=true'
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
  #this container takes care that all labeled containers are updated frequently / auto-updated
  watchtower:
    image: containrrr/watchtower
    container_name: DK-watchtower
    networks:
      - DK-network
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command: --label-enable --cleanup --interval 3600 #check every 1 hour
    labels:
      - 'com.centurylinklabs.watchtower.enable=true'
  #this container will protect your webserver from bruteforce attacks / auto-updated
  fail2ban:
    image: crazymax/fail2ban:latest
    container_name: DK-fail2ban
    network_mode: 'host'
    cap_add:
      - NET_ADMIN
      - NET_RAW
    volumes:
      - './data/fail2ban-data:/data'
      - './log/nginx:/var/log:ro'
    labels:
      - 'com.centurylinklabs.watchtower.enable=true'
    env_file:
      - './env/fail2ban/fail2ban.env'
    restart: unless-stopped

networks:
  DK-network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.31.0/24