From ac2e41e2575aa09698b2560004a13674911d079f Mon Sep 17 00:00:00 2001 From: Raine Date: Wed, 10 Jan 2024 01:06:09 +0100 Subject: [PATCH 1/6] feat: firezone --- servers/apoc/docker-compose.d/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servers/apoc/docker-compose.d/docker-compose.yml b/servers/apoc/docker-compose.d/docker-compose.yml index ba05f0b..220765a 100644 --- a/servers/apoc/docker-compose.d/docker-compose.yml +++ b/servers/apoc/docker-compose.d/docker-compose.yml @@ -7,7 +7,7 @@ services: build: custom/nginx environment: CERTBOT_EMAIL: "webmaster@ixvd.net" - CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net" + CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net,fz.ixvd.net" volumes: - /srv/certbot/data:/etc/letsencrypt - /srv/certbot/other/www:/var/www/certbot From 9dbfdeeb7add6249b79e3f9db21671b20bae3ebd Mon Sep 17 00:00:00 2001 From: Raine Date: Wed, 10 Jan 2024 01:06:29 +0100 Subject: [PATCH 2/6] feat: firezone yml --- .../custom/nginx/conf.d/firezone.conf | 13 ++++ .../docker-compose.firezone.yml | 66 +++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf create mode 100644 servers/apoc/docker-compose.d/docker-compose.firezone.yml diff --git a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf new file mode 100644 index 0000000..6f70dc2 --- /dev/null +++ b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf @@ -0,0 +1,13 @@ +server { + listen 80; + server_name fz.ixvd.net; + + location / { + proxy_pass http://firezone:13000; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} diff --git a/servers/apoc/docker-compose.d/docker-compose.firezone.yml b/servers/apoc/docker-compose.d/docker-compose.firezone.yml new file mode 100644 index 0000000..ee08656 --- /dev/null +++ b/servers/apoc/docker-compose.d/docker-compose.firezone.yml @@ -0,0 +1,66 @@ +version: '2.2' +# Example compose file for production deployment on Linux. +# +# Note: This file is meant to serve as a template. Please modify it +# according to your needs. Read more about Docker Compose: +# +# https://docs.docker.com/compose/compose-file/ +# +# +x-deploy: &default-deploy + restart_policy: + condition: unless-stopped + delay: 5s + window: 120s + update_config: + order: start-first + +services: + firezone: + image: firezone/firezone:${VERSION:-latest} + ports: + - 51820:51820/udp + environment: + EXTERNAL_URL: "https://fz.ixvd.net/" + DATABASE_HOST: "fz-postgres" + DATABASE_USER: "firezone" + DATABASE_PASSWORD: "firezone" + env_file: + - /etc/ixvd/secrets/env/firezone.env + volumes: + - /srv/firezone/config:/var/firezone + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv4.ip_forward=1 + - net.ipv6.conf.all.forwarding=1 + depends_on: + - postgres + networks: + proxy: + fz-internal: + ipv4_address: 172.25.0.10 + ipv6_address: fcff:3990:3990::99 + + fz-postgres: + image: postgres:15 + volumes: + - /srv/firezone/data:/var/lib/postgresql/data + environment: + POSTGRES_DB: firezone + POSTGRES_USER: firezone + POSTGRES_PASSWORD: firezone + networks: + - fz-internal + +networks: + fz-internal: + enable_ipv6: true + driver: bridge + ipam: + config: + - subnet: 172.19.0.0/16 + - subnet: fcff:3990:3990::/64 + gateway: fcff:3990:3990::1 From 62037c24959a1f235878fbda1584fa0f6c96749d Mon Sep 17 00:00:00 2001 From: Raine Date: Wed, 10 Jan 2024 01:10:32 +0100 Subject: [PATCH 3/6] fix: firezone network --- servers/apoc/docker-compose.d/docker-compose.firezone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/servers/apoc/docker-compose.d/docker-compose.firezone.yml b/servers/apoc/docker-compose.d/docker-compose.firezone.yml index ee08656..a673ed5 100644 --- a/servers/apoc/docker-compose.d/docker-compose.firezone.yml +++ b/servers/apoc/docker-compose.d/docker-compose.firezone.yml @@ -41,7 +41,7 @@ services: networks: proxy: fz-internal: - ipv4_address: 172.25.0.10 + ipv4_address: 172.90.0.10 ipv6_address: fcff:3990:3990::99 fz-postgres: @@ -61,6 +61,6 @@ networks: driver: bridge ipam: config: - - subnet: 172.19.0.0/16 + - subnet: 172.90.0.0/16 - subnet: fcff:3990:3990::/64 gateway: fcff:3990:3990::1 From 890b90a7c2ab84cb057cefe0d6394c73fe02deef Mon Sep 17 00:00:00 2001 From: Raine Date: Wed, 10 Jan 2024 01:20:54 +0100 Subject: [PATCH 4/6] fix: firezone websocket --- .../apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf index 6f70dc2..cca6512 100644 --- a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf +++ b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf @@ -3,7 +3,13 @@ server { server_name fz.ixvd.net; location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $host; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade proxy_pass http://firezone:13000; + client_max_body_size 0; } error_page 500 502 503 504 /50x.html; From 23813ac048be259fed7fa1793996a4261d89da2e Mon Sep 17 00:00:00 2001 From: Raine Date: Wed, 10 Jan 2024 01:22:35 +0100 Subject: [PATCH 5/6] fix: forgot ; --- servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf index cca6512..3d4cb05 100644 --- a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf +++ b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf @@ -7,7 +7,7 @@ server { proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host; proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade + proxy_set_header Upgrade $http_upgrade; proxy_pass http://firezone:13000; client_max_body_size 0; } From b5cec5cf4c75bfeb612d23b79486c6c92031c27a Mon Sep 17 00:00:00 2001 From: Raine Date: Wed, 10 Jan 2024 01:24:38 +0100 Subject: [PATCH 6/6] fix: firezone websocket --- .../custom/nginx/conf.d/firezone.conf | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf index 3d4cb05..ceaa04f 100644 --- a/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf +++ b/servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf @@ -2,12 +2,20 @@ server { listen 80; server_name fz.ixvd.net; + location /live/websocket { + proxy_pass http://firezone:13000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; + } + location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade; proxy_pass http://firezone:13000; client_max_body_size 0; }