fix: firezone websocket

servers/apoc/docker-compose.d/custom/nginx/conf.d/firezone.conf

@@ -0,0 +1,27 @@
+server {
+    listen 80;
+    server_name fz.ixvd.net;
+
+    location /live/websocket { 
+        proxy_pass http://firezone:13000;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+    }
+
+    location / {
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto https; 
+        proxy_set_header Host $host;
+        proxy_pass http://firezone:13000;
+        client_max_body_size 0;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+}

servers/apoc/docker-compose.d/docker-compose.firezone.yml

@@ -0,0 +1,66 @@
+version: '2.2'
+# Example compose file for production deployment on Linux.
+#
+# Note: This file is meant to serve as a template. Please modify it
+# according to your needs. Read more about Docker Compose:
+#
+# https://docs.docker.com/compose/compose-file/
+#
+#
+x-deploy: &default-deploy
+  restart_policy:
+    condition: unless-stopped
+    delay: 5s
+    window: 120s
+  update_config:
+    order: start-first
+
+services:
+  firezone:
+    image: firezone/firezone:${VERSION:-latest}
+    ports:
+      - 51820:51820/udp
+    environment:
+      EXTERNAL_URL: "https://fz.ixvd.net/"
+      DATABASE_HOST: "fz-postgres"
+      DATABASE_USER: "firezone"
+      DATABASE_PASSWORD: "firezone"
+    env_file:
+      - /etc/ixvd/secrets/env/firezone.env
+    volumes:
+      - /srv/firezone/config:/var/firezone
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv4.ip_forward=1
+      - net.ipv6.conf.all.forwarding=1
+    depends_on:
+      - postgres
+    networks:
+      proxy:
+      fz-internal:
+        ipv4_address: 172.90.0.10
+        ipv6_address: fcff:3990:3990::99
+
+  fz-postgres:
+    image: postgres:15
+    volumes:
+      - /srv/firezone/data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: firezone
+      POSTGRES_USER: firezone
+      POSTGRES_PASSWORD: firezone
+    networks:
+      - fz-internal
+
+networks:
+  fz-internal:
+    enable_ipv6: true
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.90.0.0/16
+        - subnet: fcff:3990:3990::/64
+          gateway: fcff:3990:3990::1

servers/apoc/docker-compose.d/docker-compose.yml

@@ -7,7 +7,7 @@ services:
     build: custom/nginx
     environment:
       CERTBOT_EMAIL: "webmaster@ixvd.net"
-      CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net"
+      CERTBOT_DOMAINS: "apoc.ixvd.net,mail.ixvd.net,git.ixvd.net,my.ixvd.net,ci.ixvd.net,baikal.ixvd.net,pg.ixvd.net,snipe.ixvd.net,fz.ixvd.net"
     volumes:
       - /srv/certbot/data:/etc/letsencrypt
       - /srv/certbot/other/www:/var/www/certbot