From 55d252b421fb7bcaf7c422a1512cbea66a45f65f Mon Sep 17 00:00:00 2001 From: moeny-matt Date: Tue, 1 Apr 2025 17:25:48 -0400 Subject: [PATCH] Add docker with traefik for dnschallenge certs --- .gitignore | 3 +- Dockerfile | 2 + README.md | 6 ++- deploy.env | 5 ++ docker-compose.yaml | 53 ++++++++++++++++++++++ index.html => html/index.html | 0 {logo => html/logo}/logo-moeny-square.png | Bin {logo => html/logo}/logo_moeny-v1.ai | 0 {logo => html/logo}/logo_moeny-v1.png | Bin {logo => html/logo}/logo_moeny-v1.svg | 0 {logo => html/logo}/moeny-bag.ico | Bin {logo => html/logo}/moeny-bag.png | Bin {logo => html/logo}/moeny-bag.webp | Bin {logo => html/logo}/moeny_ai_qr.png | Bin 14 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 Dockerfile create mode 100644 deploy.env create mode 100644 docker-compose.yaml rename index.html => html/index.html (100%) rename {logo => html/logo}/logo-moeny-square.png (100%) rename {logo => html/logo}/logo_moeny-v1.ai (100%) rename {logo => html/logo}/logo_moeny-v1.png (100%) rename {logo => html/logo}/logo_moeny-v1.svg (100%) rename {logo => html/logo}/moeny-bag.ico (100%) rename {logo => html/logo}/moeny-bag.png (100%) rename {logo => html/logo}/moeny-bag.webp (100%) rename {logo => html/logo}/moeny_ai_qr.png (100%) diff --git a/.gitignore b/.gitignore index 496ee2c..a7dfb30 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -.DS_Store \ No newline at end of file +.DS_Store +.env \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..93931ff --- /dev/null +++ b/Dockerfile @@ -0,0 +1,2 @@ +FROM nginx +COPY html /usr/share/nginx/html \ No newline at end of file diff --git a/README.md b/README.md index 08ce5ef..9ed5cf7 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,8 @@ This is the repository for the *[moeny.ai](https://moeny.ai)* website, showcasing New York’s network of AI experts and our journey toward building lean, impactful AI solutions. -Looking to connect more? Join our [RocketChat](https://rocketchat.moeny.ai). \ No newline at end of file +Looking to connect more? Join our [RocketChat](https://rocketchat.moeny.ai). + +## Docker Compose + +The docker setup uses [traefik](https://hub.docker.com/_/traefik) to handle Let's Encrypt certificates, using a [DNS challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge). In order for this setup to work, your DNS server must be configured with a TSIG key for dynamic updates. See our [bind9](https://gitea.moeny.ai/moeny/bind9) repo for more info. \ No newline at end of file diff --git a/deploy.env b/deploy.env new file mode 100644 index 0000000..9989d25 --- /dev/null +++ b/deploy.env @@ -0,0 +1,5 @@ +# DNS TSIG Configuration +TSIG_KEY=your-tsig-key-name +TSIG_SECRET=your-tsig-secret +DNS_SERVER=your-dns-server +DNS_ZONE=your-dns-zone \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..b9d47e6 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,53 @@ +services: + traefik: + image: traefik:v2.10 + restart: always + networks: + - website_default + command: + - --api.insecure=false + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --entrypoints.web.address=:80 + - --entrypoints.web.http.redirections.entryPoint.to=https + - --entrypoints.web.http.redirections.entryPoint.scheme=https + - --entrypoints.https.address=:443 + - --certificatesresolvers.le_moeny_website.acme.dnschallenge=true + - --certificatesresolvers.le_moeny_website.acme.dnschallenge.provider=rfc2136 + - --certificatesresolvers.le_moeny_website.acme.dnschallenge.resolvers=8.8.8.8,8.8.4.4 + - --certificatesresolvers.le_moeny_website.acme.email=webmaster@moeny.ai + - --certificatesresolvers.le_moeny_website.acme.storage=/letsencrypt/acme.json + - --log.level=DEBUG + environment: + - RFC2136_TSIG_KEY=${TSIG_KEY} + - RFC2136_TSIG_SECRET=${TSIG_SECRET} + - RFC2136_NAMESERVER=${DNS_SERVER} + - RFC2136_ZONE=${DNS_ZONE} + - RFC2136_TSIG_ALGORITHM=hmac-sha256 + - RFC2136_DEBUG=true + - RFC2136_TIMEOUT=60 + ports: + - "80:80" + - "443:443" + volumes: + - traefik_moeny_website:/letsencrypt:rw + - /var/run/docker.sock:/var/run/docker.sock:ro + + moeny: + build: . + restart: always + networks: + - website_default + labels: + - "traefik.enable=true" + - "traefik.http.routers.moeny_website.rule=Host(`moeny.ai`)" + - "traefik.http.routers.moeny_website.entrypoints=https" + - "traefik.http.routers.moeny_website.tls.certresolver=le_moeny_website" + - "traefik.http.services.moeny_website.loadbalancer.server.port=80" + +volumes: + traefik_moeny_website: { driver: local } + +networks: + website_default: + name: website_default \ No newline at end of file diff --git a/index.html b/html/index.html similarity index 100% rename from index.html rename to html/index.html diff --git a/logo/logo-moeny-square.png b/html/logo/logo-moeny-square.png similarity index 100% rename from logo/logo-moeny-square.png rename to html/logo/logo-moeny-square.png diff --git a/logo/logo_moeny-v1.ai b/html/logo/logo_moeny-v1.ai similarity index 100% rename from logo/logo_moeny-v1.ai rename to html/logo/logo_moeny-v1.ai diff --git a/logo/logo_moeny-v1.png b/html/logo/logo_moeny-v1.png similarity index 100% rename from logo/logo_moeny-v1.png rename to html/logo/logo_moeny-v1.png diff --git a/logo/logo_moeny-v1.svg b/html/logo/logo_moeny-v1.svg similarity index 100% rename from logo/logo_moeny-v1.svg rename to html/logo/logo_moeny-v1.svg diff --git a/logo/moeny-bag.ico b/html/logo/moeny-bag.ico similarity index 100% rename from logo/moeny-bag.ico rename to html/logo/moeny-bag.ico diff --git a/logo/moeny-bag.png b/html/logo/moeny-bag.png similarity index 100% rename from logo/moeny-bag.png rename to html/logo/moeny-bag.png diff --git a/logo/moeny-bag.webp b/html/logo/moeny-bag.webp similarity index 100% rename from logo/moeny-bag.webp rename to html/logo/moeny-bag.webp diff --git a/logo/moeny_ai_qr.png b/html/logo/moeny_ai_qr.png similarity index 100% rename from logo/moeny_ai_qr.png rename to html/logo/moeny_ai_qr.png