Update gitea/docker-compose.yml

Move to 2..11.2 - don't use 'latest'

caddy/Caddyfile-latest

@@ -0,0 +1,248 @@
+# Caddyfile on production cluster
+{
+  # Global options, omly one such block at the head of the file
+  servers {
+    trusted_proxies static 192.168.1.0/24 2a00:23c6::/32
+          }
+  # make admin available to all trusted nodes on the network
+  admin :2019
+  metrics
+}
+#
+
+#
+# For Authelis
+#
+(trusted_proxy_list) {
+       trusted_proxies 192.168.1.0/24 2a00:23c6::/32
+}
+
+(secure_site) {
+       forward_auth {args[0]} 192.168.1.1:9091 {
+                uri /api/verify?rd=https://auth.johnsnexus.click
+                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+                import trusted_proxy_list
+                header_up Host {upstream_hostport}
+       }
+}
+#
+# it appears you need this to allow prometheus on a remote node to scrape the metrics
+:2019 {
+  handle {
+    metrics
+  }
+}
+#
+# Snippet for basic authorisation
+#
+(basic-auth) {
+    basic_auth {
+      john.anderson $2a$10$T.yetVs9CmektYsaU8RqYu37fVaFAsPDLf90lsDDfxLkaC.zWH3Oi
+      mary.anderson $2a$10$UOuB5DpDcKRho0rRPDCmCeFlDSx/f6Bkwqpw8CEeQCbAGA0yULcny
+      frazer.anderson $2a$10$UleGw5O0BB18XtSenFSawudO.qKbNVMFU772XMP4cAAUbWzRo/zr6
+      chris.anderson $2a$10$1MeL9m8M7FW/k6/DW3HB1.rkijS3qao8RraNO/tJKN8OuRTCzc3fK
+      ruth.hoyos $2a$10$9z/3SajAWhxJfu6Xs1lbEeuPpZWUzcuBI/8n5hfv5FUqt11Uxo92S
+      sarah.anderson-beecham $2a$10$.8J1FMBwGDr8XSXCMWcn2ODxSW6txLEqSBHZmA6zQs8qQCDT2KbR2
+      fiona.green $2a$10$Nid0Lg6Wauwi/5BN4N2H5u8T6XumK4EE2MBxZaKXajxUAuUXPEvGO
+      helen.crichton $2a$10$zOcnxMCr62NtNK3YTaWbRuOclI/lC1Lkn1RidTOxkgBTgruQgfg9K
+      david.rawsthorne $2a$10$OIALdPjjQT6i5exUg8GtmOGk4BD4WmanmDhF7wCVH/IbpQQSt6PAS
+      peter.rawsthorne $2a$10$asUwJpdwc4QlGc8b1A1v7ukBCIQTlzm59uRnBH6AnWiK6NAECW03S
+      marilyn.pope $2a$10$6iD1J3FVmFbY7i02gQaF0eu1fY4ufUsXiXMyc1G9YfXbYKwuamjI2
+      alan.potts $2a$10$tzbIZwIuzcdrIzJICIS1oeadwoKyr3JqL2Ec9aB8Dj.MR4Q7lMcV.
+      kate.griffin $2a$10$9R57yOgGilEPZNwCbjWHeOu/ytTv4SLbW0P/plRnI.GqHe3w3IJjO
+      craig.johnson $2a$10$LQf3tK0ZHl63LHybpDfSdu1WT9OtcLeNZTfCwniPlmuqHiNF.yOq6
+      grant.johnson $2a$10$7XZ3aoQdL/fLex48t6hgi.p9Xt3yNJNIXJKflxChprwT5O9zPy2hG
+      barbara.wright $2a$10$Mlp0Y2wPzzomL1EnTInS2u18yv7ksMY.ATURzQz4luRRe2JwBMEJS
+      janet.kennedy $2a$10$/8VCpm68CLSF2zSL5sHtR.hzwJ.h3cX3r8XHogHbz8o7KIYPDHOVW
+    }
+#    respond "Welcome, {http.auth.user.id}" 200
+}  
+#
+# Authelia from PIHOLE
+#
+auth.johnsnexus.click {
+     reverse_proxy 192.168.1.1:9091 {
+         import trusted_proxy_list
+     }
+}
+#
+# Locally hosted site
+#
+testcaddy.johnsnexus.click {
+    root * /usr/share/caddy      # compose file points to this
+    php_fastcgi 192.168.1.1:80
+    file_server
+}
+#
+# Family history web site via container on this cluster
+#
+sandancer.ddnsfree.com {
+    root * /var/www/html
+    file_server
+#    reverse_proxy 192.168.1.1:8888
+    reverse_proxy famhistweb_famhistweb
+}
+#
+# PocketID OIDC security, come here from DYNU, running on OMEGA to access token device
+#
+https://hold.johnsnexus.click {
+    reverse_proxy 192.168.1.5:1411
+}
+#
+# Test GHOST site on BETA 
+#
+ghost.johnsnexus.click {
+    root * /var/www/mymag
+    file_server
+    reverse_proxy 192.168.1.9:2368
+}
+#
+# Fanily History Web site on Production cluster system, come here via BIND9
+#
+nextfamhistweb.johnsnexus.click {
+#    import basic-auth
+#    import secure_site *
+#    root * /usr/local/apache2/htdocs
+#    file_server
+    reverse_proxy nextfamhistweb_nextfamhistweb {
+        import trusted_proxy_list
+    }
+}
+#
+# Test web site on Production Cluster, come here via BIND9
+#
+northweb.johnsnexus.click {
+#    import secure_site *
+#    import basic-auth
+    root * /usr/local/apache2/htdocs
+    file_server
+    reverse_proxy testweb_testweb
+}
+#
+# Test version of paperless-ngx on OMEGA  come here via BIND9
+#
+wastebin.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.5:8600
+}
+#
+# Version of pydio cells on NODE-16 using SAMBA volume - DYNU public address
+#
+#pydiocells.johnsnexus.click {
+#    tls tls@johnsnexus.click
+#    reverse_proxy 192.168.1.4:8888 {
+#       transport http {
+#          tls
+#          tls_insecure_skip_verify
+#       }
+#    }
+#}
+#
+# Owncloud on ELITE "cluster", via DYNU
+#
+amudanan.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.9:11000 
+}
+#
+codeamud.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.9:9980 {
+        header_up X-Forwarded-Proto {scheme}
+#    transport http {
+#        tls_insecure_skip_verify
+#        }
+    }
+}
+#
+# OWNCLOUD on DELTA come here via BIND9
+#
+mycloud.johnsnexus.click {
+    header Strict-Transport-Security max-age=15552000
+    file_server
+    reverse_proxy 192.168.1.10:8080
+}
+#
+code.johnsnexus.click {
+       file_server
+       reverse_proxy 192.168.1.10:9980 {
+       header_up X-Forwarded-Proto {scheme}
+#       transport http {
+#          tls_insecure_skip_verify
+#       }
+    }
+}
+#
+# TESTCLOUD/NEXTCLOUDAIO on ZETA come here via BIND9
+#
+testcloud.johnsnexus.click {
+    file_server
+    reverse_proxy http://192.168.1.20:11000
+}
+#
+# Vaultwarden on Production Cluster, come here via HOSTS
+#
+#warden.johnsnexus.click {
+#    reverse_proxy http://192.168.1.1:80
+#}
+#
+# SongKong on VALHALLA, come here via DYNU
+https://chord.johnsnexus.click {
+    root * /music
+    file_server
+    reverse_proxy http://192.168.1.7:4567
+}
+##
+# n8n running on DELTA, come here via DYNU
+#
+donut.johnsnexus.click {
+   reverse_proxy http://192.168.1.10:5678 {
+       flush_interval -1
+   }
+}
+#
+# CTiO magazine using Ghost on production
+#
+ctio.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.1:2368
+}
+#
+#****************************************
+#
+# Hoarder from PIHOLR
+# Needs SSL; leave as explicit address; use 3200 as gitea uses 3000
+#
+hoarder.johnsnexus.click {
+     reverse_proxy 192.168.1.9:3200 
+}
+#
+#
+# although "prod" it runs on Elite Cluster
+#
+grafana.johnsnexus.click {
+#     file_server
+     reverse_proxy 192.168.1.9:3030
+}
+#
+# new gitea on Elite cluster
+#
+mygit.johnsnexus.click {
+     reverse_proxy 192.168.1.9:3000
+}
+#
+# copy of mygit on the production cluster
+gitea.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.1:3000
+}
+#
+gotify.johnsnexus.click {
+     reverse_proxy 192.168.1.9:8111
+}
+#
+# New home assistant, running unde docker on ZETA
+https://have.johnsnexus.click {
+    file_server
+    reverse_proxy 192.168.1.16:8123
+}

caddy/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   caddy:
-    image: caddy:latest
+    image: caddy:2.11.2
     ports:
       - 80:80
       - 443:443

famhistweb/docker-compose.yml

@@ -3,9 +3,6 @@ services:
     image: httpd:latest
     container_name: apache2
     deploy:
-      placement:
-        constraints:
-          - node.labels.target != here
       replicas: 1
     restart: on-failure
     ports:

ghost/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   ghost:
-    image: ghost:6.10.2-alpine
+    image: ghost:6.22.1
     container_name: ghost
     deploy:
       placement:

gitea/docker-compose.yml

@@ -27,10 +27,6 @@ services:
   db:
     image: docker.io/library/postgres:14
     restart: on-failure
-    deploy:
-      placement:
-        constraints:
-          - node.labels.database == here
     environment:
       - POSTGRES_USER=gitea
       - POSTGRES_PASSWORD=gitea

gladys/docker-compose.yml

@@ -0,0 +1,31 @@
+version: "3"
+
+services:
+  gladys:
+    image: gladysassistant/gladys:v4
+    container_name: gladys
+    restart: always
+    privileged: true
+    network_mode: host
+    cgroup: host
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 10m
+    environment:
+      NODE_ENV: production
+      SQLITE_FILE_PATH: /var/lib/gladysassistant/gladys-production.db
+      SERVER_PORT: 80
+      TZ: Europe/London
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/gladysassistant:/var/lib/gladysassistant
+      - /dev:/dev
+      - /run/udev:/run/udev:ro
+  watchtower:
+    image: nickfedor/watchtower
+    restart: always
+    container_name: watchtower
+    command: --cleanup --include-restarting
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock

nextfamhistweb/docker-compose.yml

@@ -2,9 +2,6 @@ services:
   nextfamhistweb:
     image: httpd:latest
     deploy:
-      placement:
-        constraints:
-          - node.labels.target != here
       replicas: 1
     restart: on-failure
     ports:

nut-web/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  nut-web:
+    image: 'ghcr.io/superioone/nut_webgui:latest'
+    ports:
+      - '9090:9000'
+    environment:
+      - UPSD_ADDR=192.168.1.23
+      - UPSD_USER=upsmon
+      - UPSD_PASS=Abingdon2025
+      - POLL_FREQ=60
+      - POLL_INTERVAL=5
+      - UPSD_PORT=3493
+    restart: unless-stopped
+    container_name: nut-web
+

testweb/docker-compose.yml

@@ -4,12 +4,9 @@
 #
 services:
   testweb:
-    image: httpd:2.4.65-alpine
+    image: httpd:latest
     container_name: testweb
     deploy:
-      placement:
-        constraints:
-          - node.labels.target != here
       replicas: 1
     restart: on-failure
     ports: