diff --git a/docker-compose.yml b/docker-compose.yml index 5dadb81..e7b2367 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,7 +28,7 @@ services: - plausible_events_db - mail ports: - - 80:8000 + - 8000:8000 env_file: - plausible-conf.env diff --git a/reverse-proxy/README.md b/reverse-proxy/README.md new file mode 100644 index 0000000..6a29eb3 --- /dev/null +++ b/reverse-proxy/README.md @@ -0,0 +1,35 @@ +This directory contains pre-made configurations for various reverse proxies. Which flavor you should choose depends on your setup. + +## No existing reverse proxy + +If you aren't running an existing reverse proxy, then you can use the [`caddy-gen`](https://github.com/wemake-services/caddy-gen) based docker-compose file. Update it to include the domain name you use for your server, then combine it with the existing docker-compose files: + +```shell +$ docker-compose -f docker-compose.yml -f reverse-proxy/docker-compose.caddy-gen.yml up +``` + +## Existing reverse proxy + +If you are already running a reverse proxy, then the above will not work as it will clash with the existing port bindings. You should instead use one of the available configuration files: + +### NGINX + +If you already have NGINX running as a system service, use the configuration file in the `nginx` directory. + +Edit the file `reverse-proxy/nginx/plausible` to contain the domain name you use for your server, then copy it into NGINX's configuration folder. Enable it by creating a symlink in NGINX's enabled sites folder. Finally use Certbot to create a TLS certificate for your site: + +```shell +$ sudo cp reverse-proxy/nginx/plausible /etc/nginx/sites-available +$ sudo ln -s /etc/nginx/sites-available/plausible /etc/nginx/sites-enabled/plausible +$ sudo certbot --nginx +``` + +### Traefik 2 + +If you already have a Traefik container running on Docker, use the docker-compose file in the `traefik` directory. Note that it assumes that your Traefik container is set up to support certificate generation. + +Edit the file `reverse-proxy/traefik/docker-compose.traefik.yml` to contain the domain name you use for your server, then combine it with the existing docker-compose files: + +```shell +$ docker-compose -f docker-compose.yml -f reverse-proxy/traefik/docker-compose.traefik.yml up +``` diff --git a/reverse-proxy/docker-compose.caddy-gen.yml b/reverse-proxy/docker-compose.caddy-gen.yml new file mode 100644 index 0000000..5843df8 --- /dev/null +++ b/reverse-proxy/docker-compose.caddy-gen.yml @@ -0,0 +1,24 @@ +version: "3.3" +services: + caddy-gen: + container_name: caddy-gen + image: "wemakeservices/caddy-gen:latest" + restart: always + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - caddy-certificates:/data/caddy + ports: + - "80:80" + - "443:443" + depends_on: + - plausible + + plausible: + labels: + virtual.host: "example.com" # change to your domain name + virtual.port: "8000" + virtual.tls-email: "admin@example.com" # change to your email + +volumes: + caddy-certificates: + driver: local diff --git a/reverse-proxy/nginx/plausible b/reverse-proxy/nginx/plausible new file mode 100644 index 0000000..ba83b27 --- /dev/null +++ b/reverse-proxy/nginx/plausible @@ -0,0 +1,9 @@ +server { + # replace example.com with your domain name + server_name example.com; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/reverse-proxy/traefik/docker-compose.traefik.yml b/reverse-proxy/traefik/docker-compose.traefik.yml new file mode 100644 index 0000000..6186e4d --- /dev/null +++ b/reverse-proxy/traefik/docker-compose.traefik.yml @@ -0,0 +1,8 @@ +version: "3.3" +services: + plausible: + labels: + traefik.enable: "true" + traefik.http.routers.plausible.rule: "Host(`example.com`)" # change to your domain name + traefik.http.routers.plausible.entrypoints: "websecure" + traefik.http.services.plausible.loadbalancer.server.port: "8000"