From 4ff0b7fbfcf6a68f0bb2363907b6c1f6347ef407 Mon Sep 17 00:00:00 2001 From: birjolaxew Date: Fri, 30 Oct 2020 05:30:23 +0100 Subject: [PATCH 1/6] Change Plausible to not bind to port 80 by default This is done in preparation for adding reverse-proxy configurations Unfortunately a later docker-compose file cannot *remove* a port binding, so it has to be removed in the root file. If there is interest, the 80:8000 binding can be re-added in a new docker-compose overwrite file. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5dadb81..e7b2367 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,7 +28,7 @@ services: - plausible_events_db - mail ports: - - 80:8000 + - 8000:8000 env_file: - plausible-conf.env From 2e9dd1560eca06b5527ded92f62b712b023fc7e0 Mon Sep 17 00:00:00 2001 From: birjolaxew Date: Fri, 30 Oct 2020 05:32:47 +0100 Subject: [PATCH 2/6] Add docker-compose file for simple reverse proxy Based on caddy-gen This will start a reverse proxy on port 80 and 443, which proxies to the plausible container. Note that it will clash with any existing reverse proxies on the host machine --- reverse-proxy/README.md | 9 +++++++ reverse-proxy/docker-compose.caddy-gen.yml | 28 ++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 reverse-proxy/README.md create mode 100644 reverse-proxy/docker-compose.caddy-gen.yml diff --git a/reverse-proxy/README.md b/reverse-proxy/README.md new file mode 100644 index 0000000..b37ae18 --- /dev/null +++ b/reverse-proxy/README.md @@ -0,0 +1,9 @@ +This directory contains pre-made configurations for various reverse proxies. Which flavor you should choose depends on your setup. + +## No existing reverse proxy + +If you aren't running an existing reverse proxy, then you can use the [`caddy-gen`](https://github.com/wemake-services/caddy-gen) based docker-compose file. Update it to include the domain name you use for your server, then combine it with the existing docker-compose files: + +```shell +$ docker-compose -f docker-compose.yml -f reverse-proxy/docker-compose.caddy-gen.yml up +``` diff --git a/reverse-proxy/docker-compose.caddy-gen.yml b/reverse-proxy/docker-compose.caddy-gen.yml new file mode 100644 index 0000000..1d23502 --- /dev/null +++ b/reverse-proxy/docker-compose.caddy-gen.yml @@ -0,0 +1,28 @@ +version: "3.3" +services: + caddy-gen: + container_name: caddy-gen + image: "wemakeservices/caddy-gen:latest" + restart: always + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - caddy-certificates:/data/caddy + ports: + - "80:80" + - "443:443" + depends_on: + - plausible + + plausible: + ports: + - 8000:8000 + labels: + virtual.host: "example.com" # change to your domain name + virtual.alias: "www.example.com" # change to any aliases you use (or remove) + virtual.port: "8000" + virtual.tls-email: "admin@example.com" # change to your email + +volumes: + caddy-certificates: + driver: local + \ No newline at end of file From f055f1d0aa5f595cf44822a0653c470913dcc97a Mon Sep 17 00:00:00 2001 From: birjolaxew Date: Fri, 30 Oct 2020 05:43:45 +0100 Subject: [PATCH 3/6] Add reverse-proxy configuration for existing NGINX installation --- reverse-proxy/README.md | 16 ++++++++++++++++ reverse-proxy/nginx/plausible | 9 +++++++++ 2 files changed, 25 insertions(+) create mode 100644 reverse-proxy/nginx/plausible diff --git a/reverse-proxy/README.md b/reverse-proxy/README.md index b37ae18..868b2fe 100644 --- a/reverse-proxy/README.md +++ b/reverse-proxy/README.md @@ -7,3 +7,19 @@ If you aren't running an existing reverse proxy, then you can use the [`caddy-ge ```shell $ docker-compose -f docker-compose.yml -f reverse-proxy/docker-compose.caddy-gen.yml up ``` + +## Existing reverse proxy + +If you are already running a reverse proxy, then the above will not work as it will clash with the existing port bindings. You should instead use one of the available configuration files: + +### NGINX + +If you already have NGINX running as a system service, use the configuration file in the `nginx` directory. + +Edit the file `reverse-proxy/nginx/plausible` to contain the domain name you use for your server, then copy it into NGINX's configuration folder. Enable it by creating a symlink in NGINX's enabled sites folder. Finally use Certbot to create a TLS certificate for your site. + +```shell +$ sudo cp reverse-proxy/nginx/plausible /etc/nginx/sites-available +$ sudo ln -s /etc/nginx/sites-available/plausible /etc/nginx/sites-enabled/plausible +$ sudo certbot --nginx +``` diff --git a/reverse-proxy/nginx/plausible b/reverse-proxy/nginx/plausible new file mode 100644 index 0000000..ba83b27 --- /dev/null +++ b/reverse-proxy/nginx/plausible @@ -0,0 +1,9 @@ +server { + # replace example.com with your domain name + server_name example.com; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} From ffccee3219bac967f1151da5bfd87affb8e1a27b Mon Sep 17 00:00:00 2001 From: birjolaxew Date: Fri, 30 Oct 2020 05:59:21 +0100 Subject: [PATCH 4/6] Add reverse-proxy configuration for existing Traefik installation Largely based on the work of @MoryCorp in #10 --- reverse-proxy/README.md | 12 +++++++++++- reverse-proxy/traefik/docker-compose.traefik.yml | 8 ++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 reverse-proxy/traefik/docker-compose.traefik.yml diff --git a/reverse-proxy/README.md b/reverse-proxy/README.md index 868b2fe..6a29eb3 100644 --- a/reverse-proxy/README.md +++ b/reverse-proxy/README.md @@ -16,10 +16,20 @@ If you are already running a reverse proxy, then the above will not work as it w If you already have NGINX running as a system service, use the configuration file in the `nginx` directory. -Edit the file `reverse-proxy/nginx/plausible` to contain the domain name you use for your server, then copy it into NGINX's configuration folder. Enable it by creating a symlink in NGINX's enabled sites folder. Finally use Certbot to create a TLS certificate for your site. +Edit the file `reverse-proxy/nginx/plausible` to contain the domain name you use for your server, then copy it into NGINX's configuration folder. Enable it by creating a symlink in NGINX's enabled sites folder. Finally use Certbot to create a TLS certificate for your site: ```shell $ sudo cp reverse-proxy/nginx/plausible /etc/nginx/sites-available $ sudo ln -s /etc/nginx/sites-available/plausible /etc/nginx/sites-enabled/plausible $ sudo certbot --nginx ``` + +### Traefik 2 + +If you already have a Traefik container running on Docker, use the docker-compose file in the `traefik` directory. Note that it assumes that your Traefik container is set up to support certificate generation. + +Edit the file `reverse-proxy/traefik/docker-compose.traefik.yml` to contain the domain name you use for your server, then combine it with the existing docker-compose files: + +```shell +$ docker-compose -f docker-compose.yml -f reverse-proxy/traefik/docker-compose.traefik.yml up +``` diff --git a/reverse-proxy/traefik/docker-compose.traefik.yml b/reverse-proxy/traefik/docker-compose.traefik.yml new file mode 100644 index 0000000..6186e4d --- /dev/null +++ b/reverse-proxy/traefik/docker-compose.traefik.yml @@ -0,0 +1,8 @@ +version: "3.3" +services: + plausible: + labels: + traefik.enable: "true" + traefik.http.routers.plausible.rule: "Host(`example.com`)" # change to your domain name + traefik.http.routers.plausible.entrypoints: "websecure" + traefik.http.services.plausible.loadbalancer.server.port: "8000" From 8a88026ca8c24dad2de48a15240acbb8b22b00b3 Mon Sep 17 00:00:00 2001 From: birjolaxew Date: Fri, 30 Oct 2020 06:00:35 +0100 Subject: [PATCH 5/6] Remove redundant port configuration in caddy-gen file --- reverse-proxy/docker-compose.caddy-gen.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/reverse-proxy/docker-compose.caddy-gen.yml b/reverse-proxy/docker-compose.caddy-gen.yml index 1d23502..7238728 100644 --- a/reverse-proxy/docker-compose.caddy-gen.yml +++ b/reverse-proxy/docker-compose.caddy-gen.yml @@ -14,8 +14,6 @@ services: - plausible plausible: - ports: - - 8000:8000 labels: virtual.host: "example.com" # change to your domain name virtual.alias: "www.example.com" # change to any aliases you use (or remove) @@ -25,4 +23,3 @@ services: volumes: caddy-certificates: driver: local - \ No newline at end of file From 2a691320b6a4fc51960a2617fb956539c57638ff Mon Sep 17 00:00:00 2001 From: birjolaxew Date: Fri, 30 Oct 2020 06:12:26 +0100 Subject: [PATCH 6/6] Remove domain alias configuration from caddy-gen file Domain aliases aren't applicable to our use case, so no need to leave it in --- reverse-proxy/docker-compose.caddy-gen.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/reverse-proxy/docker-compose.caddy-gen.yml b/reverse-proxy/docker-compose.caddy-gen.yml index 7238728..5843df8 100644 --- a/reverse-proxy/docker-compose.caddy-gen.yml +++ b/reverse-proxy/docker-compose.caddy-gen.yml @@ -16,7 +16,6 @@ services: plausible: labels: virtual.host: "example.com" # change to your domain name - virtual.alias: "www.example.com" # change to any aliases you use (or remove) virtual.port: "8000" virtual.tls-email: "admin@example.com" # change to your email