Initial commit

apache/docker-compose.yml

@@ -0,0 +1,42 @@
+version: '3.7'
+
+services:
+  php-httpd:
+    image: php:7.3-apache
+    ports:
+      - 9006:80
+    volumes:
+      - "./www:/var/www/html"
+    networks:
+      - asgard
+
+  mariadb:
+    image: mariadb:10.5.2
+    volumes:
+      - ./mariadb-volume:/var/lib/mysql
+    environment:
+      TZ: "Australia/Brisbane"
+      MYSQL_ALLOW_EMPTY_PASSWORD: "no"
+      MYSQL_ROOT_PASSWORD: "rootpwd"
+      MYSQL_USER: 'grampshelp'
+      MYSQL_PASSWORD: 'testpassword1!'
+      MYSQL_DATABASE: 'grampshelp'
+    networks:
+      - asgard
+
+  phpmyadmin:
+    image: phpmyadmin/phpmyadmin
+    links:
+      - 'mariadb:db'
+    ports:
+      - 9006:80
+    networks:
+      - asgard
+
+volumes:
+  mariadb-volume:
+
+networks:
+  asgard:
+    name: asgard
+    external: true

authelia/config/app npm config.txt

@@ -0,0 +1,70 @@
+location /authelia {
+    internal;
+    set $upstream_authelia http://<your-authelia-server-ip-and:port>/api/verify; #ADD YOUR IP AND PORT OF AUTHELIA
+    proxy_pass_request_body off;
+    proxy_pass $upstream_authelia;    
+    proxy_set_header Content-Length "";
+ 
+    # Timeout if the real server is dead
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+    client_body_buffer_size 128k;
+    proxy_set_header Host $host;
+    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $remote_addr; 
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Forwarded-Uri $request_uri;
+    proxy_set_header X-Forwarded-Ssl on;
+    proxy_redirect  http://  $scheme://;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    proxy_cache_bypass $cookie_session;
+    proxy_no_cache $cookie_session;
+    proxy_buffers 4 32k;
+ 
+    send_timeout 5m;
+    proxy_read_timeout 240;
+    proxy_send_timeout 240;
+    proxy_connect_timeout 240;
+}
+ 
+    location / {
+        set $upstream_tree http://150.107.72.154:9010;  #ADD IP AND PORT OF SERVICE
+        proxy_pass $upstream_tree;  #change name of the service
+ 
+        auth_request /authelia;
+        auth_request_set $target_url $scheme://$http_host$request_uri;
+        auth_request_set $user $upstream_http_remote_user;
+        auth_request_set $groups $upstream_http_remote_groups;
+        proxy_set_header Remote-User $user;
+        proxy_set_header Remote-Groups $groups;
+        error_page 401 =302 https://auth.ourfamily.group/?rd=$target_url;
+ 
+        client_body_buffer_size 128k;
+ 
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+ 
+        send_timeout 5m;
+        proxy_read_timeout 360;
+        proxy_send_timeout 360;
+        proxy_connect_timeout 360;
+ 
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Uri $request_uri;
+        proxy_set_header X-Forwarded-Ssl on;
+        proxy_redirect  http://  $scheme://;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_cache_bypass $cookie_session;
+        proxy_no_cache $cookie_session;
+        proxy_buffers 64 256k;
+ 
+        set_real_ip_from 172.19.0.0/16;
+        real_ip_header X-Forwarded-For;
+        real_ip_recursive on;
+    }

authelia/config/auth npm config.txt

@@ -0,0 +1,30 @@
+location /authelia {
+    internal;
+    set $upstream_authelia http://150.107.72.154:9091/api/verify; #ADD YOUR IP AND PORT OF AUTHELIA
+    proxy_pass_request_body off;
+    proxy_pass $upstream_authelia;    
+    proxy_set_header Content-Length "";
+ 
+    # Timeout if the real server is dead
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+    client_body_buffer_size 128k;
+    proxy_set_header Host $host;
+    proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $remote_addr; 
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Forwarded-Uri $request_uri;
+    proxy_set_header X-Forwarded-Ssl on;
+    proxy_redirect  http://  $scheme://;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+    proxy_cache_bypass $cookie_session;
+    proxy_no_cache $cookie_session;
+    proxy_buffers 4 32k;
+ 
+    send_timeout 5m;
+    proxy_read_timeout 240;
+    proxy_send_timeout 240;
+    proxy_connect_timeout 240;
+}

authelia/config/configuration.yml

@@ -0,0 +1,97 @@
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+server:
+  host: 0.0.0.0
+  port: 9091
+
+jwt_secret: a-super-long-strong-string-of-letters-numbers-characters
+log:
+  level: debug
+
+default_redirection_url: https://auth.ourfamily.group
+totp:
+  issuer: ourfamily.group
+  period: 30
+  skew: 1
+
+#duo_api:     ## You can use this api if you want push notifications of auth attempts
+#  hostname: api-123456789.example.com
+#  integration_key: ABCDEF
+#  secret_key: yet-another-long-string-of-characters-and-numbers-and-symbols
+
+authentication_backend:
+  disable_reset_password: false
+  file:
+    path: /config/users_database.yml
+    password:
+      algorithm: argon2id
+      iterations: 1
+      salt_length: 16
+      parallelism: 8
+      memory: 64
+      
+access_control:
+  default_policy: deny
+  rules:
+    # Rules applied to everyone
+    - domain:
+        - "ourfamily.group"
+        - "www.ourfamily.group"
+        - "help.ourfamily.group"
+        - "cdn.ourfamily.group"
+      policy: bypass
+    - domain:
+        - "tree.ourfamily.group"
+      policy: one_factor
+#      networks:
+#       - 192.168.1.0/24
+#    - domain:
+#        - "a2factor.domain.org"
+#      policy: two_factor
+#     networks:
+#       - 192.168.1.0/24
+
+session:
+  name: authelia_session
+  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+  secret: a-really-L0ng_s7r0ng-secr3t-st1nggggg-shoul0-be-used
+  expiration: 3600 # 1 hour
+  inactivity: 7200 # 2 hours
+  domain: ourfamily.group # Should match whatever your root protected domain is
+
+  redis:
+    host: auth-redis-1
+    port: 6379
+    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
+#    password: authelia
+
+regulation:
+  max_retries: 5
+  find_time: 2m
+  ban_time: 10m
+  
+theme: dark
+
+storage:
+  encryption_key: a-very-long-strong-key-should-be-used-here
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+#  filesystem:
+#    filename: /config/notification.txt
+  smtp:
+    username: family@daruthe.com
+    password: Motahub0!
+    host: mail.daruthe.com
+    port: 465
+    sender: family@daruthe.com
+    subject: "[Authelia] {title}"
+    disable_require_tls: false
+    disable_html_emails: false
+    tls:
+      server_name: mail.daruthe.com
+      skip_verify: false
+      minimum_version: TLS1.2

authelia/docker-compose.yml

@@ -0,0 +1,34 @@
+version: '3.3'
+services:
+  authelia:
+    image: authelia/authelia
+    volumes:
+      - ./config:/config
+    ports:
+      - 9091:9091
+    restart: unless-stopped
+    healthcheck:
+      disable: true
+    environment:
+      - TZ=Australia/Brisbane
+    depends_on:
+      - redis
+    networks:
+      - asgard
+
+  redis:
+    image: redis:alpine
+    volumes:
+      - ./redis:/data
+    expose:
+      - 6379
+    restart: unless-stopped
+    environment:
+      - TZ=Australia/Brisbane
+    networks:
+      - asgard
+
+networks:
+  asgard:
+    name: asgard
+    external: true

gramps/docker-compose.yml

@@ -0,0 +1,72 @@
+version: "3.7"
+
+services:
+  grampsweb: &grampsweb
+    image: ghcr.io/gramps-project/grampsweb:latest
+    restart: unless-stopped
+    ports:
+      - "80:5000"  # host:docker
+    environment:
+      GRAMPSWEB_TREE: "Gramps Web"  # will create a new tree if not exists
+      GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://grampsweb_redis:6379/0"
+      GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://grampsweb_redis:6379/0"
+      GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://grampsweb_redis:6379/1
+    depends_on:
+      - grampsweb_redis
+    volumes:
+      - ./gramps_users:/app/users  # persist user database
+      - ./gramps_index:/app/indexdir  # persist search index
+      - ./gramps_thumb_cache:/app/thumbnail_cache  # persist thumbnails
+      - ./gramps_cache:/app/cache  # persist export and report caches
+      - ./gramps_secret:/app/secret  # persist flask secret
+      - ./gramps_db:/root/.gramps/grampsdb  # persist Gramps database
+      - ./gramps_media:/app/media  # persist media files
+      - ./gramps_tmp:/tmp
+    networks:
+      - asgard
+
+  grampsweb_celery:
+    <<: *grampsweb  # YAML merge key copying the entire grampsweb service config
+    ports: []
+    container_name: grampsweb_celery
+    depends_on:
+      - grampsweb_redis
+    command: celery -A gramps_webapi.celery worker --loglevel=INFO
+    networks:
+      - asgard
+
+  grampsweb_redis:
+    image: redis:alpine
+    container_name: grampsweb_redis
+    restart: unless-stopped
+    networks:
+      - asgard
+
+volumes:
+  gramps_users:
+  gramps_index:
+  gramps_thumb_cache:
+  gramps_cache:
+  gramps_secret:
+  gramps_db:
+  gramps_media:
+  gramps_tmp:
+
+networks:
+  asgard:
+    name: asgard
+    external: true
+
+
+
+
+
+
+
+
+
+
+
+
+
+