Chimera (monitoring node)

### OCI Chimera - Monitoring server ## NETWORKS networks: caddy_chimera: name: caddy_chimera driver: bridge ipam: config: - subnet: 172.16.3.0/24 ## SERVICES services: # Caddy (Reverse proxy, webserver) caddy: container_name: caddy build: ${CADDY_HOME}/build/ security_opt: - no-new-privileges:true networks: - caddy_chimera restart: unless-stopped ports: - 80:80 - 443:443 - ${LOCAL_IP}:2019:2019 - 127.0.0.1:2019:2019 volumes: - ${CADDY_HOME}/Caddyfile:/etc/caddy/Caddyfile - ${CADDY_HOME}/sites:/srv - ${CADDY_HOME}/data:/data - ${CADDY_HOME}/config:/config environment: - TZ=${TZ} # Docker Socket Proxy socket-proxy: container_name: socket-proxy image: tecnativa/docker-socket-proxy security_opt: - no-new-privileges:true networks: - caddy_chimera restart: unless-stopped ports: - ${LOCAL_IP}:2375:2375 volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.). # 0 to revoke access. # 1 to grant access. ## Granted by Default - EVENTS=1 - PING=1 - VERSION=1 ## Revoked by Default # Security critical - AUTH=0 - SECRETS=0 - POST=1 # Watchtower # Not always needed - BUILD=0 - COMMIT=0 - CONFIGS=0 - CONTAINERS=1 # Portainer, etc. - DISTRIBUTION=0 - EXEC=0 - IMAGES=1 # Portainer - INFO=1 # Portainer - NETWORKS=1 # Portainer - NODES=0 - PLUGINS=0 - SERVICES=1 # Portainer - SESSION=0 - SWARM=0 - SYSTEM=0 - TASKS=1 # Portainer - VOLUMES=1 # Portainer # Uptime Kuma Monitoring uptime-kuma: container_name: uptime-kuma image: louislam/uptime-kuma security_opt: - no-new-privileges:true networks: - caddy_chimera restart: unless-stopped volumes: - ${UPTIME_KUMA_HOME}/data:/app/data # - ${UPTIME_KUMA_HOME}/config.yaml:/app/config.yaml environment: - UPTIME_KUMA_PORT=${UPTIME_KUMA_PORT} - PGID=${PGID} - PUID=${PUID} # Watchtower container updates watchtower: container_name: watchtower image: containrrr/watchtower security_opt: - no-new-privileges:true networks: - caddy_chimera restart: unless-stopped volumes: - /etc/timezone:/etc/timezone:ro environment: - WATCHTOWER_NOTIFICATIONS_HOSTNAME=oci-chimera - WATCHTOWER_CLEANUP=true - DOCKER_HOST=tcp://socket-proxy:2375 - WATCHTOWER_INCLUDE_STOPPED=true - WATCHTOWER_SCHEDULE=* 30 3 * * * - WATCHTOWER_MONITOR_ONLY=true - WATCHTOWER_NOTIFICATION_URL=discord://{WEBHOOK_URL} #- WATCHTOWER_RUN_ONCE=true # php-fpm # php-fpm: # container_name: php-fpm # build: ${PHP_FPM_HOME}/build/ # security_opt: # - no-new-privileges:true # networks: # - caddy_chimera # restart: unless-stopped # ports: # - ${LOCAL_IP}:9000:9000 # add to caddy # depends_on: # - php-fpm

# GENERAL TZ=Europe/Berlin PUID=1001 PGID=999 USERDIR=/home/ubuntu/ DOCKERDIR=/home/ubuntu/docker/ # NETWORK TAILSCALE_IP={} LOCAL_IP={} # IP on the OCI local network ## SERVICES ## # TRAEFIK TRAEFIK_HOME=/home/ubuntu/docker/traefik/ TRAEFIK_API_PORT=8000 # CADDY CADDY_HOME=/home/ubuntu/docker/caddy/ # PHP-FPM PHP_FPM_HOME=/home/ubuntu/docker/php-fpm/ # UPTIME KUMA UPTIME_KUMA_HOME=/home/ubuntu/docker/uptime-kuma/ UPTIME_KUMA_PORT=3000 # WATCHTOWER WATCHTOWER_HOME=/home/ubuntu/docker/watchtower/

FROM caddy:alpine RUN apk add --no-cache gzip LABEL com.centurylinklabs.watchtower.enable="false"

#!/bin/bash # Check if the "caddy" container is running if ! docker ps | grep -q "caddy"; then echo "Error: The 'caddy' container is not running." exit 1 fi # Execute "caddy reload" inside the container docker compose exec caddy caddy reload -c /etc/caddy/Caddyfile echo "Caddy configuration reloaded successfully."

(common) { header /* { -Server } } { email {tls_email} } status.{hostname} { tls { protocols tls1.2 } encode gzip import common log { output file /srv/logs/status.{hostname}/caddy.log { roll size 150mb roll_keep 15 roll_keep_for 2880h } } reverse_proxy uptime-kuma:3000 }

FROM php:8.1-fpm-alpine RUN curl -sSL https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions -o - | sh -s \ gd zip apcu opcache yam