initial commit

docker-compose.yml

@@ -0,0 +1,151 @@
+services:
+  postgres:
+    restart: unless-stopped
+    env_file: .env
+    environment:
+      - "POSTGRES_HOST_AUTH_METHOD=trust"
+    image: postgres:15-alpine
+    volumes:
+      - ./data/postgres:/var/lib/postgresql/data
+    networks:
+      # - default
+      - traefik-public
+
+  redis:
+    restart: unless-stopped
+    env_file: .env
+    image: redis:7-alpine
+    volumes:
+      - ./data/redis:/data
+    networks:
+      # - default
+      - traefik-public
+
+  celeryworker:
+    restart: unless-stopped
+    image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
+    depends_on:
+      - postgres
+      - redis
+    env_file: .env
+    # Celery workers handle background tasks (such file imports or federation
+    # messaging). The more processes a worker gets, the more tasks
+    # can be processed in parallel. However, more processes also means
+    # a bigger memory footprint.
+    # By default, a worker will span a number of process equal to your number
+    # of CPUs. You can adjust this, by explicitly setting the --concurrency
+    # flag:
+    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
+    networks:
+      # - default
+      - traefik-public
+    command:
+      - celery
+      - --app=funkwhale_api.taskapp
+      - worker
+      - --loglevel=INFO
+      - --concurrency=${CELERYD_CONCURRENCY-0}
+    environment:
+      - C_FORCE_ROOT=true
+    volumes:
+      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
+      - "${MEDIA_ROOT}:${MEDIA_ROOT}"
+
+  celerybeat:
+    restart: unless-stopped
+    image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
+    networks:
+      # - default
+      - traefik-public
+    command:
+      - celery
+      - --app=funkwhale_api.taskapp
+      - beat
+      - --loglevel=INFO
+    depends_on:
+      - postgres
+      - redis
+    env_file: .env
+
+  api:
+    restart: unless-stopped
+    image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
+    depends_on:
+      - postgres
+      - redis
+    env_file: .env
+    networks:
+      # - default
+      - traefik-public
+    volumes:
+      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
+      - "${MEDIA_ROOT}:${MEDIA_ROOT}"
+      - "${STATIC_ROOT}:${STATIC_ROOT}"
+
+  front:
+    restart: unless-stopped
+    image: funkwhale/front:${FUNKWHALE_VERSION:-latest}
+    depends_on:
+      - api
+    env_file:
+      - .env
+    environment:
+      # Override those variables in your .env file if needed
+      - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
+    volumes:
+      # Uncomment if you want to use your previous nginx config, please let us
+      # know what special configuration you need, so we can support it with out
+      # upstream nginx configuration!
+      # - "./nginx/funkwhale.template:/etc/nginx/nginx.conf:ro"
+      # - "./nginx/funkwhale.template:/etc/nginx/templates/default.conf.template:ro"
+      # - "./nginx/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro"
+
+      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
+      - "${MEDIA_ROOT}:${MEDIA_ROOT}:ro"
+      - "${STATIC_ROOT}:/usr/share/nginx/html/staticfiles:ro"
+    # ports:
+    #   # override those variables in your .env file if needed
+    #   - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
+
+    labels:
+      traefik.enable: true
+      traefik.http.services.funkwhale.loadbalancer.server.port: 80
+      traefik.http.routers.funkwhale.entrypoints: websecure
+      traefik.http.routers.funkwhale.rule: Host(`audio.alice.ufsj.edu.br`)
+      # traefik.http.routers.funkwhale.middlewares: "funkwhale"
+      traefik.http.middlewares.funkwhale.headers.stsSeconds: '15552000'
+      traefik.http.middlewares.funkwhale.headers.framedeny: true
+      traefik.http.middlewares.funkwhale.headers.stsIncludeSubdomains: true
+      traefik.http.middlewares.funkwhale.headers.customFrameOptionsValue: SAMEORIGIN
+      traefik.http.middlewares.funkwhale.headers.stsPreload: true
+      traefik.http.middlewares.funkwhale.headers.sslredirect: true
+      traefik.http.middlewares.funkwhale.headers.customrequestheaders.X-Forwarded-Proto: https
+      # traefik.http.middlewares.funkwhale.headers.forwardedHeaders: true
+      # traefik.http.middlewares.funkwhale.headers.customrequestheaders.X-Forwarded-User: https
+      # traefik.http.middlewares.funkwhale.forwardauth.trustforwardheader: true
+      # traefik.http.middlewares.funkwhale.forwardauth.authresponseheaders: "X-Forwarded-User"
+
+        
+
+    networks:
+      # - default
+      - traefik-public
+
+  typesense:
+    restart: unless-stopped
+    env_file:
+      - .env
+    image: typesense/typesense:0.24.0
+    volumes:
+      - ./typesense/data:/data
+    command: --data-dir /data --enable-cors
+    profiles:
+      - typesense
+    networks:
+      # - default
+      - traefik-public
+
+networks:
+  # default:
+  traefik-public:
+    external: true

nginx/funkwhale.template

@@ -0,0 +1,86 @@
+upstream fw {
+    server ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT};
+}
+
+# Required for websocket support.
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    # update this to match your instance name
+    server_name audio.alice.ufsj.edu.br;
+
+    # useful for Let's Encrypt
+    location /.well-known/acme-challenge/ {
+        allow all;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen      443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name ${FUNKWHALE_HOSTNAME};
+
+    # TLS
+    # Feel free to use your own configuration for SSL here or simply remove the
+    # lines and move the configuration to the previous server block if you
+    # don't want to run funkwhale behind https (this is not recommended)
+    # have a look here for let's encrypt configuration:
+    # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
+    ssl_protocols TLSv1.2;
+    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+ #   ssl_certificate     /etc/letsencrypt/live/${FUNKWHALE_HOSTNAME}/fullchain.pem;
+    #ssl_certificate_key /etc/letsencrypt/live/${FUNKWHALE_HOSTNAME}/privkey.pem;
+
+    # HSTS
+    add_header Strict-Transport-Security "max-age=31536000";
+
+
+    # General configs
+    client_max_body_size ${NGINX_MAX_BODY_SIZE};
+    charset utf-8;
+
+    # compression settings
+    gzip on;
+    gzip_comp_level    5;
+    gzip_min_length    256;
+    gzip_proxied       any;
+    gzip_vary          on;
+    gzip_types
+        application/javascript
+        application/vnd.geo+json
+        application/vnd.ms-fontobject
+        application/x-font-ttf
+        application/x-web-app-manifest+json
+        font/opentype
+        image/bmp
+        image/svg+xml
+        image/x-icon
+        text/cache-manifest
+        text/css
+        text/plain
+        text/vcard
+        text/vnd.rim.location.xloc
+        text/vtt
+        text/x-component
+        text/x-cross-domain-policy;
+    # end of compression settings
+
+    location / {
+        include /etc/nginx/funkwhale_proxy.conf;
+        proxy_pass http://fw;
+    }
+
+}
+

nginx/funkwhale_proxy.conf

@@ -0,0 +1,14 @@
+# global proxy conf
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Host $host:$server_port;
+proxy_set_header X-Forwarded-Port $server_port;
+proxy_redirect off;
+
+# websocket support
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $connection_upgrade;
+