From 1017d2640e5629357f0c55d2905d73f0b16ac8e5 Mon Sep 17 00:00:00 2001
From: foobar <foobar@zinomedia.de>
Date: Thu, 24 Nov 2022 13:50:24 +0100
Subject: [PATCH] init

---
 docker-compose.yml              | 103 ++++++++++++++++++++++++++++++++
 nginx/seafile.zinomedia.de.conf |  61 +++++++++++++++++++
 ssh/id_rsa                      |  27 +++++++++
 volumes/.gitkeep                |   0
 4 files changed, 191 insertions(+)
 create mode 100755 docker-compose.yml
 create mode 100755 nginx/seafile.zinomedia.de.conf
 create mode 100755 ssh/id_rsa
 create mode 100755 volumes/.gitkeep

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100755
index 0000000..5e3745e
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,103 @@
+version: '3.0'
+services:
+ 
+  # note: password for mysql user 'seafile' is created (randomly?) on 1st run of seafile container 
+  db:
+    image: linuxserver/mariadb:latest
+    container_name: seafile-mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWD}
+      - MYSQL_LOG_CONSOLE=true
+      - TZ=${TZ}
+    profiles:
+      - init
+      - prod
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - seafile-net
+
+  autossh-fileserver:
+    container_name: seafile-autossh-fileserver
+    restart: on-failure
+    image: jnovack/autossh:latest
+    volumes:
+      - ./ssh/id_rsa:/id_rsa
+    environment:
+      - PubkeyAuthentication=yes
+      - StrictHostKeyChecking=false
+      - PasswordAuthentication=no
+      - SSH_SERVER_ALIVE_INTERVAL=30
+      - ExitOnForwardFailure=yes
+      - SSH_REMOTE_USER=autotunnel
+      - SSH_REMOTE_HOST=arwing.zinomedia.de
+      - SSH_REMOTE_PORT=1337
+      - SSH_TUNNEL_PORT=8063 # incoming port on remote server
+      - SSH_TARGET_PORT=8082 # port of application to forward
+      - SSH_TARGET_HOST=seafile
+    profiles:
+      - prod
+    depends_on:
+      - seafile
+    networks:
+      - seafile-net
+  autossh-seahub:
+    container_name: seafile-autossh-seahub
+    restart: on-failure
+    image: jnovack/autossh:latest
+    volumes:
+      - ./ssh/id_rsa:/id_rsa
+    environment:
+      - PubkeyAuthentication=yes
+      - StrictHostKeyChecking=false
+      - PasswordAuthentication=no
+      - SSH_SERVER_ALIVE_INTERVAL=30
+      - ExitOnForwardFailure=yes
+      - SSH_REMOTE_USER=autotunnel
+      - SSH_REMOTE_HOST=arwing.zinomedia.de
+      - SSH_REMOTE_PORT=1337
+      - SSH_TUNNEL_PORT=8062 # incoming port on remote server
+      - SSH_TARGET_PORT=80 # port of application to forward
+      - SSH_TARGET_HOST=seafile
+    profiles:
+      - prod
+    depends_on:
+      - seafile
+    networks:
+      - seafile-net
+
+  seafile:
+    image: "seafileltd/seafile-mc:${SEAFILE_VERSION}"
+    container_name: seafile
+    restart: always
+    ports:
+      - "${SEAFILE_SEAHUB_PORT}:80"
+      - "8082:8082"
+    volumes:
+      - ${SEAFILE_DATA_DIR}:/shared
+      - media:/shared/media
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+      - SEAFILE_ADMIN_EMAIL=${SEAFILE_ADMIN_EMAIL}
+      - SEAFILE_ADMIN_PASSWORD=${SEAFILE_ADMIN_PASSWORD}
+      - SEAFILE_SERVER_LETSENCRYPT=false
+      - SEAFILE_SERVER_HOSTNAME=${URL}
+      - DB_HOST=db
+      - DB_ROOT_PASSWD=${MYSQL_ROOT_PASSWD}
+    depends_on:
+      - db
+    profiles:
+      - prod
+    networks:
+      - seafile-net
+
+volumes:
+  media:
+  db:
+
+networks:
+  seafile-net:
+    external: false
+    name: seafile-net
diff --git a/nginx/seafile.zinomedia.de.conf b/nginx/seafile.zinomedia.de.conf
new file mode 100755
index 0000000..80357c0
--- /dev/null
+++ b/nginx/seafile.zinomedia.de.conf
@@ -0,0 +1,61 @@
+log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
+
+proxy_set_header X-Forwarded-For $remote_addr;
+
+server {
+    server_name seafile.zinomedia.de;
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/seafile.zinomedia.de/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/seafile.zinomedia.de/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    location / {
+        proxy_pass http://127.0.0.1:8062;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_read_timeout 1200s;
+
+        # used for view/edit office file via Office Online Server
+        client_max_body_size 0;
+
+        access_log /var/log/nginx/seahub.keese.access.log seafileformat;
+        error_log /var/log/nginx/seahub.keese.error.log;
+    }
+
+    location /seafhttp {
+        rewrite ^/seafhttp(.*)$ $1 break;
+        proxy_pass http://127.0.0.1:8063;
+        client_max_body_size 0;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_connect_timeout  36000s;
+        proxy_read_timeout  36000s;
+        proxy_send_timeout  36000s;
+
+        send_timeout  36000s;
+
+        access_log      /var/log/nginx/seafhttp.keese.access.log seafileformat;
+        error_log       /var/log/nginx/seafhttp.keese.error.log;
+    }
+
+    location /media {
+        root /shared;
+    }
+
+}
+
+server {
+    if ($host = seafile.zinomedia.de) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name seafile.zinomedia.de;
+    listen 80;
+    listen [::]:80;
+    return 404; # managed by Certbot
+}
diff --git a/ssh/id_rsa b/ssh/id_rsa
new file mode 100755
index 0000000..fa3d5f1
--- /dev/null
+++ b/ssh/id_rsa
@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEAzdlVUjk8K/BQXhqao1lkjkjwEMJwB+S4IfkJF/XAHHXDEcpG32jv
+eSsngCTMdgR9H3Z4gD1bVhKseHAeCtauDRSs2QVlRE9zmx8XYcGbsLa0HjC2NlbmTfu79i
++giwaC7TQsP+TrKk6DHpCLZbIx5sUm6FuSvbolMefyAWZS2vh16UDNjovENH2YpCULnuvO
+E11hxgNjcSx6WSbYP6SYvH4tqaX9JNLSJagPpAEJ8FJSkSd6GuPETfUmdHLzh/1eVHGsZI
+Q3ubnnZ9h+5gjbSJ5fVjlW+RCAjXPnvuRyA089QHibvsXDBExz+gbd/BN/mGOugQf4qukR
+FQ3VEJtv+QAAA9C/GIx2vxiMdgAAAAdzc2gtcnNhAAABAQDN2VVSOTwr8FBeGpqjWWSOSP
+AQwnAH5Lgh+QkX9cAcdcMRykbfaO95KyeAJMx2BH0fdniAPVtWEqx4cB4K1q4NFKzZBWVE
+T3ObHxdhwZuwtrQeMLY2VuZN+7v2L6CLBoLtNCw/5OsqToMekItlsjHmxSboW5K9uiUx5/
+IBZlLa+HXpQM2Oi8Q0fZikJQue684TXWHGA2NxLHpZJtg/pJi8fi2ppf0k0tIlqA+kAQnw
+UlKRJ3oa48RN9SZ0cvOH/V5UcaxkhDe5uedn2H7mCNtInl9WOVb5EICNc+e+5HIDTz1AeJ
+u+xcMETHP6Bt38E3+YY66BB/iq6REVDdUQm2/5AAAAAwEAAQAAAQAE1xhnf4sHqXXqUIvU
+TXTM17A1ZK0HsnwV6GorUw76XFaC45O5CxmeasJaBAN+vupGRB3fPhIYuwWtK025iYS8MA
+FEdRkFeyzHt/pvxQKpLBKeJx0RuAdgTAwGZOZMfpGzjCeCNRrGeuQgYtu0P3Vm7LnWeti/
+d1IKk16gY8yM84HZhTYcpSwdDCORXjY4YOGLDm45kWzL89W4hOIIpx0pRV3t3ISTnFxEsr
+j4mhePtnoib+wbetsewql1vlsDsHnGIeQwa1XuZdolXHoQXi1y5ygnd2XR0ChVBdQ9wAFO
+GrlxlmV8WzRgfFIwlUMflcA0BtFEW513Db5haDTWgZCRAAAAgDAKJQAh3r6t6rD6qzmesM
+X7QjogYvs1L15Ickn9lyAEjQrBAWNQWYi2tTLEVDF7eH+OyscRXjuwUxK43QANOL7KE7jI
+3Ql/hnf0TiTGGNjqBB/h506NC+qvQfson7oj16AUwrHHb9GIRvRcZdy9tsU9TiAtrcgOOi
+qa5SJ/yWIjAAAAgQDz4yRkwFEI80NnSGDsMERHzW/6pcA7SREpEAIbICpgsHRGuYHtIwVF
+RsvVkPxe6fFcuMUYso67RdNELvPI/6h+endE4heNodC00mytI7nIva4sbU1TIqAzBsEJhT
+1A5d7WNCIehQxbbCi3mdEiN4r47176TZdKuE2xl5Kc0rXbzQAAAIEA2BKPbfq0NacvynE7
+or1hmTjOyfidzQ6Vo/UmTuR6anxAhjcAmt3uIYsiYw2xFGGTUmRAu4wOKnyfcD3itzvVC/
+CgehBf+wp9n7FkmvaZMe1ZrefVX9YcOBDjf8T95oGbq5s7kImEH2GIy1fUGad7b/Ad6ADK
+lT/8ppEnHoo/cN0AAAAXYXV0b3R1bm5lbEByYXNwYmVycnlwaTIBAgME
+-----END OPENSSH PRIVATE KEY-----
diff --git a/volumes/.gitkeep b/volumes/.gitkeep
new file mode 100755
index 0000000..e69de29