From f406b5e3b237bd954f48cb536426f4f9ece03516 Mon Sep 17 00:00:00 2001 From: David Rotermund Date: Sat, 13 Jul 2024 04:02:40 +0200 Subject: [PATCH] Add files via upload --- overleafmongo/compose.yaml | 33 +++++++++++++++ overleafnginx/compose.yaml | 22 ++++++++++ overleafnginx/nginx.conf | 32 ++++++++++++++ overleafredis/compose.yaml | 28 ++++++++++++ overleafserver/compose.yaml | 82 ++++++++++++++++++++++++++++++++++++ overleafsmtpd/compose.yaml | 29 +++++++++++++ overleafsmtpd/smtpd_pre.conf | 15 +++++++ 7 files changed, 241 insertions(+) create mode 100644 overleafmongo/compose.yaml create mode 100644 overleafnginx/compose.yaml create mode 100644 overleafnginx/nginx.conf create mode 100644 overleafredis/compose.yaml create mode 100644 overleafserver/compose.yaml create mode 100644 overleafsmtpd/compose.yaml create mode 100644 overleafsmtpd/smtpd_pre.conf diff --git a/overleafmongo/compose.yaml b/overleafmongo/compose.yaml new file mode 100644 index 0000000..c0b5712 --- /dev/null +++ b/overleafmongo/compose.yaml @@ -0,0 +1,33 @@ +# docker network create overleaf-network +services: + overleafmongo: + image: "mongo:5.0" + container_name: overleafmongo + hostname: overleafmongo + restart: always + healthcheck: + test: "mongosh --quiet --eval 'rs.hello().setName ? rs.hello().setName : rs.initiate({_id: \"overleaf\",members:[{_id: 0, host:\"overleafmongo:27017\"}]})'" + interval: 10s + timeout: 10s + retries: 5 + command: "--replSet overleaf" + expose: + - 27017 + volumes: + - overleaf_mongo:/data/db + - overleaf_mongo_cdb:/data/configdb + - /var/run/docker.sock:/var/run/docker.sock + networks: + - overleaf-network + extra_hosts: + - "mongo:127.0.0.1" + - "overleafmongo:127.0.0.1" + +volumes: + overleaf_mongo: + overleaf_mongo_cdb: + +networks: + overleaf-network: + external: true + diff --git a/overleafnginx/compose.yaml b/overleafnginx/compose.yaml new file mode 100644 index 0000000..63cc536 --- /dev/null +++ b/overleafnginx/compose.yaml @@ -0,0 +1,22 @@ +services: + overleafnginx: + image: nginx:stable-alpine + container_name: overleafnginx + hostname: overleafnginx + restart: always + volumes: + - "/root/overleafnginx/key.pem:/certs/nginx_key.pem:ro" + - "/root/overleafnginx/ca.pem:/certs/nginx_certificate.pem:ro" + - "/root/overleafnginx/nginx.conf:/etc/nginx/nginx.conf:ro" + ports: + - "0.0.0.0:443:443" + - "0.0.0.0:80:80" + environment: + NGINX_WORKER_PROCESSES: "4" + NGINX_WORKER_CONNECTIONS: "768" + networks: + - overleaf-network + +networks: + overleaf-network: + external: true diff --git a/overleafnginx/nginx.conf b/overleafnginx/nginx.conf new file mode 100644 index 0000000..82559cf --- /dev/null +++ b/overleafnginx/nginx.conf @@ -0,0 +1,32 @@ + events {} + http { + server { + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; + } + server { + listen 443 ssl; + ssl_certificate /certs/nginx_certificate.pem; + ssl_certificate_key /certs/nginx_key.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + server_tokens off; + client_max_body_size 50M; + + location / { + proxy_pass http://overleafserver:80; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 3m; + proxy_send_timeout 3m; + } + } + } + diff --git a/overleafredis/compose.yaml b/overleafredis/compose.yaml new file mode 100644 index 0000000..992703c --- /dev/null +++ b/overleafredis/compose.yaml @@ -0,0 +1,28 @@ +# docker network create overleaf-network +services: + overleafredis: + image: "redis:6.2-alpine" + container_name: overleafredis + hostname: overleafredis + restart: always + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + command: --save 60 1 --loglevel warning + volumes: + - overleaf_redis:/data + - /var/run/docker.sock:/var/run/docker.sock + expose: + - 6379 + networks: + - overleaf-network + +volumes: + overleaf_redis: + +networks: + overleaf-network: + external: true diff --git a/overleafserver/compose.yaml b/overleafserver/compose.yaml new file mode 100644 index 0000000..c526ac4 --- /dev/null +++ b/overleafserver/compose.yaml @@ -0,0 +1,82 @@ +# docker network create overleaf-network +# FIREWALL NOTES: +# docker network ls | grep overleaf-network +# +# ufw allow in on br-ff9f46af3644 +# ufw route allow in on br-ff9f46af3644 +# ufw route allow out on br-ff9f46af3644 +# +# ufw status numbered +# ufw delete [NUMBER] +# sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw +# ufw reload +# +# iptables -t nat -A POSTROUTING ! -o docker0 -s 172.18.0.0/16 -j MASQUERADE +# iptables -t nat -A POSTROUTING ! -o br-ff9f46af3644 -s 172.18.0.0/16 -j MASQUERADE + +############## +# TEX UPDATE # +############## + +### For updating the tex, disable the other network setting and use: +# And then we update the tex with: +# docker exec -it overleafserver /bin/bash +# cd /root +# rm -rf install-tl-* +# curl -L -o tl-unx.tar.gz https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz +# tar -xzf tl-unx.tar.gz +# cd install-tl-* +# perl ./install-tl --no-interaction + +services: + overleafserver: + image: "sharelatex/sharelatex" + container_name: overleafserver + hostname: overleafserver + restart: always + volumes: + - overleaf_data:/var/lib/overleaf + - overleaf_tex2024:/usr/local/texlive/2024 + - overleaf_tex2024:/usr/local/texlive/2023 + - /var/run/docker.sock:/var/run/docker.sock + + ports: + - 11001:80 + environment: + GIT_BRIDGE_ENABLED: "false" + GIT_BRIDGE_HOST: "git-bridge" + GIT_BRIDGE_PORT: "8000" + + REDIS_HOST: "overleafredis" + REDIS_PORT: "6379" + OVERLEAF_REDIS_HOST: "overleafredis" + + V1_HISTORY_URL: "http://127.0.0.1:3100/api" + OVERLEAF_MONGO_URL: "mongodb://overleafmongo/sharelatex" + OVERLEAF_APP_NAME: "FB1 University of Bremen Overleaf" + ENABLED_LINKED_FILE_TYPES: "project_file,project_output_file" + ENABLE_CONVERSIONS: "true" + EMAIL_CONFIRMATION_DISABLED: "false" + OVERLEAF_BEHIND_PROXY: "true" + OVERLEAF_SECURE_COOKIE: "true" + OVERLEAF_SITE_URL: "https://overleaf.neuro.uni-bremen.de" + OVERLEAF_NAV_TITLE: "FB1 Overleaf" + + OVERLEAF_ADMIN_EMAIL: "overleaf@neuro.uni-bremen.de" + OVERLEAF_EMAIL_FROM_ADDRESS: "overleaf@neuro.uni-bremen.de" + OVERLEAF_EMAIL_SMTP_HOST: "overleafsmtpd" + OVERLEAF_EMAIL_SMTP_PORT: "25" + OVERLEAF_EMAIL_SMTP_SECURE: "false" + OVERLEAF_EMAIL_SMTP_LOGGER: "true" + OVERLEAF_CUSTOM_EMAIL_FOOTER: "This system is run by the ITP" + networks: + - overleaf-network + +volumes: + overleaf_data: + overleaf_tex2024: + +networks: + overleaf-network: + external: true + diff --git a/overleafsmtpd/compose.yaml b/overleafsmtpd/compose.yaml new file mode 100644 index 0000000..c91aed4 --- /dev/null +++ b/overleafsmtpd/compose.yaml @@ -0,0 +1,29 @@ +# docker network create overleaf-network +services: + overleafsmtpd: + image: wodby/opensmtpd + container_name: overleafsmtpd + hostname: overleafsmtpd + restart: always + volumes: + - /root/overleafsmtpd/smtpd_pre.conf:/etc/gotpl/smtpd.conf.tmpl + - overleaf_smtpd:/var/spool/smtpd + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 25:25 + environment: + RELAY_HOST: "XXX" + RELAY_PROTO: "smtps" + RELAY_PORT: "XXX" + RELAY_USER: ${MAIL_USERNAME} + RELAY_PASSWORD: ${MAIL_PASSWORD} + + networks: + - overleaf-network + +volumes: + overleaf_smtpd: + +networks: + overleaf-network: + external: true diff --git a/overleafsmtpd/smtpd_pre.conf b/overleafsmtpd/smtpd_pre.conf new file mode 100644 index 0000000..be71a04 --- /dev/null +++ b/overleafsmtpd/smtpd_pre.conf @@ -0,0 +1,15 @@ +listen on 0.0.0.0 +listen on :: + +table aliases file:/etc/smtpd/aliases + +queue ttl 4d +bounce warn-interval 1h, 6h, 2d + +smtp max-message-size 35M + +table authinfo db:/etc/smtpd/authinfo.db +action default relay host "smtps://user@mailhost.neurotec.uni-bremen.de:465" auth tls no-verify +match from any for any action default + +