repos / git-pr

a self-hosted git collaboration server
git clone https://github.com/picosh/git-pr.git
commit
0b777fa
parent
60aa6b3
author
Eric Bower
date
2024-05-20 23:40:46 -0400 EDT
chore: docker prod
4 files changed,  +79, -4
A Caddyfile
M docker-compose.yml
M ssh.go
M web.go
A Caddyfile
+56, -0 
 1@@ -0,0 +1,56 @@
 2+{$APP_DOMAIN} {
 3+	reverse_proxy web:3000
 4+	tls {$APP_EMAIL} {
 5+		dns cloudflare {$CF_API_TOKEN}
 6+		resolvers 1.1.1.1
 7+	}
 8+	encode zstd gzip
 9+
10+	header {
11+		# disable FLoC tracking
12+		Permissions-Policy interest-cohort=()
13+
14+		# enable HSTS
15+		Strict-Transport-Security max-age=31536000;
16+
17+		# disable clients from sniffing the media type
18+		X-Content-Type-Options nosniff
19+
20+		# clickjacking protection
21+		X-Frame-Options DENY
22+
23+		# keep referrer data off of HTTP connections
24+		Referrer-Policy no-referrer-when-downgrade
25+
26+		Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
27+
28+		X-XSS-Protection "1; mode=block"
29+	}
30+
31+	@caddymetrics {
32+		host {$APP_DOMAIN}
33+		path /_caddy/metrics
34+	}
35+
36+	metrics @caddymetrics {
37+		disable_openmetrics
38+	}
39+
40+	@appmetrics {
41+		host {$APP_DOMAIN}
42+		path /_app/metrics
43+	}
44+
45+	handle @appmetrics {
46+		rewrite * /metrics
47+		reverse_proxy ssh:9222
48+	}
49+}
50+
51+:443 {
52+	reverse_proxy web:3000
53+	tls {$APP_EMAIL} {
54+		on_demand
55+	}
56+	encode zstd gzip
57+}
M docker-compose.yml
+19, -0 
 1@@ -1,4 +1,23 @@
 2 services:
 3+  caddy:
 4+    image: ghcr.io/picosh/pico/caddy:latest
 5+    restart: always
 6+    networks:
 7+      - git
 8+    env_file:
 9+      - .env.prod
10+    environment:
11+      APP_DOMAIN: pr.pico.sh
12+      APP_EMAIL: hello@pico.sh
13+    volumes:
14+      - ./Caddyfile:/etc/caddy/Caddyfile
15+      - ./data/git-caddy/data:/data
16+      - ./data/git-caddy/config:/config
17+    ports:
18+      - "${GIT_HTTPS_V4:-443}:443"
19+      - "${GIT_HTTP_V4:-80}:80"
20+      - "${GIT_HTTPS_V6:-[::1]:443}:443"
21+      - "${GIT_HTTP_V6:-[::1]:80}:80"
22   web:
23     image: ghcr.io/picosh/pico/git-web:latest
24     restart: always
M ssh.go
+2, -2 
 1@@ -19,11 +19,11 @@ func authHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 2 }
 3 
 4 func GitSshServer() {
 5-	host := os.Getenv("SSH_HOST")
 6+	host := os.Getenv("GIT_HOST")
 7 	if host == "" {
 8 		host = "0.0.0.0"
 9 	}
10-	port := os.Getenv("SSH_PORT")
11+	port := os.Getenv("GIT_SSH_PORT")
12 	if port == "" {
13 		port = "2222"
14 	}
M web.go
+2, -2 
 1@@ -50,11 +50,11 @@ func prHandler(w http.ResponseWriter, r *http.Request) {
 2 }
 3 
 4 func StartWebServer() {
 5-	host := os.Getenv("WEB_HOST")
 6+	host := os.Getenv("GIT_HOST")
 7 	if host == "" {
 8 		host = "0.0.0.0"
 9 	}
10-	port := os.Getenv("WEB_PORT")
11+	port := os.Getenv("GIT_WEB_PORT")
12 	if port == "" {
13 		port = "3000"
14 	}