Update apps/cistech-tunnel/docker-compose.yml
This commit is contained in:
@@ -1,43 +1,34 @@
|
|||||||
services:
|
services:
|
||||||
vpn:
|
cistech-tunnel:
|
||||||
build: ./vpn-openconnect-sso
|
image: cistech-vpn:latest
|
||||||
container_name: cistech-vpn
|
restart: unless-stopped
|
||||||
cap_add:
|
networks:
|
||||||
- NET_ADMIN
|
cistech-tunnel_runtipi_network:
|
||||||
devices:
|
gw_priority: 0
|
||||||
- /dev/net/tun:/dev/net/tun
|
tipi_main_network:
|
||||||
|
gw_priority: 1
|
||||||
environment:
|
environment:
|
||||||
OC_URL: ${OC_URL}
|
OC_URL: ${OC_URL}
|
||||||
OC_SERVERCERT: ${OC_SERVERCERT}
|
OC_SERVERCERT: ${OC_SERVERCERT}
|
||||||
OC_AUTHGROUP: ${OC_AUTHGROUP}
|
OC_USER: ${OC_USER}
|
||||||
OC_INTERFACE: tun0
|
VNC_PASSWORD: ${VNC_PASSWORD}
|
||||||
OC_SSO_ARGS: ${OC_SSO_ARGS:- --browser-display-mode shown}
|
NOVNC_PORT: "6902"
|
||||||
VNC_PASSWORD: ${VNC_PASSWORD:-changeme}
|
|
||||||
NOVNC_PORT: ${NOVNC_PORT:-6901}
|
|
||||||
ports:
|
ports:
|
||||||
- "${PUBLISH_ADDR:-0.0.0.0}:${NOVNC_PORT:-6901}:${NOVNC_PORT:-6901}"
|
- ${APP_PORT}:6902
|
||||||
volumes:
|
volumes:
|
||||||
- vpn_state:/root
|
- ${APP_DATA_DIR}/data:/root
|
||||||
restart: unless-stopped
|
labels:
|
||||||
|
generated: true
|
||||||
ssh_tunnel:
|
traefik.enable: true
|
||||||
image: alpine:3.20
|
traefik.docker.network: runtipi_tipi_main_network
|
||||||
container_name: cistech-ssh-tunnel
|
traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
|
||||||
network_mode: "service:vpn"
|
traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6902"
|
||||||
depends_on:
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
|
||||||
- vpn
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
|
||||||
volumes:
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
|
||||||
- ${SSH_KEY_PATH:-/home/alexz/.ssh/id_ed25519-lenovo}:/root/.ssh/id_ed25519-lenovo:ro
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.middlewares: cistech-tunnel-runtipi-web-redirect
|
||||||
command: >
|
traefik.http.routers.cistech-tunnel-runtipi.rule: Host(`${APP_DOMAIN}`)
|
||||||
sh -lc "apk add --no-cache openssh-client &&
|
traefik.http.routers.cistech-tunnel-runtipi.entrypoints: websecure
|
||||||
exec ssh -N -i /root/.ssh/id_ed25519-lenovo \
|
traefik.http.routers.cistech-tunnel-runtipi.service: cistech-tunnel-runtipi
|
||||||
-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes \
|
traefik.http.routers.cistech-tunnel-runtipi.tls.certresolver: myresolver
|
||||||
-L 0.0.0.0:8090:localhost:8090 \
|
runtipi.managed: true
|
||||||
-L 0.0.0.0:2001:localhost:2001 \
|
|
||||||
-L 0.0.0.0:36001:localhost:36001 \
|
|
||||||
-L 0.0.0.0:36000:localhost:36000 \
|
|
||||||
zawa@10.3.1.201"
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
vpn_state: {}
|
|
||||||
Reference in New Issue
Block a user