upload current sources

apps/cistech-tunnel/.env.example

@@ -0,0 +1,11 @@
+# Required
+OC_URL=https://vpn.cistech.net/Employees
+OC_SERVERCERT=pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=
+
+# Optional
+OC_AUTHGROUP=
+OC_SSO_ARGS=--browser-display-mode shown
+VNC_PASSWORD=vpnSSO12
+NOVNC_PORT=6901
+PUBLISH_ADDR=0.0.0.0
+SSH_KEY_PATH=/home/alexz/.ssh/id_ed25519-lenovo

apps/cistech-tunnel/README.md

@@ -0,0 +1,11 @@
+# Cistech Tunnel (VPN + SSH)
+
+- VPN: OpenConnect-SSO with noVNC for first-time SSO (port 6901)
+- SSH tunnels: forwards to 10.3.1.201 inside the VPN namespace
+
+Usage
+- Copy `.env.example` to `.env` and adjust values.
+- Build and start:
+  docker compose build
+  docker compose up -d vpn ssh_tunnel
+- First-time SSO: open http://<host>:6901 and complete login; then set `OC_SSO_ARGS=--browser-display-mode hidden` and restart `vpn`.

apps/cistech-tunnel/config.json

@@ -0,0 +1,25 @@
+{
+"name": "Cistech Tunnel",
+"id": "cistech-tunnel",
+"available": true,
+"short_desc": "OpenConnect-SSO VPN + SSH forwards (noVNC)",
+"author": "alexz",
+"port": 6901,
+"categories": ["utilities","network"],
+"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO and an SSH tunnel service for local forwards.",
+"tipi_version": 1,
+"version": "1.0.0",
+"source": "https://git.alexzaw.dev/alexz/cistech-tunnel",
+"exposable": true,
+"dynamic_config": false,
+"no_gui": false,
+"form_fields": [
+{"label":"VPN URL","type":"text","env_variable":"OC_URL","required":true,"default":"https://vpn.cistech.net/Employees"},
+{"label":"Server Cert Pin","type":"text","env_variable":"OC_SERVERCERT","required":true,"default":"pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0="},
+{"label":"Auth Group","type":"text","env_variable":"OC_AUTHGROUP","required":false,"default":""},
+{"label":"SSO Mode","type":"text","env_variable":"OC_SSO_ARGS","required":true,"default":"--browser-display-mode shown"},
+{"label":"VNC Password","type":"password","env_variable":"VNC_PASSWORD","required":true,"default":"Az@83278327$$@@"},
+{"label":"SSH Key Path","type":"text","env_variable":"SSH_KEY_PATH","required":true,"default":"/home/alexz/.ssh/id_ed25519-lenovo"}
+],
+"supported_architectures": ["arm64","amd64"]
+}

apps/cistech-tunnel/config.json.bak.1765310779

@@ -0,0 +1,25 @@
+{
+  "name": "Cistech Tunnel",
+  "id": "cistech-tunnel",
+  "available": true,
+  "short_desc": "OpenConnect-SSO VPN + SSH forwards (noVNC)",
+  "author": "alexz",
+  "port": 6901,
+  "categories": ["networking", "utilities"],
+  "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO and an SSH tunnel service for local forwards.",
+  "tipi_version": 1,
+  "version": "1.0.0",
+  "source": "https://git.alexzaw.dev/alexz/cistech-tunnel",
+  "exposable": true,
+  "dynamic_config": true,
+  "no_gui": false,
+  "form_fields": [
+    { "label": "VPN URL", "type": "text", "env_variable": "OC_URL_A", "required": true, "default": "https://vpn.cistech.net/Employees" },
+    { "label": "Server Cert Pin", "type": "text", "env_variable": "OC_SERVERCERT_A", "required": true, "default": "pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=" },
+    { "label": "Auth Group", "type": "text", "env_variable": "OC_AUTHGROUP_A", "required": false, "default": "" },
+    { "label": "SSO Mode", "type": "text", "env_variable": "OC_SSO_ARGS_A", "required": true, "default": "--browser-display-mode shown" },
+    { "label": "VNC Password", "type": "password", "env_variable": "VNC_PASS_A", "required": true, "default": "vpnSSO12" },
+    { "label": "SSH Key Path", "type": "text", "env_variable": "SSH_KEY_PATH", "required": true, "default": "/home/alexz/.ssh/id_ed25519-lenovo" }
+  ],
+  "supported_architectures": ["arm64", "amd64"]
+}

apps/cistech-tunnel/config.json.bak.1765311179

@@ -0,0 +1,67 @@
+{
+  "name": "Cistech Tunnel",
+  "id": "cistech-tunnel",
+  "available": true,
+  "short_desc": "OpenConnect-SSO VPN + SSH forwards (noVNC)",
+  "author": "alexz",
+  "port": 6901,
+  "categories": [
+    "utilities",
+    "network"
+  ],
+  "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO and an SSH tunnel service for local forwards.",
+  "tipi_version": 1,
+  "version": "1.0.0",
+  "source": "https://git.alexzaw.dev/alexz/cistech-tunnel",
+  "exposable": true,
+  "dynamic_config": true,
+  "no_gui": false,
+  "form_fields": [
+    {
+      "label": "VPN URL",
+      "type": "text",
+      "env_variable": "OC_URL",
+      "required": true,
+      "default": "https://vpn.cistech.net/Employees"
+    },
+    {
+      "label": "Server Cert Pin",
+      "type": "text",
+      "env_variable": "OC_SERVERCERT",
+      "required": true,
+      "default": "pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0="
+    },
+    {
+      "label": "Auth Group",
+      "type": "text",
+      "env_variable": "OC_AUTHGROUP",
+      "required": false,
+      "default": ""
+    },
+    {
+      "label": "SSO Mode",
+      "type": "text",
+      "env_variable": "OC_SSO_ARGS",
+      "required": true,
+      "default": "--browser-display-mode shown"
+    },
+    {
+      "label": "VNC Password",
+      "type": "password",
+      "env_variable": "VNC_PASSWORD",
+      "required": true,
+      "default": "vpnSSO12"
+    },
+    {
+      "label": "SSH Key Path",
+      "type": "text",
+      "env_variable": "SSH_KEY_PATH",
+      "required": true,
+      "default": "/home/alexz/.ssh/id_ed25519-lenovo"
+    }
+  ],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}

apps/cistech-tunnel/docker-compose.json.bak.1765312176

@@ -0,0 +1,39 @@
+{
+  "$schema": "https://schemas.runtipi.io/v2/dynamic-compose.json",
+  "schemaVersion": 2,
+  "services": [
+    {
+      "name": "vpn_a",
+      "image": "vpn-openconnect-sso:latest",
+      "isMain": true,
+      "internalPort": 6901,
+      "capAdd": ["NET_ADMIN"],
+      "devices": [
+        { "hostPath": "/dev/net/tun", "containerPath": "/dev/net/tun" }
+      ],
+      "environment": [
+        { "key": "OC_URL", "value": "${OC_URL_A}" },
+        { "key": "OC_SERVERCERT", "value": "${OC_SERVERCERT_A}" },
+        { "key": "OC_AUTHGROUP", "value": "${OC_AUTHGROUP_A}" },
+        { "key": "OC_INTERFACE", "value": "tun0" },
+        { "key": "OC_SSO_ARGS", "value": "${OC_SSO_ARGS_A}" },
+        { "key": "VNC_PASSWORD", "value": "${VNC_PASS_A}" },
+        { "key": "NOVNC_PORT", "value": "6901" }
+      ],
+      "volumes": [
+        { "hostPath": "${APP_DATA_DIR}/data/vpn_a_state", "containerPath": "/root" }
+      ],
+      "restartPolicy": "unless-stopped"
+    },
+    {
+      "name": "ssh_tunnel",
+      "image": "alpine:3.20",
+      "networkMode": "service:vpn_a",
+      "volumes": [
+        { "hostPath": "${SSH_KEY_PATH}", "containerPath": "/root/.ssh/id_ed25519-lenovo", "readOnly": true }
+      ],
+      "command": "sh -lc \"apk add --no-cache openssh-client && exec ssh -N -i /root/.ssh/id_ed25519-lenovo -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -L 127.0.0.1:8090:localhost:8090 -L 127.0.0.1:2001:localhost:2001 -L 127.0.0.1:36001:localhost:36001 zawa@10.3.1.201\"",
+      "restartPolicy": "unless-stopped"
+    }
+  ]
+}

apps/cistech-tunnel/docker-compose.yml

@@ -0,0 +1,43 @@
+services:
+  vpn:
+    build: ./vpn-openconnect-sso
+    container_name: cistech-vpn
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    environment:
+      OC_URL: ${OC_URL}
+      OC_SERVERCERT: ${OC_SERVERCERT}
+      OC_AUTHGROUP: ${OC_AUTHGROUP}
+      OC_INTERFACE: tun0
+      OC_SSO_ARGS: ${OC_SSO_ARGS:- --browser-display-mode shown}
+      VNC_PASSWORD: ${VNC_PASSWORD:-changeme}
+      NOVNC_PORT: ${NOVNC_PORT:-6901}
+    ports:
+      - "${PUBLISH_ADDR:-0.0.0.0}:${NOVNC_PORT:-6901}:${NOVNC_PORT:-6901}"
+    volumes:
+      - vpn_state:/root
+    restart: unless-stopped
+
+  ssh_tunnel:
+    image: alpine:3.20
+    container_name: cistech-ssh-tunnel
+    network_mode: "service:vpn"
+    depends_on:
+      - vpn
+    volumes:
+      - ${SSH_KEY_PATH:-/home/alexz/.ssh/id_ed25519-lenovo}:/root/.ssh/id_ed25519-lenovo:ro
+    command: >
+      sh -lc "apk add --no-cache openssh-client &&
+      exec ssh -N -i /root/.ssh/id_ed25519-lenovo \
+        -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes \
+        -L 0.0.0.0:8090:localhost:8090 \
+        -L 0.0.0.0:2001:localhost:2001 \
+        -L 0.0.0.0:36001:localhost:36001 \
+        -L 0.0.0.0:36000:localhost:36000 \
+        zawa@10.3.1.201"
+    restart: unless-stopped
+
+volumes:
+  vpn_state: {}

apps/cistech-tunnel/metadata/description.md

@@ -0,0 +1,20 @@
+# Dockerized OpenConnect-SSO with noVNC and Cloudflared
+
+## Setup
+1) Copy `.env.example` to `.env` and fill values (URLs, servercert pins, VNC passwords, cloudflared tokens).
+
+2) First-time SSO: leave `OC_SSO_ARGS_*=--browser-display-mode visible`.
+
+3) Build and start:
+   docker compose build
+   docker compose up -d vpn_a
+   # Open http://localhost:6901, complete SSO.
+   # After success, attach app containers or start cloudflared_a.
+
+4) Optional: switch to headless after first login:
+   Set `OC_SSO_ARGS_*=--browser-display-mode hidden` (or `headless`) and restart the vpn service.
+
+## Notes
+- Each VPN runs in its own net namespace; routes from one cannot affect the other or the host.
+- DNS from the VPN applies within its container namespace and attached services only.
+- Persisted state lives in the named volumes mounted at `/root` (Playwright cache, configs).

apps/cistech-tunnel/vpn-openconnect-sso/Dockerfile

@@ -0,0 +1,33 @@
+FROM ubuntu:24.04
+ENV QTWEBENGINE_DISABLE_SANDBOX=1
+ENV QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu"
+ENV DEBIAN_FRONTEND=noninteractive \
+    PLAYWRIGHT_BROWSERS_PATH=/ms-playwright \
+    VIRTUAL_ENV=/opt/venv \
+    PATH=/opt/venv/bin:$PATH
+
+RUN apt-get update && apt-get install -y \
+    openconnect iproute2 iptables ca-certificates \
+    python3 python3-pip python3-venv \
+    vpnc-scripts curl \
+    x11vnc xvfb fluxbox novnc websockify \
+    xauth libnss3 libatk1.0-0 libatk-bridge2.0-0 \
+    libx11-6 libx11-xcb1 libxcomposite1 libxrandr2 libgbm1 libxdamage1 \
+    libpango-1.0-0 fonts-liberation \
+    libegl1 libgl1 libopengl0 libdbus-1-3 libglib2.0-0 \
+    libxkbcommon0 libxkbcommon-x11-0 \
+    libxcb1 libxcb-cursor0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render0 libxcb-render-util0 libxcb-shm0 libxcb-xfixes0 libxcb-xinerama0 libxcb-randr0 libxcb-glx0 \
+    sudo \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/*
+
+RUN python3 -m venv "$VIRTUAL_ENV"
+RUN pip install --no-cache-dir openconnect-sso playwright \
+    && python -m playwright install --with-deps chromium
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 6901
+ENTRYPOINT ["/entrypoint.sh"]

apps/cistech-tunnel/vpn-openconnect-sso/entrypoint.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: "${OC_URL:?OC_URL is required}"
+: "${OC_SERVERCERT:?OC_SERVERCERT is required}"
+
+NOVNC_PORT="${NOVNC_PORT:-6901}"
+VNC_PASSWORD="${VNC_PASSWORD:-changeme}"
+DISPLAY_ADDR="${DISPLAY:-:1}"
+OC_INTERFACE="${OC_INTERFACE:-tun0}"
+OC_SSO_ARGS_DEFAULT="--browser-display-mode shown"
+
+if [[ "${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT}" == *"shown"* ]]; then
+  mkdir -p /root/.vnc
+  x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true
+  rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
+  Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
+  sleep 0.5
+  export DISPLAY="$DISPLAY_ADDR"
+  fluxbox >/tmp/fluxbox.log 2>&1 &
+  x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
+  websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
+fi
+
+OPENCONNECT_CMD=(
+  /usr/sbin/openconnect
+  --protocol=anyconnect
+  --servercert "$OC_SERVERCERT"
+  --interface "$OC_INTERFACE"
+  --script /usr/share/vpnc-scripts/vpnc-script
+)
+[[ -n "${OC_AUTHGROUP:-}" ]] && OPENCONNECT_CMD+=(--authgroup "$OC_AUTHGROUP")
+[[ -n "${OC_USERAGENT:-}" ]] && OPENCONNECT_CMD+=(--useragent "$OC_USERAGENT")
+[[ -n "${OC_EXTRA_ARGS:-}" ]] && OPENCONNECT_CMD+=(${OC_EXTRA_ARGS})
+
+exec openconnect-sso -s "$OC_URL" ${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT} -- "${OPENCONNECT_CMD[@]}"

apps/cloudbeaver/config.json

@@ -0,0 +1,27 @@
+{
+  "name": "CloudBeaver",
+  "id": "cloudbeaver",
+  "available": true,
+  "short_desc": "Web-based database management platform",
+  "author": "DBeaver Corp",
+  "port": 8978,
+  "categories": [
+    "data",
+    "development"
+  ],
+  "description": "CloudBeaver is a web-based database management platform. It provides a rich web interface for working with databases via web browser. Supports PostgreSQL, MySQL, MariaDB, SQL Server, Oracle, DB2, Firebird, SQLite, and many more databases.",
+  "tipi_version": 1,
+  "version": "25.2.5",
+  "source": "https://github.com/dbeaver/cloudbeaver",
+  "website": "https://cloudbeaver.io/",
+  "exposable": true,
+  "dynamic_config": true,
+  "no_gui": false,
+  "form_fields": [],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ],
+  "created_at": 1732924800000,
+  "updated_at": 1732924800000
+}

apps/cloudbeaver/docker-compose.json

@@ -0,0 +1,24 @@
+{
+  "services": [
+    {
+      "name": "cloudbeaver",
+      "image": "dbeaver/cloudbeaver:25.2.5",
+      "isMain": true,
+      "internalPort": 8978,
+      "extraHosts": [
+        "host.docker.internal:host-gateway"
+      ],
+      "environment": {
+        "CB_SERVER_NAME": "CloudBeaver",
+        "CB_ADMIN_NAME": "admin",
+        "CB_ADMIN_PASSWORD": "admin"
+      },
+      "volumes": [
+        {
+          "hostPath": "${APP_DATA_DIR}/data",
+          "containerPath": "/opt/cloudbeaver/workspace"
+        }
+      ]
+    }
+  ]
+}

apps/cloudbeaver/docker-compose.yml

@@ -0,0 +1,46 @@
+services:
+  cloudbeaver:
+    image: dbeaver/cloudbeaver:25.2.5
+    restart: unless-stopped
+    networks:
+      cloudbeaver_runtipi_network:
+        gw_priority: 0
+      tipi_main_network:
+        gw_priority: 1
+    extra_hosts:
+      - host.docker.internal:host-gateway
+    environment:
+      CB_SERVER_NAME: CloudBeaver
+      CB_ADMIN_NAME: admin
+      CB_ADMIN_PASSWORD: admin
+    ports:
+      - ${APP_PORT}:8978
+    volumes:
+      - ${APP_DATA_DIR}/data:/opt/cloudbeaver/workspace
+    labels:
+      generated: true
+      traefik.enable: true
+      traefik.docker.network: runtipi_tipi_main_network
+      traefik.http.middlewares.cloudbeaver-runtipi-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.cloudbeaver-runtipi.loadbalancer.server.port: "8978"
+      traefik.http.routers.cloudbeaver-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.cloudbeaver-runtipi-insecure.entrypoints: web
+      traefik.http.routers.cloudbeaver-runtipi-insecure.service: cloudbeaver-runtipi
+      traefik.http.routers.cloudbeaver-runtipi-insecure.middlewares: cloudbeaver-runtipi-web-redirect
+      traefik.http.routers.cloudbeaver-runtipi.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.cloudbeaver-runtipi.entrypoints: websecure
+      traefik.http.routers.cloudbeaver-runtipi.service: cloudbeaver-runtipi
+      traefik.http.routers.cloudbeaver-runtipi.tls.certresolver: myresolver
+      runtipi.managed: true
+      runtipi.appurn: cloudbeaver:runtipi
+networks:
+  tipi_main_network:
+    name: runtipi_tipi_main_network
+    external: true
+  cloudbeaver_runtipi_network:
+    name: cloudbeaver_runtipi_network
+    external: false
+    ipam:
+      config:
+        - subnet: 10.128.18.0/24
+

apps/cloudbeaver/metadata/description.md

@@ -0,0 +1,27 @@
+# CloudBeaver
+
+CloudBeaver is a web-based database management platform that provides a rich web interface for working with databases directly from your browser.
+
+## Features
+
+- **Multi-Database Support**: Works with PostgreSQL, MySQL, MariaDB, SQL Server, Oracle, DB2, SQLite, Firebird, and many more
+- **Web-Based Interface**: No desktop client needed - access from any modern web browser
+- **Connection Management**: Easily manage multiple database connections
+- **SQL Editor**: Full-featured SQL editor with syntax highlighting and autocomplete
+- **Data Visualization**: View and edit data in intuitive table views
+- **Query History**: Keep track of all your executed queries
+- **User Management**: Multi-user support with role-based access control
+- **Import/Export**: Import and export data in various formats
+
+## Getting Started
+
+After installation:
+
+1. Access CloudBeaver at the configured port (default: **8978**)
+2. Default credentials: **admin** / **admin**
+3. Change the default password on first login
+4. Create database connections to start managing your databases
+
+## Connecting to Host Databases
+
+To connect to databases running on your host machine, use **`host.docker.internal`** as the hostname in your connection settings.

apps/nginx-proxy-manager/config.json

@@ -0,0 +1,27 @@
+{
+  "name": "Nginx Proxy Manager",
+  "id": "nginx-proxy-manager",
+  "available": true,
+  "short_desc": "Docker container for managing Nginx proxy hosts with a simple, powerful web interface",
+  "author": "jc21",
+  "port": 81,
+  "categories": [
+    "utilities",
+    "network"
+  ],
+  "description": "Nginx Proxy Manager enables you to easily forward to your websites running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt.",
+  "tipi_version": 1,
+  "version": "2.13.5",
+  "source": "https://github.com/NginxProxyManager/nginx-proxy-manager",
+  "website": "https://nginxproxymanager.com",
+  "exposable": true,
+  "dynamic_config": true,
+  "no_gui": false,
+  "form_fields": [],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ],
+  "created_at": 1731607800000,
+  "updated_at": 1731607800000
+}

apps/nginx-proxy-manager/docker-compose.json

@@ -0,0 +1,37 @@
+{
+  "schemaVersion": 2,
+  "services": [
+    {
+      "name": "nginx-proxy-manager",
+      "image": "jc21/nginx-proxy-manager:2.13.5",
+      "isMain": true,
+      "internalPort": 81,
+      "addPorts": [
+        {
+          "containerPort": 80,
+          "hostPort": 1080
+        },
+        {
+          "containerPort": 443,
+          "hostPort": 10443
+        }
+      ],
+      "environment": [
+        {
+          "key": "DISABLE_IPV6",
+          "value": "true"
+        }
+      ],
+      "volumes": [
+        {
+          "hostPath": "${APP_DATA_DIR}/data",
+          "containerPath": "/data"
+        },
+        {
+          "hostPath": "${APP_DATA_DIR}/letsencrypt",
+          "containerPath": "/etc/letsencrypt"
+        }
+      ]
+    }
+  ]
+}

apps/nginx-proxy-manager/docker-compose.yml

@@ -0,0 +1,45 @@
+services:
+  nginx-proxy-manager:
+    image: jc21/nginx-proxy-manager:2.13.5
+    restart: unless-stopped
+    networks:
+      nginx-proxy-manager_runtipi_network:
+        gw_priority: 0
+      tipi_main_network:
+        gw_priority: 1
+    environment:
+      DISABLE_IPV6: "true"
+    ports:
+      - 1080:80
+      - 10443:443
+      - ${APP_PORT}:81
+    volumes:
+      - ${APP_DATA_DIR}/data:/data
+      - ${APP_DATA_DIR}/letsencrypt:/etc/letsencrypt
+    labels:
+      generated: true
+      traefik.enable: true
+      traefik.docker.network: runtipi_tipi_main_network
+      traefik.http.middlewares.nginx-proxy-manager-runtipi-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.nginx-proxy-manager-runtipi.loadbalancer.server.port: "81"
+      traefik.http.routers.nginx-proxy-manager-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.nginx-proxy-manager-runtipi-insecure.entrypoints: web
+      traefik.http.routers.nginx-proxy-manager-runtipi-insecure.service: nginx-proxy-manager-runtipi
+      traefik.http.routers.nginx-proxy-manager-runtipi-insecure.middlewares: nginx-proxy-manager-runtipi-web-redirect
+      traefik.http.routers.nginx-proxy-manager-runtipi.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.nginx-proxy-manager-runtipi.entrypoints: websecure
+      traefik.http.routers.nginx-proxy-manager-runtipi.service: nginx-proxy-manager-runtipi
+      traefik.http.routers.nginx-proxy-manager-runtipi.tls.certresolver: myresolver
+      runtipi.managed: true
+      runtipi.appurn: nginx-proxy-manager:runtipi
+networks:
+  tipi_main_network:
+    name: runtipi_tipi_main_network
+    external: true
+  nginx-proxy-manager_runtipi_network:
+    name: nginx-proxy-manager_runtipi_network
+    external: false
+    ipam:
+      config:
+        - subnet: 10.128.11.0/24
+

apps/nginx-proxy-manager/metadata/description.md

@@ -0,0 +1,108 @@
+<p align="center">
+	<img src="https://nginxproxymanager.com/github.png">
+	<br><br>
+	<img src="https://img.shields.io/badge/version-2.13.5-green.svg?style=for-the-badge">
+	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
+		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
+	</a>
+	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
+		<img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge">
+	</a>
+</p>
+
+This project comes as a pre-built docker image that enables you to easily forward to your websites
+running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt.
+
+- [Quick Setup](#quick-setup)
+- [Full Setup](https://nginxproxymanager.com/setup/)
+- [Screenshots](https://nginxproxymanager.com/screenshots/)
+
+## Project Goal
+
+I created this project to fill a personal need to provide users with an easy way to accomplish reverse
+proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed.
+While there might be advanced options they are optional and the project should be as simple as possible
+so that the barrier for entry here is low.
+
+<a href="https://www.buymeacoffee.com/jc21" target="_blank"><img src="http://public.jc21.com/github/by-me-a-coffee.png" alt="Buy Me A Coffee" style="height: 51px !important;width: 217px !important;" ></a>
+
+
+## Features
+
+- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/)
+- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
+- Free SSL using Let's Encrypt or provide your own custom SSL certificates
+- Access Lists and basic HTTP Authentication for your hosts
+- Advanced Nginx configuration available for super users
+- User management, permissions and audit log
+
+
+## Hosting your home network
+
+I won't go in to too much detail here but here are the basics for someone new to this self-hosted world.
+
+1. Your home router will have a Port Forwarding section somewhere. Log in and find it
+2. Add port forwarding for port 80 and 443 to the server hosting this project
+3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns)
+4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services
+
+## Quick Setup
+
+1. Install Docker and Docker-Compose
+
+- [Docker Install documentation](https://docs.docker.com/install/)
+- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
+
+2. Create a docker-compose.yml file similar to this:
+
+```yml
+services:
+  app:
+    image: 'docker.io/jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      - '80:80'
+      - '81:81'
+      - '443:443'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+```
+
+This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more.
+
+3. Bring up your stack by running
+
+```bash
+docker compose up -d
+```
+
+4. Log in to the Admin UI
+
+When your docker container is running, connect to it on port `81` for the admin interface.
+Sometimes this can take a little bit because of the entropy of keys.
+
+[http://127.0.0.1:81](http://127.0.0.1:81)
+
+
+## Contributing
+
+All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch.
+
+CI is used in this project. All PR's must pass before being considered. After passing,
+docker builds for PR's are available on dockerhub for manual verifications.
+
+Documentation within the `develop` branch is available for preview at
+[https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com)
+
+
+### Contributors
+
+Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors).
+
+
+## Getting Support
+
+1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues)
+2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions)
+3. [Reddit](https://reddit.com/r/nginxproxymanager)