From c3e9305bce9fd1aaf165779fb46570c683750e6f Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sun, 4 May 2025 00:10:22 -0700
Subject: Tried to use docker ingress to solve x-real-ip on mail daemon but it
 didn't work for other ports

---
 .../roles/nginx_proxy/templates/docker-compose.yml | 58 ++++++++++++++++++++++
 .../templates/toplevel.conf.d/stream.conf          | 55 ++++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100644 playbooks/roles/nginx_proxy/templates/docker-compose.yml
 create mode 100644 playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf

(limited to 'playbooks/roles/nginx_proxy/templates')

diff --git a/playbooks/roles/nginx_proxy/templates/docker-compose.yml b/playbooks/roles/nginx_proxy/templates/docker-compose.yml
new file mode 100644
index 0000000..33b3243
--- /dev/null
+++ b/playbooks/roles/nginx_proxy/templates/docker-compose.yml
@@ -0,0 +1,58 @@
+---
+
+services:
+  nginx-proxy:
+    image: nginxproxy/nginx-proxy
+    container_name: nginx-proxy
+    ports:
+      # http
+      - "80:80"
+      - "443:443"
+      # smtp
+      - "25:25"
+      - "465:465"
+      - "587:587"
+      # imap
+      - "993:993"
+      # sieve
+      - "4190:4190"
+      # src
+      - "2222:2222"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - {{ nginx_proxy_base }}/certs:/etc/nginx/certs
+      - {{ nginx_proxy_base }}/toplevel.conf.d:/etc/nginx/toplevel.conf.d
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ deployment_time }}
+      - NO_COLOR=1
+      - LOG_JSON=true
+      - TRUST_DOWNSTREAM_PROXY=false
+    networks:
+      - proxy
+    labels:
+      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
+
+  nginx-acme-companion:
+    image: nginxproxy/acme-companion
+    depends_on:
+      - nginx-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - acme:/etc/acme.sh
+      - {{ nginx_proxy_base }}/certs:/etc/nginx/certs
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ deployment_time }}
+      - DEFAULT_EMAIL={{ certs_email }}
+      - ACME_CHALLENGE=DNS-01
+      - "ACMESH_DNS_API_CONFIG={'DNS_API': 'dns_cf', 'CF_Key': '{{ cloudflare_token }}', 'CF_Email': '{{ cloudflare_email }}'}"
+    networks:
+      - proxy
+
+volumes:
+  acme:
+
+networks:
+  proxy:
+    name: proxy
diff --git a/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf
new file mode 100644
index 0000000..3e7c125
--- /dev/null
+++ b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf
@@ -0,0 +1,55 @@
+{% if not homelab_build %}
+
+stream {
+    upstream imaps {
+        server {{ vpn_proxy_filter_container_name }}:993;
+    }
+    upstream smtps {
+        server {{ vpn_proxy_filter_container_name }}:465;
+    }
+    upstream smtptls {
+        server {{ vpn_proxy_filter_container_name }}:587;
+    }
+    upstream smtp {
+        server {{ vpn_proxy_filter_container_name }}:25;
+    }
+    upstream managesieve {
+        server {{ vpn_proxy_filter_container_name }}:4190;
+    }
+
+    upstream src {
+        server {{ vpn_proxy_filter_container_name }}:2222;
+    }
+
+    server {
+        listen     993;
+        proxy_pass imaps;
+        proxy_protocol on;
+    }
+    server {
+        listen     25;
+        proxy_pass smtp;
+        proxy_protocol on;
+    }
+    server {
+        listen     587;
+        proxy_pass smtptls;
+        proxy_protocol on;
+    }
+    server {
+        listen     465;
+        proxy_pass smtps;
+        proxy_protocol on;
+    }
+    server {
+        listen     4190;
+        proxy_pass managesieve;
+        proxy_protocol on;
+    }
+    server {
+        listen     2222;
+        proxy_pass src;
+    }
+}
+
+{% endif %}
-- 
cgit v1.2.3-70-g09d2