-
Dockerized Reactjs
1 Januari 2022
Dockerfile reactjs FROM node:14-alpine AS builder #ENV NODE_ENV production WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build FROM nginx:stable-alpine as production #ENV NODE_ENV production COPY --from=builder /app/build /usr/share/nginx/html COPY nginx.conf /etc/nginx/conf.d/default.conf EXPOSE 80 CMD ["nginx", "-g", "daemon off;"] docker-compose reactjs version:'3.8'services:myapp:deploy:mode:replicatedreplicas:2image:registry.domain.tld/sumar/myapp:latestrestart:alwaysnetworks:- proxy-networknetworks:proxy-network:external:true
-
Dockerized Adonisjs
1 Januari 2022
Dockerfile for production build ARG NODE_IMAGE=node:16.13.1-alpine FROM $NODE_IMAGE AS base RUN apk --no-cache add dumb-init RUN mkdir -p /home/node/app && chown node:node /home/node/app WORKDIR /home/node/app USER node RUN mkdir tmp FROM base AS dependencies COPY --chown=node:node ./package*.json ./ RUN npm ci COPY --chown=node:node . . FROM dependencies AS build RUN node ace build --production FROM base AS production ENV NODE_ENV=production ENV PORT=3333 ENV HOST=0.0.0.0 COPY --chown=node:node ./package*.json ./ RUN npm ci --production COPY --chown=node:node --from=build /home/node/app/build .…
-
Logrotate Supervisor
1 Januari 2022
supervisor example cat /etc/supervisor/conf.d/myapi.conf [program:myapi-scheduler] command=docker exec -t my-api-1 node ace scheduler:run stdout_logfile=/var/log/supervisor/%(program_name)s.log stderr_logfile=/var/log/supervisor/%(program_name)s.log autorestart=true autostart=true stdout_logfile_maxbytes=0 stdout_logfile_backups=0 stderr_logfile_maxbytes=0 stderr_logfile_backups=0 user=myapi group=myapi logrotate example cat /etc/logrotate.d/supervisor-myapi /var/log/supervisor/*.log { daily missingok rotate 7 compress delaycompress notifempty copytruncate } result example ls /var/log/supervisor/ myapi-scheduler.log myapi-scheduler.log.2.gz myapi-scheduler.log.4.gz myapi-scheduler.log.6.gz supervisord.log supervisord.log.2.gz myapi-scheduler.log.1 myapi-scheduler.log.3.gz myapi-scheduler.log.5.gz myapi-scheduler.log.7.gz supervisord.log.1 supervisord.log.3.gz
-
Kubernetes Adguardhome
21 Januari 2022
Menjalankan adguardhome di atas kubernetes v1.23.5 menggunakan YAML manifest. YAML berikut ini mencakup definisi untuk object PersistentVolumeClaim, Deployment, Service, and Ingress Setelah selesai deploy, kita bisa pakai service DNS AdguarHome untuk wireguard yang pernah dibuat di artikel sebelumnya: Kubernetes Wireguard Pakai Wg Easy dengan cara mengganti DNS di konfirgurasi client. ---apiVersion:apps/v1kind:Deploymentmetadata:name:adguardhomenamespace:adguardhomelabels:app:adguardhomespec:replicas:1strategy:type:RollingUpdaterollingUpdate:maxUnavailable:1maxSurge:0selector:matchLabels:app:adguardhometemplate:metadata:labels:app:adguardhomespec:containers:- name:adguardhomeimage:adguard/adguardhome:latestsecurityContext:privileged:falseallowPrivilegeEscalation:falseports:- containerPort:3000protocol:TCP- containerPort:53protocol:UDPresources:requests:memory:"128Mi"cpu:"100m"limits:memory:"256Mi"readinessProbe:httpGet:path:/port:3000livenessProbe:httpGet:path:/port:3000volumeMounts:- name:adguardhome-configmountPath:/opt/adguardhome/conf- name:adguardhome-logsmountPath:/opt/adguardhome/workvolumes:- name:adguardhome-configpersistentVolumeClaim:claimName:adguardhome- name:adguardhome-logsemptyDir:{}---# Persistent volume claim to store all AdGuard Home configuration dataapiVersion:v1kind:PersistentVolumeClaimmetadata:name:adguardhomenamespace:adguardhomelabels:app:adguardhomespec:storageClassName:openebs-dataaccessModes:- ReadWriteOnceresources:requests:storage:2Gi---# Service definition for the AdGuard Home web interface and DNS portapiVersion:v1kind:Servicemetadata:name:adguardhomenamespace:adguardhomelabels:app:adguardhomespec:type:ClusterIPselector:app:adguardhomeports:- port:3000targetPort:3000protocol:TCPname:adguard-dashboard- port:53targetPort:53protocol:UDPname:adguard-dns---apiVersion:networking.…
-
Kubernetes Wireguard Pakai Wg Easy
20 Januari 2022
WireGuard Easy, The easiest way to run WireGuard VPN + Web-based Admin UI. Karena belum ada yang share cara deploy wg-easy ke kubernetes selain pakai helm, maka aku tulis ini. Sekadar catatan bagaimana aku deploy wireguard VPN diatas kubernetes. ---apiVersion:v1kind:PersistentVolumeClaimmetadata:name:wg-easy-pvcnamespace:wireguardspec:storageClassName:openebs-dataaccessModes:- ReadWriteOnceresources:requests:storage:0.25Gi---apiVersion:apps/v1kind:Deploymentmetadata:name:wg-easynamespace:wireguardlabels:app:wg-easyspec:replicas:1strategy:type:Recreateselector:matchLabels:app:wg-easytemplate:metadata:labels:app:wg-easyspec:restartPolicy:AlwaysinitContainers:- name:initimage:busybox:1.32.0command:- sh- -c- sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.forwarding=1securityContext:privileged:truecapabilities:add:- NET_ADMINcontainers:- name:wg-easyimage:weejewel/wg-easysecurityContext:privileged:truecapabilities:add:- NET_ADMINports:- containerPort:51820protocol:UDPname:wg- containerPort:51821protocol:TCPname:wg-dashboardenv:- name:WG_HOSTvalue:"sub.domain.tld"- name:PASSWORDvalue:"your-dashboard-password"- name:WG_DEFAULT_DNSvalue:"8.8.8.8"# - name: "WG_PORT"# value: "51820"# - name: "WG_DEFAULT_ADDRESS"# value: "10.8.0.x"# - name: "WG_MTU"# value: "1420"# - name: "WG_ALLOWED_IPS"# value: "192.…
-
Nyobain Podman Di Debian 11
17 Januari 2022
Catatan ketika aku nyobain rootless podman di Debian 11 Install Podman echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_11/ /" | sudo tee /etc/apt/sources.list.d/libcontainers.list curl -L "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_11/Release.key" | sudo apt-key add - sudo apt update && sudo apt install podman -y Menambahkan docker registry dan mirror google sudo nano /etc/containers/registries.conf # Tambahkan ini unqualified-search-registries = ['registry.fedoraproject.org', 'docker.io'] [[registry]] prefix = "docker.io" location = "docker.io" [[registry.mirror]] location = "mirror.gcr.io" Enable linger untuk user yang aku pakai Podman ini daemonless, supaya container bisa tetap jalan meskipun sesi user habis maka perlu enable linger kemudian reboot mesin…
-
Acme Dns Docker Compose
30 Januari 2022
DNS entry at Cloudflare Name Type Value Proxied auth.acme-dns NS ns.acme-dns.sumarsono.com no ns.acme-dns A my public ip address no config/config.cfg [general] debug = false listen = "0.0.0.0:53" protocol = "both" domain = "auth.acme-dns.sumarsono.com" nsname = "ns.acme-dns.sumarsono.com" nsadmin = "sumarsono.com" # Note # In Cloudflare, I have 2 records: # type name content # NS auth.acme-dns ns.acme-dns.sumarsono.com # A ns.…
-
Vaultwarden Caddy Docker Compose
29 Januari 2022
Caddy v2 cat caddy/docker-compose.yaml version:'3'services:caddy:image:caddy:alpinecontainer_name:webserverrestart:unless-stoppedports:- 80:80- 443:443volumes:- ./caddy_data:/data- ./caddy_config:/config- ./Caddyfile:/etc/caddy/Caddyfilenetworks:- proxy-networknetworks:proxy-network:external:truecat caddy/Caddyfile { email [email protected] acme_ca https://acme.zerossl.com/v2/DV90 # optional # acme_eab { # key_id your kbid # mac_key your hmac key # } } (security_header) { header { Content-Security-Policy "upgrade-insecure-requests" #Strict-Transport-Security max-age=31536000; X-Content-Type-Options nosniff; X-XSS-Protection "1; mode=block;" X-Robots-Tag none; X-Frame-Options SAMEORIGIN; Referrer-Policy no-referrer-when-downgrade; } } (cors) { @origin{args.0} header Origin {args.0} header @origin{args.0} Access-Control-Allow-Origin "{args.0}" header @origin{args.0} Vary Origin } yoursub.…
-
Docker Compose: Traefik Ghost Mysql Docker Compose
17 Januari 2022
Create internal docker network and public docker network: docker network create internal-network; docker network create proxy-network; Traefik docker-compose.yaml mkdir ~/traefik; cd ~/traefik; cat <<yaml > docker-compose.yaml version: "3.8" services: traefik: image: "traefik:v2.5" container_name: "traefik" restart: unless-stopped command: #- "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entryPoints.web.forwardedHeaders.insecure" ports: - "80:80" - "8080:8080" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" networks: - proxy-network labels: - "traefik.docker.network=proxy-network" deploy: resources: limits: cpus: '0.50' memory: 50M reservations: cpus: '0.…
-
Github Actions Build Hugo Static Site and Archive Build Result to Artifact
16 Januari 2022
cat .github/workflows/main.yml name:Build Hugo Static Websiteon:push:branches:[hugo.sumarsono.com ]pull_request:branches:[main ]# Allows you to run this workflow manually from the Actions tabworkflow_dispatch:jobs:deploy:runs-on:ubuntu-20.04concurrency:group:${{ github.workflow }}-${{ github.ref }}steps:- name:Git checkout and update themeuses:actions/[email protected]:submodules:true# Fetch Hugo themes (true OR recursive)fetch-depth:0# Fetch all history for .GitInfo and .Lastmod- name:Get commit short SHArun:echo "SHORT_SHA=`git rev-parse --short HEAD`" >> $GITHUB_ENV- name:Setup hugouses:peaceiris/[email protected]:hugo-version:"0.92.2"extended:true- name:Cache Hugo moduleuses:actions/[email protected]:path:/tmp/hugo_cachekey:${{ runner.os }}-hugomod-${{ hashFiles('**/go.sum') }}restore-keys:|${{ runner.os }}-hugomod-- name:Build websiterun:hugo --minify- name:Archive build result to artifactsuses:actions/[email protected]:name:build-result-${{ env.…