This simple project uses Traefik as a reverse proxy to a Streamlit application and handles SSL certs with Lets Encrypt.
- Chat: Chat with AI.
- Stock Analysis Assistant: AI assistant using GROQ and llama3.
- Redlib: Reddit libre.
- Blog
- Beyond All Information: analyse your Beyond All Reason games.
- CheatSheets: Collection of cheatsheets.
- Forum: Host your own forum.
- Neural Network Playground: Understand neural network visually.
- Note: Notepad Online.
- pastebin: Pastebin.
- Home server: Build for ARM64 platform
- Docker Compose
- Build for ARM64 platform
git clone https://github.com/furyhawk/cloudy.git
cd cloudy
git submodule update --init --recursive
- In
compose/traefik/traefik.yml
, change[email protected]
to your email. - In
compose/traefik/traefik.yml
, changeexample.com
to your domain. sudo apt-get install build-essential
(if not already installed) to use makefile.mkdir ~/st-sync
syncthing folder.mkdir ~/site
public site folder.mkdir ./compose/config
to store config.cp .env.example ./compose/.env && cp .env ~/config/.env
cp ./compose/config/conf.php ~/config/conf.php
cp usersfile.example ./compose/usersfile
make serve
docker swarm init
docker network create -d overlay --attachable traefik-public
make deploy-core
docker service logs core_traefik --details
# Declaring the user list
#
# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
#
# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
middleware:
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disable some features
Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
# Disable some features (legacy)
Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
# Referer
Referrer-Policy "no-referrer"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"