Update Docker readme (#4320)

* Update Docker readme #fix https://github.com/FreshRSS/FreshRSS/issues/3351 * A few more headers https://github.com/FreshRSS/FreshRSS/issues/3649 https://doc.traefik.io/traefik/middlewares/http/headers/ * Another docker logs example * More uniform * Minor details
author: Alexandre Alapetite <alexandre@alapetite.fr> 2022-04-24 18:35:25 +0200
committer: GitHub <noreply@github.com> 2022-04-24 18:35:25 +0200
commit: 4e16dd1ae5a8a21f49ead8aff61115819f43a3dc (patch)
tree: 42f4f217bb6411d41d4954003b6843056269db6d /Docker/freshrss
parent: 20e0b848b177e7cfd6554eb831489a51dd03964a (diff)
7 files changed, 167 insertions, 0 deletions
diff --git a/Docker/freshrss/docker-compose-db.yml b/Docker/freshrss/docker-compose-db.yml
new file mode 100644
index 000000000..b845947b6
--- /dev/null
+++ b/Docker/freshrss/docker-compose-db.yml
@@ -0,0 +1,21 @@
+version: "2.4"
+
+volumes:
+  db:
+
+services:
+
+  freshrss-db:
+    image: postgres:14
+    container_name: freshrss-db
+    hostname: freshrss-db
+    restart: unless-stopped
+    logging:
+      options:
+        max-size: 10m
+    volumes:
+      - db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: ${DB_BASE:-freshrss}
+      POSTGRES_USER: ${DB_USER:-freshrss}
+      POSTGRES_PASSWORD: ${DB_PASSWORD:-freshrss}
diff --git a/Docker/freshrss/docker-compose-development.yml b/Docker/freshrss/docker-compose-development.yml
new file mode 100644
index 000000000..db0bbc099
--- /dev/null
+++ b/Docker/freshrss/docker-compose-development.yml
@@ -0,0 +1,7 @@
+version: "2.4"
+
+services:
+
+  freshrss:
+    volumes:
+      - ../..:/var/www/FreshRSS
diff --git a/Docker/freshrss/docker-compose-local.yml b/Docker/freshrss/docker-compose-local.yml
new file mode 100644
index 000000000..989c3c617
--- /dev/null
+++ b/Docker/freshrss/docker-compose-local.yml
@@ -0,0 +1,7 @@
+version: "2.4"
+
+services:
+
+  freshrss:
+    ports:
+      - "${PUBLISHED_PORT:-8080}:${LISTEN:-80}"
diff --git a/Docker/freshrss/docker-compose-proxy.yml b/Docker/freshrss/docker-compose-proxy.yml
new file mode 100644
index 000000000..980e45e67
--- /dev/null
+++ b/Docker/freshrss/docker-compose-proxy.yml
@@ -0,0 +1,57 @@
+version: "2.4"
+
+volumes:
+  traefik-letsencrypt:
+  traefik-tmp:
+
+services:
+
+  traefik:
+    image: traefik:2.6
+    container_name: traefik
+    restart: unless-stopped
+    logging:
+      options:
+        max-size: 10m
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - network
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-tmp:/tmp
+      - traefik-letsencrypt:/etc/traefik/acme
+      - ./traefik/tls.yaml:/etc/traefik/tls.yaml:ro
+    command:
+      - --global.sendAnonymousUsage
+      - --accesslog=true
+      - --api=false
+      - --providers.docker=true
+      - --providers.docker.exposedByDefault=false
+      - --log.level=INFO
+      - --entryPoints.http.address=:80
+      - --entryPoints.https.address=:443
+      - --entryPoints.http.http.redirections.entryPoint.to=https
+      - --entryPoints.http.http.redirections.entryPoint.scheme=https
+      - --certificatesResolvers.letsEncrypt.acme.storage=/etc/traefik/acme/acme.json
+      - --certificatesResolvers.letsEncrypt.acme.email=${ADMIN_EMAIL}
+      - --certificatesResolvers.letsEncrypt.acme.tlsChallenge=true
+      - --providers.file.filename=/etc/traefik/tls.yaml
+    labels:
+      - traefik.enable=false
+
+  freshrss:
+    labels:
+      - traefik.enable=true
+      - traefik.http.middlewares.freshrssM1.compress=true
+      - traefik.http.middlewares.freshrssM2.headers.browserXssFilter=true
+      - traefik.http.middlewares.freshrssM2.headers.forceSTSHeader=true
+      - traefik.http.middlewares.freshrssM2.headers.frameDeny=true
+      - traefik.http.middlewares.freshrssM2.headers.referrerPolicy=no-referrer-when-downgrade
+      - traefik.http.middlewares.freshrssM2.headers.stsSeconds=31536000
+      - traefik.http.routers.freshrss.entryPoints=https
+      - traefik.http.routers.freshrss.middlewares=freshrssM1,freshrssM2
+      - traefik.http.routers.freshrss.rule=Host(`${SERVER_DNS}`)
+      - traefik.http.routers.freshrss.tls.certResolver=letsEncrypt
+      - traefik.http.routers.freshrss.tls=true
diff --git a/Docker/freshrss/docker-compose.yml b/Docker/freshrss/docker-compose.yml
new file mode 100644
index 000000000..075e8d503
--- /dev/null
+++ b/Docker/freshrss/docker-compose.yml
@@ -0,0 +1,22 @@
+version: "2.4"
+
+volumes:
+  data:
+  extensions:
+
+services:
+
+  freshrss:
+    image: freshrss/freshrss
+    container_name: freshrss
+    hostname: freshrss
+    restart: unless-stopped
+    logging:
+      options:
+        max-size: 10m
+    volumes:
+      - data:/var/www/FreshRSS/data
+      - extensions:/var/www/FreshRSS/extensions
+    environment:
+      TZ: Europe/Paris
+      CRON_MIN: '3,33'
diff --git a/Docker/freshrss/example.env b/Docker/freshrss/example.env
new file mode 100644
index 000000000..d40cd775c
--- /dev/null
+++ b/Docker/freshrss/example.env
@@ -0,0 +1,38 @@
+# Example of environment file for docker-compose
+# Copy this file into your own `.env` file
+
+# ================================
+# FreshRSS
+# ================================
+
+ADMIN_EMAIL=admin@example.net
+
+# Published port for development or local use (optional)
+PUBLISHED_PORT=8080
+
+# =========================================
+# For automatic FreshRSS install (optional)
+# =========================================
+
+ADMIN_PASSWORD=freshrss
+ADMIN_API_PASSWORD=freshrss
+
+# Address at which the FreshRSS instance will be reachable:
+BASE_URL=https://freshrss.example.net
+
+# Database server (not relevant if using default SQLite)
+# Use the name of the Docker container if running on the same machine
+DB_HOST=freshrss-db
+
+# ===========================================================
+# Database credentials (not relevant if using default SQLite)
+# ===========================================================
+
+# Database to use
+DB_BASE=freshrss
+
+# User in the freshrss database
+DB_USER=freshrss
+
+# Password for the defined user
+DB_PASSWORD=freshrss
diff --git a/Docker/freshrss/traefik/tls.yml b/Docker/freshrss/traefik/tls.yml
new file mode 100644
index 000000000..8a01f9e6d
--- /dev/null
+++ b/Docker/freshrss/traefik/tls.yml
@@ -0,0 +1,15 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      sniStrict: true
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
author	Alexandre Alapetite <alexandre@alapetite.fr>	2022-04-24 18:35:25 +0200
committer	GitHub <noreply@github.com>	2022-04-24 18:35:25 +0200
commit	4e16dd1ae5a8a21f49ead8aff61115819f43a3dc (patch)
tree	42f4f217bb6411d41d4954003b6843056269db6d /Docker/freshrss
parent	20e0b848b177e7cfd6554eb831489a51dd03964a (diff)