packages.conf
server {
listen *:443 ssl http2;
server_name packages.xmyunce.com;
ssl_certificate /usr/local/nginx/ssl/packages.xmyunce.com/4676168_packages.xmyunce.com.pem;
ssl_certificate_key /usr/local/nginx/ssl/packages.xmyunce.com/4676168_packages.xmyunce.com.key;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
access_log off;
error_log /var/log/nginx/pkg_error.log;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 16k;
gzip_http_version 1.1;
gzip_min_length 2048;
gzip_types text/css image/svg+xml application/octet-stream application/javascript text/javascript application/json;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS "on";
proxy_pass http://127.0.0.1:9090/;
}
}
server {
if ($host = pkg.okvpn.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
return 301 https://$host$request_uri;
server_name packages.xmyunce.com;
}
docker-compose.yml
version: '3'
services:
postgres:
hostname: postgres
container_name: pgsql-pkg
image: postgres:9.6
volumes:
- .docker/db:/var/lib/postgresql/data
environment:
POSTGRES_DB: packagist
POSTGRES_PASSWORD: 123456
expose:
- "5432"
packagist:
image: okvpn/packeton:latest
container_name: packagist
restart: unless-stopped
hostname: packagist
volumes:
- .docker/redis:/var/lib/redis # Redis data
- .docker/zipball:/var/www/packagist/app/zipball # Zipped archive cache for "dist" downloads
- .docker/composer:/var/www/.composer # Composer cache
- .docker/ssh:/var/www/.ssh # Share here your ssh keys
environment:
PRIVATE_REPO_DOMAIN_LIST: bitbucket.org gitlab.com github.com
PACKAGIST_DIST_HOST: https://packages.xmyunce.com # Dist url to download the zip package.
DATABASE_HOST: postgres
DATABASE_PORT: 5432
DATABASE_DRIVER: pdo_pgsql
DATABASE_USER: postgres
DATABASE_NAME: packagist
DATABASE_PASSWORD: 123456
ADMIN_USER: admin
ADMIN_PASSWORD: composer
ADMIN_EMAIL: admin@example.com
GITHUB_NO_API: 'true'
ports:
- 127.0.0.1:9090:80
gitea-docker
docker-compose.yml
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1234
- USER_GID=1234
restart: always
networks:
- gitea
volumes:
- /var/lib/gitea:/data
- /home/git/.ssh/:/data/git/.ssh/
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "10022:22"
SSH穿透
groupadd -g 1234 git
adduser -u 1234 -g 1234 git
su git
ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
/app/gitea/gitea
#!/bin/sh
ssh -p 10022 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
chomd +x gitea
生成authorized_keys
cp /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys