Initial Build

This commit is contained in:
John Doe
2025-11-30 19:17:32 -05:00
commit 6f303873db
5 changed files with 338 additions and 0 deletions
+7
View File
@@ -0,0 +1,7 @@
#GlueTUN Config Example
IRC_AIRVPN_PORT=3000
IRC_DDNS=irc.airdns.org
WIREGUARD_PRIVATE_KEY=1234567890
WIREGUARD_PRESHARED_KEY=1234567890
WIREGUARD_ADDRESSES=10.99.99.99/32,ff:ff:ff...:ff/128
+201
View File
@@ -0,0 +1,201 @@
# Drop-Shielded
A secure, VPN-protected Drop media server setup using Docker Compose with Gluetun VPN tunnel, PostgreSQL database, and Nginx reverse proxy with SSL termination.
## Features
- 🔒 **VPN Protection**: All traffic routed through AirVPN using Gluetun
- 🗄️ **Database**: PostgreSQL 14 with health checks
- 🔐 **SSL/HTTPS**: Self-signed certificates with Nginx reverse proxy
- 📁 **Media Library**: Configurable library paths for media storage
- 🐳 **Containerized**: Fully containerized setup with Docker Compose
## Architecture
```
Internet → AirVPN (Gluetun) → Nginx (SSL) → Drop Application
PostgreSQL Database
```
## Prerequisites
- Docker or Podman with Compose
- AirVPN Wireguard configuration
- OpenSSL (for certificate generation)
## Quick Start
1. **Clone the repository**
```bash
git clone https://github.com/BillyOutlast/Drop-Shielded.git
cd Drop-Shielded
```
2. **Configure environment**
```bash
cp .env.example .env
# Edit .env with your configuration
```
3. **Generate SSL certificates**
```bash
bash ./generate-certs.sh
```
4. **Start the services**
```bash
docker-compose up -d
# or with Podman
podman-compose up -d
```
5. **Access your Drop server**
- URL: `https://your-domain:your-port`
- Default: `https://drop.airdns.org:3000`
## Configuration
### Environment Variables
Copy `.env.example` to `.env` and configure:
| Variable | Description | Example |
|----------|-------------|---------|
| `DROP_AIRVPN_PORT` | External port for Drop access | `3000` |
| `DROP_DDNS` | Your domain/DDNS hostname | `drop.airdns.org` |
| `WIREGUARD_PRIVATE_KEY` | Your AirVPN private key | `your-private-key` |
| `WIREGUARD_PRESHARED_KEY` | Your AirVPN preshared key | `your-preshared-key` |
| `WIREGUARD_ADDRESSES` | Your AirVPN IP addresses | `10.99.99.99/32` |
| `POSTGRES_PASSWORD` | PostgreSQL password | `drop` |
| `POSTGRES_USER` | PostgreSQL username | `drop` |
| `POSTGRES_DB` | PostgreSQL database name | `drop` |
| `LIBRARY_PATH` | Path to your media library | `./library` |
| `DROP_DATA_PATH` | Path to Drop data directory | `./data` |
### AirVPN Setup
1. Log into your AirVPN account
2. Generate a Wireguard configuration
3. Extract the private key, preshared key, and addresses
4. Add these to your `.env` file
### SSL Certificates
The setup uses self-signed certificates generated by the included script:
```bash
./generate-certs.sh
```
This creates:
- `nginx/certs/server.crt` - SSL certificate
- `nginx/certs/server.key` - Private key
- `nginx/certs/server.pem` - Certificate bundle
### Library Configuration
#### Single Library
Use `LIBRARY_PATH` for a single media library:
```env
LIBRARY_PATH=./library
```
#### Multiple Libraries
Uncomment and configure multiple library paths in `docker-compose.yaml`:
```yaml
volumes:
- ${LIBRARY_PATH_1}:/library/1
- ${LIBRARY_PATH_2}:/library/2
```
## Services
### Gluetun VPN
- **Image**: `qmcgaw/gluetun`
- **Purpose**: VPN tunnel for all traffic
- **Network**: Host for other containers
### PostgreSQL
- **Image**: `postgres:14-alpine`
- **Purpose**: Database for Drop application
- **Health Check**: Built-in readiness probe
### Nginx
- **Image**: `nginx:alpine`
- **Purpose**: SSL termination and reverse proxy
- **Port**: Configurable via `DROP_AIRVPN_PORT`
### Drop
- **Image**: `ghcr.io/drop-oss/drop:latest`
- **Purpose**: Media server application
- **Dependencies**: PostgreSQL health check
## File Structure
```
Drop-Shielded/
├── docker-compose.yaml # Main compose configuration
├── .env.example # Environment template
├── .env # Your configuration (create from example)
├── generate-certs.sh # SSL certificate generator
├── nginx/
│ ├── nginx.conf # Nginx configuration
│ └── certs/ # SSL certificates (generated)
├── db/ # PostgreSQL data
├── data/ # Drop application data
├── gluetun/ # Gluetun configuration
└── library/ # Media library
```
## Troubleshooting
### VPN Connection Issues
1. Verify your AirVPN credentials in `.env`
2. Check Gluetun logs: `docker-compose logs gluetun`
3. Ensure your AirVPN account is active
### SSL Certificate Issues
1. Regenerate certificates: `bash ./generate-certs.sh`
2. Verify certificate permissions
3. Check Nginx logs: `docker-compose logs nginx`
### Database Connection Issues
1. Wait for PostgreSQL to start completely
2. Check health status: `docker-compose ps`
3. Verify database credentials in `.env`
### Port Access Issues
1. Ensure `DROP_AIRVPN_PORT` is correctly configured
2. Check firewall settings
3. Verify VPN port forwarding
## Security Notes
- All traffic is routed through the VPN
- Self-signed certificates provide encryption but will show browser warnings
- Database is only accessible within the container network
- Media libraries are mounted read-only where possible
## Contributing
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test the configuration
5. Submit a pull request
## License
This project is open source. Please check individual component licenses:
- [Drop](https://github.com/drop-oss/drop)
- [Gluetun](https://github.com/qdm12/gluetun)
- [PostgreSQL](https://www.postgresql.org/)
- [Nginx](https://nginx.org/)
## Support
For issues related to:
- **Drop application**: [Drop GitHub Issues](https://github.com/drop-oss/drop/issues)
- **VPN connectivity**: [Gluetun GitHub Issues](https://github.com/qdm12/gluetun/issues)
- **This setup**: [Create an issue](https://github.com/BillyOutlast/Drop-Shielded/issues)
+58
View File
@@ -0,0 +1,58 @@
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun-IRC-shielded
restart: unless-stopped
networks:
gluetun-IRC-network:
ipv4_address: 172.21.0.20
cap_add:
- NET_ADMIN
- NET_RAW
devices:
- /dev/net/tun:/dev/net/tun
ports:
- "${IRC_AIRVPN_PORT}:${IRC_AIRVPN_PORT}"
volumes:
- ./gluetun:/gluetun
environment:
- HOSTNAME=gluetun-IRC-shielded
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
- WIREGUARD_PRESHARED_KEY=${WIREGUARD_PRESHARED_KEY}
- WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES}
- FIREWALL_VPN_INPUT_PORTS=${IRC_AIRVPN_PORT}
nginx:
image: nginx:alpine
container_name: nginx-IRC-shielded
network_mode: "service:gluetun"
restart: unless-stopped
environment:
- HOSTNAME=nginx-IRC-shielded
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/certs:/etc/nginx/certs:ro
security_opt:
- "label=disable"
depends_on:
- drop
thelounge:
image: ghcr.io/thelounge/thelounge:latest
container_name: thelounge
network_mode: "service:gluetun"
environment:
- HOSTNAME=thelounge-IRC-shielded
ports:
- "9000:9000"
volumes:
- ./thelounge:/var/opt/thelounge
restart: always
networks:
gluetun-IRC-network:
driver: bridge
name: gluetun-IRC-network
ipam:
config:
- subnet: 172.21.0.0/16
+30
View File
@@ -0,0 +1,30 @@
#!/bin/bash
# Create certificates directory
mkdir -p ./nginx/certs
# Generate private key
openssl genrsa -out ./nginx/certs/server.key 2048
# Generate certificate signing request
openssl req -new -key ./nginx/certs/server.key -out ./nginx/certs/server.csr -subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=localhost"
# Generate self-signed certificate (valid for 365 days)
openssl x509 -req -days 365 -in ./nginx/certs/server.csr -signkey ./nginx/certs/server.key -out ./nginx/certs/server.crt
# Create certificate bundle
cat ./nginx/certs/server.crt > ./nginx/certs/server.pem
cat ./nginx/certs/server.key >> ./nginx/certs/server.pem
# Set proper permissions
chmod 600 ./nginx/certs/server.key
chmod 644 ./nginx/certs/server.crt
chmod 644 ./nginx/certs/server.pem
# Clean up CSR file
rm ./nginx/certs/server.csr
echo "Self-signed certificates generated successfully!"
echo "Certificate: ./nginx/certs/server.crt"
echo "Private Key: ./nginx/certs/server.key"
echo "Bundle: ./nginx/certs/server.pem"
+42
View File
@@ -0,0 +1,42 @@
events {
worker_connections 1024;
}
http {
upstream drop_backend {
server drop-shielded:9000;
}
# HTTPS server
server {
listen ${IRC_AIRVPN_PORT} ssl;
server_name _;
# SSL configuration
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://drop_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# Handle WebSocket connections if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
}