added backup script and backed up qnap

2025-08-20 14:16:37 -04:00
parent 2deb975dae
commit 63fe21d3e9
37 changed files with 1591 additions and 0 deletions
--- a/QNAP/traefik/.env
+++ b/QNAP/traefik/.env
@@ -0,0 +1,12 @@
+ROOT_DOMAIN=kaspers.us
+HTTP_TIMEOUT=60
+POLLING_INTERVAL=10
+PROPAGATION_TIMEOUT=3600
+TTL=300
+PROVIDERS_GOOGLE_CLIENT_ID=<GOOGLE CLIENT ID>
+PROVIDERS_GOOGLE_CLIENT_SECRET=<GOOGLE CLIENT SECRET>
+SECRET=RandomTextGoesHere
+WHITELIST=<YOUR GOOGLE ACCOUNT EMAIL>
+LOG_LEVEL=INFO
+ZONE_ID=7e2d1b9d7e0f7a5056bfaea28f070ba3
+TUNNEL_TOKEN=eyJhIjoiNmZkNGQyNGRhNDNiNTgyZDY3NjA4ZmZlZjU1NDljNGEiLCJ0IjoiOGI1MjBiYjUtNjA5My00YzE3LWE1YjEtZjhmYWNiMThkYjQ3IiwicyI6Ik9URTRNekZpWXpJdE1EVm1PUzAwTUROaUxXRTFNamt0WlRrMll6azVOVEV4TURJMyJ9
--- a/QNAP/traefik/docker-compose.yml
+++ b/QNAP/traefik/docker-compose.yml
@@ -0,0 +1,181 @@
+version: '3.8'
+
+services:
+  reverse-proxy:
+    image: traefik:latest
+    command:
+      - "--log"
+      - "--log.level=debug"
+      - "--log.format=json"
+      - "--api.insecure=true"
+      - "--providers.docker"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/config"
+      - "--providers.file.watch=true"
+      - "--serversTransport.insecureSkipVerify=true" # Allow self-signed certificates for target hosts - https://doc.traefik.io/traefik/routing/overview/#insecureskipverify
+      - "--metrics"
+      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.websecure.transport.respondingTimeouts.readTimeout=0s"
+      - "--entrypoints.websecure.transport.respondingTimeouts.writeTimeout=0s"
+      - "--entrypoints.websecure.transport.respondingTimeouts.idleTimeout=5m"
+      - "--entrypoints.websecure.http.tls=true"
+      - "--entrypoints.websecure.http.tls.certresolver=letsencrypt"
+      - "--entrypoints.webinternal.address=:82"
+      - "--certificatesresolvers.letsencrypt.acme.email=kasperj@gmail.com"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/letsencrypt.json"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=300"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=8.8.8.8:53"
+
+    environment:
+      - CLOUDFLARE_DNS_API_TOKEN=n-iAlyJaGKcJwUcbxiIYA6kmxTVPBF_ez-g0fglW
+      - CLOUDFLARE_API_KEY=n-iAlyJaGKcJwUcbxiIYA6kmxTVPBF_ez-g0fglW
+      - CLOUDFLARE_HTTP_TIMEOUT=${HTTP_TIMEOUT}
+      - CLOUDFLARE_POLLING_INTERVAL=${POLLING_INTERVAL}
+      - CLOUDFLARE_PROPAGATION_TIMEOUT=${PROPAGATION_TIMEOUT}
+      - CLOUDFLARE_TTL=${TTL}
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.api.rule=Host(`traefik-api.kaspers.us`)
+        - traefik.http.routers.api.service=api@internal
+        - traefik.http.routers.api.entrypoints=websecure
+        - traefik.http.routers.api.tls=true
+        - traefik.http.services.api.loadbalancer.server.port=8080
+        - traefik.docker.network=proxy
+        - traefik.http.routers.api.tls.certresolver=letsencrypt
+        - traefik.http.routers.dashboard.rule=Host(`traefik.kaspers.us`)
+        - traefik.http.routers.dashboard.entrypoints=web
+        - traefik.http.routers.dashboard.service=api@internal
+        - traefik.http.routers.dashboard.tls=true
+        - traefik.http.routers.dashboard.tls.certresolver=myresolver
+    ports:
+      # HTTP
+      - target: 80
+        published: 80
+      # HTTPS
+      - target: 443
+        published: 443
+      # Web UI (enabled by --api.insecure=true)
+      - target: 8080
+        published: 8182
+    networks:
+      - proxy
+      - internal
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/Media/container-station-data/traefik/acme:/etc/traefik/acme/
+      - /share/Media/container-station-data/traefik/origcerts:/etc/traefik/certs/
+      - /share/Media/container-station-data/traefik:/config
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/Media/container-station-data/traefik/cloudflare:/cloudflare
+
+#  traefik-forward-auth:
+#    image: thomseddon/traefik-forward-auth:2.1.0
+#    networks:
+#      - traefik
+#    environment:
+#      - PROVIDERS_GOOGLE_CLIENT_ID=${PROVIDERS_GOOGLE_CLIENT_ID}
+#      - PROVIDERS_GOOGLE_CLIENT_SECRET=${PROVIDERS_GOOGLE_CLIENT_SECRET}
+#      - SECRET=${SECRET}
+#      - AUTH_HOST=auth.${ROOT_DOMAIN}
+#      - COOKIE_DOMAIN=${ROOT_DOMAIN}
+#      - WHITELIST=${WHITELIST}
+#    deploy:
+#      labels:
+#        - traefik.enable=true
+#        - traefik.docker.network=traefik
+#
+#        - traefik.http.routers.auth.rule=Host(`auth.${ROOT_DOMAIN}`)
+#        - traefik.http.routers.auth.entrypoints=websecure
+#        - traefik.http.routers.auth.tls=true
+#        - traefik.http.routers.auth.tls.domains[0].main=${ROOT_DOMAIN}
+#        - traefik.http.routers.auth.tls.domains[0].sans=*.${ROOT_DOMAIN}
+#        - traefik.http.routers.auth.tls.certresolver=letsencrypt
+#        - traefik.http.routers.auth.service=auth@docker
+#
+#        - traefik.http.services.auth.loadbalancer.server.port=4181
+#
+#        - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181
+#        - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true
+#        - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User
+#
+#        - traefik.http.routers.auth.middlewares=forward-auth
+#
+#        - traefik.constraint=proxy-public
+
+  tunnel:
+    container_name: cloudflared-tunnel
+    image: cloudflare/cloudflared
+    restart: unless-stopped
+    command: tunnel run
+    networks:
+      - proxy
+    environment:
+      - TUNNEL_TOKEN=${TUNNEL_TOKEN}
+
+  error-pages:
+    image: tarampampam/error-pages:2.26.0
+    environment:
+      TEMPLATE_NAME: l7-dark
+    networks:
+      - proxy
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=traefik
+
+        # use as "fallback" for any non-registered services (with priority below normal)
+        - traefik.http.routers.error-pages.rule=HostRegexp(`{host:.+}`)
+        - traefik.http.routers.error-pages.priority=10
+
+        # should say that all of your services work on https
+        - traefik.http.routers.error-pages.tls='true'
+        - traefik.http.routers.error-pages.entrypoints=websecure
+        - traefik.http.routers.error-pages.middlewares=error-pages
+        - traefik.http.services.error-pages.loadbalancer.server.port=8080
+
+        # "errors" middleware settings
+        - traefik.http.middlewares.error-pages.errors.status=400-599
+        - traefik.http.middlewares.error-pages.errors.service=error-pages
+        - traefik.http.middlewares.error-pages.errors.query=/{status}.html
+
+  cloudflare-companion:
+    image: ghcr.io/tiredofit/docker-traefik-cloudflare-companion:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - TIMEZONE=America/New_York
+      - LOG_TYPE=CONSOLE
+      - LOG_LEVEL=INFO
+      - TRAEFIK_VERSION=2
+      - RC_TYPE=CNAME
+      - TARGET_DOMAIN=8b520bb5-6093-4c17-a5b1-f8facb18db47.cfargotunnel.com
+      - DOMAIN1_TARGET_DOMAIN=8b520bb5-6093-4c17-a5b1-f8facb18db47.cfargotunnel.com
+      - REFRESH_ENTRIES=TRUE
+      - TRAEFIK_DEFAULT_RULE=FALSE
+      - TRAEFIK_ENABLE_LABEL_ONLY=TRUE
+      - DEFAULT_MODE=SKIP
+      - PURGE_ON_DELETE=TRUE
+      - ENABLE_TRAEFIK_POLL=TRUE
+      - TRAEFIK_POLL_URL=http://reverse-proxy:8080/
+      - TRAEFIK_FILTER_LABEL=traefik.constraint
+      - TRAEFIK_FILTER=proxy-public
+      - DOMAIN1=${ROOT_DOMAIN}
+      - DOMAIN1_ZONE_ID=${ZONE_ID}
+      - DOMAIN1_PROXIED=TRUE
+      - TRAEFIK_EXCLUDED_HOST1=.* 
+      - CF_TOKEN=n-iAlyJaGKcJwUcbxiIYA6kmxTVPBF_ez-g0fglW
+    restart: always
+    networks:
+      - internal
+      
+networks:
+  proxy:
+    external: true
+  internal:
--- a/QNAP/traefik/environment-variables.json
+++ b/QNAP/traefik/environment-variables.json
@@ -0,0 +1,50 @@
+[
+  {
+    "name": "ROOT_DOMAIN",
+    "value": "kaspers.us"
+  },
+  {
+    "name": "HTTP_TIMEOUT",
+    "value": "60"
+  },
+  {
+    "name": "POLLING_INTERVAL",
+    "value": "10"
+  },
+  {
+    "name": "PROPAGATION_TIMEOUT",
+    "value": "3600"
+  },
+  {
+    "name": "TTL",
+    "value": "300"
+  },
+  {
+    "name": "PROVIDERS_GOOGLE_CLIENT_ID",
+    "value": "<GOOGLE CLIENT ID>"
+  },
+  {
+    "name": "PROVIDERS_GOOGLE_CLIENT_SECRET",
+    "value": "<GOOGLE CLIENT SECRET>"
+  },
+  {
+    "name": "SECRET",
+    "value": "RandomTextGoesHere"
+  },
+  {
+    "name": "WHITELIST",
+    "value": "<YOUR GOOGLE ACCOUNT EMAIL>"
+  },
+  {
+    "name": "LOG_LEVEL",
+    "value": "INFO"
+  },
+  {
+    "name": "ZONE_ID",
+    "value": "7e2d1b9d7e0f7a5056bfaea28f070ba3"
+  },
+  {
+    "name": "TUNNEL_TOKEN",
+    "value": "eyJhIjoiNmZkNGQyNGRhNDNiNTgyZDY3NjA4ZmZlZjU1NDljNGEiLCJ0IjoiOGI1MjBiYjUtNjA5My00YzE3LWE1YjEtZjhmYWNiMThkYjQ3IiwicyI6Ik9URTRNekZpWXpJdE1EVm1PUzAwTUROaUxXRTFNamt0WlRrMll6azVOVEV4TURJMyJ9"
+  }
+]
--- a/QNAP/traefik/metadata.txt
+++ b/QNAP/traefik/metadata.txt
@@ -0,0 +1,8 @@
+Stack Name: traefik
+Stack ID: 13
+Endpoint ID: 3
+Creation Date: 1754418005
+Update Date: 1755528537
+Status: 1
+Type: 2
+Entry Point: docker-compose.yml
--- a/QNAP/traefik/stack-info.json
+++ b/QNAP/traefik/stack-info.json
@@ -0,0 +1,81 @@
+{
+  "Id": 13,
+  "Name": "traefik",
+  "Type": 2,
+  "EndpointId": 3,
+  "SwarmId": "",
+  "EntryPoint": "docker-compose.yml",
+  "Env": [
+    {
+      "name": "ROOT_DOMAIN",
+      "value": "kaspers.us"
+    },
+    {
+      "name": "HTTP_TIMEOUT",
+      "value": "60"
+    },
+    {
+      "name": "POLLING_INTERVAL",
+      "value": "10"
+    },
+    {
+      "name": "PROPAGATION_TIMEOUT",
+      "value": "3600"
+    },
+    {
+      "name": "TTL",
+      "value": "300"
+    },
+    {
+      "name": "PROVIDERS_GOOGLE_CLIENT_ID",
+      "value": "<GOOGLE CLIENT ID>"
+    },
+    {
+      "name": "PROVIDERS_GOOGLE_CLIENT_SECRET",
+      "value": "<GOOGLE CLIENT SECRET>"
+    },
+    {
+      "name": "SECRET",
+      "value": "RandomTextGoesHere"
+    },
+    {
+      "name": "WHITELIST",
+      "value": "<YOUR GOOGLE ACCOUNT EMAIL>"
+    },
+    {
+      "name": "LOG_LEVEL",
+      "value": "INFO"
+    },
+    {
+      "name": "ZONE_ID",
+      "value": "7e2d1b9d7e0f7a5056bfaea28f070ba3"
+    },
+    {
+      "name": "TUNNEL_TOKEN",
+      "value": "eyJhIjoiNmZkNGQyNGRhNDNiNTgyZDY3NjA4ZmZlZjU1NDljNGEiLCJ0IjoiOGI1MjBiYjUtNjA5My00YzE3LWE1YjEtZjhmYWNiMThkYjQ3IiwicyI6Ik9URTRNekZpWXpJdE1EVm1PUzAwTUROaUxXRTFNamt0WlRrMll6azVOVEV4TURJMyJ9"
+    }
+  ],
+  "ResourceControl": {
+    "Id": 8,
+    "ResourceId": "3_traefik",
+    "SubResourceIds": [],
+    "Type": 6,
+    "UserAccesses": [],
+    "TeamAccesses": [],
+    "Public": false,
+    "AdministratorsOnly": true,
+    "System": false
+  },
+  "Status": 1,
+  "ProjectPath": "/data/compose/13",
+  "CreationDate": 1754418005,
+  "CreatedBy": "admin",
+  "UpdateDate": 1755528537,
+  "UpdatedBy": "admin",
+  "AdditionalFiles": null,
+  "AutoUpdate": null,
+  "Option": null,
+  "GitConfig": null,
+  "FromAppTemplate": false,
+  "Namespace": ""
+}