enable ghost, enable paste, add stage k3s env

.gitignore

@@ -5,6 +5,7 @@ ghost/mysql/*
 mattermost/volumes
 paperless/consume
 paperless/export
+paste/data/*
 pihole/etc-pihole
 traefik/log/*.log
 traefik/log/*.gz

ghost/.env

@@ -0,0 +1,13 @@
+# ghost service
+database__client=mysql
+database__connection__host=ghost-mysql-1
+database__connection__user=ghost
+database__connection__password=ghost
+database__connection__database=ghost
+url=https://blog.rskio.com
+
+# ghost mysql
+MYSQL_ROOT_PASSWORD=root
+MYSQL_DATABASE=ghost
+MYSQL_USER=ghost
+MYSQL_PASSWORD=ghost

ghost/compose.yml

@@ -0,0 +1,118 @@
+services:
+  service:
+    image: ghost:5-alpine
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.ghost.entrypoints=websecure
+      - traefik.http.routers.ghost.rule=Host(`blog.rskio.com`)
+      - traefik.http.routers.ghost.middlewares=secureHeaders@file
+      - traefik.http.routers.ghost.tls=true
+      - traefik.http.routers.ghost.tls.options=internal@file
+      - traefik.http.routers.ghost.service=ghost@docker
+      - traefik.http.services.ghost.loadbalancer.server.port=2368
+      - traefik.http.routers.ghost.tls.certresolver=rskio_certresolver
+    environment:
+      - database__client
+      - database__connection__host
+      - database__connection__user
+      - database__connection__password
+      - database__connection__database
+      - url
+    depends_on:
+      mysql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    restart: unless-stopped
+    networks:
+      - default
+      - traefik
+  mysql:
+    image: mysql:8.0.35
+    command:
+      - --innodb-buffer-pool-size=1G
+      - --innodb-log-buffer-size=500M
+      - --innodb-change-buffer-max-size=50
+      - --innodb-flush-log-at-trx_commit=0
+      - --innodb-flush-method=O_DIRECT
+    ports:
+      - 3306:3306
+    environment:
+      - MYSQL_ROOT_PASSWORD
+      - MYSQL_DATABASE
+      - MYSQL_USER
+      - MYSQL_PASSWORD
+    restart: always
+    volumes:
+      - ./mysql:/var/lib/mysql
+    healthcheck:
+      test: mysql -uroot -proot ghost -e 'select 1'
+      interval: 5s
+      retries: 120
+    networks:
+      - default
+  redis:
+    image: redis:7.0
+    restart: always
+    ports:
+      - 6379:6379
+    healthcheck:
+      test:
+        - CMD
+        - redis-cli
+        - --raw
+        - incr
+        - ping
+      interval: 1s
+      retries: 120
+    networks:
+      - default
+  pushgateway:
+    profiles: [monitoring]
+    image: prom/pushgateway:v1.6.0
+    container_name: ghost-pushgateway
+    ports:
+      - 9091:9091
+  mailhog:
+    image: mailhog/mailhog:latest
+    container_name: ghost-mailhog
+    profiles: [ghost]
+    ports:
+      - "1025:1025" # SMTP server
+      - "8025:8025" # Web interface
+    restart: always
+    networks:
+      - default
+#  prometheus:
+#    profiles: [monitoring]
+#    image: prom/prometheus:v2.30.3
+#    container_name: ghost-prometheus
+#    ports:
+#      - 9090:9090
+#    restart: always
+#    volumes:
+#      - ./.docker/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+#     networks:
+#      - default
+#  grafana:
+#    profiles: [monitoring]
+#    image: grafana/grafana:8.3.0
+#    container_name: ghost-grafana
+#    ports:
+#      - 3000:3000
+#    restart: always
+#    environment:
+#      - GF_AUTH_ANONYMOUS_ENABLED=true
+#      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+#    volumes:
+#      - ./.docker/grafana/datasources:/etc/grafana/provisioning/datasources
+#      - ./.docker/grafana/dashboard.yml:/etc/grafana/provisioning/dashboards/main.yaml
+#      - ./.docker/grafana/dashboards:/var/lib/grafana/dashboards
+#     networks:
+#      - default
+#      - traefik
+
+networks:
+  default: {}
+  traefik:
+    external: true

ghost/compose.yml.off

@@ -1,85 +0,0 @@
-services:
-  service:
-    image: ghost:5-alpine
-    ports:
-      - 2368:2368 # Ghost
-    environment:
-      database__client: mysql
-      database__connection__host: ghost-mysql-1
-      database__connection__user: ghost
-      database__connection__password: ghost
-      database__connection__database: ghost
-      url: https://blog.rskio.com
-    depends_on:
-      mysql:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-  mysql:
-    image: mysql:8.0.35
-    command: --innodb-buffer-pool-size=1G --innodb-log-buffer-size=500M --innodb-change-buffer-max-size=50 --innodb-flush-log-at-trx_commit=0 --innodb-flush-method=O_DIRECT
-    ports:
-      - 3306:3306
-    environment:
-      MYSQL_ROOT_PASSWORD: root
-      MYSQL_DATABASE: ghost
-      MYSQL_USER: ghost
-      MYSQL_PASSWORD: ghost
-    restart: always
-    volumes:
-      - ./mysql:/var/lib/mysql
-    healthcheck:
-      test: mysql -uroot -proot ghost -e 'select 1'
-      interval: 5s
-      retries: 120
-  redis:
-    image: redis:7.0
-    restart: always
-    ports:
-      - 6379:6379
-    healthcheck:
-      test:
-        - CMD
-        - redis-cli
-        - --raw
-        - incr
-        - ping
-      interval: 1s
-      retries: 120
-#  prometheus:
-#    profiles: [monitoring]
-#    image: prom/prometheus:v2.30.3
-#    container_name: ghost-prometheus
-#    ports:
-#      - 9090:9090
-#    restart: always
-#    volumes:
-#      - ./.docker/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
-#  grafana:
-#    profiles: [monitoring]
-#    image: grafana/grafana:8.3.0
-#    container_name: ghost-grafana
-#    ports:
-#      - 3000:3000
-#    restart: always
-#    environment:
-#      - GF_AUTH_ANONYMOUS_ENABLED=true
-#      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
-#    volumes:
-#      - ./.docker/grafana/datasources:/etc/grafana/provisioning/datasources
-#      - ./.docker/grafana/dashboard.yml:/etc/grafana/provisioning/dashboards/main.yaml
-#      - ./.docker/grafana/dashboards:/var/lib/grafana/dashboards
-#  pushgateway:
-#    profiles: [monitoring]
-#    image: prom/pushgateway:v1.6.0
-#    container_name: ghost-pushgateway
-#    ports:
-#      - 9091:9091
-#  mailhog:
-#    image: mailhog/mailhog:latest
-#    container_name: ghost-mailhog
-#    profiles: [ghost]
-#    ports:
-#      - "1025:1025" # SMTP server
-#      - "8025:8025" # Web interface
-#    restart: always

paste/compose.yml

@@ -13,7 +13,7 @@ services:
       - traefik.http.routers.paste.service=paste@docker
       - traefik.http.services.paste.loadbalancer.server.port=8000
     environment:
-      - RUST_LOG=debug
+      - RUST_LOG=info
     volumes:
       - ./data/:/app/upload
       - ./config.toml:/app/config.toml

rskio.service

@@ -1,14 +1,14 @@
 [Unit]
-Description=Rskio Website
+Description=Rskio Services
 After=docker.service
 Requires=docker.service
 
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-WorkingDirectory=/opt/docker/rskio
-ExecStart=/bin/bash -c "docker compose -f ./compose.yml up -d"
-ExecStop=/bin/bash -c "docker compose -f ./compose.yml down"
+WorkingDirectory=/home/lost/workspace/hq
+ExecStart=/bin/bash -c "./compose.sh start"
+ExecStop=/bin/bash -c "./compose.sh stop"
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

traefik/etc/dynamic.yml

@@ -50,6 +50,26 @@ http:
     #      tls:
     #        options: internal@file
     #        certResolver: rskio_certresolver
+    #
+    stage-docs:
+      rule: Host(`docs.stage.rskio.com`)
+      service: stage@file
+      entryPoints:
+        - websecure
+      tls:
+        options: internal@file
+        certResolver: rskio_certresolver
+
+    stage-dashboard:
+      rule: Host(`lb.stage.rskio.com`)
+      service: stage@file
+      entryPoints:
+        - websecure
+      middlewares:
+        - redirect-dashboard
+      tls:
+        options: internal@file
+        certResolver: rskio_certresolver
 
     pihole:
       rule: Host(`dns.rskio.com`)
@@ -128,6 +148,12 @@ http:
     #          - url: "https://192.168.1.230:3000"
     #        serversTransport: backendIgnoreTLS
 
+    stage:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.1.25"
+        serversTransport: backendIgnoreTLS
+
     pihole:
       loadBalancer:
         servers: