Restructuring:

- Add Auth_proxy to organiser
- Shuffle some IP's
- Add vlan support
- add basic jacket setup
This commit is contained in:
kjeld Schouten-Lebbing 2020-02-27 15:05:08 +01:00
parent cb8eb9ac57
commit 6dd25f883b
7 changed files with 226 additions and 26 deletions

50
jackett-conf/jackett.rc Normal file
View File

@ -0,0 +1,50 @@
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: jackett
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# jackett_enable: Set to YES to enable jackett
# Default: NO
# jackett_user: The user account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# jackett_group: The group account used to run the jackett daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# jackett_data_dir: Directory where jackett configuration
# data is stored.
# Default: /var/db/jackett
. /etc/rc.subr
name=jackett
rcvar=${name}_enable
load_rc_config $name
: ${jackett_enable:="NO"}
: ${jackett_user:="jackett"}
: ${jackett_group:="jackett"}
: ${jackett_data_dir:="/config"}
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-p ${jackett_data_dir}/jackett.pid -f ${procname} /usr/local/share/Jackett/JackettConsole.exe -d ${jackett_data_dir}"
start_precmd=jackett_precmd
jackett_precmd() {
export USER=${jackett_user}
if [ ! -d ${jackett_data_dir} ]; then
install -d -o ${jackett_user} -g ${jackett_group} ${jackett_data_dir}
fi
export XDG_CONFIG_HOME=${jackett_data_dir}
}
run_rc_command "$1"

16
jackett.sh Normal file
View File

@ -0,0 +1,16 @@
echo '{"pkgs":["mono","curl","ca_root_nss","nano"]}' > /tmp/pkg.json
iocage create -n "jackett" -p /tmp/pkg.json -r 11.3-RELEASE interfaces="vnet0:bridge30" ip4_addr="vnet0|192.168.30.28/24" defaultrouter="192.168.30.1" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage exec jackett mkdir -p /config
iocage fstab -a jackett /mnt/tank/apps/jackett /config nullfs rw 0 0
iocage exec jackett ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share"
iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share"
iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz
iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin"
iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config
iocage exec jackett mkdir /usr/local/etc/rc.d
cp ./jackett-conf/jackett.rc /mnt/tank/iocage/jails/jackett/root/usr/local/etc/rc.d/jackett
iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett
iocage exec jackett sysrc "jackett_enable=YES"
iocage exec jackett service jackett restart

View File

@ -0,0 +1,129 @@
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
client_header_timeout 240;
client_body_timeout 240;
location / {
root /usr/local/www/Organizr;
index index.php index.html index.htm index.nginx-debian.html;
location ~ /auth-(.*) {
internal;
rewrite ^/auth-(.*) /api/?v1/auth&group=$1;
}
error_page 400 401 402 403 404 405 408 500 502 503 504 $scheme://$server_name/?error=$status;
location / {try_files $uri $uri/ =404;}
include custom/phpblock.conf; #PHP Block
}
location /transmission {
auth_request /auth-0;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://127.0.0.1:9091;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nzbget {
auth_request /auth-0;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://127.0.0.1:6789;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nzbhydra/ {
auth_request /auth-0;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://127.0.0.1:5075/nzbhydra/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /sonarr {
auth_request /auth-0;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://192.168.30.30:8989;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /radarr {
auth_request /auth-0;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://192.168.30.31:7878;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /jackett {
auth_request /auth-0;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://192.168.30.28:9117;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_redirect off;
}
location /plex/ {
auth_request /auth-4;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://192.168.30.26:32400/;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_bind $server_addr;
proxy_buffers 32 4k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_hide_header X-Frame-Options;
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_no_cache $cookie_session;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
if ($http_referer ~* /plex/) {
rewrite ^/web/(.*) /plex/web/$1? redirect;
}
location /plexpy {
auth_request /auth-4;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://127.0.0.1:8181;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location /ombi/ {
auth_request /auth-4;
add_header X-Frame-Options "SAMEORIGIN";
proxy_pass http://127.0.0.1:5000/ombi/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}

View File

@ -0,0 +1,9 @@
fastcgi_read_timeout 240;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}

View File

@ -1,8 +1,10 @@
user www; user www;
worker_processes 1; worker_processes 1;
events { events {
worker_connections 1024; worker_connections 1024;
} }
http { http {
include mime.types; include mime.types;
default_type application/octet-stream; default_type application/octet-stream;
@ -10,21 +12,15 @@ sendfile on;
keepalive_timeout 65; keepalive_timeout 65;
server { server {
listen 80; listen 80;
server_name localhost; server_name organizr.dmz.schouten-lebbing.nl;
root /usr/local/www/Organizr; include custom/organizr.conf;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
} }
server {
listen 443 ssl;
server_name organizr.schouten-lebbing.nl;
include custom/organizr.conf;
ssl_certificate /config/cert/Organizr-Cert.crt; # Manually Added
ssl_certificate_key /config/cert/Organizr-Cert.key; # Manually Added
} }
} }

View File

@ -1,5 +1,5 @@
echo '{"pkgs":["nginx","php72","php72-filter","php72-curl","php72-hash","php72-json","php72-openssl","php72-pdo","php72-pdo_sqlite","php72-session","php72-simplexml","php72-sqlite3","php72-zip","git","ca_root_nss"]}' > /tmp/pkg.json echo '{"pkgs":["nginx","php72","php72-filter","php72-curl","php72-hash","php72-json","php72-openssl","php72-pdo","php72-pdo_sqlite","php72-session","php72-simplexml","php72-sqlite3","php72-zip","git","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "organizr" -p /tmp/pkg.json -r 11.3-RELEASE ip4_addr="vnet0|192.168.10.21/24" defaultrouter="192.168.10.1" vnet="on" allow_raw_sockets="1" boot="on" iocage create -n "organizr" -p /tmp/pkg.json -r 11.3-RELEASE interfaces="vnet0:bridge30" ip4_addr="vnet0|192.168.30.25/24" defaultrouter="192.168.30.1" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json rm /tmp/pkg.json
iocage exec organizr mkdir -p /config iocage exec organizr mkdir -p /config
iocage fstab -a organizr /mnt/tank/apps/organizr /config nullfs rw 0 0 iocage fstab -a organizr /mnt/tank/apps/organizr /config nullfs rw 0 0

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
echo '{"pkgs":["plexmediaserver-plexpass","ca_root_nss","nano"]}' > /tmp/pkg.json echo '{"pkgs":["plexmediaserver-plexpass","ca_root_nss","nano"]}' > /tmp/pkg.json
iocage create -n "plex" -p /tmp/pkg.json -r 11.3-RELEASE ip4_addr="vnet0|192.168.10.23/24" defaultrouter="192.168.10.1" vnet="on" allow_raw_sockets="1" boot="on" iocage create -n "plex" -p /tmp/pkg.json -r 11.3-RELEASE interfaces="vnet0:bridge30" ip4_addr="vnet0|192.168.30.26/24" defaultrouter="192.168.30.1" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json rm /tmp/pkg.json
iocage exec plex "mkdir -p /usr/local/etc/pkg/repos" iocage exec plex "mkdir -p /usr/local/etc/pkg/repos"
cp ./plex-conf/FreeBSD.conf /mnt/tank/iocage/jails/plex/root/usr/local/etc/pkg/repos/FreeBSD.conf cp ./plex-conf/FreeBSD.conf /mnt/tank/iocage/jails/plex/root/usr/local/etc/pkg/repos/FreeBSD.conf