From e4cff76f5b01544b7d84251a0b4c1b9d1906acaf Mon Sep 17 00:00:00 2001 From: vorotamoroz Date: Thu, 31 Oct 2024 11:44:27 +0000 Subject: [PATCH] initial --- .env.couchdb.sample | 2 ++ .env.tailscale-app.sample | 7 +++++++ .gitignore | 2 ++ conf/local.ini | 22 ++++++++++++++++++++ docker-compose.yml | 31 +++++++++++++++++++++++++++++ readme.md | 42 +++++++++++++++++++++++++++++++++++++++ ts-conf/ts-serve.json | 19 ++++++++++++++++++ 7 files changed, 125 insertions(+) create mode 100644 .env.couchdb.sample create mode 100644 .env.tailscale-app.sample create mode 100644 .gitignore create mode 100644 conf/local.ini create mode 100644 docker-compose.yml create mode 100644 readme.md create mode 100644 ts-conf/ts-serve.json diff --git a/.env.couchdb.sample b/.env.couchdb.sample new file mode 100644 index 0000000..47c6a45 --- /dev/null +++ b/.env.couchdb.sample @@ -0,0 +1,2 @@ +COUCHDB_USER=[your-favourite-user-name] +COUCHDB_PASSWORD=[and-your-favourite-password] \ No newline at end of file diff --git a/.env.tailscale-app.sample b/.env.tailscale-app.sample new file mode 100644 index 0000000..d59deab --- /dev/null +++ b/.env.tailscale-app.sample @@ -0,0 +1,7 @@ +TS_AUTHKEY=[HERE_FOR_YOUR_TAILSCALE_AUTHKEY] +TS_EXTRA_ARGS=--advertise-tags=tag:container +TS_SERVE_CONFIG=/config/ts-serve.json +TS_STATE_DIR=/var/lib/tailscale +TS_SOCKET=/var/run/tailscale/tailscaled.sock +TS_USERSPACE=false +TS_PRIVACY=public \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cd6dee9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.env* +!.env.*.sample \ No newline at end of file diff --git a/conf/local.ini b/conf/local.ini new file mode 100644 index 0000000..8e5d782 --- /dev/null +++ b/conf/local.ini @@ -0,0 +1,22 @@ +[couchdb] +single_node=true +max_document_size = 50000000 + +[chttpd] +require_valid_user = true +max_http_request_size = 4294967296 + +[chttpd_auth] +require_valid_user = true +authentication_redirect = /_utils/session.html + +[httpd] +WWW-Authenticate = Basic realm="couchdb" +enable_cors = true + +[cors] +origins = app://obsidian.md,capacitor://localhost,http://localhost +credentials = true +headers = accept, authorization, content-type, origin, referer +methods = GET, PUT, POST, HEAD, DELETE +max_age = 3600 \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..57dc61c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,31 @@ +services: + tailscale-app: + image: tailscale/tailscale:latest + hostname: couch-tailscale + env_file: .env.tailscale-app + volumes: + - tailscale-data:/var/lib/tailscale + - ${PWD}/ts-conf/ts-serve.json:/config/ts-serve.json:ro + - /dev/net/tun:/dev/net/tun + cap_add: + - net_admin + - sys_module + restart: unless-stopped + app: + image: couchdb:3.4.2 + network_mode: service:tailscale-app + depends_on: + - tailscale-app + env_file: .env.couchdb + volumes: + # The files' owner will be id:5984 when you launch the image. + # Because CouchDB writes on-the-fly configurations into local.ini. + # So when you want to perform git pull or change something, you have to change owners back. + - couchdb-data:/opt/couchdb/data + - ${PWD}/conf/local.ini:/opt/couchdb/etc/local.ini + restart: unless-stopped +volumes: + tailscale-data: + driver: local + couchdb-data: + driver: local \ No newline at end of file diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..ff6fc82 --- /dev/null +++ b/readme.md @@ -0,0 +1,42 @@ +## CouchDB image for Self-hosted LiveSync with Tailscale funnel + +### What is this +- CouchDB Server which configured about CORS for Obsidian and Self-hosted LiveSync. +- Instead of using your SSL Certificate or Domains, Using [tailScale](https://tailscale.com/) funnel. + +### Prerequisites +- You should have an account of tailscale. +- Your tailscale account should enabled funnel once. + +(To more instructions, read the [official document](https://tailscale.com/blog/docker-tailscale-guide)). + +### How to use +- Rename `.env.couchdb.sample` to `.env.couchdb`. +- Fill [your-favourite-user-name] and [and-your-favourite-password] in `.env.couchdb`. +- Rename `.env.tailscale-app.sample` to `.env.tailscale-app`. +- Fill [HERE_FOR_YOUR_TAILSCALE_AUTHKEY] in `.env.tailscale-app`. + - Note: This should be `OAuth` key. +- run `docker compose up` + + +Note: If you are first to this, some interaction will be shown. Please follow messages. And if you have been simply failed, please run `docker exec -it tailscale_couchdb-tailscale-app tailscale funnel 5984` from the other terminal. The message like following will be shown. + +``` +docker exec -it tailscale_couchdb-tailscale-app tailscale funnel 5984 + +Funnel is enabled, but the list of allowed nodes in the tailnet policy file does not include the one you are using. +To give access to this node you can edit the tailnet policy file, or visit: + + https://login.tailscale.com/f/funnel?node=something random + +``` + +And, if you have completed the configuration, following will also be shown. + +``` +Success. +Available on the internet: + +https://xxxxxxxxxx.xxxxxxx.ts.net/ +|-- proxy http://127.0.0.1:5984 +``` diff --git a/ts-conf/ts-serve.json b/ts-conf/ts-serve.json new file mode 100644 index 0000000..e2f4677 --- /dev/null +++ b/ts-conf/ts-serve.json @@ -0,0 +1,19 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://127.0.0.1:5984" + } + } + } + }, + "AllowFunnel": { + "${TS_CERT_DOMAIN}:443": true + } +} \ No newline at end of file