Skip to content

Instantly share code, notes, and snippets.

@korylprince

korylprince/Caddyfile

Created November 3, 2022 03:17
Show Gist options
  • Save korylprince/ed6408ba965f0d9dc0f6b03c66263995 to your computer and use it in GitHub Desktop.
Save korylprince/ed6408ba965f0d9dc0f6b03c66263995 to your computer and use it in GitHub Desktop.
Download ZIP
Open Source Cybersecurity Example
Raw
README.md

Requirements

  • docker
  • docker-compose

For ubuntu, use apt install docker.io docker-compose

Running the test

  • Place Caddyfile and compose.yaml in the same folder
  • Run docker-compose up -d
  • Run docker run --rm guacamole/guacamole:1.4.0 /opt/guacamole/bin/initdb.sh --postgres | docker exec -i postgres psql -d guacamole -f -
    • This initializes the guacamole database

Containers

  • caddy - web server/reverse proxy with automatic Let's Encrypt Support
  • vaultwarden - open source implementation of BitWarden server
  • postgres - database for guacamole
  • guacd - backend connector for guacamole
  • guacamole - web frontend for guacamole
  • client - SSH server for guacamole testing
  • vncclient - VNC server for guacamole testing
Raw
Caddyfile
vaultwarden.{$DOMAIN}:443 {
tls {$EMAIL}
reverse_proxy vaultwarden:80 {
header_up X-Real-IP {remote_host}
}
reverse_proxy /notifications/hub vaultwarden:3012
}
guacamole.{$DOMAIN}:443 {
tls {$EMAIL}
reverse_proxy guacamole:8080 {
header_up X-Real-IP {remote_host}
}
}
Raw
compose.yaml
version: '3'
services:
caddy:
image: caddy:2
container_name: caddy
restart: always
networks:
- external
ports:
- 80:80
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-data:/data
environment:
DOMAIN: "yourdomain.tld"
EMAIL: "[email protected]"
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
networks:
- external
- internal
environment:
WEBSOCKET_ENABLED: "true"
ADMIN_TOKEN: "admin"
volumes:
- ./vaultwarden-data:/data
postgres:
image: postgres:12
container_name: postgres
restart: always
networks:
- internal
volumes:
- ./postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_USER: root
POSTGRES_PASSWORD: guacamole
POSTGRES_DB: guacamole
PGDATA: /var/lib/postgresql/data/pgdata
guacd:
image: guacamole/guacd:1.4.0
container_name: guacd
restart: always
networks:
- internal
healthcheck:
disable: true
guacamole:
image: guacamole/guacamole:1.4.0
container_name: guacamole
restart: always
networks:
- internal
- external
environment:
GUACD_HOSTNAME: guacd
WEBAPP_CONTEXT: ROOT
POSTGRES_HOSTNAME: postgres
POSTGRES_DATABASE: guacamole
POSTGRES_USER: root
POSTGRES_PASSWORD: guacamole
client:
image: linuxserver/openssh-server:2021.10.24
container_name: client
restart: always
networks:
- internal
environment:
PASSWORD_ACCESS: "true"
USER_PASSWORD: password
USER_NAME: user
vncclient:
image: consol/ubuntu-icewm-vnc
container_name: vncclient
networks:
- internal
networks:
internal:
internal: true
external:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment