commit 0c3c9f73d8f5d4c3d53ff44b4d3f2d778b0adf8a Author: Amirhossein Khalili Date: Wed Mar 25 01:05:29 2026 +0800 initial commit diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..e42f21b --- /dev/null +++ b/.env.sample @@ -0,0 +1,12 @@ +# Domain name for your OneDev instance +DOMAIN=git.yourdomain.com + +# Email for Let's Encrypt certificate recovery. +# LEAVE BLANK if you do not want HTTPS/SSL and just want plain HTTP. +EMAIL= + +# OneDev version tag +ONEDEV_VERSION=latest + +# Port exposed to the host for Git SSH connections +SSH_PORT=6611 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3ae914e --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +.env +.DS_Store +Thumbs.db + +# Ignore generated proxy config +Caddyfile + +# Ignore custom certificates +certs/* +!certs/.gitkeep diff --git a/README.md b/README.md new file mode 100644 index 0000000..feabf36 --- /dev/null +++ b/README.md @@ -0,0 +1,36 @@ +# OneDev Auto-Deployer + +A production-ready Docker Compose setup for [OneDev](https://onedev.io/), utilizing Docker volumes for data management and Caddy for automatic SSL and reverse proxying. + +## Prerequisites +- Docker & Docker Compose installed. +- Ports `80`, `443`, and `6611` open on your firewall. +- Your domain's DNS A-Record pointing to your server's IP address. + +## Deployment + +1. Clone this repository and enter the directory. +2. Run the initial setup: + ```bash + chmod +x run.sh + ./run.sh + ``` +3. The script will create a `.env` file. Edit this file and set your `DOMAIN` and `EMAIL`. +4. Run `./run.sh` again to start the services. + +## SSL & HTTP Configuration +This deployment handles routing automatically via Caddy: +1. **Auto SSL (Let's Encrypt):** If you provide an `EMAIL` in the `.env` file, Caddy will automatically fetch and renew an SSL certificate. +2. **Custom SSL:** If you place `cert.pem` and `key.pem` inside the `certs/` folder, Caddy will use those instead. +3. **Plain HTTP:** If you leave `EMAIL` completely blank in the `.env` file and provide no custom certificates, Caddy will serve the site over plain HTTP on port 80. + +## Custom SSL Certificates (Optional) +By default, the script will automatically obtain a Let's Encrypt certificate for your domain. + +If you want to use your own certificates: +1. Place your certificate and key inside the `certs/` folder. +2. Rename them to exactly `cert.pem` and `key.pem`. +3. Run `./run.sh`. The script will detect them and use them instead of Let's Encrypt. + +## Managing Data +Data is stored securely in Docker managed volumes. To back up your OneDev data, you need to back up the `onedev_data` docker volume. diff --git a/certs/.gitkeep b/certs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..7bf23f9 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,35 @@ +version: '3.8' + +services: + caddy: + image: caddy:2-alpine + container_name: onedev-proxy + restart: unless-stopped + ports: + - "80:80" + - "443:443" + environment: + - DOMAIN=${DOMAIN} + - EMAIL=${EMAIL} + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro + - ./certs:/certs:ro + - caddy_data:/data + - caddy_config:/config + depends_on: + - onedev + + onedev: + image: 1dev/server:${ONEDEV_VERSION:-latest} + container_name: onedev + restart: unless-stopped + ports: + - "${SSH_PORT:-6611}:6611" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - onedev_data:/opt/onedev + +volumes: + onedev_data: + caddy_data: + caddy_config: diff --git a/run.sh b/run.sh new file mode 100644 index 0000000..3fb9048 --- /dev/null +++ b/run.sh @@ -0,0 +1,66 @@ +#!/bin/bash +set -e + +echo "🚀 Starting OneDev Deployment..." + +# 1. Handle Environment Variables +if [ ! -f .env ]; then + echo "📄 .env file not found. Creating one from .env.example..." + cp .env.example .env + echo "⚠️ Please edit the .env file with your DOMAIN (and EMAIL for SSL), then run this script again." + exit 1 +fi + +# Load environment variables +source .env + +# 2. Handle Reverse Proxy and SSL Configuration +mkdir -p certs +echo "🔒 Configuring Reverse Proxy..." + +if [ -f "certs/cert.pem" ] && [ -f "certs/key.pem" ]; then + echo "✅ Custom SSL certificates detected. Configuring Caddy to use custom TLS." + cat < Caddyfile +{\$DOMAIN} { + tls /certs/cert.pem /certs/key.pem + reverse_proxy onedev:6610 +} +EOF +elif [ -n "$EMAIL" ]; then + echo "🌐 No custom certs found, but EMAIL is set. Auto-provisioning Let's Encrypt SSL." + cat < Caddyfile +{\$DOMAIN} { + tls {\$EMAIL} + reverse_proxy onedev:6610 +} +EOF +else + echo "⚠️ No custom certs and no EMAIL provided. Configuring for plain HTTP." + cat < Caddyfile +http://{\$DOMAIN} { + reverse_proxy onedev:6610 +} +EOF +fi + +# 3. Determine docker compose command +if command -v docker-compose &> /dev/null; then + COMPOSE_CMD="docker-compose" +elif docker --help | grep -q "compose"; then + COMPOSE_CMD="docker compose" +else + echo "❌ Error: Docker Compose not found." + exit 1 +fi + +# 4. Deploy +echo "🐳 Pulling images and starting containers..." +$COMPOSE_CMD pull +$COMPOSE_CMD up -d + +echo "✅ Deployment complete!" +if [ -n "$EMAIL" ] || ([ -f "certs/cert.pem" ] && [ -f "certs/key.pem" ]); then + echo "🌐 Access your server securely at: https://${DOMAIN}" +else + echo "🌐 Access your server at: http://${DOMAIN}" +fi