-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
158 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| #version=1.0 | ||
| #url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs | ||
| #COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra | ||
| SERVICE=speedtest-tracker | ||
| IMAGE_URL=lscr.io/linuxserver/speedtest-tracker | ||
| SERVICEPORT=8888 | ||
| TS_AUTHKEY= | ||
| DNS_SERVER=1.1.1.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # Speedtest Tracker with Tailscale Sidecar Configuration | ||
|
|
||
| This Docker Compose configuration sets up [Speedtest Tracker](https://github.com/alexjustesen/speedtest-tracker) with Tailscale as a sidecar container to securely monitor and access your internet speed tracking tool over a private Tailscale network. By integrating Tailscale, you can ensure that your Speedtest Tracker instance remains private and accessible only to authorized devices on your Tailscale network. | ||
|
|
||
| ## Speedtest Tracker | ||
|
|
||
| [Speedtest Tracker](https://github.com/alexjustesen/speedtest-tracker) is an open-source, self-hosted tool designed to regularly test and monitor your internet connection speed. It logs historical speed test data and provides detailed visualizations, making it ideal for diagnosing network issues or keeping your ISP accountable. Adding Tailscale enhances the security of your Speedtest Tracker instance by ensuring access is limited to authorized devices within your private network. | ||
|
|
||
| ## Key Features | ||
|
|
||
| - **Automated Speed Tests**: Schedule regular speed tests for consistent monitoring. | ||
| - **Data Logging**: Keep historical records of your upload, download, and ping stats. | ||
| - **Detailed Visualizations**: View trends and performance over time with an intuitive web interface. | ||
| - **Self-Hosted**: Maintain full control over your data with a locally hosted solution. | ||
|
|
||
| ## Configuration Overview | ||
|
|
||
| In this setup, the `tailscale-speedtest` service runs Tailscale, which manages secure networking for the Speedtest Tracker service. The `speedtest-tracker` service uses the Tailscale network stack via Docker's `network_mode: service:` configuration. This ensures that Speedtest Tracker’s web interface is only accessible through the Tailscale network (or locally, if preferred), providing enhanced privacy and security for your internet speed monitoring. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| { | ||
| "TCP": { | ||
| "443": { | ||
| "HTTPS": true | ||
| } | ||
| }, | ||
| "Web": { | ||
| "${TS_CERT_DOMAIN}:443": { | ||
| "Handlers": { | ||
| "/": { | ||
| "Proxy": "http://127.0.0.1:8888" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| services: | ||
| # Make sure you have updated/checked the .env file with the correct variables. | ||
| # All the ${ xx } need to be defined there. | ||
| # Tailscale Sidecar Configuration | ||
| tailscale: | ||
| image: tailscale/tailscale:latest # Image to be used | ||
| container_name: tailscale-${SERVICE} # Name for local container management | ||
| hostname: ${SERVICE} # Name used within your Tailscale environment | ||
| environment: | ||
| - TS_AUTHKEY=${TS_AUTHKEY} | ||
| - TS_STATE_DIR=/var/lib/tailscale | ||
| - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required | ||
| - TS_USERSPACE=false | ||
| - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" | ||
| - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint | ||
| volumes: | ||
| - ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path | ||
| - ${PWD}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path | ||
| devices: | ||
| - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work | ||
| cap_add: | ||
| - net_admin # Tailscale requirement | ||
| - sys_module # Tailscale requirement | ||
| #ports: | ||
| # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required | ||
| # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below | ||
| #dns: | ||
| # - ${DNS_SERVER} | ||
| healthcheck: | ||
| test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational | ||
| interval: 1m # How often to perform the check | ||
| timeout: 10s # Time to wait for the check to succeed | ||
| retries: 3 # Number of retries before marking as unhealthy | ||
| start_period: 10s # Time to wait before starting health checks | ||
| restart: always | ||
|
|
||
| # ${SERVICE} | ||
| application: | ||
| image: ${IMAGE_URL} # Image to be used | ||
| network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale | ||
| container_name: app-${SERVICE} # Name for local container management | ||
| environment: | ||
| - PUID=1000 | ||
| - PGID=1000 | ||
| - APP_KEY= | ||
| - DB_CONNECTION=sqlite | ||
| #- APP_NAME= | ||
| #- APP_URL= | ||
| #- APP_TIMEZONE=Europe/Amsterdam | ||
| #- DISPLAY_TIMEZONE=Europe/Amsterdam | ||
| #- PUBLIC_DASHBOARD=true | ||
| #- SPEEDTEST_SCHEDULE=0 23 * * * | ||
| #- SPEEDTEST_SERVERS= | ||
| volumes: | ||
| - ${PWD}/${SERVICE}-data:/config | ||
| - ${PWD}/nginx/default.conf:/config/nginx/site-confs/default.conf | ||
| #- ${PWD}/${SERVICE}-data/path/to-custom-ssl-keys:/config/keys | ||
| depends_on: | ||
| tailscale: | ||
| condition: service_healthy | ||
| healthcheck: | ||
| test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running | ||
| interval: 1m # How often to perform the check | ||
| timeout: 10s # Time to wait for the check to succeed | ||
| retries: 3 # Number of retries before marking as unhealthy | ||
| start_period: 30s # Time to wait before starting health checks | ||
| restart: always |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| ## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/site-confs/default.conf.sample | ||
|
|
||
| server { | ||
| listen 8888 default_server; | ||
| # listen [::]:8888 default_server; | ||
| # listen 8443 ssl default_server; | ||
| # listen [::]:443 ssl default_server; | ||
|
|
||
| server_name _; | ||
|
|
||
| include /config/nginx/ssl.conf; | ||
|
|
||
| set $root /app/www/public; | ||
| if (!-d /app/www/public) { | ||
| set $root /config/www; | ||
| } | ||
| root $root; | ||
| index index.html index.htm index.php; | ||
|
|
||
| location / { | ||
| # enable for basic auth | ||
| #auth_basic "Restricted"; | ||
| #auth_basic_user_file /config/nginx/.htpasswd; | ||
|
|
||
| try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; | ||
| } | ||
|
|
||
| location ~ ^(.+\.php)(.*)$ { | ||
| # enable the next two lines for http auth | ||
| #auth_basic "Restricted"; | ||
| #auth_basic_user_file /config/nginx/.htpasswd; | ||
|
|
||
| fastcgi_split_path_info ^(.+\.php)(.*)$; | ||
| if (!-f $document_root$fastcgi_script_name) { return 404; } | ||
| fastcgi_pass 127.0.0.1:9000; | ||
| fastcgi_index index.php; | ||
| include /etc/nginx/fastcgi_params; | ||
| } | ||
|
|
||
| # deny access to .htaccess/.htpasswd files | ||
| location ~ /\.ht { | ||
| deny all; | ||
| } | ||
| } |