diff --git a/README.md b/README.md index 359dd8d..1b42203 100644 --- a/README.md +++ b/README.md @@ -64,10 +64,11 @@ If you would like to add your own config, you can use the [service-template](tem ### Monitoring and Analytics -| πŸ“ˆ Service | πŸ“ Description | πŸ”— Link | -| ------------------ | ----------------------------------------------------------------------------------- | ------------------------------- | -| πŸ“Š **Uptime Kuma** | A self-hosted monitoring tool like "Uptime Robot". | [Details](services/uptime-kuma) | -| πŸ“‰ **Beszel** | A lightweight server monitoring hub with historical data, Docker stats, and alerts. | [Details](services/beszel) | +| πŸ“ˆ Service | πŸ“ Description | πŸ”— Link | +| ------------------------ | ---------------------------------------------------------------------------------------- | ------------------------------------- | +| πŸ“Š **Uptime Kuma** | A self-hosted monitoring tool like "Uptime Robot". | [Details](services/uptime-kuma) | +| πŸ“‰ **Beszel** | A lightweight server monitoring hub with historical data, Docker stats, and alerts. | [Details](services/beszel) | +| πŸš€ **Speedtest Tracker** | A self-hosted tool to monitor and log internet speed tests with detailed visualizations. | [Details](services/speedtest-tracker) | ## Tailscale Funnel vs. Tailscale Serve diff --git a/services/speedtest-tracker/.env b/services/speedtest-tracker/.env new file mode 100644 index 0000000..4012d7d --- /dev/null +++ b/services/speedtest-tracker/.env @@ -0,0 +1,8 @@ +#version=1.0 +#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs +#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra +SERVICE=speedtest-tracker +IMAGE_URL=lscr.io/linuxserver/speedtest-tracker +SERVICEPORT=8888 +TS_AUTHKEY= +DNS_SERVER=1.1.1.1 \ No newline at end of file diff --git a/services/speedtest-tracker/README.md b/services/speedtest-tracker/README.md new file mode 100644 index 0000000..e571bb0 --- /dev/null +++ b/services/speedtest-tracker/README.md @@ -0,0 +1,18 @@ +# Speedtest Tracker with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Speedtest Tracker](https://github.com/alexjustesen/speedtest-tracker) with Tailscale as a sidecar container to securely monitor and access your internet speed tracking tool over a private Tailscale network. By integrating Tailscale, you can ensure that your Speedtest Tracker instance remains private and accessible only to authorized devices on your Tailscale network. + +## Speedtest Tracker + +[Speedtest Tracker](https://github.com/alexjustesen/speedtest-tracker) is an open-source, self-hosted tool designed to regularly test and monitor your internet connection speed. It logs historical speed test data and provides detailed visualizations, making it ideal for diagnosing network issues or keeping your ISP accountable. Adding Tailscale enhances the security of your Speedtest Tracker instance by ensuring access is limited to authorized devices within your private network. + +## Key Features + +- **Automated Speed Tests**: Schedule regular speed tests for consistent monitoring. +- **Data Logging**: Keep historical records of your upload, download, and ping stats. +- **Detailed Visualizations**: View trends and performance over time with an intuitive web interface. +- **Self-Hosted**: Maintain full control over your data with a locally hosted solution. + +## Configuration Overview + +In this setup, the `tailscale-speedtest` service runs Tailscale, which manages secure networking for the Speedtest Tracker service. The `speedtest-tracker` service uses the Tailscale network stack via Docker's `network_mode: service:` configuration. This ensures that Speedtest Tracker’s web interface is only accessible through the Tailscale network (or locally, if preferred), providing enhanced privacy and security for your internet speed monitoring. diff --git a/services/speedtest-tracker/config/serve.json b/services/speedtest-tracker/config/serve.json new file mode 100644 index 0000000..8f1b0f0 --- /dev/null +++ b/services/speedtest-tracker/config/serve.json @@ -0,0 +1,16 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://127.0.0.1:8888" + } + } + } + } +} diff --git a/services/speedtest-tracker/docker-compose.yml b/services/speedtest-tracker/docker-compose.yml new file mode 100644 index 0000000..2041d3f --- /dev/null +++ b/services/speedtest-tracker/docker-compose.yml @@ -0,0 +1,67 @@ +services: +# Make sure you have updated/checked the .env file with the correct variables. +# All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + volumes: + - ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path + - ${PWD}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + - sys_module # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + # ${SERVICE} + application: + image: ${IMAGE_URL} # Image to be used + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE} # Name for local container management + environment: + - PUID=1000 + - PGID=1000 + - APP_KEY= + - DB_CONNECTION=sqlite + #- APP_NAME= + #- APP_URL= + #- APP_TIMEZONE=Europe/Amsterdam + #- DISPLAY_TIMEZONE=Europe/Amsterdam + #- PUBLIC_DASHBOARD=true + #- SPEEDTEST_SCHEDULE=0 23 * * * + #- SPEEDTEST_SERVERS= + volumes: + - ${PWD}/${SERVICE}-data:/config + - ${PWD}/nginx/default.conf:/config/nginx/site-confs/default.conf + #- ${PWD}/${SERVICE}-data/path/to-custom-ssl-keys:/config/keys + depends_on: + tailscale: + condition: service_healthy + healthcheck: + test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks + restart: always \ No newline at end of file diff --git a/services/speedtest-tracker/nginx/default.conf b/services/speedtest-tracker/nginx/default.conf new file mode 100644 index 0000000..6b3e326 --- /dev/null +++ b/services/speedtest-tracker/nginx/default.conf @@ -0,0 +1,44 @@ +## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/site-confs/default.conf.sample + +server { + listen 8888 default_server; +# listen [::]:8888 default_server; +# listen 8443 ssl default_server; +# listen [::]:443 ssl default_server; + + server_name _; + + include /config/nginx/ssl.conf; + + set $root /app/www/public; + if (!-d /app/www/public) { + set $root /config/www; + } + root $root; + index index.html index.htm index.php; + + location / { + # enable for basic auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; + } + + location ~ ^(.+\.php)(.*)$ { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + fastcgi_split_path_info ^(.+\.php)(.*)$; + if (!-f $document_root$fastcgi_script_name) { return 404; } + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + # deny access to .htaccess/.htpasswd files + location ~ /\.ht { + deny all; + } +} \ No newline at end of file