feat: assign static IP addresses to Docker containers for consistent networking

Added static IP addresses to all containers in the automate-network for stability across container restarts.

Updated docker-compose.yml to include explicit IPv4 addresses for all services to prevent changes in IP allocation.

Modified extra_hosts entries for nextcloud and keycloak to ensure proper name resolution.

Ensured each container has a fixed IP to address communication issues between containers.

Adjusted network settings for reliability, especially for services that depend on fixed addresses (e.g., nextcloud, keycloak).

This update aims to improve service communication reliability and prevent dynamic IP changes causing disruptions in cross-service dependencies.

src/configs/nextcloud/config.php

@@ -1,44 +1,57 @@
 <?php
 $CONFIG = array (
-  'htaccess.RewriteBase' => '/',
-  'memcache.local' => '\\OC\\Memcache\\APCu',
-  'apps_paths' => 
-  array (
-    0 => 
+    // Vorhandene Konfigurationen
+    'htaccess.RewriteBase' => '/',
+    'memcache.local' => '\\OC\\Memcache\\APCu',
+    'apps_paths' => 
     array (
-      'path' => '/var/www/html/apps',
-      'url' => '/apps',
-      'writable' => false,
+        0 => 
+        array (
+            'path' => '/var/www/html/apps',
+            'url' => '/apps',
+            'writable' => false,
+        ),
+        1 => 
+        array (
+            'path' => '/var/www/html/custom_apps',
+            'url' => '/custom_apps',
+            'writable' => true,
+        ),
     ),
-    1 => 
-    array (
-      'path' => '/var/www/html/custom_apps',
-      'url' => '/custom_apps',
-      'writable' => true,
-    ),
-  ),
-  'upgrade.disable-web' => true,
-  'instanceid' => 'ocjo4cs4dcis',
-  'passwordsalt' => 'ylWtmswXFQJgVHCYeumxhR5uzUCIYN',
-  'secret' => 'd8qzGMcBrLAHjjFWb7PsmIlvyhHUqyDFjqVC4nfiOzvpSipx',
-  'trusted_domains' => 
-  array (
-    0 => 'cloud.mrx8086.com',
-  ),
-  'datadirectory' => '/var/www/html/data',
-  'dbtype' => 'mysql',
-  'version' => '30.0.2.2',
-  'overwrite.cli.url' => 'http://cloud.mrx8086.com',
-  'dbname' => 'nextcloud_db',
-  'dbhost' => 'nextcloud-db',
-  'dbport' => '',
-  'dbtableprefix' => 'oc_',
-  'mysql.utf8mb4' => true,
-  'dbuser' => 'nextcloud_user',
-  'dbpassword' => 'nextcloudpass',
-  'installed' => true,
-  'overwriteprotocol' => 'https',
-  'trusted_proxies' => ['172.18.0.5'],
-  'maintenance_window_start' => '02:00',
-  'config_is_read_only' => true,
+    'upgrade.disable-web' => true,
+    'instanceid' => 'ocjo4cs4dcis',
+    'passwordsalt' => 'ylWtmswXFQJgVHCYeumxhR5uzUCIYN',
+    'secret' => 'd8qzGMcBrLAHjjFWb7PsmIlvyhHUqyDFjqVC4nfiOzvpSipx',
+    'trusted_domains' => 
+      array (
+        0 => 'cloud.mrx8086.com', // Das ist deine Nextcloud-Domain
+        1 => 'auth.mrx8086.com',   // Füge hier die Keycloak-Domain hinzu
+      ),
+    'datadirectory' => '/var/www/html/data',
+    'dbtype' => 'mysql',
+    'version' => '30.0.2.2',
+    'overwrite.cli.url' => 'https://cloud.mrx8086.com',
+    'dbname' => 'nextcloud_db',
+    'dbhost' => 'nextcloud-db',
+    'dbport' => '',
+    'dbtableprefix' => 'oc_',
+    'mysql.utf8mb4' => true,
+    'dbuser' => 'nextcloud_user',
+    'dbpassword' => 'nextcloudpass',
+    'installed' => true,
+    'overwriteprotocol' => 'https',
+    'trusted_proxies' => ['172.18.0.5', 'nginx-proxy-manager', '172.18.0.1'],
+    'maintenance_window_start' => '02:00',
+    'config_is_read_only' => true,
+  
+    // OpenID Connect Konfiguration hinzufügen
+    'oidc_login' => [
+        'auto_redirect' => true,
+        'client_id' => 'nextcloud', // Setze deine Client ID hier ein
+        'client_secret' => '7YVLBrKkMYbLGgiBouS5blq6A48swMYb', // Setze dein Client Secret hier ein
+        'issuer' => 'https://auth.mrx8086.com:8443/realms/mrx8086.com', // Setze hier die URL deines Keycloak Realm ein
+        'redirect_uri' => 'https://cloud.mrx8086.com/apps/oidc_login/oidc',
+        'end_session_redirect' => 'https://cloud.mrx8086.com',
+        'login_button_text' => 'Login with Keycloak', // Optionaler Text für den Button
+    ],
 );

src/configs/nextcloud/nextcloud-ssl.conf

@@ -12,8 +12,16 @@
         Options +FollowSymlinks
         AllowOverride All
         Require all granted
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        Header always set Referrer-Policy "no-referrer"
+        Header always set X-Content-Type-Options "nosniff"
+        Header always set X-Frame-Options "SAMEORIGIN"
+        Header always set X-XSS-Protection "1; mode=block"
+        SetEnv HOME /var/www/html
+        SetEnv HTTP_HOME /var/www/html
     </Directory>
 
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
+

src/docker/.env

@@ -33,8 +33,8 @@ N8N_DB_USER=n8n_user
 N8N_DB_PASSWORD=n8n_db_pass
 
 # Keycloak Konfiguration
-KEYCLOAK_DB_NAME=keycloak_db
+KEYCLOAK_DB_NAME=keycloakdb
 KEYCLOAK_DB_USER=keycloak_user
-KEYCLOAK_DB_PASSWORD=keycloak_db_pass
+KEYCLOAK_DB_PASSWORD=keycloak_password
 KEYCLOAK_ADMIN_USER=admin
-KEYCLOAK_ADMIN_PASSWORD=adminpass
+KEYCLOAK_ADMIN_PASSWORD=change_me

src/docker/docker-compose.yml

@@ -13,7 +13,8 @@ services:
       - ../data/npm:/data
       - ../data/npm_letsencrypt:/etc/letsencrypt
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.5
 
   paperless:
     image: 'ghcr.io/paperless-ngx/paperless-ngx:latest'
@@ -33,7 +34,8 @@ services:
       - paperless-db
       - paperless-redis
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.7
 
   paperless-db:
     image: 'postgres:13'
@@ -48,7 +50,8 @@ services:
     volumes:
       - ../data/paperless_db:/var/lib/postgresql/data
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.8
 
   paperless-redis:
     image: 'redis:alpine'
@@ -64,7 +67,8 @@ services:
       timeout: 5s
       retries: 5
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.9
 
   nextcloud:
     image: 'nextcloud:latest'
@@ -90,14 +94,18 @@ services:
     depends_on:
       - nextcloud-db
     networks:
-        - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.11
+    extra_hosts:
+      - "auth.mrx8086.com:172.18.0.6"
+      - "cloud.mrx8086.com:172.18.0.11"
     command:  >
       bash -c "
       a2enmod ssl &&
       a2ensite nextcloud-ssl &&
       a2enconf hsts &&
       apache2-foreground"
-  
+
   nextcloud-db:
     image: 'mariadb:latest'
     container_name: 'nextcloud-db'
@@ -112,7 +120,8 @@ services:
     volumes:
       - ../data/nextcloud_db:/var/lib/mysql
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.12
 
   kimai:
     image: 'kimai/kimai2:apache'
@@ -134,7 +143,8 @@ services:
     depends_on:
       - kimai-db
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.13
 
   kimai-db:
     image: 'mariadb:10.5'
@@ -150,7 +160,8 @@ services:
     volumes:
       - ../data/kimai_db:/var/lib/mysql
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.14
 
   n8n:
     image: 'n8nio/n8n:latest'
@@ -173,7 +184,8 @@ services:
     depends_on:
       - n8n-db
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.15
 
   n8n-db:
     image: 'postgres:13'
@@ -186,36 +198,43 @@ services:
     volumes:
       - ../data/n8n_db:/var/lib/postgresql/data
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.16
 
   keycloak:
     image: 'quay.io/keycloak/keycloak:latest'
     container_name: 'keycloak'
     restart: unless-stopped
     environment:
-      - DB_VENDOR=postgres
-      - DB_ADDR=keycloak-db
-      - DB_DATABASE=${KEYCLOAK_DB_NAME}
-      - DB_USER=${KEYCLOAK_DB_USER}
-      - DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
-      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN_USER}
-      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/${KEYCLOAK_DB_NAME}
+      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
+      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
       - KC_HOSTNAME=auth.mrx8086.com
-      - KC_HOSTNAME_STRICT_HTTPS=false # Entfernen von deprecated hostname Optionen
+      - KC_PROXY=edge
+      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/fullchain.pem
+      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/privkey.pem
+      - KC_BOOTSTRAP_ADMIN_USERNAME=${KEYCLOAK_ADMIN_USER}
+      - KC_BOOTSTRAP_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
     ports:
-      - "8443:8443"  # HTTPS Port für Keycloak
+      - "8443:8443"
     volumes:
-      - ../configs/certs/mrx8086.com:/etc/x509/https  # Zertifikate mounten
-      - ../data/keycloak_data:/opt/keycloak/data      # Persistente Speicherung der Keycloak-Daten
-      - ../data/keycloak_transaction_logs:/opt/keycloak/data/transaction-logs # Transaction Logs persistieren
-      - ../data/keycloak_conf:/opt/keycloak/conf      # Persistente Speicherung der Konfiguration
-      - ../data/keycloak_logs:/opt/keycloak/log       # Persistente Speicherung der Logs
+      - ../configs/certs/mrx8086.com:/etc/x509/https
+      - ../data/keycloak_data:/opt/keycloak/data
+      - ../data/keycloak_transaction_logs:/opt/keycloak/data/transaction-logs
+      - ../data/keycloak_conf:/opt/keycloak/conf
+      - ../data/keycloak_logs:/opt/keycloak/log
+      - ../data/keycloak_tmp:/opt/keycloak/data/tmp   # <--- Neu hinzugefügt
     command:
       - start-dev
     depends_on:
       - keycloak-db
     networks:
-      - automate-network
+      automate-network:
+        ipv4_address: 172.18.0.6
+    extra_hosts:
+      - "auth.mrx8086.com:172.18.0.6"
+      - "cloud.mrx8086.com:172.18.0.11"
 
   keycloak-db:
     image: 'postgres:13'
@@ -225,16 +244,20 @@ services:
       - POSTGRES_DB=${KEYCLOAK_DB_NAME}
       - POSTGRES_USER=${KEYCLOAK_DB_USER}
       - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+    ports:
+      - "5433:5432" # Port für PostgreSQL erreichbar machen
     volumes:
       - ../data/keycloak_db:/var/lib/postgresql/data
     networks:
-      - automate-network      
+      automate-network:
+        ipv4_address: 172.18.0.17
 
 networks:
   automate-network:
-    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.18.0.0/16
 
 volumes:
   data:
   plugins:
-

tmp.yml

@@ -0,0 +1,253 @@
+version: '3.8'
+
+services:
+  npm:
+    image: 'jc21/nginx-proxy-manager:latest'
+    container_name: 'nginx-proxy-manager'
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "81:81"
+      - "443:443"
+    volumes:
+      - ../data/npm:/data
+      - ../data/npm_letsencrypt:/etc/letsencrypt
+    networks:
+      - automate-network
+
+  paperless:
+    image: 'ghcr.io/paperless-ngx/paperless-ngx:latest'
+    container_name: 'paperless'
+    restart: unless-stopped
+    environment:
+      - PAPERLESS_DB_HOST=${PAPERLESS_DB_HOST}
+      - PAPERLESS_DB_NAME=${PAPERLESS_DB_NAME}
+      - PAPERLESS_DB_USER=${PAPERLESS_DB_USER}
+      - PAPERLESS_DB_PASSWORD=${PAPERLESS_DB_PASSWORD}
+      - PAPERLESS_REDIS=redis://paperless-redis:6379
+    ports:
+      - "8000:8000"
+    volumes:
+      - ../data/paperless:/usr/src/paperless/data
+    depends_on:
+      - paperless-db
+      - paperless-redis
+    networks:
+      - automate-network
+
+  paperless-db:
+    image: 'postgres:13'
+    container_name: 'paperless-db'
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB=${PAPERLESS_DB_NAME}
+      - POSTGRES_USER=${PAPERLESS_DB_USER}
+      - POSTGRES_PASSWORD=${PAPERLESS_DB_PASSWORD}
+    ports:
+      - "5432:5432"  # Expose PostgreSQL on host port 5432
+    volumes:
+      - ../data/paperless_db:/var/lib/postgresql/data
+    networks:
+      - automate-network
+
+  paperless-redis:
+    image: 'redis:alpine'
+    container_name: 'paperless-redis'
+    ports:
+      - "6379:6379"
+    restart: unless-stopped
+    volumes:
+      - ../data/paperless_redis:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - automate-network
+
+  nextcloud:
+    image: 'nextcloud:latest'
+    container_name: 'nextcloud'
+    restart: unless-stopped
+    environment:
+      - MYSQL_HOST=${NEXTCLOUD_DB_HOST}
+      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
+      - MYSQL_USER=${NEXTCLOUD_DB_USER}
+      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
+      - OVERWRITEPROTOCOL=https   # Setze das Protokoll auf HTTPS
+      - TRUSTED_PROXIES=172.18.0.5  # Setze die trusted_proxies
+      - OVERWRITE_CLI_URL=https://cloud.mrx8086.com  # Setze die CLI-URL auf HTTPS      
+    ports:
+      - "9080:80"    # HTTP Port für Nextcloud
+      - "9443:443"   # HTTPS Port für Nextcloud
+    volumes:
+      - ../data/nextcloud:/var/www/html
+      - ../configs/certs/mrx8086.com:/etc/ssl/certs/mrx8086.com
+      - ../configs/nextcloud/nextcloud-ssl.conf:/etc/apache2/sites-available/nextcloud-ssl.conf
+      - ../configs/nextcloud/hsts.conf:/etc/apache2/conf-available/hsts.conf  # HSTS Konfiguration hinzufügen
+      - ../configs/nextcloud/config.php:/var/www/html/config/config.php  # Überschreibe config.php
+    depends_on:
+      - nextcloud-db
+    networks:
+      automate-network:
+        ipv4_address: 172.18.0.11
+    extra_hosts:
+      - "auth.mrx8086.com:172.18.0.6"
+      - "cloud.mrx8086.com:172.18.0.11"
+    command:  >
+      bash -c "
+      a2enmod ssl &&
+      a2ensite nextcloud-ssl &&
+      a2enconf hsts &&
+      apache2-foreground"
+  
+  nextcloud-db:
+    image: 'mariadb:latest'
+    container_name: 'nextcloud-db'
+    restart: unless-stopped
+    environment:
+      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
+      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
+      - MYSQL_USER=${NEXTCLOUD_DB_USER}
+      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
+    ports:
+      - "3306:3306"
+    volumes:
+      - ../data/nextcloud_db:/var/lib/mysql
+    networks:
+      - automate-network
+
+  kimai:
+    image: 'kimai/kimai2:apache'
+    container_name: 'kimai'
+    restart: unless-stopped
+    environment:
+      - APP_ENV=prod
+      - DATABASE_URL=mysql://${KIMAI_DB_USER}:${KIMAI_DB_PASSWORD}@${KIMAI_DB_HOST}/${KIMAI_DB_NAME}
+      - TRUSTED_PROXIES=nginx,localhost,127.0.0.1  # Vertrauenswürdige Proxies für Reverse Proxy Setup
+      - ADMINMAIL=${KIMAI_ADMIN_EMAIL}            # E-Mail für den Admin
+      - ADMINPASS=${KIMAI_ADMIN_PASSWORD}         # Passwort für den Admin
+      - TIMEZONE=Europe/Berlin                    # Zeitzone für Kimai
+      - APP_SECRET=${KIMAI_APP_SECRET}            # Sicherer Secret Key für die Anwendung
+    ports:
+      - "8001:8001"
+    volumes:
+      - data:/opt/kimai/var/data
+      - plugins:/opt/kimai/var/plugins
+    depends_on:
+      - kimai-db
+    networks:
+      - automate-network
+
+  kimai-db:
+    image: 'mariadb:10.5'
+    container_name: 'kimai-db'
+    restart: unless-stopped
+    environment:
+      - MYSQL_ROOT_PASSWORD=${KIMAI_DB_ROOT_PASSWORD}
+      - MYSQL_DATABASE=${KIMAI_DB_NAME}
+      - MYSQL_USER=${KIMAI_DB_USER}
+      - MYSQL_PASSWORD=${KIMAI_DB_PASSWORD}
+    ports:
+      - "3307:3306"
+    volumes:
+      - ../data/kimai_db:/var/lib/mysql
+    networks:
+      - automate-network
+
+  n8n:
+    image: 'n8nio/n8n:latest'
+    container_name: 'n8n'
+    restart: unless-stopped
+    environment:
+      - N8N_BASIC_AUTH_ACTIVE=true
+      - N8N_BASIC_AUTH_USER=${N8N_USER}
+      - N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD}
+      - N8N_PORT=5678
+      - DB_TYPE=postgresdb
+      - DB_POSTGRESDB_HOST=n8n-db
+      - DB_POSTGRESDB_DATABASE=${N8N_DB_NAME}
+      - DB_POSTGRESDB_USER=${N8N_DB_USER}
+      - DB_POSTGRESDB_PASSWORD=${N8N_DB_PASSWORD}
+    ports:
+      - "5678:5678"
+    volumes:
+      - ../data/n8n:/home/node/.n8n
+    depends_on:
+      - n8n-db
+    networks:
+      - automate-network
+
+  n8n-db:
+    image: 'postgres:13'
+    container_name: 'n8n-db'
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB=${N8N_DB_NAME}
+      - POSTGRES_USER=${N8N_DB_USER}
+      - POSTGRES_PASSWORD=${N8N_DB_PASSWORD}
+    volumes:
+      - ../data/n8n_db:/var/lib/postgresql/data
+    networks:
+      - automate-network
+
+  keycloak:
+    image: 'quay.io/keycloak/keycloak:latest'
+    container_name: 'keycloak'
+    restart: unless-stopped
+    environment:
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/${KEYCLOAK_DB_NAME}
+      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
+      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+      - KC_HOSTNAME=auth.mrx8086.com
+      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/fullchain.pem
+      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/privkey.pem
+      - KC_BOOTSTRAP_ADMIN_USERNAME=${KEYCLOAK_ADMIN_USER}
+      - KC_BOOTSTRAP_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
+    ports:
+      - "8443:8443"
+    volumes:
+      - ../configs/certs/mrx8086.com:/etc/x509/https
+      - ../data/keycloak_data:/opt/keycloak/data
+      - ../data/keycloak_transaction_logs:/opt/keycloak/data/transaction-logs
+      - ../data/keycloak_conf:/opt/keycloak/conf
+      - ../data/keycloak_logs:/opt/keycloak/log
+      - ../data/keycloak_tmp:/opt/keycloak/data/tmp   # <--- Neu hinzugefügt
+    command:
+      - start-dev
+    depends_on:
+      - keycloak-db
+    networks:
+      automate-network:
+        ipv4_address: 172.18.0.6
+    extra_hosts:
+      - "auth.mrx8086.com:172.18.0.6"
+      - "cloud.mrx8086.com:172.18.0.11"
+
+  keycloak-db:
+    image: 'postgres:13'
+    container_name: 'keycloak-db'
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB=${KEYCLOAK_DB_NAME}
+      - POSTGRES_USER=${KEYCLOAK_DB_USER}
+      - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+    ports:
+      - "5433:5432" # Port für PostgreSQL erreichbar machen
+    volumes:
+      - ../data/keycloak_db:/var/lib/postgresql/data
+    networks:
+      - automate-network
+
+networks:
+  automate-network:
+    ipam:
+      config:
+        - subnet: 172.18.0.0/16
+
+volumes:
+  data:
+  plugins:
+