fixes

2026-04-20 11:18:04 -07:00
parent 6dfd6c1ee6
commit 86965fd783
7 changed files with 136 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,3 @@
 filebrowser/filebrowser.db
 filebrowser/tailscale-state/**
 comfyui/tailscale-state/**
--- a/comfyui/nginx.conf
+++ b/comfyui/nginx.conf
--- a/comfyui/ts_serve.json
+++ b/comfyui/ts_serve.json
@@ -0,0 +1,19 @@
 {
  "TCP": {
    "443": {
      "HTTPS": true
    }
  },
  "Web": {
    "comfyui.story-basking.ts.net:443": {
      "Handlers": {
        "/": {
          "Proxy": "http://127.0.0.1:80"
        }
      }
    }
  },
  "AllowFunnel": {
    "comfyui.story-basking.ts.net:443": true
  }
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,34 +1,70 @@
 version: "3.8"
 services:
-  tailscale:
+  comfy_tailscale:
    image: tailscale/tailscale:latest
    hostname: comfyui
    environment:
      - TS_AUTHKEY=tskey-auth-kNm64Dbcts11CNTRL-4eLQjm2pQYCLdy285gNaYCFDF1KTjP71
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/ts_serve.json
      - TS_USERSPACE=false
    volumes:
-      - ./tailscale-state:/var/lib/tailscale
+      - ./comfyui/tailscale-state:/var/lib/tailscale
-      - ./tailscale-entrypoint.sh:/entrypoint.sh:ro
+      - ./comfyui/ts_serve.json:/config/ts_serve.json
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - net_raw
    restart: unless-stopped
    entrypoint: ["/bin/sh", "/entrypoint.sh"]
-  nginx:
+  comfy_nginx:
    image: nginx:latest
    depends_on:
-      - tailscale
+      - comfy_tailscale
    restart: unless-stopped
    volumes:
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./comfyui/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./.htpasswd:/etc/nginx/.htpasswd:ro
-    network_mode: service:tailscale
+    network_mode: service:comfy_tailscale
-volumes:
+  filebrowser_tailscale:
-  tailscale-state:
+    image: tailscale/tailscale:latest
-    driver: local
+    hostname: filebrowser
    environment:
      - TS_AUTHKEY=tskey-auth-kNm64Dbcts11CNTRL-4eLQjm2pQYCLdy285gNaYCFDF1KTjP71
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/ts_serve.json
      - TS_USERSPACE=false
    volumes:
      - ./filebrowser/tailscale-state:/var/lib/tailscale
      - ./filebrowser/ts_serve.json:/config/ts_serve.json
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - net_raw
    restart: unless-stopped
  filebrowser:
    image: hurlenko/filebrowser
    container_name: filebrowser
    user: "${UID}:${GID}"
    depends_on:
      - filebrowser_tailscale
    volumes:
      - /mnt/data/ai/ComfyUI/output:/data/comfyui-output
      - /home/noti/dev:/data/dev
    environment:
      - FB_BASEURL=/filebrowser
    restart: unless-stopped
    network_mode: service:filebrowser_tailscale
  filebrowser_nginx:
    image: nginx:latest
    depends_on:
      - filebrowser_tailscale
    restart: unless-stopped
    volumes:
      - ./filebrowser/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./.htpasswd:/etc/nginx/.htpasswd:ro
    network_mode: service:filebrowser_tailscale
--- a/filebrowser/nginx.conf
+++ b/filebrowser/nginx.conf
@@ -0,0 +1,48 @@
 events {
    worker_connections 1024;
 }
 http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    gzip on;
    gzip_vary on;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_types
        application/json
        application/javascript
        application/xml
        application/xml+rss
        text/css
        text/javascript
        text/plain
        text/xml;
    server {
        listen 80;
        server_name _;
        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/.htpasswd;
        client_max_body_size 100M;
        location / {
            proxy_pass http://localhost:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_connect_timeout 60s;
            proxy_send_timeout 60s;
            proxy_read_timeout 60s;
        }
    }
 }
--- a/filebrowser/ts_serve.json
+++ b/filebrowser/ts_serve.json
@@ -0,0 +1,19 @@
 {
  "TCP": {
    "443": {
      "HTTPS": true
    }
  },
  "Web": {
    "filebrowser.story-basking.ts.net:443": {
      "Handlers": {
        "/": {
          "Proxy": "http://127.0.0.1:80"
        }
      }
    }
  },
  "AllowFunnel": {
    "filebrowser.story-basking.ts.net:443": true
  }
 }
--- a/tailscale-entrypoint.sh
+++ b/tailscale-entrypoint.sh
@@ -1,11 +0,0 @@
 #!/bin/sh
 set -e
 tailscaled &
 TAILSCALD_PID=$!
 sleep 2
 tailscale funnel 80
 wait $TAILSCALD_PID