From c96e7a694fa8190722196a2919b146a28285eaf5 Mon Sep 17 00:00:00 2001 From: Bryce Date: Mon, 20 Apr 2026 22:47:02 -0700 Subject: [PATCH] fix --- .gitignore | 2 + comfyui/ts_serve.json | 2 +- docker-compose.yml | 104 ++++++++++++++++++++++++++-------- filebrowser/config/.gitkeep | 0 filebrowser/database/.gitkeep | 0 filebrowser/ts_serve.json | 2 +- llama/nginx.conf | 67 ---------------------- llama/oauth2-proxy.cfg | 50 ---------------- 8 files changed, 83 insertions(+), 144 deletions(-) create mode 100644 filebrowser/config/.gitkeep create mode 100644 filebrowser/database/.gitkeep delete mode 100644 llama/nginx.conf delete mode 100644 llama/oauth2-proxy.cfg diff --git a/.gitignore b/.gitignore index 54a7618..e9a62a9 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,9 @@ llama/tailscale-state/ comfyui/tailscale-state/** filebrowser/tailscale-state/** +filebrowser/config/filebrowser.db filebrowser/filebrowser.db +filebrowser/database/** llama/tailscale-state/** *.log .DS_Store diff --git a/comfyui/ts_serve.json b/comfyui/ts_serve.json index 656042b..fa60398 100644 --- a/comfyui/ts_serve.json +++ b/comfyui/ts_serve.json @@ -8,7 +8,7 @@ "comfyui.story-basking.ts.net:443": { "Handlers": { "/": { - "Proxy": "http://127.0.0.1:80" + "Proxy": "http://127.0.0.1:4180" } } } diff --git a/docker-compose.yml b/docker-compose.yml index 00577d9..f616cf5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,14 +19,41 @@ services: - net_raw restart: unless-stopped - comfy_nginx: - image: nginx:latest + comfy_oauth2_proxy: + image: quay.io/oauth2-proxy/oauth2-proxy:latest depends_on: - comfy_tailscale + environment: + - OAUTH2_PROXY_PROVIDER=github + - OAUTH2_PROXY_LOGIN_URL=https://gitea.story-basking.ts.net/login/oauth/authorize + - OAUTH2_PROXY_REDEEM_URL=https://gitea.story-basking.ts.net/login/oauth/access_token + - OAUTH2_PROXY_VALIDATE_URL=https://gitea.story-basking.ts.net/api/v1/user/emails + - OAUTH2_PROXY_CLIENT_ID=a7bd5538-8de8-47d2-9963-fd45ce1e0498 + - OAUTH2_PROXY_CLIENT_SECRET=gto_5qj64uruo6qs35ay3eprbpbkslwq4e7pqe4i773ye4lfzeo6gwwq + - OAUTH2_PROXY_COOKIE_SECRET=/kGl9ruL8N01Yx5Mj9kVFfuyTehhl3/5 + - OAUTH2_PROXY_COOKIE_NAME=comfy_session + - OAUTH2_PROXY_COOKIE_DOMAINS=.story-basking.ts.net + - OAUTH2_PROXY_COOKIE_EXPIRE=168h0m0s + - OAUTH2_PROXY_COOKIE_REFRESH=60m + - OAUTH2_PROXY_COOKIE_SECURE=true + - OAUTH2_PROXY_COOKIE_HTTPONLY=false + - OAUTH2_PROXY_COOKIE_SAMESITE=none + - OAUTH2_PROXY_GITHUB_USER=brycecovert + - OAUTH2_PROXY_REDIRECT_URL=https://comfyui.story-basking.ts.net/oauth2/callback + - OAUTH2_PROXY_EMAIL_DOMAINS=* + - OAUTH2_PROXY_UPSTREAMS=http://workstation:8188 + - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 + - OAUTH2_PROXY_REVERSE_PROXY=true + - OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER=true + - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true + - OAUTH2_PROXY_SET_XAUTHREQUEST=true + - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true + - OAUTH2_PROXY_SKIP_AUTH_REGEX=^/ui + - OAUTH2_PROXY_SESSION_STORE_TYPE=cookie + - OAUTH2_PROXY_STANDARD_LOGGING=true + - OAUTH2_PROXY_AUTH_LOGGING=true + - OAUTH2_PROXY_REQUEST_LOGGING=true restart: unless-stopped - volumes: - - ./comfyui/nginx.conf:/etc/nginx/nginx.conf:ro - - ./.htpasswd:/etc/nginx/.htpasswd:ro network_mode: service:comfy_tailscale filebrowser_tailscale: @@ -46,6 +73,7 @@ services: - net_admin - net_raw restart: unless-stopped + filebrowser: image: hurlenko/filebrowser container_name: filebrowser @@ -55,20 +83,51 @@ services: volumes: - /mnt/data/ai/ComfyUI/output:/data/comfyui-output - /home/noti/dev:/data/dev + - ./filebrowser/database/:/database + - ./filebrowser/config:/config environment: - FB_BASEURL=/filebrowser restart: unless-stopped network_mode: service:filebrowser_tailscale - filebrowser_nginx: - image: nginx:latest + + filebrowser_oauth2_proxy: + image: quay.io/oauth2-proxy/oauth2-proxy:latest depends_on: - filebrowser_tailscale + environment: + - OAUTH2_PROXY_PROVIDER=github + - OAUTH2_PROXY_LOGIN_URL=https://gitea.story-basking.ts.net/login/oauth/authorize + - OAUTH2_PROXY_REDEEM_URL=https://gitea.story-basking.ts.net/login/oauth/access_token + - OAUTH2_PROXY_VALIDATE_URL=https://gitea.story-basking.ts.net/api/v1/user/emails + - OAUTH2_PROXY_CLIENT_ID=a7bd5538-8de8-47d2-9963-fd45ce1e0498 + - OAUTH2_PROXY_CLIENT_SECRET=gto_5qj64uruo6qs35ay3eprbpbkslwq4e7pqe4i773ye4lfzeo6gwwq + - OAUTH2_PROXY_COOKIE_SECRET=/kGl9ruL8N01Yx5Mj9kVFfuyTehhl3/5 + - OAUTH2_PROXY_COOKIE_NAME=filebrowser_session + - OAUTH2_PROXY_COOKIE_DOMAINS=.story-basking.ts.net + - OAUTH2_PROXY_COOKIE_EXPIRE=168h0m0s + - OAUTH2_PROXY_COOKIE_REFRESH=60m + - OAUTH2_PROXY_COOKIE_SECURE=true + - OAUTH2_PROXY_COOKIE_HTTPONLY=false + - OAUTH2_PROXY_COOKIE_SAMESITE=none + - OAUTH2_PROXY_GITHUB_USER=brycecovert + - OAUTH2_PROXY_REDIRECT_URL=https://filebrowser.story-basking.ts.net/oauth2/callback + - OAUTH2_PROXY_EMAIL_DOMAINS=* + - OAUTH2_PROXY_UPSTREAMS=http://localhost:8080 + - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 + - OAUTH2_PROXY_REVERSE_PROXY=true + - OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER=true + - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true + - OAUTH2_PROXY_SET_XAUTHREQUEST=true + - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true + - OAUTH2_PROXY_SKIP_AUTH_REGEX=^/ui + - OAUTH2_PROXY_SESSION_STORE_TYPE=cookie + - OAUTH2_PROXY_STANDARD_LOGGING=true + - OAUTH2_PROXY_AUTH_LOGGING=true + - OAUTH2_PROXY_REQUEST_LOGGING=true restart: unless-stopped - volumes: - - ./filebrowser/nginx.conf:/etc/nginx/nginx.conf:ro - - ./.htpasswd:/etc/nginx/.htpasswd:ro network_mode: service:filebrowser_tailscale + llama_tailscale: image: tailscale/tailscale:latest hostname: llama @@ -94,16 +153,20 @@ services: - llama_tailscale environment: - OAUTH2_PROXY_PROVIDER=github - - OAUTH2_PROXY_CLIENT_ID=${GITHUB_CLIENT_ID} - - OAUTH2_PROXY_CLIENT_SECRET=${GITHUB_CLIENT_SECRET} + - OAUTH2_PROXY_LOGIN_URL=https://gitea.story-basking.ts.net/login/oauth/authorize + - OAUTH2_PROXY_REDEEM_URL=https://gitea.story-basking.ts.net/login/oauth/access_token + - OAUTH2_PROXY_VALIDATE_URL=https://gitea.story-basking.ts.net/api/v1/user/emails + - OAUTH2_PROXY_CLIENT_ID=a7bd5538-8de8-47d2-9963-fd45ce1e0498 + - OAUTH2_PROXY_CLIENT_SECRET=gto_5qj64uruo6qs35ay3eprbpbkslwq4e7pqe4i773ye4lfzeo6gwwq - OAUTH2_PROXY_COOKIE_SECRET=/kGl9ruL8N01Yx5Mj9kVFfuyTehhl3/5 - OAUTH2_PROXY_COOKIE_NAME=llama_session - - OAUTH2_PROXY_COOKIE_DOMAINS=llama.story-basking.ts.net + - OAUTH2_PROXY_COOKIE_DOMAINS=.story-basking.ts.net - OAUTH2_PROXY_COOKIE_EXPIRE=168h0m0s - OAUTH2_PROXY_COOKIE_REFRESH=60m - OAUTH2_PROXY_COOKIE_SECURE=true - - OAUTH2_PROXY_COOKIE_HTTPONLY=true - - OAUTH2_PROXY_COOKIE_SAMESITE=lax + - OAUTH2_PROXY_COOKIE_HTTPONLY=false + - OAUTH2_PROXY_COOKIE_SAMESITE=none + - OAUTH2_PROXY_GITHUB_USER=brycecovert - OAUTH2_PROXY_REDIRECT_URL=https://llama.story-basking.ts.net/oauth2/callback - OAUTH2_PROXY_EMAIL_DOMAINS=* - OAUTH2_PROXY_UPSTREAMS=http://workstation:5082 @@ -113,19 +176,10 @@ services: - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true - OAUTH2_PROXY_SET_XAUTHREQUEST=true - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true + - OAUTH2_PROXY_SKIP_AUTH_REGEX=^/ui - OAUTH2_PROXY_SESSION_STORE_TYPE=cookie - OAUTH2_PROXY_STANDARD_LOGGING=true - OAUTH2_PROXY_AUTH_LOGGING=true - OAUTH2_PROXY_REQUEST_LOGGING=true restart: unless-stopped network_mode: service:llama_tailscale - - llama_nginx: - image: nginx:latest - depends_on: - - llama_tailscale - - llama_oauth2_proxy - restart: unless-stopped - volumes: - - ./llama/nginx.conf:/etc/nginx/nginx.conf:ro - network_mode: service:llama_tailscale diff --git a/filebrowser/config/.gitkeep b/filebrowser/config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/filebrowser/database/.gitkeep b/filebrowser/database/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/filebrowser/ts_serve.json b/filebrowser/ts_serve.json index cd5943a..4e627a7 100644 --- a/filebrowser/ts_serve.json +++ b/filebrowser/ts_serve.json @@ -8,7 +8,7 @@ "filebrowser.story-basking.ts.net:443": { "Handlers": { "/": { - "Proxy": "http://127.0.0.1:80" + "Proxy": "http://127.0.0.1:4180" } } } diff --git a/llama/nginx.conf b/llama/nginx.conf deleted file mode 100644 index 4b815c3..0000000 --- a/llama/nginx.conf +++ /dev/null @@ -1,67 +0,0 @@ -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - gzip on; - gzip_vary on; - gzip_min_length 256; - gzip_proxied any; - gzip_types - application/json - application/javascript - application/xml - application/xml+rss - text/css - text/javascript - text/plain - text/xml; - - # CORS headers for OAuth redirects - map $http_origin $cors_origin { - default ""; - "https://llama.story-basking.ts.net" $http_origin; - } - - server { - listen 80; - server_name _; - - client_max_body_size 100M; - - location / { - # Add CORS headers to all responses - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials true always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - add_header Access-Control-Allow-Headers "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always; - - # Handle preflight requests - if ($request_method = OPTIONS) { - return 204; - } - - proxy_pass http://llama_oauth2_proxy:4180; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Important: Pass cookies properly - proxy_pass_header Set-Cookie; - proxy_cookie_domain localhost llama.story-basking.ts.net; - } - } -} diff --git a/llama/oauth2-proxy.cfg b/llama/oauth2-proxy.cfg deleted file mode 100644 index a525c9c..0000000 --- a/llama/oauth2-proxy.cfg +++ /dev/null @@ -1,50 +0,0 @@ -## OAuth2 Proxy Configuration -## Using GitHub as the identity provider - -# Provider settings -provider = "github" - -# Get these from GitHub Settings → Developer settings → OAuth Apps -client_id = "${GITHUB_CLIENT_ID}" -client_secret = "${GITHUB_CLIENT_SECRET}" - -# Cookie settings -cookie_name = "llama_session" -cookie_secret = "${OAUTH2_PROXY_COOKIE_SECRET}" -cookie_domains = [".story-basking.ts.net"] -cookie_expire = "168h0m0s" -cookie_refresh = "60m" -cookie_secure = true -cookie_httponly = true -cookie_samesite = "none" - -# Redirect URL - must match GitHub OAuth settings -redirect_url = "https://llama.story-basking.ts.net/oauth2/callback" - -# GitHub specific - restrict to specific orgs/users (optional) -# github_org = "your-org" -# github_team = "your-team" -github_user = "brycecovert" - -# Upstream - your llama service -upstreams = [ "http://workstation:5082" ] - -# Server settings -http_address = "0.0.0.0:4180" -reverse_proxy = true - -# Pass user info to upstream -pass_authorization_header = true -pass_access_token = true -set_xauthrequest = true - -# Skip the provider selection button -skip_provider_button = true - -# Session storage -session_store_type = "cookie" - -# Logging -standard_logging = true -auth_logging = true -request_logging = true