Initial server setup configuration

.gitignore

@@ -0,0 +1,16 @@
+# RabbitMQ data files
+rabbitmq/data/
+rabbitmq/logs/
+
+# Traefik temporary files
+traefik/*~*
+traefik/AEEB2D~O
+
+# Any temporary/lock files
+*~*
+*.tmp
+*.lock
+
+# Log files
+*.log
+logs/

docker-compose.yml

@@ -0,0 +1,173 @@
+networks:
+  traefik-public:
+    driver: bridge
+
+services:
+  traefik:
+    networks:
+      - traefik-public
+
+    image: traefik:latest
+    restart: always
+    command:
+      - "--api.dashboard=true"
+      - "--api.insecure=false"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/etc/traefik"
+      - "--providers.file.watch=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.websecure.http.tls=true"
+      - "--entrypoints.websecure.http.tls.certresolver=letsencrypt"
+      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.email=robert@wellnuo.com"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json"
+      - "--api.dashboard=true"
+      - "--api.insecure=true"
+      - "--entrypoints.amqp.address=:5672"
+      - "--log.level=DEBUG"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"  # Add this line for dashboard internal access
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik/config:/etc/traefik
+      - ./traefik/acme.json:/etc/traefik/acme.json
+
+    labels:
+      - "traefik.enable=true"
+      # Dashboard
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.eluxnetworks.net`)"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$mG0yHveI$$y2hSROLHtMbuWFK4F.p2c1"
+
+  nginx:
+    build:
+      context: ./nginx
+      dockerfile: Dockerfile
+    restart: always
+    networks:
+      - traefik-public
+    volumes:
+      - /home/ubuntu/www:/usr/share/nginx/html
+      - /mnt/data/well_tests:/usr/share/nginx/html/well_tests
+      - /mnt/data/shared:/usr/share/nginx/html/shared
+      - /home/ubuntu/server-setup/well_mob_pwa/build:/usr/share/nginx/html/react
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+      - ./nginx/.htpasswd:/etc/nginx/.htpasswd:ro
+    labels:
+      - "traefik.enable=true"
+      # Main website
+      - "traefik.http.routers.nginx-web.rule=Host(`eluxnetworks.net`)"
+      - "traefik.http.routers.nginx-web.entrypoints=websecure"
+      - "traefik.http.routers.nginx-web.tls.certresolver=letsencrypt"
+      # React app
+      - "traefik.http.routers.nginx-react.rule=Host(`react.eluxnetworks.net`)"
+      - "traefik.http.routers.nginx-react.entrypoints=websecure"
+      - "traefik.http.routers.nginx-react.tls.certresolver=letsencrypt"
+      - "traefik.http.middlewares.security-headers.headers.stsSeconds=31536000"
+      - "traefik.http.middlewares.security-headers.headers.forceSTSHeader=true"
+      - "traefik.http.routers.nginx-web.middlewares=security-headers"
+      - "traefik.http.routers.nginx-react.middlewares=security-headers"
+      - "traefik.http.services.nginx-react.loadbalancer.server.port=80"
+
+  rabbitmq:
+    networks:
+      - traefik-public
+    user: "999:65534"
+    image: rabbitmq:3.13-management
+    restart: always
+    hostname: "rabbitmq"  # Add this line
+    environment:
+      - RABBITMQ_DEFAULT_USER=admin
+      - RABBITMQ_DEFAULT_PASS=Cbx696969!
+      - RABBITMQ_NODENAME=rabbit@rabbitmq  # Add this line
+      - RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=-rabbit log_levels [{connection,error}]
+      - RABBITMQ_MNESIA_DIR=/var/lib/rabbitmq/mnesia
+    volumes:
+      -  /mnt/data/rabbitmq:/var/lib/rabbitmq
+
+    ports:
+      - "5672:5672"  # AMQP port
+      - "15672:15672"  # Management UI
+    expose:
+      - 5672
+      - 15672
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.rabbitmq.rule=Host(`rabbitmq.eluxnetworks.net`)"
+      - "traefik.http.routers.rabbitmq.entrypoints=websecure"
+      - "traefik.http.routers.rabbitmq.tls.certresolver=letsencrypt"
+      - "traefik.http.services.rabbitmq.loadbalancer.server.port=15672"
+
+
+  minio:
+    image: minio/minio:latest
+    restart: always
+    command: server /data --console-address ":9001" --address ":9000"
+    environment:
+      # Admin credentials for console login
+      - MINIO_ROOT_USER=admin
+      - MINIO_ROOT_PASSWORD=Cbx696969!
+      # Access keys for API access
+      - MINIO_ACCESS_KEY=well_pipe
+      - MINIO_SECRET_KEY=WellNuo_2024
+      # Optional: Force all credentials to be set before starting
+      - MINIO_SITE_REGION=us-east-1
+      - MINIO_BROWSER_REDIRECT_URL=https://minio-console.eluxnetworks.net
+    ports:
+      - "9000:9000"
+      - "9001:9001"  # Adding explicit port mapping for debugging
+    volumes:
+      - /mnt/data/minio:/data
+    networks:
+      - traefik-public
+    labels:
+      - "traefik.enable=true"
+      # API Service
+      - "traefik.http.routers.minio-api.rule=Host(`minio.eluxnetworks.net`)"
+      - "traefik.http.routers.minio-api.entrypoints=websecure"
+      - "traefik.http.routers.minio-api.tls.certresolver=letsencrypt"
+      - "traefik.http.services.minio-api-service.loadbalancer.server.port=9000"
+      - "traefik.http.routers.minio-api.service=minio-api-service"
+
+      # Console Service
+      - "traefik.http.routers.minio-console.rule=Host(`minio-console.eluxnetworks.net`)"
+      - "traefik.http.routers.minio-console.entrypoints=websecure"
+      - "traefik.http.routers.minio-console.tls.certresolver=letsencrypt"
+      - "traefik.http.services.minio-console-service.loadbalancer.server.port=9001"
+      - "traefik.http.routers.minio-console.service=minio-console-service"
+
+  registry:
+      image: registry:latest
+      restart: always
+      ports:
+        - "5000:5000"
+      networks:
+        - traefik-public
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.registry.rule=Host(`repo.eluxnetworks.net`)"
+        - "traefik.http.routers.registry.entrypoints=websecure"
+        - "traefik.http.routers.registry.tls.certresolver=letsencrypt"
+        - "traefik.http.services.registry.loadbalancer.server.port=5000"
+
+  redis:
+    image: redis:alpine
+    restart: always
+    networks:
+      - traefik-public
+    volumes:
+      - /mnt/data/redis:/data
+    ports:
+      - "6379:6379"
+    command: redis-server --appendonly yes
+    labels:
+      - "traefik.enable=false"  # No need to expose Redis to the internet

rabbitmq/definitions.json

@@ -0,0 +1,38 @@
+{
+    "users": [
+        {
+            "name": "admin",
+            "password_hash": "YX91m9ZBhL8oXzpxcrYtVAOv4vgTDfS0YCCYJA1UDPPbNJ+m",
+            "hashing_algorithm": "rabbit_password_hashing_sha256",
+            "tags": ["administrator"]
+        },
+        {
+            "name": "well_pipe",
+            "password_hash": "AzdMI/4joetKPS2J5AsBOVKMZzW6Dp/ov6xal8vFbLpal43F",
+            "hashing_algorithm": "rabbit_password_hashing_sha256",
+            "tags": ["api_user"]
+        }
+    ],
+    "vhosts": [
+        {
+            "name": "/"
+        }
+    ],    
+    "permissions": [
+        {
+            "user": "admin",
+            "vhost": "/",
+            "configure": ".*",
+            "write": ".*",
+            "read": ".*"
+        },
+        {
+            "user": "well_pipe",
+            "vhost": "/",
+            "configure": ".*",
+            "write": ".*",
+            "read": ".*"
+        }
+    ]
+}
+