79c09cede4
OrbStack 라이선스 만료로 Mac mini Docker 서비스를 GPU 서버로 통합. nginx → Caddy 전환, 12개 서브도메인 자동 HTTPS, fail2ban Caddy JSON 연동. 주요 변경: - home-caddy: Caddy 리버스 프록시 (Let's Encrypt 자동 HTTPS) - home-fail2ban: Caddy JSON 로그 기반 보안 모니터링 - home-ddns: Cloudflare DDNS (API 키 .env 분리) - gpu-hub-api/web: AI 백엔드 라우터 + 웹 UI (gpu-services에서 이전) - AI 런타임(Ollama) 내부망 전용, 외부는 gpu-hub 인증 게이트웨이 경유 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
106 lines
2.6 KiB
YAML
106 lines
2.6 KiB
YAML
services:
|
|
# ============================================================
|
|
# Edge Layer — Reverse Proxy + Security + DDNS
|
|
# ============================================================
|
|
home-caddy:
|
|
image: caddy:2-alpine
|
|
container_name: home-caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "443:443/udp"
|
|
volumes:
|
|
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- ./caddy/logs:/var/log/caddy
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
depends_on:
|
|
gpu-hub-api:
|
|
condition: service_healthy
|
|
networks:
|
|
- gateway-net
|
|
|
|
home-fail2ban:
|
|
image: crazymax/fail2ban:latest
|
|
container_name: home-fail2ban
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
volumes:
|
|
- ./fail2ban/data:/data
|
|
- ./caddy/logs:/var/log/caddy:ro
|
|
- ./fail2ban/jail.local:/etc/fail2ban/jail.local:ro
|
|
environment:
|
|
- TZ=Asia/Seoul
|
|
- F2B_LOG_LEVEL=INFO
|
|
|
|
home-ddns-vpn:
|
|
image: oznu/cloudflare-ddns:latest
|
|
container_name: home-ddns-vpn
|
|
restart: unless-stopped
|
|
env_file:
|
|
- ./ddns/.env
|
|
environment:
|
|
- ZONE=hyungi.net
|
|
- SUBDOMAIN=vpn
|
|
- PROXIED=false
|
|
|
|
home-ddns-mail:
|
|
image: oznu/cloudflare-ddns:latest
|
|
container_name: home-ddns-mail
|
|
restart: unless-stopped
|
|
env_file:
|
|
- ./ddns/.env
|
|
environment:
|
|
- ZONE=hyungi.net
|
|
- SUBDOMAIN=mail
|
|
- PROXIED=false
|
|
|
|
# ============================================================
|
|
# GPU Hub — AI Backend Router + Web UI
|
|
# ============================================================
|
|
gpu-hub-api:
|
|
build: ./hub-api
|
|
container_name: gpu-hub-api
|
|
restart: unless-stopped
|
|
environment:
|
|
- OWNER_PASSWORD=${OWNER_PASSWORD}
|
|
- GUEST_PASSWORD=${GUEST_PASSWORD}
|
|
- JWT_SECRET=${JWT_SECRET}
|
|
- BACKENDS_CONFIG=/app/config/backends.json
|
|
- CORS_ORIGINS=${CORS_ORIGINS:-http://localhost:5173}
|
|
- DB_PATH=/app/data/gateway.db
|
|
volumes:
|
|
- hub_data:/app/data
|
|
- ./backends.json:/app/config/backends.json:ro
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
|
|
interval: 15s
|
|
timeout: 5s
|
|
retries: 3
|
|
networks:
|
|
- gateway-net
|
|
|
|
gpu-hub-web:
|
|
build: ./hub-web
|
|
container_name: gpu-hub-web
|
|
restart: unless-stopped
|
|
networks:
|
|
- gateway-net
|
|
|
|
volumes:
|
|
caddy_data:
|
|
caddy_config:
|
|
hub_data:
|
|
|
|
networks:
|
|
gateway-net:
|
|
name: home-gateway-network
|