From 4b6137f6e20f2dabb54b2e54e0729d4e4bba2be8 Mon Sep 17 00:00:00 2001
From: Gilles Mouchet <gilles.mouchet@gmail.com>
Date: Sun, 8 Jun 2025 08:44:22 +0200
Subject: [PATCH] v1.0.0

---
 .env.dist           | 28 ++++++++++++++++++++
 README.md           | 54 +++++++++++++++++++++++++++++++--------
 config/default.conf | 60 +++++++++++++++++++++++++++++++++++++++++++
 docker-compose.yaml | 62 +++++++++++++++++++++++++++++++++++++--------
 4 files changed, 182 insertions(+), 22 deletions(-)
 create mode 100644 config/default.conf

diff --git a/.env.dist b/.env.dist
index 913a3fd..36dd6e4 100644
--- a/.env.dist
+++ b/.env.dist
@@ -1,3 +1,31 @@
+# compose project name. A docker compose project has as its name 
+# the name of the folder where it is executed (default). 
+# This setting overrides the default
+COMPOSE_PROJECT_NAME=gmo-loki
+#------------------------------------------------
+# proxy (nginx)
+# certificats path (ex: /home/docker/certs)
+PRX_CERTS_DIR=<path_to_your_gtw_data_dir>
+# nginx default.conf file path (ex: /home/docker/nginx)
+PRX_NGINX_CONF_DIR=<path_to_your_gtw_data_dir>
+#------------------------------------------------
+# minio
+# path where minio data will be stored (ex: /home/docker/mino)
 MINIO_DATA_ROOT_DIR=<path_to_your_minio_data_dir>
+# user
 MINIO_ACCESS_KEY=minio
+# passord
 MINIO_SECRET_KEY=minio123
+# url redirect (ex: https://docker1.gmolab.net/minio/ui/)
+MINIO_REDIRECT_URL=<server_fqdn>/minio/ui/
+#------------------------------------------------
+# grafana
+# admin user
+GF_ADMIN_USER=admin
+# admin user password
+GF_ADMIN_PASSWORD=admin
+# path where grafana data will be stored (ex: /home/docker/grafana)
+GF_VOLUME_DIR=<path_to_your_gf_data_dir>
+# url redirect (ex: https://docker1.gmolab.net/grafana/)
+GF_ROOT_URL=<server_fqdn>/grafana/
+#------------------------------------------------
diff --git a/README.md b/README.md
index 5188c19..cb19203 100644
--- a/README.md
+++ b/README.md
@@ -5,20 +5,39 @@ This dokcer run stack grafana, loki, promtail, minio
 ### Container
 | Name | URL | Description |
 |:---|:---|:---|
-| dns-tools | - | container with dns tools (just use for debug)|
-| minio-server | UI: `http://<fqdn_server>;9001`<br>API: `http://<fqdn_server>;9000`| container minio server UI and API |
+| <COMPOSE_PROJECT_NAME>-dns-tools-1 | - | container with dns tools (just use for debug)|
+| <COMPOSE_PROJECT_NAME>-proxy-1 | `https://<server_fqdn>` | nginx proxy
+| <COMPOSE_PROJECT_NAME>-minio-1 | UI: `https://<server_fqdn>/minio/ui`<br>API: `http://127.0.0.1:9000`| container minio server UI and API |
+| <COMPOSE_PROJECT_NAME>-grafana-1 | `https://<server_fqdn>/grafana` | grafana |
 ## Requirements
+### Certificats
+Create a folder named `/home/docker/certs` and copy your certificates into it.
+```bash
+sudo mkdir -p /home/docker/certs
+```
+
+### Variables
+All variables are described in the `.env.dist` file
+
+Copy the `.env.dist` file to `.env` and update it with values appropriate for your setup.
+
+### Proxy (nginx)
+Create the folder where the ngnix config will be stored and copy the `config/nginx.conf` into it
+```bash
+sudo mkdir -p /home/docker/nginx
+sudo cp ./config/default.conf /home/docker/nginx/.
+```
+
 ### Minio
 Create the folder where the minio data will be stored
 ```bash
 sudo mkdir -p /home/docker/minio
 ```
 
-Copy the `.env-dist` file to `.env` and update it with values appropriate for your setup.
+### Grafana
+Create the folder where the grafana data will be stored
 ```bash
-MINIO_DATA_ROOT_DIR=/home/docker/minio
-MINIO_ACCESS_KEY=minio
-MINIO_SECRET_KEY=minio123
+sudo mkdir -p /home/docker/grafana
 ```
 
 ## Run 
@@ -39,15 +58,28 @@ nslookup minio-server
 ``` 
 
 **Minio console**  
-http://<server_fqdn>:9001
+`https://<server_fqdn>/minio/ui/`
 
+**Grafana**  
+`https://<server_fqdn>/grafana/`
 
 ## Sources
 ### Minio
-* https://thanhtunguet.info/posts/install-minio-using-docker-compose/
-* https://min.io/docs/minio/container/index.html
-* https://www.nathaniel-walser.com/docker-compose-templates/minio
 * https://github.com/Anagraph/minio-docker-config/blob/master/docker-compose.yaml
+* https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html
 
 ### Grafana
-* https://grafana.com/docs/loki/latest/setup/install/docker/
\ No newline at end of file
+* https://grafana.com/docs/loki/latest/setup/install/docker/
+* https://grafana.com/tutorials/run-grafana-behind-a-proxy/
+
+## Changelog
+### [1.0.0] - 2025-06-08
+#### Added
+- init docker container
+- proxy with nginx
+- minio container
+- grafana container
+#### Project initialization
+- initialization by [GMo](mailto:gilles.mouchet@gmail.com)
+
+
diff --git a/config/default.conf b/config/default.conf
new file mode 100644
index 0000000..7d36e4f
--- /dev/null
+++ b/config/default.conf
@@ -0,0 +1,60 @@
+server {
+    listen 8080 default_server;
+    server_name _;
+    return 301 https://$host$request_uri; # redirect to https
+}
+
+server {
+  listen 8443 ssl;
+  #listen  [::]:8443;
+  server_name _;
+  ssl_certificate     /etc/nginx/certs/gmolab.net.crt;
+  ssl_certificate_key /etc/nginx/certs/gmolab.net.key;
+  # allow special characters in headers
+  ignore_invalid_headers off;
+  # allow any size file to be uploaded.
+  # set to a value such as 1000m; to restrict file size to a specific value
+   client_max_body_size 0;
+   # disable buffering
+   proxy_buffering off;
+   proxy_request_buffering off;
+  
+  #------- ROOT ------- 
+  location / {
+    default_type text/html;
+    return 200 "<!DOCTYPE html><h3>Welcome on NGINX proxy SSL!</h3>\n";
+  }
+
+  #------- GRAFANA -------
+  location /grafana/ {
+    proxy_pass http://grafana:3000/;
+    proxy_set_header Host $host;
+  }
+
+  #------- MINIO UI -------
+  location /minio/ui/ {
+    rewrite ^/minio/ui/(.*) /$1 break;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-NginX-Proxy true;
+
+    # this is necessary to pass the correct IP to be hashed
+    real_ip_header X-Real-IP;
+
+    proxy_connect_timeout 300;
+
+    # to support websockets in MinIO versions released after January 2023
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    # some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
+    # uncomment the following line to set the Origin request to an empty string
+    # proxy_set_header Origin '';
+
+    chunked_transfer_encoding off;
+
+    proxy_pass http://minio:9001/;
+   }
+}
diff --git a/docker-compose.yaml b/docker-compose.yaml
index fcb0da9..60e5e5e 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -3,21 +3,45 @@ networks:
     name: loki-net # replace the default domain <service>.loki-net
 
 services:
+  # init container to change permissions of the mounted directory.
+  init:
+    image: busybox
+    user: root
+    entrypoint: >
+      /bin/sh -c "
+      chown 472:root /var/lib/grafana;
+      chown 101:root /etc/nginx/conf.d/default.conf;
+      exit 0;
+      "
+    volumes:
+      - '${GF_VOLUME_DIR}:/var/lib/grafana'
+      - '${PRX_NGINX_CONF_DIR}/default.conf:/etc/nginx/conf.d/default.conf'
+    networks:
+      - loki
+
   # container with tools dns (nslookup, tcptraceroute, etc). Use just for debug
 #  dns-tools:
 #    image: jonlabelle/network-tools
-#    container_name: dns-tools
 #    command: tail -f /dev/null
 #    stdin_open: true
 #    tty: true
 #    networks:
 #      - loki
-
+  proxy:
+    image: nginxinc/nginx-unprivileged
+    volumes:
+      - ${PRX_NGINX_CONF_DIR}/default.conf:/etc/nginx/conf.d/default.conf
+      - ${PRX_CERTS_DIR}:/etc/nginx/certs
+    ports:
+      - "443:8443"
+      #- "80:8080"
+    networks:
+      - loki
+    restart: unless-stopped
+#  
   # minio server service 
-  minio-server:
-    image: minio/minio:latest
-    container_name: minio-server
-    hostname: myhostname
+  minio:
+    image: minio/minio
     restart: always
     volumes:
       - ${MINIO_DATA_ROOT_DIR}:/data
@@ -27,7 +51,8 @@ services:
     environment:
       MINIO_ROOT_USER: ${MINIO_ACCESS_KEY}
       MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY}
-    command: server /data --console-address ":9001"
+      MINIO_BROWSER_REDIRECT_URL: ${MINIO_REDIRECT_URL}
+    command: server /data --console-address ":9001" 
     networks:
       - loki
 
@@ -36,20 +61,35 @@ services:
 #    image: minio/mc
 #    # insure that the server container is running before building the client
 #    depends_on:
-#      - minio-server
+#      - minio
 #    entrypoint: >
 #      /bin/sh -c "
 #      /usr/bin/mc admin info play;
-#      /usr/bin/mc alias set myminio http://minio-server:9000 ${MINIO_ACCESS_KEY} ${MINIO_SECRET_KEY};
+#      /usr/bin/mc alias set myminio http://minio:9000 ${MINIO_ACCESS_KEY} ${MINIO_SECRET_KEY};
 #      /usr/bin/mc mb myminio/test-bucket;
-#      /usr/bin/mc mb myminio/loki;
+#      /usr/bin/mc mb myminio/loki-1;
 #      echo 'my content' > myfile.txt;
 #      /usr/bin/mc cp myfile.txt myminio/test-bucket;
 #      exit 0;
 #      "
 #    networks:
 #      - loki  
+  grafana:
+    image: grafana/grafana-enterprise
+    ports:
+      - "3000:3000"
+    volumes:
+      - '${GF_VOLUME_DIR}:/var/lib/grafana'
+    environment:
+      - GF_SECURITY_ADMIN_USER=${GF_ADMIN_USER}
+      - GF_SECURITY_ADMIN_PASSWORD=${GF_ADMIN_PASS}
+      - GF_SERVER_ROOT_URL=${GF_ROOT_URL}
+      #- GF_SERVER_SERVE_FROM_SUB_PATH=true
+    restart: unless-stopped
+    networks:
+      - loki
 
-#volumes:
+volumes:
+  grafana-storage:
 #  prometheus:
 #  loki:
\ No newline at end of file