45 lines
1.6 KiB
YAML
45 lines
1.6 KiB
YAML
# Dynamic DNS Updater — Seattle VM (Contabo VPS, YOUR_WAN_IP)
|
|
# Keeps Cloudflare A records current with the VPS public IP.
|
|
# Three services: proxied, stoatchat unproxied, and DERP unproxied.
|
|
services:
|
|
# vish.gg services behind Cloudflare proxy (HTTP/HTTPS via CF edge)
|
|
ddns-seattle-proxied:
|
|
image: favonia/cloudflare-ddns:latest
|
|
network_mode: host
|
|
restart: unless-stopped
|
|
read_only: true
|
|
cap_drop: [all]
|
|
security_opt: [no-new-privileges:true]
|
|
environment:
|
|
- CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
|
|
# General Seattle VM services (CF proxy on)
|
|
- DOMAINS=nx.vish.gg,obs.vish.gg,pp.vish.gg,wb.vish.gg
|
|
- PROXIED=true
|
|
|
|
# StoatChat WebRTC subdomains — must be unproxied (direct IP for WebSockets / LiveKit UDP)
|
|
ddns-seattle-stoatchat:
|
|
image: favonia/cloudflare-ddns:latest
|
|
network_mode: host
|
|
restart: unless-stopped
|
|
read_only: true
|
|
cap_drop: [all]
|
|
security_opt: [no-new-privileges:true]
|
|
environment:
|
|
- CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
|
|
# st.vish.gg + all subdomains need direct IP for real-time connections
|
|
- DOMAINS=st.vish.gg,api.st.vish.gg,events.st.vish.gg,files.st.vish.gg,proxy.st.vish.gg,voice.st.vish.gg,livekit.st.vish.gg
|
|
- PROXIED=false
|
|
|
|
# DERP relay — must be unproxied (DERP protocol requires direct TLS, CF proxy breaks it)
|
|
ddns-seattle-derp:
|
|
image: favonia/cloudflare-ddns:latest
|
|
network_mode: host
|
|
restart: unless-stopped
|
|
read_only: true
|
|
cap_drop: [all]
|
|
security_opt: [no-new-privileges:true]
|
|
environment:
|
|
- CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
|
|
- DOMAINS=derp-sea.vish.gg
|
|
- PROXIED=false
|