Differences

This shows you the differences between two versions of the page.

--- docker_notes:docker-dokuwiki [2023-05-24 Wed wk21 19:56] – [Nextcloud Container] baumkp
+++ docker_notes:docker-dokuwiki [2023-05-30 Tue wk22 19:53] – baumkp
@@ Line 1: / Line 1: @@
 {{tag>linux docker traefik godaddy dokuwiki nextcloud container}}
-======Docker Containers======
-=====Reverse Proxy Server=====
-I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] ([[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl|github reference_files for traefik-portainer-ssl]])
-Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence.
+======Dokuwiki======
-  - Sometimes the source information or link are; changed, lost or removed.
+=====Main Dokuwiki Page=====
-  - These note reference my current specific installation.
-=====Proxy network to connect them all=====
-These containers all talk via a docker bridge network named proxy, ''docker network create proxy''
-====Traefik====
-<code bash [enable_line_numbers="true"]>
-cd /home/docker_store
-sudo mkdir traefik
-sudo chown baumkp:baumkp traefik
-cd traefik
-mkdir data
-cd data
-touch acme.json
-chmod 600 acme.json
-touch traefik.yml
-cd ..</code>
-My traefik.yml locatation: ''/home/docker_store/traefik/data/traefik.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here]].\\
-===create docker network===
-<code bash [enable_line_numbers="true"]>docker network create proxy</code>
-<code bash [enable_line_numbers="true"]>touch docker-compose.yml
-touch provider.env</code>
-My docker-compose.yml location: ''/home/docker_store/traefik/docker-compose.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here.]]\\
-//<fc #ff0000><fs small>**Note** my docker compose file has some changes from the TechnoTim one, in particular the use of the Godaddy DNS chanlenge API instead of the the Cloudflare one used by TechnoTim.</fs></fc>//\\
- \\
-===Generate and Install Godaddy DNS Challenge Data===
-Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https://developer.godaddy.com/|Godaddy Developer Portal]], from here the API keys can be made.  These keys then need to be copied into ''/home/docker_store/traefik/data/provider.env'':
-<code [enable_line_numbers="true">GODADDY_API_KEY=[Your API_KEY key from Godaddy API]
-GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</code>
- \\
-===Generate and install Basic Authentication Password===
-<code bash [enable_line_numbers="true"]>sudo apt update
-sudo apt install apache2-utils</code>
-<code bash [enable_line_numbers="true"]>echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g</code>
-NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed.
-Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>)
- \\
- \\
-<code bash [enable_line_numbers="true"]>cd data
-touch config.yml</code>
-<code bash [enable_line_numbers="true"]>docker-compose up -d</code>
-====Portainer====
-<code bash [enable_line_numbers="true"]>cd /home/docker_store
-sudo mkdir portainer
-sudo chown baumkp:baumkp portainer
-cd portainer
-touch docker-compose.yml
-mkdir data</code>
-My docker-compose.yml location: ''/home/docker_store/portainer/docker-compose.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/portainer|here.]]\\
-<code bash [enable_line_numbers="true"]>docker-compose up -d</code>
-====Traefik Routes Config====
-<code bash [enable_line_numbers="true"]>cd /home/docker_store/traefik/data
-nvim config.yml</code>
-My config.yml location: ''/home/docker_store/traefik/data/config.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here.]], also look at **Portainer's** instructions here: [[https://docs.portainer.io/advanced/reverse-proxy/traefik|Deploying Portainer behind Traefik Proxy]]\\
-<code bash [enable_line_numbers="true"]>docker-compose up -d --force-recreate</code>\\
-Folder Structure:
-<code>./traefik
-├── data
-│   ├── acme.json
-│   ├── config.yml
-│   ├── provided.env.yml
-│   └── traefik.yml
-└── docker-compose.yml</code>
-====whitelisting====
-Todo: look at whitelisting in more detail
-  * ''/home/docker_store/traefik/data/config.yml'' has traefik middleware whitelisting defined looks defined as default for all containers in config.yml. Need to check following:
-    * Can this be defined for each container setup in config.yml? Looks likely.
-    * Can this be reliably setup for public access of certain containers?
-    * Ensure **no** public access to portainer and traefik dashboards?
-  * See reddit dicussion [[https://www.reddit.com/r/Traefik/comments/qi2435/traefik_v2_mixed_and_both_internal_and_external/Traefik v2 mixed (and both) internal and external?]], which indicates this is so, however it notes a possible issue with VPN access.
-====References====
-  *Traefik
-    * [[https://hub.docker.com/_/traefik|Traefix]]
-    * [[https://doc.traefik.io/traefik/https/acme/|traefik proxy & Lets Encrypt]]
-    * Smarthome Beginner [[https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/|Ultimate Traefik Docker Compose Guide [2022] with LetsEncrypt]]
-    * Christian Lempa [[https://github.com/ChristianLempa/boilerplates/tree/main/docker-compose/traefik|boilerplates/docker-compose/traefik/]]
-    * Techno Tim [[https://github.com/techno-tim/techno-tim.github.io/blob/master/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml|
-techno-tim.github.io/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml]] / [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]]
-    * [[https://github.com/traefik/traefik/issues/6686| (Traefik v2.2) Unable to obtain ACME certificate with DNS challenge using Go Daddy]]
-    * [[https://stackoverflow.com/questions/61234489/cannot-get-wildcard-certificate-with-traefik-v2-and-godaddy|Cannot get wildcard certificate with traefik v2 and godaddy]]
-    * [[https://forums.docker.com/t/traefik-acme-with-godaddy-as-provider/56743|Traefik - ACME with GoDaddy as provider]]
-  *Traefik whitelists
-  *Nginx Proxy Manager
-    * Nginxproxymanager.com [[https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network|Best Practice: Use a Docker network]]
-=====Dokuwiki=====
-====Main Dokuwiki Page====
 The main dokuwiki page [[tech_notes:home_server|dokuwiki_setup]].
-====Dokuwiki Container====
+=====Dokuwiki Container=====
 This use the the [[https://www.linuxserver.io/|linuxserver.io]] image from dockerhub, [[https://hub.docker.com/r/linuxserver/dokuwiki/#!|linuxserver/dokuwiki]].  The Linuxserver.io documents can be found here[[https://docs.linuxserver.io/|doc.linuxserver.io]].\\
 Defines web_data volume:
@@ Line 147: / Line 52: @@
 Refer to Nextcloud's [[https://docs.nextcloud.com/server/latest/admin_manual/maintenance/index.html|Maintenace]] section on instructions to backup, restore and migrate Nextcloud.  Also as I am using the official Nextcloud container it has additional instructions to [[https://github.com/docker-library/docs/blob/master/nextcloud/README.md#migrating-an-existing-installation:migrate]] Nextcloud to Docker.
-  * uid: www-data / 33, gid: www-data / 33.  This seems to be Debian standard. Alpine linux seems to use 82 for www-data.  Just stick with uid/gid as 33 and ignore the names.
+  * uid: www-data / 33, gid: www-data / 33.  This seems to be Debian standard. Alpine linux seems to use 82 for www-data.  Just stick with uid/gid as per the image supplied, 82 for Alpine and ignore the names.
-  *
+  * ''docker exec -u www-data nextcloud-app-1 php /var/www/html/cron.php'' runs the cron.php
+  * ''docker exec -u www-data nextcloud-app-1 php occ maintenance:mode --off|on'' to turn maintenance mode off or on from the containers host shell
+====RedirectRegex====
+I get a redirect error in Nextcloud that I have not been able to track down to date.  Does not seem much info in this on the net, and the little there is also indicates a problem without and easy solution.  Nextcloud main support looks Apache web server based with little Nginx support and even less Traefik support.
+Some resources related to this:
+  *Traefik:
+    *[[https://doc.traefik.io/traefik/middlewares/http/redirectregex/#permanent|RedirectRegex]]
+    *[[https://doc.traefik.io/traefik/middlewares/http/replacepathregex/|ReplacePathRegex]]
+    *[[https://github.com/traefik/traefik/issues/723|Multiple entry regex redirects #723 ]
 ====References====
+  *docs nextcloud
+    * [[https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#default-parameters|Configuration Parameters]]
+    *[[https://help.nextcloud.com/t/is-there-a-safe-and-reliable-way-to-move-data-directory-out-of-web-root/3642|is-there-a-safe-and-reliable-way-to-move-data-directory-out-of-web-root]]
+    *[[https://help.nextcloud.com/t/howto-change-move-data-directory-after-installation/17170|help.nextcloud.com/t/howto-change-move-data-directory-after-installation]]
+    *[[https://github.com/nextcloud|github.com/nextcloud]]
+    *[[https://hub.docker.com/_/nextcloud/| Docker Hub Nextcloud]]
+    *[[https://github.com/docker-library/docs/blob/master/nextcloud/README.md|Github Docker Hub Nextcloud]]
+====Installing and Using MariaDB via Docker====
+[[https://mariadb.com/kb/en/installing-and-using-mariadb-via-docker/|Installing and Using MariaDB via Docker]]
+[[]]
+====logging====
+[[https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html|Nextcloud configuration Logging]]
+====backup====
+[[https://docs.nextcloud.com/server/stable/admin_manual/maintenance/backup.html|Backup]]
+====NGINX configuration====
+[[https://docs.nextcloud.com/server/25/admin_manual/installation/nginx.html|NGINX configuration]]
+====cron====
+''docker-compose exec -u www-data nextcloud php cron.php'' to run cron in Nextcloud Docker
+[[https://help.nextcloud.com/t/nextcloud-docker-container-best-way-to-run-cron-job/157734|https://help.nextcloud.com/t/nextcloud-docker-container-best-way-to-run-cron-job/157734]]
 =====Calibre=====
@@ Line 254: / Line 191: @@
   *Christain Lempa [[https://github.com/ChristianLempa/boilerplates/blob/main/docker-compose/nextcloud/nextcloud.yaml| boilerplates/docker-compose/nextcloud/nextcloud.yaml]]
-=====Deluge=====
-A torrent application with a web based server.  I will probably need to fully build this one myself as I use a VPN with fire wall that only allows communication on LAN or using firewall tunnel for WAN.
 =====Other Possible Apps/Images=====