Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
docker_notes:docker-dokuwiki [2023-05-30 Tue wk22 19:41] – [ssl certificates] baumkp | docker_notes:docker-dokuwiki [2023-05-30 Tue wk22 19:52] – [Dokuwiki] baumkp | ||
---|---|---|---|
Line 1: | Line 1: | ||
{{tag> | {{tag> | ||
- | ======Docker Containers====== | ||
- | =====Reverse Proxy Server===== | ||
- | I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https:// | ||
- | Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence. | + | ======Dokuwiki====== |
- | - Sometimes the source information or link are; changed, lost or removed. | + | |
- | - These note reference my current specific installation. | + | |
- | + | ||
- | =====Proxy network to connect them all===== | + | |
- | These containers all talk via a docker bridge network named proxy, '' | + | |
- | ====Traefik==== | + | |
- | <code bash [enable_line_numbers=" | + | |
- | cd / | + | |
- | sudo mkdir traefik | + | |
- | sudo chown baumkp: | + | |
- | cd traefik | + | |
- | mkdir data | + | |
- | cd data | + | |
- | touch acme.json | + | |
- | chmod 600 acme.json | + | |
- | touch traefik.yml | + | |
- | cd ..</ | + | |
- | My traefik.yml locatation: ''/ | + | |
- | + | ||
- | ===create docker network=== | + | |
- | <code bash [enable_line_numbers=" | + | |
- | <code bash [enable_line_numbers=" | + | |
- | touch provider.env</ | + | |
- | My docker-compose.yml location: ''/ | + | |
- | //<fc # | + | |
- | \\ | + | |
- | ===Generate and Install Godaddy DNS Challenge Data=== | + | |
- | Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https:// | + | |
- | <code [enable_line_numbers=" | + | |
- | GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</ | + | |
- | \\ | + | |
- | ===Generate and install Basic Authentication Password=== | + | |
- | <code bash [enable_line_numbers=" | + | |
- | sudo apt install apache2-utils</ | + | |
- | <code bash [enable_line_numbers=" | + | |
- | NOTE: Replace < | + | |
- | + | ||
- | Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=< | + | |
- | \\ | + | |
- | \\ | + | |
- | <code bash [enable_line_numbers=" | + | |
- | touch config.yml</ | + | |
- | <code bash [enable_line_numbers=" | + | |
- | ====Portainer==== | + | |
- | <code bash [enable_line_numbers=" | + | |
- | sudo mkdir portainer | + | |
- | sudo chown baumkp: | + | |
- | cd portainer | + | |
- | touch docker-compose.yml | + | |
- | mkdir data</ | + | |
- | My docker-compose.yml location: ''/ | + | |
- | <code bash [enable_line_numbers=" | + | |
- | + | ||
- | ====Traefik Routes Config==== | + | |
- | <code bash [enable_line_numbers=" | + | |
- | nvim config.yml</ | + | |
- | My config.yml location: ''/ | + | |
- | <code bash [enable_line_numbers=" | + | |
- | Folder Structure: | + | |
- | < | + | |
- | ├── data | + | |
- | │ | + | |
- | │ | + | |
- | │ | + | |
- | │ | + | |
- | └── docker-compose.yml</ | + | |
- | ====whitelisting==== | + | |
- | Todo: look at whitelisting in more detail | + | |
- | * ''/ | + | |
- | * Can this be defined for each container setup in config.yml? Looks likely. | + | |
- | * Can this be reliably setup for public access of certain containers? | + | |
- | * Ensure **no** public access to portainer and traefik dashboards? | + | |
- | * See reddit dicussion [[https:// | + | |
- | ====References==== | + | |
- | *Traefik | + | |
- | * [[https:// | + | |
- | * [[https:// | + | |
- | * Smarthome Beginner [[https:// | + | |
- | * Christian Lempa [[https:// | + | |
- | * Techno Tim [[https:// | + | |
- | techno-tim.github.io/ | + | |
- | * [[https:// | + | |
- | * [[https:// | + | |
- | * [[https:// | + | |
- | + | ||
- | *Traefik whitelists | + | |
- | + | ||
- | *Nginx Proxy Manager | + | |
- | * Nginxproxymanager.com [[https:// | + | |
- | + | ||
- | ====ssl certificates==== | + | |
- | *'' | + | |
- | *'' | + | |
- | *[[https:// | + | |
- | + | ||
- | ====Export Traefik certificates==== | + | |
- | + | ||
- | *[[https:// | + | |
- | *Need to install the jq package | + | |
- | <code bash># | + | |
- | + | ||
- | # Requirements: | + | |
- | + | ||
- | # creates a directory for all of your certificates | + | |
- | mkdir -p certificates/ | + | |
- | + | ||
- | # reads the acme.json file, please put this file in the same directory as your script | + | |
- | json=$(cat acme.json) | + | |
- | + | ||
- | export_cer_key () { | + | |
- | echo $json | jq -r ' | + | |
- | echo $json | jq -r ' | + | |
- | } | + | |
- | + | ||
- | export_pfx () { | + | |
- | openssl pkcs12 -export -out certificates/ | + | |
- | } | + | |
- | + | ||
- | read -p "Do you want to export as .pfx file as well [y]?" REPLY | + | |
- | + | ||
- | # iterates through all of your domains | + | |
- | for domain in $(echo $json | jq -r ' | + | |
- | do | + | |
- | if [[ $REPLY =~ ^[Yy]$ ]] | + | |
- | then | + | |
- | export_cer_key " | + | |
- | export_pfx " | + | |
- | else | + | |
- | export_cer_key " | + | |
- | fi | + | |
- | done</ | + | |
- | There is also [[https:// | + | |
- | + | ||
- | =====Dokuwiki===== | + | |
====Main Dokuwiki Page==== | ====Main Dokuwiki Page==== | ||
The main dokuwiki page [[tech_notes: | The main dokuwiki page [[tech_notes: | ||
Line 328: | Line 191: | ||
*Christain Lempa [[https:// | *Christain Lempa [[https:// | ||
- | =====Deluge===== | ||
- | A torrent application with a web based server. | ||
=====Other Possible Apps/ | =====Other Possible Apps/ |