Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
docker_notes:docker-dokuwiki [2023-05-30 Tue wk22 19:46] – [Deluge] baumkpdocker_notes:docker-dokuwiki [2023-05-30 Tue wk22 20:08] (current) baumkp
Line 1: Line 1:
-{{tag>linux docker traefik godaddy dokuwiki nextcloud container}} +{{tag>linux docker traefik dokuwiki container}}
-======Docker Containers======+
  
-=====Reverse Proxy Server===== 
-I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] ([[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl|github reference_files for traefik-portainer-ssl]])  
  
-Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence.  +======Dokuwiki====== 
-  - Sometimes the source information or link are; changed, lost or removed.  +=====Main Dokuwiki Page=====
-  - These note reference my current specific installation. +
- +
-=====Proxy network to connect them all===== +
-These containers all talk via a docker bridge network named proxy, ''docker network create proxy'' +
-====Traefik==== +
-<code bash [enable_line_numbers="true"]> +
-cd /home/docker_store +
-sudo mkdir traefik +
-sudo chown baumkp:baumkp traefik +
-cd traefik +
-mkdir data +
-cd data +
-touch acme.json +
-chmod 600 acme.json +
-touch traefik.yml +
-cd ..</code> +
-My traefik.yml locatation: ''/home/docker_store/traefik/data/traefik.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here]].\\ +
- +
-===create docker network=== +
-<code bash [enable_line_numbers="true"]>docker network create proxy</code> +
-<code bash [enable_line_numbers="true"]>touch docker-compose.yml +
-touch provider.env</code> +
-My docker-compose.yml location: ''/home/docker_store/traefik/docker-compose.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here.]]\\  +
-//<fc #ff0000><fs small>**Note** my docker compose file has some changes from the TechnoTim one, in particular the use of the Godaddy DNS chanlenge API instead of the the Cloudflare one used by TechnoTim.</fs></fc>//\\ +
- \\ +
-===Generate and Install Godaddy DNS Challenge Data=== +
-Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https://developer.godaddy.com/|Godaddy Developer Portal]], from here the API keys can be made.  These keys then need to be copied into ''/home/docker_store/traefik/data/provider.env'': +
-<code [enable_line_numbers="true">GODADDY_API_KEY=[Your API_KEY key from Godaddy API] +
-GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</code> +
- \\ +
-===Generate and install Basic Authentication Password=== +
-<code bash [enable_line_numbers="true"]>sudo apt update +
-sudo apt install apache2-utils</code> +
-<code bash [enable_line_numbers="true"]>echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g</code> +
-NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed. +
- +
-Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>+
- \\ +
- \\ +
-<code bash [enable_line_numbers="true"]>cd data +
-touch config.yml</code> +
-<code bash [enable_line_numbers="true"]>docker-compose up -d</code> +
-====Portainer==== +
-<code bash [enable_line_numbers="true"]>cd /home/docker_store +
-sudo mkdir portainer +
-sudo chown baumkp:baumkp portainer +
-cd portainer +
-touch docker-compose.yml +
-mkdir data</code> +
-My docker-compose.yml location: ''/home/docker_store/portainer/docker-compose.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/portainer|here.]]\\ +
-<code bash [enable_line_numbers="true"]>docker-compose up -d</code> +
- +
-====Traefik Routes Config==== +
-<code bash [enable_line_numbers="true"]>cd /home/docker_store/traefik/data +
-nvim config.yml</code> +
-My config.yml location: ''/home/docker_store/traefik/data/config.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here.]], also look at **Portainer's** instructions here: [[https://docs.portainer.io/advanced/reverse-proxy/traefik|Deploying Portainer behind Traefik Proxy]]\\ +
-<code bash [enable_line_numbers="true"]>docker-compose up -d --force-recreate</code>\\ +
-Folder Structure: +
-<code>./traefik +
-├── data +
-│   ├── acme.json +
-│   ├── config.yml +
-│   ├── provided.env.yml +
-│   └── traefik.yml +
-└── docker-compose.yml</code> +
-====whitelisting==== +
-Todo: look at whitelisting in more detail +
-  * ''/home/docker_store/traefik/data/config.yml'' has traefik middleware whitelisting defined looks defined as default for all containers in config.yml. Need to check following: +
-    * Can this be defined for each container setup in config.yml? Looks likely. +
-    * Can this be reliably setup for public access of certain containers? +
-    * Ensure **no** public access to portainer and traefik dashboards? +
-  * See reddit dicussion [[https://www.reddit.com/r/Traefik/comments/qi2435/traefik_v2_mixed_and_both_internal_and_external/Traefik v2 mixed (and both) internal and external?]], which indicates this is so, however it notes a possible issue with VPN access. +
-====References==== +
-  *Traefik +
-    * [[https://hub.docker.com/_/traefik|Traefix]] +
-    * [[https://doc.traefik.io/traefik/https/acme/|traefik proxy & Lets Encrypt]] +
-    * Smarthome Beginner [[https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/|Ultimate Traefik Docker Compose Guide [2022] with LetsEncrypt]] +
-    * Christian Lempa [[https://github.com/ChristianLempa/boilerplates/tree/main/docker-compose/traefik|boilerplates/docker-compose/traefik/]] +
-    * Techno Tim [[https://github.com/techno-tim/techno-tim.github.io/blob/master/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml| +
-techno-tim.github.io/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml]] / [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] +
-    * [[https://github.com/traefik/traefik/issues/6686| (Traefik v2.2) Unable to obtain ACME certificate with DNS challenge using Go Daddy]] +
-    * [[https://stackoverflow.com/questions/61234489/cannot-get-wildcard-certificate-with-traefik-v2-and-godaddy|Cannot get wildcard certificate with traefik v2 and godaddy]] +
-    * [[https://forums.docker.com/t/traefik-acme-with-godaddy-as-provider/56743|Traefik - ACME with GoDaddy as provider]] +
- +
-  *Traefik whitelists +
- +
-  *Nginx Proxy Manager +
-    * Nginxproxymanager.com [[https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network|Best Practice: Use a Docker network]] +
- +
-====ssl certificates==== +
-  *''openssl x509 -in (path to certificate and certificate filename) -text -noout'' +
-  *''openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -dates'' +
-  *[[https://www.techrepublic.com/article/how-to-utilize-openssl-in-linux-to-check-ssl-certificate-details/|How to utilize openssl in Linux to check SSL certificate details]] +
- +
-====Export Traefik certificates==== +
- +
-  *[[https://r4uch.com/export-traefik-certificates/|Export Traefik Certificates]] +
-  *Need to install the jq package +
-<code bash>#!/bin/bash +
- +
-# Requirements: you will need to install jq and maybe openssl +
- +
-# creates a directory for all of your certificates +
-mkdir -p certificates/ +
- +
-# reads the acme.json file, please put this file in the same directory as your script +
-json=$(cat acme.json) +
- +
-export_cer_key () { +
-    echo $json | jq -r '.[].Certificates[] | select(.domain.main == "'$1'") | .certificate' | base64 -d > certificates/$1.cer +
-    echo $json | jq -r '.[].Certificates[] | select(.domain.main == "'$1'") | .key' | base64 -d > certificates/$1.key +
-+
- +
-export_pfx () { +
-        openssl pkcs12 -export -out certificates/$domain.pfx -inkey certificates/$domain.key -in certificates/$domain.cer -passout pass:  +
-+
- +
-read -p "Do you want to export as .pfx file as well [y]?" REPLY +
- +
-# iterates through all of your domains +
-for domain in $(echo $json | jq -r '.[].Certificates[].domain.main'+
-do +
-    if [[ $REPLY =~ ^[Yy]$ ]] +
-    then +
-        export_cer_key "$domain" +
-        export_pfx "$domain" +
-    else +
-        export_cer_key "$domain" +
-    fi +
-done</code> +
-There is also [[https://techoverflow.net/2021/07/18/how-to-export-certificates-from-traefik-certificate-store/|How to export certificates from Traefik certificate store]] in python. +
- +
-=====Dokuwiki===== +
-====Main Dokuwiki Page====+
 The main dokuwiki page [[tech_notes:home_server|dokuwiki_setup]]. The main dokuwiki page [[tech_notes:home_server|dokuwiki_setup]].
-====Dokuwiki Container====+=====Dokuwiki Container=====
 This use the the [[https://www.linuxserver.io/|linuxserver.io]] image from dockerhub, [[https://hub.docker.com/r/linuxserver/dokuwiki/#!|linuxserver/dokuwiki]].  The Linuxserver.io documents can be found here[[https://docs.linuxserver.io/|doc.linuxserver.io]].\\ This use the the [[https://www.linuxserver.io/|linuxserver.io]] image from dockerhub, [[https://hub.docker.com/r/linuxserver/dokuwiki/#!|linuxserver/dokuwiki]].  The Linuxserver.io documents can be found here[[https://docs.linuxserver.io/|doc.linuxserver.io]].\\
 Defines web_data volume: Defines web_data volume:
Line 183: Line 46:
 After setting up the internal indexes could be messed up. The plugin SearchIndex Manager can be used to recreate these indexes. After setting up the internal indexes could be messed up. The plugin SearchIndex Manager can be used to recreate these indexes.
  
-=====Nextcloud Container===== +<- docker_notes:docker-reverse-proxy|Back ^ docker_notes:index|Start page ^ docker_notes:docker-nextcloud|Next ->
-Nextcloud publishes their own Docker container of Nextcloud.  Linuxserver.io, as well as some others also have Nextcloud containers on Docker Hub. +
- +
-Nextcloud needs a number of services to run; the main Nextcloud server, a database and Redis. In addition, there needs to be a proxy server or similar to forward on common domain requests to sub-domains as well as handling certificates, however this is required for all the various services and can be considered separately. +
- +
-Refer to Nextcloud's [[https://docs.nextcloud.com/server/latest/admin_manual/maintenance/index.html|Maintenace]] section on instructions to backup, restore and migrate Nextcloud.  Also as I am using the official Nextcloud container it has additional instructions to [[https://github.com/docker-library/docs/blob/master/nextcloud/README.md#migrating-an-existing-installation:migrate]] Nextcloud to Docker. +
-  * uid: www-data / 33, gid: www-data / 33.  This seems to be Debian standard. Alpine linux seems to use 82 for www-data.  Just stick with uid/gid as per the image supplied, 82 for Alpine and ignore the names. +
-  * ''docker exec -u www-data nextcloud-app-1 php /var/www/html/cron.php'' runs the cron.php +
-  * ''docker exec -u www-data nextcloud-app-1 php occ maintenance:mode --off|on'' to turn maintenance mode off or on from the containers host shell +
- +
-====RedirectRegex==== +
-I get a redirect error in Nextcloud that I have not been able to track down to date.  Does not seem much info in this on the net, and the little there is also indicates a problem without and easy solution.  Nextcloud main support looks Apache web server based with little Nginx support and even less Traefik support. +
-Some resources related to this: +
-  *Traefik:  +
-    *[[https://doc.traefik.io/traefik/middlewares/http/redirectregex/#permanent|RedirectRegex]] +
-    *[[https://doc.traefik.io/traefik/middlewares/http/replacepathregex/|ReplacePathRegex]] +
-    *[[https://github.com/traefik/traefik/issues/723|Multiple entry regex redirects #723 ] +
-====References==== +
-  *docs nextcloud +
-    * [[https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#default-parameters|Configuration Parameters]] +
-    *[[https://help.nextcloud.com/t/is-there-a-safe-and-reliable-way-to-move-data-directory-out-of-web-root/3642|is-there-a-safe-and-reliable-way-to-move-data-directory-out-of-web-root]] +
-    *[[https://help.nextcloud.com/t/howto-change-move-data-directory-after-installation/17170|help.nextcloud.com/t/howto-change-move-data-directory-after-installation]] +
-    *[[https://github.com/nextcloud|github.com/nextcloud]] +
-    *[[https://hub.docker.com/_/nextcloud/| Docker Hub Nextcloud]] +
-    *[[https://github.com/docker-library/docs/blob/master/nextcloud/README.md|Github Docker Hub Nextcloud]] +
- +
-====Installing and Using MariaDB via Docker==== +
-[[https://mariadb.com/kb/en/installing-and-using-mariadb-via-docker/|Installing and Using MariaDB via Docker]] +
-[[]] +
- +
-====logging==== +
-[[https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html|Nextcloud configuration Logging]] +
-====backup==== +
-[[https://docs.nextcloud.com/server/stable/admin_manual/maintenance/backup.html|Backup]] +
- +
-====NGINX configuration==== +
-[[https://docs.nextcloud.com/server/25/admin_manual/installation/nginx.html|NGINX configuration]] +
- +
-====cron==== +
-''docker-compose exec -u www-data nextcloud php cron.php'' to run cron in Nextcloud Docker +
-[[https://help.nextcloud.com/t/nextcloud-docker-container-best-way-to-run-cron-job/157734|https://help.nextcloud.com/t/nextcloud-docker-container-best-way-to-run-cron-job/157734]] +
- +
- +
-=====Calibre===== +
- +
-====Calibre==== +
-This Docker container is based [[https://fleet.linuxserver.io/image?name=linuxserver/calibre|linuxserver/calibre]], [[https://hub.docker.com/r/linuxserver/calibre|Docker hub linuxserver/calibre]], [[https://calibre-ebook.com/|Calibre ebook management]] +
- +
-The image is based upon current Ubuntu Long term release. +
- +
-++++Calibre docker-compose.yml| +
-<code> +
-version: "3.9" +
-services: +
-  calibre: +
-    image: lscr.io/linuxserver/calibre:latest +
-    container_name: calibre +
-    security_opt: +
-      seccomp:unconfined #optional +
-    environment: +
-      - PUID=1000 +
-      - PGID=1000 +
-      - TZ=Australia/Perth +
-      - PASSWORD= #optional +
-      - CLI_ARGS= #optional +
-    volumes: +
-      - /media/disk1/KarlData/Karl Data 2/Calibre_library:/config +
-    ports: +
-      - 8088:8080 +
-      - 8089:8081 +
-    restart: unless-stopped +
-    networks: +
-      - proxy +
- +
-networks: +
-  proxy: +
-    external: true +
-</code> +
- +
-Notes: +
-  - Example version: "2.1" changes to "3.9" with no problem +
-  - The log error/warning concerning "Setting up desktop integration failed with error:...." is a common error when using Calibre on a server where desktop is not set up.  <fc #008000>Can be safely ignored.</fc> +
-  - To allow shell access added to ''docker-compose.yml'': <code> +
-    tty: true +
-    stdin_open: true +
-    command: /bin/sh</code> +
- +
-++++ +
- +
-====Calibre-web==== +
- +
-This Docker container is based [[https://fleet.linuxserver.io/image?name=linuxserver/calibre-web|linuxserver/calibre-web.]], [[https://hub.docker.com/r/linuxserver/calibre-web|Docker hub linuxserver/calibre-web]], [[https://github.com/janeczku/calibre-web/wiki|Calibre-web wiki]] +
- +
-The image is based upon current Ubuntu long term release. +
- +
-++++Calibre-web docker-compose.yml| +
-<code> +
-version: "3.9" +
-services: +
-  calibre-web: +
-    image: lscr.io/linuxserver/calibre-web:latest +
-    #image: lscr.io/linuxserver/calibre-web:0.6.18-ls169 +
-    container_name: calibre-web +
-    security_opt: +
-      - seccomp:unconfined #optional +
-    environment: +
-      - PUID=1000 +
-      - PGID=1000 +
-      - TZ=Australia/Perth +
-      - DOCKER_MODS=linuxserver/mods:universal-calibre #optional +
-      - OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional +
-    volumes: +
-      - /home/docker_store/calibre-web/config:/config +
-      - /media/disk1/KarlData/Karl Data 2/Calibre_library:/books +
-    ports: +
-      - 8087:8083 +
-    restart: unless-stopped +
-    networks: +
-      - proxy +
- +
-networks: +
-  proxy: +
-    external: true +
-</code> +
- +
-Notes: +
-  - Example version: "2.1" changes to "3.9" with no problem +
-  - The default login / password: admin / admin123 +
-  - The /books direct points to the directory specified for the existing (or new) Calibre library +
-  - The log error/warning concerning "Setting up desktop integration failed with error:...." is a common error when using Calibre on a server where desktop is not set up.  <fc #008000>Can be safely ignored.</fc> +
-++++ +
-====References==== +
-  *Matthias Schoettle [[https://mattsch.com/2020/01/16/notes-on-traefik-v2-nextcloud-etc/|Notes on traefik v2, Nextcloud, etc.]]  +
-  *Nextcloud Docs: +
-    *[[https://docs.nextcloud.com/|Nextcloud Documentation Overview]] +
-    *The [[https://docs.nextcloud.com/server/latest/admin_manual/maintenance/index.html|Maintenance]] section covers migrating to another server as well as backup, restore and upgrading. +
-  *smarthome beginner's [[https://www.smarthomebeginner.com/traefik-docker-nextcloud/|Nextcloud Docker with Traefik Reverse Proxy for Beginners]] +
-  *Reddit[[https://www.reddit.com/r/docker/comments/njnvth/linuxserverio_nextcloud_dockercompoe_is_all_i_need/Linuxserver.io Nextcloud docker-compoe is all i need?]] +
-  *[[https://help.nextcloud.com/t/collabora-setup-with-docker-linuxserver-ios-letsencrypt/79563|Collabora setup with docker (linuxserver.io’s letsencrypt)]] +
-  *[[https://linuxhandbook.com/install-nextcloud-docker/|How to Install Nextcloud with Docker on Your Linux Server]] +
-  *[[https://www.youtube.com/watch?v=aIBTbsk7rnA|Youtube - How to Install Nextcloud on Docker using Portainer]] +
-  *linuxserver.io [[https://forum.libreelec.tv/thread/25327-install-nextcloud-linuxserver-io/|Install Nextcloud (LinuxServer.io)]] +
-  *Nextcloud [[https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml| docker/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml]] +
-  *Christain Lempa [[https://github.com/ChristianLempa/boilerplates/blob/main/docker-compose/nextcloud/nextcloud.yaml| boilerplates/docker-compose/nextcloud/nextcloud.yaml]] +
- +
- +
-=====Other Possible Apps/Images===== +
-  *[[https://crazymax.dev/diun/|Diun]] is a tool to notify if docker images have been updated. (Reportedly better than automatic updates such as watchtower.) +
-  *heindall a dashboard application. Low priority..... +
-  *[[https://docs.linuxserver.io/general/awesome-lsio|linuxserver.io docker images]] +
- +
-<- docker_notes:docker-compose|Back ^ docker_notes:index|Start page ^ docker_notes:docker-deluge|Next ->+