Docker Containers

I seem to have gotten the Traefik reverse proxy working according to Techno Tim Put Wildcard Certificates and SSL on EVERYTHING (github reference_files for traefik-portainer-ssl)

Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence.

1. Sometimes the source information or link are; changed, lost or removed.
2. These note reference my current specific installation.

These containers all talk via a docker bridge network named proxy, docker network create proxy

cd /home/docker_store
sudo mkdir traefik
sudo chown baumkp:baumkp traefik
cd traefik
mkdir data
cd data
touch acme.json
chmod 600 acme.json
touch traefik.yml
cd ..

My traefik.yml locatation: /home/docker_store/traefik/data/traefik.yml. The current TechnoTim one here.

docker network create proxy

touch docker-compose.yml
touch provider.env

My docker-compose.yml location: /home/docker_store/traefik/docker-compose.yml. The current TechnoTim one here.
Note my docker compose file has some changes from the TechnoTim one, in particular the use of the Godaddy DNS chanlenge API instead of the the Cloudflare one used by TechnoTim.

Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal Godaddy Developer Portal, from here the API keys can be made. These keys then need to be copied into /home/docker_store/traefik/data/provider.env:

GODADDY_API_KEY=[Your API_KEY key from Godaddy API]
GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]

sudo apt update
sudo apt install apache2-utils

echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g

NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed.

Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>)

cd data
touch config.yml

docker-compose up -d

cd /home/docker_store
sudo mkdir portainer
sudo chown baumkp:baumkp portainer
cd portainer
touch docker-compose.yml
mkdir data

My docker-compose.yml location: /home/docker_store/portainer/docker-compose.yml. The current TechnoTim one here.

docker-compose up -d

cd /home/docker_store/traefik/data
nvim config.yml

My config.yml location: /home/docker_store/traefik/data/config.yml. The current TechnoTim one here., also look at Portainer's instructions here: Deploying Portainer behind Traefik Proxy

docker-compose up -d --force-recreate

Folder Structure:

./traefik
├── data
│   ├── acme.json
│   ├── config.yml
│   ├── provided.env.yml
│   └── traefik.yml
└── docker-compose.yml

Todo: look at whitelisting in more detail

• /home/docker_store/traefik/data/config.yml has traefik middleware whitelisting defined looks defined as default for all containers in config.yml. Need to check following:
  • Can this be defined for each container setup in config.yml? Looks likely.
  • Can this be reliably setup for public access of certain containers?
  • Ensure no public access to portainer and traefik dashboards?
• See reddit dicussion https://www.reddit.com/r/Traefik/comments/qi2435/traefik_v2_mixed_and_both_internal_and_external/Traefik v2 mixed (and both) internal and external?, which indicates this is so, however it notes a possible issue with VPN access.

• Traefik
  • Traefix
  • traefik proxy & Lets Encrypt
  • Smarthome Beginner Ultimate Traefik Docker Compose Guide [2022] with LetsEncrypt
  • Christian Lempa boilerplates/docker-compose/traefik/
  • Techno Tim techno-tim.github.io/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml / Put Wildcard Certificates and SSL on EVERYTHING
  • (Traefik v2.2) Unable to obtain ACME certificate with DNS challenge using Go Daddy
  • Cannot get wildcard certificate with traefik v2 and godaddy
  • Traefik - ACME with GoDaddy as provider

• Traefik whitelists

• Nginx Proxy Manager
  • Nginxproxymanager.com Best Practice: Use a Docker network

The main dokuwiki page dokuwiki_setup.

This use the the linuxserver.io image from dockerhub, linuxserver/dokuwiki. The Linuxserver.io documents can be found heredoc.linuxserver.io.
Defines web_data volume:

#Not USED
docker volume create --driver local \
    --opt type=none \
    --opt device="/home/docker_store/cloud.kptree.net/data" \
    --opt o=bind cloud_data

version: "2.1"
services:
  dokuwiki:
    image: lscr.io/linuxserver/dokuwiki:latest
    container_name: dokuwiki
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Australia/Perth
    volumes:
    - /home/docker_store/wiki.kptree.net/config:/config
    ports:
      - 8081:80
    #  - 443:443 #optional
    restart: unless-stopped 

Todo:

• Need to create a local LAN only functional back-up of the wiki in my back-up server so I have a backup in case the main wiki with my configuration notes becomes unavailable.

Some of the following nuances may help when transferring Dokuwiki servers:

• The dokuwiki image uses the following permanent volume storage, in config/dokuwiki:
  • conf (basically copy everything from existing to here)
  • data (basically copy everything from existing to here)
  • inc → /app/www/public/inc (symlink back to container, no point changing)
  • lib (basically copy everything from existing to here)
  • vendor → /app/www/public/vendor (symlink back to container, no point changing)

The DokuWiki page How to backup DokuWiki? has the basic information to backup a Dokuwiki.

After setting up the internal indexes could be messed up. The plugin SearchIndex Manager can be used to recreate these indexes.

Nextcloud publishes their own Docker container of Nextcloud. Linuxserver.io, as well as some others also have Nextcloud containers on Docker Hub.

Nextcloud needs a number of services to run; the main Nextcloud server, a database and Redis. In addition, there needs to be a proxy server or similar to forward on common domain requests to sub-domains as well as handling certificates, however this is required for all the various services and can be considered separately.

Refer to Nextcloud's Maintenace section on instructions to backup, restore and migrate Nextcloud. Also as I am using the official Nextcloud container it has additional instructions to https://github.com/docker-library/docs/blob/master/nextcloud/README.md#migrating-an-existing-installation:migrate Nextcloud to Docker.

• uid: www-data / 33, gid: www-data / 33. This seems to be Debian standard. Alpine linux seems to use 82 for www-data. Just stick with uid/gid as 33 and ignore the names.

This Docker container is based linuxserver/calibre, Docker hub linuxserver/calibre, Calibre ebook management

The image is based upon current Ubuntu Long term release.

Calibre docker-compose.yml

version: "3.9"
services:
  calibre:
    image: lscr.io/linuxserver/calibre:latest
    container_name: calibre
    security_opt:
      - seccomp:unconfined #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Australia/Perth
      - PASSWORD= #optional
      - CLI_ARGS= #optional
    volumes:
      - /media/disk1/KarlData/Karl Data 2/Calibre_library:/config
    ports:
      - 8088:8080
      - 8089:8081
    restart: unless-stopped
    networks:
      - proxy

networks:
  proxy:
    external: true

This Docker container is based linuxserver/calibre-web., Docker hub linuxserver/calibre-web, Calibre-web wiki

The image is based upon current Ubuntu long term release.

Calibre-web docker-compose.yml

version: "3.9"
services:
  calibre-web:
    image: lscr.io/linuxserver/calibre-web:latest
    #image: lscr.io/linuxserver/calibre-web:0.6.18-ls169
    container_name: calibre-web
    security_opt:
      - seccomp:unconfined #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Australia/Perth
      - DOCKER_MODS=linuxserver/mods:universal-calibre #optional
      - OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional
    volumes:
      - /home/docker_store/calibre-web/config:/config
      - /media/disk1/KarlData/Karl Data 2/Calibre_library:/books
    ports:
      - 8087:8083
    restart: unless-stopped
    networks:
      - proxy

networks:
  proxy:
    external: true

• Matthias Schoettle Notes on traefik v2, Nextcloud, etc.
• Nextcloud Docs:
  • Nextcloud Documentation Overview
  • The Maintenance section covers migrating to another server as well as backup, restore and upgrading.
• smarthome beginner's Nextcloud Docker with Traefik Reverse Proxy for Beginners
• Reddithttps://www.reddit.com/r/docker/comments/njnvth/linuxserverio_nextcloud_dockercompoe_is_all_i_need/Linuxserver.io Nextcloud docker-compoe is all i need?
• Collabora setup with docker (linuxserver.io’s letsencrypt)
• How to Install Nextcloud with Docker on Your Linux Server
• Youtube - How to Install Nextcloud on Docker using Portainer
• linuxserver.io Install Nextcloud (LinuxServer.io)
• Nextcloud docker/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
• Christain Lempa boilerplates/docker-compose/nextcloud/nextcloud.yaml

A torrent application with a web based server. I will probably need to fully build this one myself as I use a VPN with fire wall that only allows communication on LAN or using firewall tunnel for WAN.

• Diun is a tool to notify if docker images have been updated. (Reportedly better than automatic updates such as watchtower.)
• heindall a dashboard application. Low priority…..
• linuxserver.io docker images