| Both sides previous revision Previous revision Next revision | Previous revision |
| docker_notes:docker-dokuwiki [2023-05-24 Wed wk21 20:17] – [References] baumkp | docker_notes:docker-dokuwiki [2023-05-30 Tue wk22 20:08] (current) – baumkp |
|---|
| {{tag>linux docker traefik godaddy dokuwiki nextcloud container}} | {{tag>linux docker traefik dokuwiki container}} |
| ======Docker Containers====== | |
| |
| =====Reverse Proxy Server===== | |
| I seem to have gotten the Traefik reverse proxy working according to Techno Tim [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] ([[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl|github reference_files for traefik-portainer-ssl]]) | |
| |
| Below is a basic description of the process that aligns with my configuration files. I do this for 2 reasons, both allowing me independence. | ======Dokuwiki====== |
| - Sometimes the source information or link are; changed, lost or removed. | =====Main Dokuwiki Page===== |
| - These note reference my current specific installation. | |
| | |
| =====Proxy network to connect them all===== | |
| These containers all talk via a docker bridge network named proxy, ''docker network create proxy'' | |
| ====Traefik==== | |
| <code bash [enable_line_numbers="true"]> | |
| cd /home/docker_store | |
| sudo mkdir traefik | |
| sudo chown baumkp:baumkp traefik | |
| cd traefik | |
| mkdir data | |
| cd data | |
| touch acme.json | |
| chmod 600 acme.json | |
| touch traefik.yml | |
| cd ..</code> | |
| My traefik.yml locatation: ''/home/docker_store/traefik/data/traefik.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here]].\\ | |
| | |
| ===create docker network=== | |
| <code bash [enable_line_numbers="true"]>docker network create proxy</code> | |
| <code bash [enable_line_numbers="true"]>touch docker-compose.yml | |
| touch provider.env</code> | |
| My docker-compose.yml location: ''/home/docker_store/traefik/docker-compose.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here.]]\\ | |
| //<fc #ff0000><fs small>**Note** my docker compose file has some changes from the TechnoTim one, in particular the use of the Godaddy DNS chanlenge API instead of the the Cloudflare one used by TechnoTim.</fs></fc>//\\ | |
| \\ | |
| ===Generate and Install Godaddy DNS Challenge Data=== | |
| Sadly Godaddy does not make it as transparent as it should be to access their DNS challenge API. Perhaps because they are focused on their commercial certificate product. It is accessed from their developer portal [[https://developer.godaddy.com/|Godaddy Developer Portal]], from here the API keys can be made. These keys then need to be copied into ''/home/docker_store/traefik/data/provider.env'': | |
| <code [enable_line_numbers="true">GODADDY_API_KEY=[Your API_KEY key from Godaddy API] | |
| GODADDY_API_SECRET=[Your API_SECRET key from Godaddy API]</code> | |
| \\ | |
| ===Generate and install Basic Authentication Password=== | |
| <code bash [enable_line_numbers="true"]>sudo apt update | |
| sudo apt install apache2-utils</code> | |
| <code bash [enable_line_numbers="true"]>echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g</code> | |
| NOTE: Replace <USER> with your username and <PASSWORD> with your password to be hashed. | |
| | |
| Paste the output in your docker-compose.yml in line (traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>) | |
| \\ | |
| \\ | |
| <code bash [enable_line_numbers="true"]>cd data | |
| touch config.yml</code> | |
| <code bash [enable_line_numbers="true"]>docker-compose up -d</code> | |
| ====Portainer==== | |
| <code bash [enable_line_numbers="true"]>cd /home/docker_store | |
| sudo mkdir portainer | |
| sudo chown baumkp:baumkp portainer | |
| cd portainer | |
| touch docker-compose.yml | |
| mkdir data</code> | |
| My docker-compose.yml location: ''/home/docker_store/portainer/docker-compose.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/portainer|here.]]\\ | |
| <code bash [enable_line_numbers="true"]>docker-compose up -d</code> | |
| | |
| ====Traefik Routes Config==== | |
| <code bash [enable_line_numbers="true"]>cd /home/docker_store/traefik/data | |
| nvim config.yml</code> | |
| My config.yml location: ''/home/docker_store/traefik/data/config.yml''. The current TechnoTim one [[https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik|here.]], also look at **Portainer's** instructions here: [[https://docs.portainer.io/advanced/reverse-proxy/traefik|Deploying Portainer behind Traefik Proxy]]\\ | |
| <code bash [enable_line_numbers="true"]>docker-compose up -d --force-recreate</code>\\ | |
| Folder Structure: | |
| <code>./traefik | |
| ├── data | |
| │ ├── acme.json | |
| │ ├── config.yml | |
| │ ├── provided.env.yml | |
| │ └── traefik.yml | |
| └── docker-compose.yml</code> | |
| ====whitelisting==== | |
| Todo: look at whitelisting in more detail | |
| * ''/home/docker_store/traefik/data/config.yml'' has traefik middleware whitelisting defined looks defined as default for all containers in config.yml. Need to check following: | |
| * Can this be defined for each container setup in config.yml? Looks likely. | |
| * Can this be reliably setup for public access of certain containers? | |
| * Ensure **no** public access to portainer and traefik dashboards? | |
| * See reddit dicussion [[https://www.reddit.com/r/Traefik/comments/qi2435/traefik_v2_mixed_and_both_internal_and_external/Traefik v2 mixed (and both) internal and external?]], which indicates this is so, however it notes a possible issue with VPN access. | |
| ====References==== | |
| *Traefik | |
| * [[https://hub.docker.com/_/traefik|Traefix]] | |
| * [[https://doc.traefik.io/traefik/https/acme/|traefik proxy & Lets Encrypt]] | |
| * Smarthome Beginner [[https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/|Ultimate Traefik Docker Compose Guide [2022] with LetsEncrypt]] | |
| * Christian Lempa [[https://github.com/ChristianLempa/boilerplates/tree/main/docker-compose/traefik|boilerplates/docker-compose/traefik/]] | |
| * Techno Tim [[https://github.com/techno-tim/techno-tim.github.io/blob/master/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml| | |
| techno-tim.github.io/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml]] / [[https://docs.technotim.live/posts/traefik-portainer-ssl/|Put Wildcard Certificates and SSL on EVERYTHING]] | |
| * [[https://github.com/traefik/traefik/issues/6686| (Traefik v2.2) Unable to obtain ACME certificate with DNS challenge using Go Daddy]] | |
| * [[https://stackoverflow.com/questions/61234489/cannot-get-wildcard-certificate-with-traefik-v2-and-godaddy|Cannot get wildcard certificate with traefik v2 and godaddy]] | |
| * [[https://forums.docker.com/t/traefik-acme-with-godaddy-as-provider/56743|Traefik - ACME with GoDaddy as provider]] | |
| | |
| *Traefik whitelists | |
| | |
| *Nginx Proxy Manager | |
| * Nginxproxymanager.com [[https://nginxproxymanager.com/advanced-config/#best-practice-use-a-docker-network|Best Practice: Use a Docker network]] | |
| | |
| | |
| =====Dokuwiki===== | |
| ====Main Dokuwiki Page==== | |
| The main dokuwiki page [[tech_notes:home_server|dokuwiki_setup]]. | The main dokuwiki page [[tech_notes:home_server|dokuwiki_setup]]. |
| ====Dokuwiki Container==== | =====Dokuwiki Container===== |
| This use the the [[https://www.linuxserver.io/|linuxserver.io]] image from dockerhub, [[https://hub.docker.com/r/linuxserver/dokuwiki/#!|linuxserver/dokuwiki]]. The Linuxserver.io documents can be found here[[https://docs.linuxserver.io/|doc.linuxserver.io]].\\ | This use the the [[https://www.linuxserver.io/|linuxserver.io]] image from dockerhub, [[https://hub.docker.com/r/linuxserver/dokuwiki/#!|linuxserver/dokuwiki]]. The Linuxserver.io documents can be found here[[https://docs.linuxserver.io/|doc.linuxserver.io]].\\ |
| Defines web_data volume: | Defines web_data volume: |
| After setting up the internal indexes could be messed up. The plugin SearchIndex Manager can be used to recreate these indexes. | After setting up the internal indexes could be messed up. The plugin SearchIndex Manager can be used to recreate these indexes. |
| |
| =====Nextcloud Container===== | <- docker_notes:docker-reverse-proxy|Back ^ docker_notes:index|Start page ^ docker_notes:docker-nextcloud|Next -> |
| Nextcloud publishes their own Docker container of Nextcloud. Linuxserver.io, as well as some others also have Nextcloud containers on Docker Hub. | |
| | |
| Nextcloud needs a number of services to run; the main Nextcloud server, a database and Redis. In addition, there needs to be a proxy server or similar to forward on common domain requests to sub-domains as well as handling certificates, however this is required for all the various services and can be considered separately. | |
| | |
| Refer to Nextcloud's [[https://docs.nextcloud.com/server/latest/admin_manual/maintenance/index.html|Maintenace]] section on instructions to backup, restore and migrate Nextcloud. Also as I am using the official Nextcloud container it has additional instructions to [[https://github.com/docker-library/docs/blob/master/nextcloud/README.md#migrating-an-existing-installation:migrate]] Nextcloud to Docker. | |
| * uid: www-data / 33, gid: www-data / 33. This seems to be Debian standard. Alpine linux seems to use 82 for www-data. Just stick with uid/gid as 33 and ignore the names. | |
| * | |
| | |
| ====References==== | |
| *docs nextcloud | |
| * [[https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#default-parameters|Configuration Parameters]] | |
| *[[https://help.nextcloud.com/t/is-there-a-safe-and-reliable-way-to-move-data-directory-out-of-web-root/3642|is-there-a-safe-and-reliable-way-to-move-data-directory-out-of-web-root]] | |
| *[[https://help.nextcloud.com/t/howto-change-move-data-directory-after-installation/17170|help.nextcloud.com/t/howto-change-move-data-directory-after-installation]] | |
| *[[https://github.com/nextcloud|github.com/nextcloud]] | |
| =====Calibre===== | |
| | |
| ====Calibre==== | |
| This Docker container is based [[https://fleet.linuxserver.io/image?name=linuxserver/calibre|linuxserver/calibre]], [[https://hub.docker.com/r/linuxserver/calibre|Docker hub linuxserver/calibre]], [[https://calibre-ebook.com/|Calibre ebook management]] | |
| | |
| The image is based upon current Ubuntu Long term release. | |
| | |
| ++++Calibre docker-compose.yml| | |
| <code> | |
| version: "3.9" | |
| services: | |
| calibre: | |
| image: lscr.io/linuxserver/calibre:latest | |
| container_name: calibre | |
| security_opt: | |
| - seccomp:unconfined #optional | |
| environment: | |
| - PUID=1000 | |
| - PGID=1000 | |
| - TZ=Australia/Perth | |
| - PASSWORD= #optional | |
| - CLI_ARGS= #optional | |
| volumes: | |
| - /media/disk1/KarlData/Karl Data 2/Calibre_library:/config | |
| ports: | |
| - 8088:8080 | |
| - 8089:8081 | |
| restart: unless-stopped | |
| networks: | |
| - proxy | |
| | |
| networks: | |
| proxy: | |
| external: true | |
| </code> | |
| | |
| Notes: | |
| - Example version: "2.1" changes to "3.9" with no problem | |
| - The log error/warning concerning "Setting up desktop integration failed with error:...." is a common error when using Calibre on a server where desktop is not set up. <fc #008000>Can be safely ignored.</fc> | |
| - To allow shell access added to ''docker-compose.yml'': <code> | |
| tty: true | |
| stdin_open: true | |
| command: /bin/sh</code> | |
| | |
| ++++ | |
| | |
| ====Calibre-web==== | |
| | |
| This Docker container is based [[https://fleet.linuxserver.io/image?name=linuxserver/calibre-web|linuxserver/calibre-web.]], [[https://hub.docker.com/r/linuxserver/calibre-web|Docker hub linuxserver/calibre-web]], [[https://github.com/janeczku/calibre-web/wiki|Calibre-web wiki]] | |
| | |
| The image is based upon current Ubuntu long term release. | |
| | |
| ++++Calibre-web docker-compose.yml| | |
| <code> | |
| version: "3.9" | |
| services: | |
| calibre-web: | |
| image: lscr.io/linuxserver/calibre-web:latest | |
| #image: lscr.io/linuxserver/calibre-web:0.6.18-ls169 | |
| container_name: calibre-web | |
| security_opt: | |
| - seccomp:unconfined #optional | |
| environment: | |
| - PUID=1000 | |
| - PGID=1000 | |
| - TZ=Australia/Perth | |
| - DOCKER_MODS=linuxserver/mods:universal-calibre #optional | |
| - OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional | |
| volumes: | |
| - /home/docker_store/calibre-web/config:/config | |
| - /media/disk1/KarlData/Karl Data 2/Calibre_library:/books | |
| ports: | |
| - 8087:8083 | |
| restart: unless-stopped | |
| networks: | |
| - proxy | |
| | |
| networks: | |
| proxy: | |
| external: true | |
| </code> | |
| | |
| Notes: | |
| - Example version: "2.1" changes to "3.9" with no problem | |
| - The default login / password: admin / admin123 | |
| - The /books direct points to the directory specified for the existing (or new) Calibre library | |
| - The log error/warning concerning "Setting up desktop integration failed with error:...." is a common error when using Calibre on a server where desktop is not set up. <fc #008000>Can be safely ignored.</fc> | |
| ++++ | |
| ====References==== | |
| *Matthias Schoettle [[https://mattsch.com/2020/01/16/notes-on-traefik-v2-nextcloud-etc/|Notes on traefik v2, Nextcloud, etc.]] | |
| *Nextcloud Docs: | |
| *[[https://docs.nextcloud.com/|Nextcloud Documentation Overview]] | |
| *The [[https://docs.nextcloud.com/server/latest/admin_manual/maintenance/index.html|Maintenance]] section covers migrating to another server as well as backup, restore and upgrading. | |
| *smarthome beginner's [[https://www.smarthomebeginner.com/traefik-docker-nextcloud/|Nextcloud Docker with Traefik Reverse Proxy for Beginners]] | |
| *Reddit[[https://www.reddit.com/r/docker/comments/njnvth/linuxserverio_nextcloud_dockercompoe_is_all_i_need/Linuxserver.io Nextcloud docker-compoe is all i need?]] | |
| *[[https://help.nextcloud.com/t/collabora-setup-with-docker-linuxserver-ios-letsencrypt/79563|Collabora setup with docker (linuxserver.io’s letsencrypt)]] | |
| *[[https://linuxhandbook.com/install-nextcloud-docker/|How to Install Nextcloud with Docker on Your Linux Server]] | |
| *[[https://www.youtube.com/watch?v=aIBTbsk7rnA|Youtube - How to Install Nextcloud on Docker using Portainer]] | |
| *linuxserver.io [[https://forum.libreelec.tv/thread/25327-install-nextcloud-linuxserver-io/|Install Nextcloud (LinuxServer.io)]] | |
| *Nextcloud [[https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml| docker/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml]] | |
| *Christain Lempa [[https://github.com/ChristianLempa/boilerplates/blob/main/docker-compose/nextcloud/nextcloud.yaml| boilerplates/docker-compose/nextcloud/nextcloud.yaml]] | |
| | |
| =====Deluge===== | |
| A torrent application with a web based server. I will probably need to fully build this one myself as I use a VPN with fire wall that only allows communication on LAN or using firewall tunnel for WAN. | |
| | |
| =====Other Possible Apps/Images===== | |
| *[[https://crazymax.dev/diun/|Diun]] is a tool to notify if docker images have been updated. (Reportedly better than automatic updates such as watchtower.) | |
| *heindall a dashboard application. Low priority..... | |
| *[[https://docs.linuxserver.io/general/awesome-lsio|linuxserver.io docker images]] | |
| | |
| <- docker_notes:docker-compose|Back ^ docker_notes:index|Start page ^ docker_notes:docker-deluge|Next -> | |
| |