update
This commit is contained in:
parent
af00ea3175
commit
af6c0e0158
|
@ -2,9 +2,9 @@
|
|||
|
||||
###### guide by example
|
||||
|
||||
![logo](https://i.imgur.com/BQ9Ec6f.png)
|
||||
![logo](https://i.imgur.com/tT3FQLJ.png)
|
||||
|
||||
### Purpose
|
||||
## Purpose
|
||||
|
||||
Password manager. RS version is simpler and lighter than the official bitwarden.
|
||||
|
||||
|
@ -12,7 +12,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
* [Github](https://github.com/dani-garcia/bitwarden_rs)
|
||||
* [DockerHub](https://hub.docker.com/r/bitwardenrs/server)
|
||||
|
||||
### Files and directory structure
|
||||
## Files and directory structure
|
||||
|
||||
```
|
||||
/home
|
||||
|
@ -25,7 +25,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
└── 🗋 bitwarden-backup-script.sh
|
||||
```
|
||||
|
||||
### docker-compose
|
||||
## docker-compose
|
||||
|
||||
[Documentation](https://github.com/dani-garcia/bitwarden_rs/wiki/Using-Docker-Compose) on compose.
|
||||
|
||||
|
@ -40,20 +40,9 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
hostname: bitwarden
|
||||
container_name: bitwarden
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
volumes:
|
||||
- ./bitwarden-data/:/data/
|
||||
environment:
|
||||
- TZ
|
||||
- ADMIN_TOKEN
|
||||
- DOMAIN
|
||||
- SIGNUPS_ALLOWED
|
||||
- SMTP_SSL
|
||||
- SMTP_EXPLICIT_TLS
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT
|
||||
- SMTP_USERNAME
|
||||
- SMTP_PASSWORD
|
||||
- SMTP_FROM
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -84,7 +73,10 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
SMTP_FROM=admin@blabla.org
|
||||
```
|
||||
|
||||
### Reverse proxy
|
||||
**All containers must be on the same network**.</br>
|
||||
If one does not exist yet: `docker network create caddy_net`
|
||||
|
||||
## Reverse proxy
|
||||
|
||||
Caddy v2 is used, details [here.](https://github.com/DoTheEvo/Caddy-v2-examples)</br>
|
||||
Bitwarden_rs documentation has a [section on reverse proxy.](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples)
|
||||
|
@ -96,6 +88,12 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
}
|
||||
|
||||
passwd.{$MY_DOMAIN} {
|
||||
header / {
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Frame-Options "DENY"
|
||||
X-Robots-Tag "none"
|
||||
-Server
|
||||
}
|
||||
encode gzip
|
||||
reverse_proxy /notifications/hub/negotiate bitwarden:80
|
||||
reverse_proxy /notifications/hub bitwarden:3012
|
||||
|
@ -103,17 +101,19 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
}
|
||||
```
|
||||
|
||||
### Forward port 3012 on your router
|
||||
## Forward port 3012 on your router
|
||||
|
||||
- websocket protocol used for some kind of notifications
|
||||
|
||||
### Extra info
|
||||
## Extra info
|
||||
|
||||
* **bitwarden can be managed** at `<url>/admin` and entering `ADMIN_TOKEN` set in the `.env` file
|
||||
|
||||
---
|
||||
|
||||
![interface-pic](https://i.imgur.com/5LxEUsA.png)
|
||||
|
||||
### Update
|
||||
## Update
|
||||
|
||||
* [watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower) updates the image automaticly
|
||||
|
||||
|
@ -122,7 +122,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
`docker-compose up -d`</br>
|
||||
`docker image prune`
|
||||
|
||||
### Backup and restore
|
||||
## Backup and restore
|
||||
|
||||
* **backup** using [borgbackup setup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
|
||||
that makes daily snapshot of the entire directory
|
||||
|
@ -133,7 +133,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
|
|||
from the backup copy back the bitwarden directortory</br>
|
||||
start the container `docker-compose up -d`
|
||||
|
||||
### Backup of just user data
|
||||
## Backup of just user data
|
||||
|
||||
user-data daily export using the [official procedure.](https://github.com/dani-garcia/bitwarden_rs/wiki/Backing-up-your-vault)</br>
|
||||
For bitwarden_rs it means sqlite database dump and backing up `attachments` directory.
|
||||
|
@ -161,7 +161,7 @@ but borg backup is daily making snapshot of the entire directory.
|
|||
`0 2 * * * /home/bastard/docker/bitwarden/bitwarden-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
|
||||
`crontab -l` - list cronjobs
|
||||
|
||||
### Restore the user data
|
||||
## Restore the user data
|
||||
|
||||
Assuming clean start.
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
![logo](https://i.imgur.com/qDXwqaU.png)
|
||||
|
||||
### Purpose
|
||||
## Purpose
|
||||
|
||||
Documentation and notes.
|
||||
|
||||
|
@ -12,7 +12,7 @@ Documentation and notes.
|
|||
* [Github](https://github.com/BookStackApp/BookStack)
|
||||
* [DockerHub](https://hub.docker.com/r/linuxserver/bookstack)
|
||||
|
||||
### Files and directory structure
|
||||
## Files and directory structure
|
||||
|
||||
```
|
||||
/home
|
||||
|
@ -20,13 +20,13 @@ Documentation and notes.
|
|||
└── docker
|
||||
└── bookstack
|
||||
├── 🗁 bookstack-data
|
||||
├── 🗁 bookstack-data-db
|
||||
├── 🗁 bookstack-db-data
|
||||
├── 🗋 .env
|
||||
├── 🗋 docker-compose.yml
|
||||
└── 🗋 bookstack-backup-script.sh
|
||||
```
|
||||
|
||||
### docker-compose
|
||||
## docker-compose
|
||||
|
||||
Dockerhub linuxserver/bookstack [example compose.](https://hub.docker.com/r/linuxserver/bookstack)
|
||||
|
||||
|
@ -40,43 +40,21 @@ Documentation and notes.
|
|||
image: linuxserver/mariadb
|
||||
container_name: bookstack-db
|
||||
hostname: bookstack-db
|
||||
environment:
|
||||
- TZ
|
||||
- PUID
|
||||
- PGID
|
||||
- MYSQL_ROOT_PASSWORD
|
||||
- MYSQL_DATABASE
|
||||
- MYSQL_USER
|
||||
- MYSQL_PASSWORD
|
||||
volumes:
|
||||
- ./bookstack-data-db:/config
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
volumes:
|
||||
- ./bookstack-db-data:/config
|
||||
|
||||
bookstack:
|
||||
image: linuxserver/bookstack
|
||||
container_name: bookstack
|
||||
hostname: bookstack
|
||||
environment:
|
||||
- TZ
|
||||
- PUID
|
||||
- PGID
|
||||
- DB_HOST
|
||||
- DB_USER
|
||||
- DB_PASS
|
||||
- DB_DATABASE
|
||||
- APP_URL
|
||||
- MAIL_DRIVER
|
||||
- MAIL_HOST
|
||||
- MAIL_PORT
|
||||
- MAIL_FROM
|
||||
- MAIL_USERNAME
|
||||
- MAIL_PASSWORD
|
||||
- MAIL_ENCRYPTION
|
||||
volumes:
|
||||
- ./bookstack-data:/config
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
depends_on:
|
||||
- bookstack-db
|
||||
volumes:
|
||||
- ./bookstack-data:/config
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -92,17 +70,17 @@ Documentation and notes.
|
|||
DEFAULT_NETWORK=caddy_net
|
||||
TZ=Europe/Prague
|
||||
|
||||
# BOOKSTACK-MARIADB
|
||||
#LINUXSERVER.IO
|
||||
PUID=1000
|
||||
PGID=1000
|
||||
|
||||
# BOOKSTACK-MARIADB
|
||||
MYSQL_ROOT_PASSWORD=bookstack
|
||||
MYSQL_DATABASE=bookstack
|
||||
MYSQL_USER=bookstack
|
||||
MYSQL_PASSWORD=bookstack
|
||||
|
||||
# BOOKSTACK
|
||||
PUID=1000
|
||||
PGID=1000
|
||||
DB_HOST=bookstack-db
|
||||
DB_USER=bookstack
|
||||
DB_PASS=bookstack
|
||||
|
@ -122,7 +100,7 @@ Documentation and notes.
|
|||
**All containers must be on the same network**.</br>
|
||||
If one does not exist yet: `docker network create caddy_net`
|
||||
|
||||
### Reverse proxy
|
||||
## Reverse proxy
|
||||
|
||||
Caddy v2 is used,
|
||||
details [here](https://github.com/DoTheEvo/Caddy-v2-examples)
|
||||
|
@ -134,15 +112,15 @@ Documentation and notes.
|
|||
}
|
||||
|
||||
book.{$MY_DOMAIN} {
|
||||
reverse_proxy {
|
||||
to bookstack:80
|
||||
}
|
||||
reverse_proxy bookstack:80
|
||||
}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
![interface-pic](https://i.imgur.com/cN1GUZw.png)
|
||||
|
||||
### Update
|
||||
## Update
|
||||
|
||||
* [watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower) updates the image automaticly
|
||||
|
||||
|
@ -151,7 +129,7 @@ Documentation and notes.
|
|||
`docker-compose up -d`</br>
|
||||
`docker image prune`
|
||||
|
||||
### Backup and restore
|
||||
## Backup and restore
|
||||
|
||||
* **backup** using [borgbackup setup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
|
||||
that makes daily snapshot of the entire directory
|
||||
|
@ -162,7 +140,7 @@ Documentation and notes.
|
|||
from the backup copy back the bookstack directortory</br>
|
||||
start the container `docker-compose up -d`
|
||||
|
||||
### Backup of just user data
|
||||
## Backup of just user data
|
||||
|
||||
user-data daily export using the [official procedure.](https://www.bookstackapp.com/docs/admin/backup-restore/)</br>
|
||||
For bookstack it means database dump and backing up several directories containing user uploaded files.
|
||||
|
@ -190,7 +168,7 @@ but borg backup is daily making snapshot of the entire directory.
|
|||
`0 2 * * * /home/bastard/docker/bookstack/bookstack-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
|
||||
`crontab -l` - list cronjobs
|
||||
|
||||
### Restore the user data
|
||||
## Restore the user data
|
||||
|
||||
Assuming clean start, first restore the database before running the app container.
|
||||
|
||||
|
|
|
@ -2,14 +2,14 @@
|
|||
|
||||
###### guide by example
|
||||
|
||||
### purpose
|
||||
## purpose
|
||||
|
||||
Backup terminal utility.
|
||||
|
||||
* [Official site](https://www.borgbackup.org/)
|
||||
* [Github](https://github.com/borgbackup/borg)
|
||||
|
||||
### files and directory structure
|
||||
## files and directory structure
|
||||
|
||||
```
|
||||
/home
|
||||
|
@ -20,15 +20,28 @@ Backup terminal utility.
|
|||
│ └── 🗋 borg_backup.log
|
||||
│
|
||||
└── docker
|
||||
├── container #1
|
||||
├── container #2
|
||||
├── container-setup #1
|
||||
├── container-setup #2
|
||||
└── ...
|
||||
```
|
||||
|
||||
### borg-backup.sh
|
||||
## The setup
|
||||
|
||||
Borg is installed directly on the host system.</br>
|
||||
A script is created that backs up entire docker directory somewhere locally.</br>
|
||||
Cronjob executing the script daily.
|
||||
|
||||
The script needs manual initialization of a repo somewhere.</br>
|
||||
|
||||
|
||||
* **Install borg backup**
|
||||
|
||||
* **The script**
|
||||
|
||||
Repo needs to be initialized manualy first.</br>
|
||||
|
||||
|
||||
`borg-backup.sh`
|
||||
|
||||
```
|
||||
#!/bin/bash
|
||||
|
||||
|
@ -68,7 +81,6 @@ Backup terminal utility.
|
|||
--keep-yearly=0 \
|
||||
|
||||
echo "$NOW Done" >> $LOGFILE
|
||||
borg list $REPOSITORY >> $LOGFILE
|
||||
echo '------------------------------' >> $LOGFILE
|
||||
|
||||
# --- USEFULL SHIT ---
|
||||
|
@ -87,13 +99,14 @@ Backup terminal utility.
|
|||
# to delete single backup in a repo:
|
||||
# borg delete .::1584472836
|
||||
```
|
||||
the script must be **executabe** - `chmod +x borg-backup.sh`
|
||||
|
||||
### automatic execution
|
||||
* **automatic execution**
|
||||
|
||||
* make the script executable `chmod +x borg-backup.sh`
|
||||
cron job, every day at 3:00</br>
|
||||
`crontab -e`
|
||||
`0 3 * * * /home/bastard/borg_backup/borg-backup.sh`
|
||||
|
||||
* cron job, every day at 3:00
|
||||
## Remote backup
|
||||
|
||||
`crontab -e`
|
||||
|
||||
`0 3 * * * /home/bastard/borg_backup/borg-backup.sh`
|
||||
Backing up to network share or cloud, rclone
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
###### guide by example
|
||||
|
||||
![logo](https://i.imgur.com/6Wqs7J1.png)
|
||||
![logo](https://i.imgur.com/VXSovC9.png)
|
||||
|
||||
## Purpose
|
||||
|
||||
|
@ -20,7 +20,7 @@ File share & sync.
|
|||
└── docker
|
||||
└── nextcloud
|
||||
├── 🗁 nextcloud-data
|
||||
├── 🗁 nextcloud-data-db
|
||||
├── 🗁 nextcloud-db-data
|
||||
├── 🗋 .env
|
||||
├── 🗋 docker-compose.yml
|
||||
└── 🗋 nextcloud-backup-script.sh
|
||||
|
@ -48,13 +48,9 @@ Four containers are spin up
|
|||
hostname: nextcloud-db
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
volumes:
|
||||
- ./nextcloud-data-db:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD
|
||||
- MYSQL_PASSWORD
|
||||
- MYSQL_DATABASE
|
||||
- MYSQL_USER
|
||||
- ./nextcloud-db-data:/var/lib/mysql
|
||||
|
||||
nextcloud-redis:
|
||||
image: redis:alpine
|
||||
|
@ -67,6 +63,7 @@ Four containers are spin up
|
|||
container_name: nextcloud
|
||||
hostname: nextcloud
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
depends_on:
|
||||
- nextcloud-db
|
||||
- nextcloud-redis
|
||||
|
@ -74,28 +71,18 @@ Four containers are spin up
|
|||
- nextcloud-db
|
||||
volumes:
|
||||
- ./nextcloud-data/:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST
|
||||
- REDIS_HOST
|
||||
- MAIL_DOMAIN
|
||||
- MAIL_FROM_ADDRESS
|
||||
- SMTP_SECURE
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT
|
||||
- SMTP_NAME
|
||||
- SMTP_PASSWORD
|
||||
|
||||
nextcloud-cron:
|
||||
image: nextcloud:apache
|
||||
container_name: nextcloud-cron
|
||||
hostname: nextcloud-cron
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./nextcloud-data/:/var/www/html
|
||||
entrypoint: /cron.sh
|
||||
depends_on:
|
||||
- nextcloud-db
|
||||
- nextcloud-redis
|
||||
volumes:
|
||||
- ./nextcloud-data/:/var/www/html
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -129,6 +116,8 @@ Four containers are spin up
|
|||
SMTP_NAME=apikey
|
||||
SMTP_PASSWORD=SG.asdasdasdasdasdasdsaasdasdsa
|
||||
```
|
||||
**All containers must be on the same network**.</br>
|
||||
If one does not exist yet: `docker network create caddy_net`
|
||||
|
||||
## Reverse proxy
|
||||
|
||||
|
@ -158,7 +147,6 @@ Creating adming account and giving the database details as set in the `.env` fil
|
|||
|
||||
![first-run-pic](https://i.imgur.com/EygHgKa.png)
|
||||
|
||||
|
||||
## Security & setup warnings
|
||||
|
||||
Nextcloud has status check in *Settings > Administration > Overview*</br>
|
||||
|
@ -224,8 +212,10 @@ There are likely several warnings on a freshly spun container.
|
|||
user-data daily export using the [official procedure.](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html)</br>
|
||||
For nextcloud it means entering maintenance mode,
|
||||
database dump and backing up several directories containing data, configs, themes.</br>
|
||||
The created backup files are overwriten on every run of the script,
|
||||
but borg backup is daily making snapshot of the entire directory.
|
||||
|
||||
For the script it just means database dump as borg backup and its deduplication
|
||||
will deal with the directories, especially in the case of nextcloud where
|
||||
hundreds gigabytes can be stored.
|
||||
|
||||
* **create a backup script**</br>
|
||||
placed inside `nextcloud` directory on the host
|
||||
|
@ -240,18 +230,15 @@ but borg backup is daily making snapshot of the entire directory.
|
|||
# CREATE DATABASE DUMP, bash -c '...' IS USED OTHERWISE OUTPUT > WOULD TRY TO GO TO THE HOST
|
||||
docker container exec nextcloud-db bash -c 'mysqldump --single-transaction -h nextcloud-db -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE > /var/lib/mysql/BACKUP.nextcloud.database.sql'
|
||||
|
||||
# ARCHIVE DIRECTORIES
|
||||
docker container exec --workdir /var/www/html nextcloud tar -czPf BACKUP.nextcloud.data.tar config data themes
|
||||
|
||||
# MAINTENANCE MODE OFF
|
||||
docker container exec --user www-data --workdir /var/www/html nextcloud php occ maintenance:mode --off
|
||||
```
|
||||
|
||||
the script must be **executabe** - `chmod +x bookstack-backup-script.sh`
|
||||
the script must be **executabe** - `chmod +x nextcloud-backup-script.sh`
|
||||
|
||||
* **cronjob** on the host</br>
|
||||
`crontab -e` - add new cron job</br>
|
||||
`0 2 * * * /home/bastard/docker/bookstack/bookstack-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
|
||||
`0 2 * * * /home/bastard/docker/nextcloud/nextcloud-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
|
||||
`crontab -l` - list cronjobs
|
||||
|
||||
### Restore the user data
|
||||
|
@ -262,7 +249,7 @@ but borg backup is daily making snapshot of the entire directory.
|
|||
let it run so it creates its file structure
|
||||
* down the containers: `docker-compose up -d`
|
||||
* from backup copy the direcotries `data`, `configs`, `themes` in to `nextcloud-data` replacing the ones in place
|
||||
* from backup copy the backup database in to `nextcloud-data-db`
|
||||
* from backup copy the backup database in to `nextcloud-db-data`
|
||||
* start the containers: `docker-compose up -d`
|
||||
* set the correct user ownership of the direcotries copied:</br>
|
||||
`docker exec --workdir /var/www/html nextcloud chown -R www-data:www-data config data themes`
|
||||
|
|
Loading…
Reference in New Issue