selfhosted
/
selfhosted-apps-docker
mirror of https://github.com/DoTheEvo/selfhosted-apps-docker.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update

This commit is contained in:
DoTheEvolution 2020-04-17 00:05:54 +02:00
parent af00ea3175
commit af6c0e0158
4 changed files with 86 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
bitwarden_rs/readme.md
View File

@ -2,9 +2,9 @@
###### guide by example
![logo](https://i.imgur.com/BQ9Ec6f.png)
![logo](https://i.imgur.com/tT3FQLJ.png)
### Purpose
## Purpose
Password manager. RS version is simpler and lighter than the official bitwarden.
@ -12,7 +12,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
* [Github](https://github.com/dani-garcia/bitwarden_rs)
* [DockerHub](https://hub.docker.com/r/bitwardenrs/server)
### Files and directory structure
## Files and directory structure
```
/home
@ -25,7 +25,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
└── 🗋 bitwarden-backup-script.sh
```
### docker-compose
## docker-compose
[Documentation](https://github.com/dani-garcia/bitwarden_rs/wiki/Using-Docker-Compose) on compose.
@ -40,20 +40,9 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
hostname: bitwarden
container_name: bitwarden
restart: unless-stopped
env_file: .env
volumes:
- ./bitwarden-data/:/data/
environment:
- TZ
- ADMIN_TOKEN
- DOMAIN
- SIGNUPS_ALLOWED
- SMTP_SSL
- SMTP_EXPLICIT_TLS
- SMTP_HOST
- SMTP_PORT
- SMTP_USERNAME
- SMTP_PASSWORD
- SMTP_FROM
networks:
default:
@ -84,7 +73,10 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
SMTP_FROM=admin@blabla.org
```
### Reverse proxy
**All containers must be on the same network**.</br>
If one does not exist yet: `docker network create caddy_net`
## Reverse proxy
Caddy v2 is used, details [here.](https://github.com/DoTheEvo/Caddy-v2-examples)</br>
Bitwarden_rs documentation has a [section on reverse proxy.](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples)
@ -96,6 +88,12 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
}
passwd.{$MY_DOMAIN} {
header / {
X-XSS-Protection "1; mode=block"
X-Frame-Options "DENY"
X-Robots-Tag "none"
-Server
}
encode gzip
reverse_proxy /notifications/hub/negotiate bitwarden:80
reverse_proxy /notifications/hub bitwarden:3012
@ -103,17 +101,19 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
}
```
### Forward port 3012 on your router
## Forward port 3012 on your router
- websocket protocol used for some kind of notifications
### Extra info
## Extra info
* **bitwarden can be managed** at `<url>/admin` and entering `ADMIN_TOKEN` set in the `.env` file
---
![interface-pic](https://i.imgur.com/5LxEUsA.png)
### Update
## Update
* [watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower) updates the image automaticly
@ -122,7 +122,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
`docker-compose up -d`</br>
`docker image prune`
### Backup and restore
## Backup and restore
* **backup** using [borgbackup setup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
that makes daily snapshot of the entire directory
@ -133,7 +133,7 @@ Password manager. RS version is simpler and lighter than the official bitwarden.
from the backup copy back the bitwarden directortory</br>
start the container `docker-compose up -d`
### Backup of just user data
## Backup of just user data
user-data daily export using the [official procedure.](https://github.com/dani-garcia/bitwarden_rs/wiki/Backing-up-your-vault)</br>
For bitwarden_rs it means sqlite database dump and backing up `attachments` directory.
@ -161,7 +161,7 @@ but borg backup is daily making snapshot of the entire directory.
`0 2 * * * /home/bastard/docker/bitwarden/bitwarden-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
`crontab -l` - list cronjobs
### Restore the user data
## Restore the user data
Assuming clean start.

64
bookstack/readme.md
View File

@ -4,7 +4,7 @@
![logo](https://i.imgur.com/qDXwqaU.png)
### Purpose
## Purpose
Documentation and notes.
@ -12,7 +12,7 @@ Documentation and notes.
* [Github](https://github.com/BookStackApp/BookStack)
* [DockerHub](https://hub.docker.com/r/linuxserver/bookstack)
### Files and directory structure
## Files and directory structure
```
/home
@ -20,13 +20,13 @@ Documentation and notes.
└── docker
└── bookstack
├── 🗁 bookstack-data
├── 🗁 bookstack-data-db
├── 🗁 bookstack-db-data
├── 🗋 .env
├── 🗋 docker-compose.yml
└── 🗋 bookstack-backup-script.sh
```
### docker-compose
## docker-compose
Dockerhub linuxserver/bookstack [example compose.](https://hub.docker.com/r/linuxserver/bookstack)
@ -40,43 +40,21 @@ Documentation and notes.
image: linuxserver/mariadb
container_name: bookstack-db
hostname: bookstack-db
environment:
- TZ
- PUID
- PGID
- MYSQL_ROOT_PASSWORD
- MYSQL_DATABASE
- MYSQL_USER
- MYSQL_PASSWORD
volumes:
- ./bookstack-data-db:/config
restart: unless-stopped
env_file: .env
volumes:
- ./bookstack-db-data:/config
bookstack:
image: linuxserver/bookstack
container_name: bookstack
hostname: bookstack
environment:
- TZ
- PUID
- PGID
- DB_HOST
- DB_USER
- DB_PASS
- DB_DATABASE
- APP_URL
- MAIL_DRIVER
- MAIL_HOST
- MAIL_PORT
- MAIL_FROM
- MAIL_USERNAME
- MAIL_PASSWORD
- MAIL_ENCRYPTION
volumes:
- ./bookstack-data:/config
restart: unless-stopped
env_file: .env
depends_on:
- bookstack-db
volumes:
- ./bookstack-data:/config
networks:
default:
@ -92,17 +70,17 @@ Documentation and notes.
DEFAULT_NETWORK=caddy_net
TZ=Europe/Prague
# BOOKSTACK-MARIADB
#LINUXSERVER.IO
PUID=1000
PGID=1000
# BOOKSTACK-MARIADB
MYSQL_ROOT_PASSWORD=bookstack
MYSQL_DATABASE=bookstack
MYSQL_USER=bookstack
MYSQL_PASSWORD=bookstack
# BOOKSTACK
PUID=1000
PGID=1000
DB_HOST=bookstack-db
DB_USER=bookstack
DB_PASS=bookstack
@ -122,7 +100,7 @@ Documentation and notes.
**All containers must be on the same network**.</br>
If one does not exist yet: `docker network create caddy_net`
### Reverse proxy
## Reverse proxy
Caddy v2 is used,
details [here](https://github.com/DoTheEvo/Caddy-v2-examples)
@ -134,15 +112,15 @@ Documentation and notes.
}
book.{$MY_DOMAIN} {
reverse_proxy {
to bookstack:80
}
reverse_proxy bookstack:80
}
```
---
![interface-pic](https://i.imgur.com/cN1GUZw.png)
### Update
## Update
* [watchtower](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/watchtower) updates the image automaticly
@ -151,7 +129,7 @@ Documentation and notes.
`docker-compose up -d`</br>
`docker image prune`
### Backup and restore
## Backup and restore
* **backup** using [borgbackup setup](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
that makes daily snapshot of the entire directory
@ -162,7 +140,7 @@ Documentation and notes.
from the backup copy back the bookstack directortory</br>
start the container `docker-compose up -d`
### Backup of just user data
## Backup of just user data
user-data daily export using the [official procedure.](https://www.bookstackapp.com/docs/admin/backup-restore/)</br>
For bookstack it means database dump and backing up several directories containing user uploaded files.
@ -190,7 +168,7 @@ but borg backup is daily making snapshot of the entire directory.
`0 2 * * * /home/bastard/docker/bookstack/bookstack-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
`crontab -l` - list cronjobs
### Restore the user data
## Restore the user data
Assuming clean start, first restore the database before running the app container.

39
borg_backup/readme.md
View File

@ -2,14 +2,14 @@
###### guide by example
### purpose
## purpose
Backup terminal utility.
* [Official site](https://www.borgbackup.org/)
* [Github](https://github.com/borgbackup/borg)
### files and directory structure
## files and directory structure
```
/home
@ -20,15 +20,28 @@ Backup terminal utility.
│ └── 🗋 borg_backup.log
└── docker
├── container #1
├── container #2
├── container-setup #1
├── container-setup #2
└── ...
```
### borg-backup.sh
## The setup
Borg is installed directly on the host system.</br>
A script is created that backs up entire docker directory somewhere locally.</br>
Cronjob executing the script daily.
The script needs manual initialization of a repo somewhere.</br>
* **Install borg backup**
* **The script**
Repo needs to be initialized manualy first.</br>
`borg-backup.sh`
```
#!/bin/bash
@ -68,7 +81,6 @@ Backup terminal utility.
--keep-yearly=0 \
echo "$NOW Done" >> $LOGFILE
borg list $REPOSITORY >> $LOGFILE
echo '------------------------------' >> $LOGFILE
# --- USEFULL SHIT ---
@ -87,13 +99,14 @@ Backup terminal utility.
# to delete single backup in a repo:
# borg delete .::1584472836
```
the script must be **executabe** - `chmod +x borg-backup.sh`
### automatic execution
* **automatic execution**
* make the script executable `chmod +x borg-backup.sh`
cron job, every day at 3:00</br>
`crontab -e`
`0 3 * * * /home/bastard/borg_backup/borg-backup.sh`
* cron job, every day at 3:00
## Remote backup
`crontab -e`
`0 3 * * * /home/bastard/borg_backup/borg-backup.sh`
Backing up to network share or cloud, rclone

45
nextcloud/readme.md
View File

@ -2,7 +2,7 @@
###### guide by example
![logo](https://i.imgur.com/6Wqs7J1.png)
![logo](https://i.imgur.com/VXSovC9.png)
## Purpose
@ -20,7 +20,7 @@ File share & sync.
└── docker
└── nextcloud
├── 🗁 nextcloud-data
├── 🗁 nextcloud-data-db
├── 🗁 nextcloud-db-data
├── 🗋 .env
├── 🗋 docker-compose.yml
└── 🗋 nextcloud-backup-script.sh
@ -48,13 +48,9 @@ Four containers are spin up
hostname: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: unless-stopped
env_file: .env
volumes:
- ./nextcloud-data-db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD
- MYSQL_PASSWORD
- MYSQL_DATABASE
- MYSQL_USER
- ./nextcloud-db-data:/var/lib/mysql
nextcloud-redis:
image: redis:alpine
@ -67,6 +63,7 @@ Four containers are spin up
container_name: nextcloud
hostname: nextcloud
restart: unless-stopped
env_file: .env
depends_on:
- nextcloud-db
- nextcloud-redis
@ -74,28 +71,18 @@ Four containers are spin up
- nextcloud-db
volumes:
- ./nextcloud-data/:/var/www/html
environment:
- MYSQL_HOST
- REDIS_HOST
- MAIL_DOMAIN
- MAIL_FROM_ADDRESS
- SMTP_SECURE
- SMTP_HOST
- SMTP_PORT
- SMTP_NAME
- SMTP_PASSWORD
nextcloud-cron:
image: nextcloud:apache
container_name: nextcloud-cron
hostname: nextcloud-cron
restart: unless-stopped
volumes:
- ./nextcloud-data/:/var/www/html
entrypoint: /cron.sh
depends_on:
- nextcloud-db
- nextcloud-redis
volumes:
- ./nextcloud-data/:/var/www/html
networks:
default:
@ -129,6 +116,8 @@ Four containers are spin up
SMTP_NAME=apikey
SMTP_PASSWORD=SG.asdasdasdasdasdasdsaasdasdsa
```
**All containers must be on the same network**.</br>
If one does not exist yet: `docker network create caddy_net`
## Reverse proxy
@ -158,7 +147,6 @@ Creating adming account and giving the database details as set in the `.env` fil
![first-run-pic](https://i.imgur.com/EygHgKa.png)
## Security & setup warnings
Nextcloud has status check in *Settings > Administration > Overview*</br>
@ -224,8 +212,10 @@ There are likely several warnings on a freshly spun container.
user-data daily export using the [official procedure.](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html)</br>
For nextcloud it means entering maintenance mode,
database dump and backing up several directories containing data, configs, themes.</br>
The created backup files are overwriten on every run of the script,
but borg backup is daily making snapshot of the entire directory.
For the script it just means database dump as borg backup and its deduplication
will deal with the directories, especially in the case of nextcloud where
hundreds gigabytes can be stored.
* **create a backup script**</br>
placed inside `nextcloud` directory on the host
@ -240,18 +230,15 @@ but borg backup is daily making snapshot of the entire directory.
# CREATE DATABASE DUMP, bash -c '...' IS USED OTHERWISE OUTPUT > WOULD TRY TO GO TO THE HOST
docker container exec nextcloud-db bash -c 'mysqldump --single-transaction -h nextcloud-db -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE > /var/lib/mysql/BACKUP.nextcloud.database.sql'
# ARCHIVE DIRECTORIES
docker container exec --workdir /var/www/html nextcloud tar -czPf BACKUP.nextcloud.data.tar config data themes
# MAINTENANCE MODE OFF
docker container exec --user www-data --workdir /var/www/html nextcloud php occ maintenance:mode --off
```
the script must be **executabe** - `chmod +x bookstack-backup-script.sh`
the script must be **executabe** - `chmod +x nextcloud-backup-script.sh`
* **cronjob** on the host</br>
`crontab -e` - add new cron job</br>
`0 2 * * * /home/bastard/docker/bookstack/bookstack-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
`0 2 * * * /home/bastard/docker/nextcloud/nextcloud-backup-script.sh` - run it [at 02:00](https://crontab.guru/#0_2_*_*_*)</br>
`crontab -l` - list cronjobs
### Restore the user data
@ -262,7 +249,7 @@ but borg backup is daily making snapshot of the entire directory.
let it run so it creates its file structure
* down the containers: `docker-compose up -d`
* from backup copy the direcotries `data`, `configs`, `themes` in to `nextcloud-data` replacing the ones in place
* from backup copy the backup database in to `nextcloud-data-db`
* from backup copy the backup database in to `nextcloud-db-data`
* start the containers: `docker-compose up -d`
* set the correct user ownership of the direcotries copied:</br>
`docker exec --workdir /var/www/html nextcloud chown -R www-data:www-data config data themes`