9.1 KiB
9.1 KiB
Composes for Home Server
Composes Setup
First Steps
-
First, let's create a network to connect all our containers
docker network create default-network -
Then, create a folder named composes in the user's home folder
mkdir ~/composes cd ~/composes -
From here, all the next yaml files should be created inside the composes folder
Setting up secrets
- If we would like to save the composes files in a git repository, we should'nt be writting secrets directly in our yaml files, so we will need to write the secrets somewhere else:
mkdir .secrets - Now we could create secret files, example:
echo "my super secret password" > .secrets/SECRET_1
MariaDB/MySQL Container
Setting up yaml
-
Create
db.ymlinside composes with the following content, don't forget to changeDB_USERby your own default user:name: db secrets: MYSQL_ROOT_PASSWORD: file: .secrets/MYSQL_ROOT_PASSWORD MYSQL_USER_PASSWORD: file: .secrets/MYSQL_USER_PASSWORD services: adminer: image: adminer restart: always ports: - 8082:8080 environment: ADMINER_DEFAULT_SERVER: db-mariadb-1 mariadb: image: mariadb restart: always secrets: - MYSQL_ROOT_PASSWORD - MYSQL_USER_PASSWORD environment: MARIADB_USER: DB_USER MARIADB_ROOT_PASSWORD_FILE: /run/secrets/MYSQL_ROOT_PASSWORD MARIADB_PASSWORD_FILE: /run/secrets/MYSQL_USER_PASSWORD networks: default: external: true name: default-network -
As we could see, this yaml file uses two secrets
MYSQL_USER_PASSWORDandMYSQL_ROOT_PASSWORD, both should be defined inside our.secretsfolder:echo "This is an example, please change" > .secrets/MYSQL_USER_PASSWORD echo "This is an example, please change" > .secrets/MYSQL_ROOT_PASSWORD
Starting MariaDB
- Let's start the containers:
docker compose -f db.yml up -d - Creating an alias for easier mariadb commands
echo "alias mariadb=\"docker exec -it db-mariadb-1 mariadb\"" >> ~/.bash_aliases source ~/.bashrc - We should now be able to enter our database using mariadb cli or with a frontend in the browser at http://HOSTNAME:8080
Adding users
- We can connect to mariadb now using:
mariadb -p # Your .secrets/MYSQL_ROOT_PASSWORD - Inside, we could run mariadb operations, an example to add an user should be as follows:
CREATE USER 'username'@'%' IDENTIFIED BY 'password'; CREATE DATABASE dbname; GRANT ALL PRIVILEGES ON dbname.* TO 'username'@'%'; FLUSH PRIVILEGES;
Nginx Proxy Manager Container
Setting up yaml
-
Create
npm.ymlinside composes with the following content:name: npm secrets: MYSQL_NPM_PASSWORD: file: .secrets/MYSQL_NPM_PASSWORD services: app: image: "jc21/nginx-proxy-manager:latest" restart: unless-stopped ports: - "80:80" - "81:81" - "443:443" # Any port we would like to expose from other services, example 3306 for mariadb/mysql remote access volumes: - ./volumes/nginx-proxy-manager/data:/data - ./volumes/nginx-proxy-manager/letsencrypt:/etc/letsencrypt environment: DB_MYSQL_HOST: "db-mariadb-1" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "npm" DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_NPM_PASSWORD DB_MYSQL_NAME: "npm" secrets: - MYSQL_NPM_PASSWORD networks: default: external: true name: default-network -
As we could see, this yaml file uses the secret
MYSQL_NPM_PASSWORD, it be defined inside our.secretsfolder:echo "This is an example, please change" > .secrets/MYSQL_NPM_PASSWORD
Database setup
- Enter to mariadb and run the following, remember to replace the password with the one in
.secrets/MYSQL_NPM_PASSWORD:
CREATE USER 'npm'@'%' IDENTIFIED BY 'password';
CREATE DATABASE npm;
GRANT ALL PRIVILEGES ON npm.* TO 'npm'@'%';
FLUSH PRIVILEGES;
Run it
- Let's start the container:
docker compose -f npm.yml up -d
Next steps
- The default admin, we can access through http://HOSTNAME:3001
Email: admin@example.com Password: changeme - From here, if you have a domain, you could use it with the public ip from the OCI VPS and use it in this app to expose your services/web apps to the world
Forgejo Container (git repository)
Setting up yaml
-
Create
forgejo.ymlinside composes with the following content:name: forgejo secrets: MYSQL_FORGEJO_PASSWORD: file: .secrets/MYSQL_FORGEJO_PASSWORD MAILER_FORGEJO_PASSWORD: file: .secrets/MAILER_FORGEJO_PASSWORD services: app: image: codeberg.org/forgejo/forgejo:7 environment: - USER_UID=1000 - USER_GID=1000 - FORGEJO__server__DOMAIN=git.example.com - FORGEJO__server__SSH_DOMAIN=git.example.com - FORGEJO__server__SSH_PORT=2222 - FORGEJO__server__SSH_LISTEN_PORT=2222 - FORGEJO__database__DB_TYPE=mysql - FORGEJO__database__HOST=db-mariadb-1:3306 - FORGEJO__database__NAME=forgejo - FORGEJO__database__USER=forgejo - FORGEJO__database__PASSWD__FILE=/run/secrets/MYSQL_FORGEJO_PASSWORD - FORGEJO__mailer__ENABLED=true - FORGEJO__mailer__FROM=forgejo@example.com - FORGEJO__mailer__PROTOCOL=smtps - FORGEJO__mailer__SMTP_ADDR=mail.example.com - FORGEJO__mailer__SMTP_PORT=587 - FORGEJO__mailer__USER=forgejo@example.com - FORGEJO__mailer__PASSWD__FILE=/run/secrets/MAILER_FORGEJO_PASSWORD - FORGEJO__service__DISABLE_REGISTRATION=true - FORGEJO__admin__SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true secrets: - MYSQL_FORGEJO_PASSWORD - MAILER_FORGEJO_PASSWORD restart: always volumes: - ./volumes/forgejo:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3001:3000" - "222:22" networks: default: name: default-network external: true -
This yaml file uses two secrets
MAILER_FORGEJO_PASSWORDandMAILER_FORGEJO_PASSWORD, both should be defined inside our.secretsfolder:echo "This is an example, please change" > .secrets/MYSQL_USER_PASSWORD echo "This is an example, please change" > .secrets/MAILER_FORGEJO_PASSWORD -
Beware that
FORGEJO__database,FORGEJO__mailerenvs and corresponding secrets are optional for this service, we added them for a more complete setup. -
Please fill
FORGEJO__mailerenvs with your corresponding email provider -
You need to open the port 2222 to use ssh options running
./Oracle_Installer.shin your OCI instance -
You also need to add a stream to port 2222 in npm
-
Optionally, you may want to add the custom ssh port to your clients .ssh/config (see issue)
Database setup (Optional, must do it if FORGEJO__database added)
- Enter to mariadb and run the following, remember to reemplace the password:
CREATE USER 'forgejo'@'%' IDENTIFIED BY 'password'; CREATE DATABASE forgejo; GRANT ALL PRIVILEGES ON forgejo.* TO 'forgejo'@'%'; FLUSH PRIVILEGES;
Run it
- Run the following commands:
cd ~/composes docker compose -f forgejo.yml up -d
Next steps
- The app could be accesed at http://HOSTNAME:3001
- Before procced with login users we should use https, so npm installation is advised
- The first created user will be the admin
Nextcloud Container (google drive-like replacement)
Setting up yaml
-
Create
nextcloud.ymlname: nextcloud services: app: image: nextcloud/all-in-one:latest init: true restart: always container_name: nextcloud-aio-mastercontainer volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config - /var/run/docker.sock:/var/run/docker.sock:ro ports: - 8081:8080 environment: - APACHE_PORT=11000 - APACHE_IP_BINDING=0.0.0.0 - BORG_RETENTION_POLICY=--keep-within=3d --keep-weekly=2 --keep-monthly=3 - NEXTCLOUD_STARTUP_APPS=twofactor_totp tasks notes networks: - nextcloud-aio volumes: nextcloud_aio_mastercontainer: name: nextcloud_aio_mastercontainer networks: nextcloud-aio: name: nextcloud-aio -
Update
npm.ymlto includenextcloud-aionetwork:# Ommiting lines services: app: # Ommiting lines networks: - default - nextcloud-aio networks: default: external: true name: default-network nextcloud-aio: external: true name: nextcloud-aio
Run it
- Run the following commands:
cd ~/composes docker compose -f nextcloud.yml up -d docker compose -f npm.yml up -d - See the docs for further integration with nginx proxy manager