Skip to content

Files

Latest commit

2a7f5da · Jan 13, 2022

History

History
141 lines (101 loc) · 6.16 KB

README.md

File metadata and controls

141 lines (101 loc) · 6.16 KB

docker

Guide with examples !

Services

Information

The overall guide is centered around example. Each of the services is tied with either a docker-compose or a script, everything has been made so that each service is almost ready to use, only a few user-specific variable are required.

All services respect a certain format :

  • About - basic overview of the service
  • Table of Contents
  • Files structure - lists all the files and folder required
  • Information - detailed information about the service and the example
  • Usage - required configuration and commands to use the service
  • Update - how to update the container, most of the time it is using watchtower
  • Backup - how to back up the container, most of the time it is using borg-backup

Traefik is the core of this setup as it is the reverse proxy, it should be one of the first services to configure and use.

Requirement

Basic linux knowledge is required and docker is a must-have, everything should be pretty easy to set up but understanding docker will make it even more easy. Each guide gives links to the official documentation, they are usually well written, and they should answer most of your questions.

On the technical side :

  • docker and docker-compose (1.X) are required, the installation process is fairly easy.
  • a domain, some can be found for free but most are usually pretty cheap.

Usage

All the docker-compose provided in this repository are ready to be used, and you should not have to touch them. The only thing you need to change are the .env file provided with the docker-compose, they are user-specific.

To begin with, you can clone this repository on your host.

git clone https://github.com/BaptisteBdn/docker-selfhosted-apps.git

Provided you already have a domain, you can use the following commands to update all .env at once as well as some specific config files.

DOMAIN=your-domain.com
find ./ \( -name ".env" -or -name "*.yml" -or -name "*.json" \) -type f -exec sed -i 's/example.com/'$DOMAIN'/g' {} \;

You can now go forward and try whatever service you want, every example as a # Usage section to guide you through the process. However, as most of them are using Traefik, it is recommended to set this one first.

Other

Docker and UFW

UFW is a popular iptables front end on Ubuntu that makes it easy to manage firewall rules. But when Docker is installed, Docker bypass the UFW rules and the published ports can be accessed from outside.

An easy fix is available, allowing to easily manage your firewall. As most of the services are going through Traefik, only the port 443 is mandatory. If another port is required, it will be listed in the requirements.

Docker tips

  • Get shell access whilst the container is running
    docker exec -it container-name /bin/bash
    
  • Monitor the logs of the container in realtime
    docker logs -f container-name
    

Docker images

Most images are used with the tag latest as it simplify the testing. It is usually not recommended running an image with this tag as it is not very dynamic and precise. Feel free to experiment with the provided docker-compose examples and then use a better versionning system. For more information about latest.

Updating docker images

This repository images are automatically updated with watchtower, however this can be a security risk. More details in the watchtower guide.

If you want to manually update an image, you can use docker-compose.

  • Update all images for a specific docker-compose file
    sudo docker-compose pull
    
  • Update a single image
    sudo docker-compose pull image-name
    
  • Recreate all updated containers with docker-compose
    sudo docker-compose up -d
    
  • Recreate a single container with docker-compose
    sudo docker-compose up -d container-name
    
  • Remove all dangling and unused images
    sudo docker image prune  -a
    

Docker tools

Some useful tools to manage your private docker infrastructure.

  • lazydocker - A simple terminal UI for both docker and docker-compose, written in Go with the gocui library. By @jesseduffield
  • dive - A tool for exploring each layer in a docker image. By @anchore.
  • grype - A vulnerability scanner for container images and filesystems. By @anchore.

Docker resources

A compilation of resources mainly focus on security.

Credits

This guide is inspired from @DoTheEvo own docker guide, built with caddy at its core, check it out !