Docker containers

1

(% class="box" id="HTableofcontent" %)

2

(((

3

(% class="lead" id="HTableofcontent" %)

Table of content:

)))

= background =

The basis of the Linux cluster is formed by two hosts that employ a number of docker containers to realise the desired functionality. These two hosts are called ##liszt## and ##beethoven##.

14

15

There are also two domains that we use to easy external access. These are ##informeer.de## and ##bladzij.de## Generally we use ##informeer.de## for services hosted on ##liszt## and ##bladzij.de## for services hosted on ##beethoven## (although not exclusively).

16

17

Currently the setup is realised in such a way that ##liszt## manages overall (web) access by means of the https://proxyman.informeer.de This service is supplied by the ##nginxproxymanager docker container##.

18

19

In this section we will discuss which containers are present and how they are created and maintained. A simplified overview can be found [[here>>doc:UOG.Technical Documentation.Remote access.WebHome]]. Please note that contrary to the diagram/sketc the port numbers 80 and 443 had to be maintained because only those ports can be used to request SSL certificated from //"Letsencrypt"//. This means the ssh tunnel does //**not**// use ports 4443 and 8080 but the original port 443 and 80.

20

21

Both ##beethoven## and ##liszt## have at least these two docker images running:

22

23

* nginxproxymanager https://nginxproxymanager.com/

24

* portainer https://www.portainer.io/

25

26

##portainer## is a nice browser/webbased gui that make docker container management (and deployment) easy. Currently we mostly do the container installation by hand and use the webgui as a dashboard for starting/stopping and tweaking.

27

28

= nginxproxymanager =

29

30

This container is present on both ##liszt## and ##beethoven##. However the one os ##liszt## is the important/critical one. The one on ##beethoven## is there for historical reasons. This is because ##beethoven## was temporarily not allowed to be connected to the internet and its tasks had to be taken over bij ##liszt##. Ideally the setup should be such that we can remove ##liszt## from the network withour consequence. Currently that is definitely //**not**// the case (so don't do it). If absolutely needed it can be arranged but for now it is considered too much work to be worthwhile.

== installation ==

Below the ##docker-compose.yaml## file that is used to create the ##nginxproxymanager## container.

(% class="box" %)

{{{version: "3"

services:

app:

image: 'jc21/nginx-proxy-manager:latest'

restart: always

ports:

# Public HTTP Port:

- '80:80'

# Public HTTPS Port:

- '443:443'

# Admin Web Port:

- '81:81'

environment:

# These are the settings to access your db

51

DB_MYSQL_HOST: "db"

52

DB_MYSQL_PORT: 3306

53

DB_MYSQL_USER: "npm-user"

54

DB_MYSQL_PASSWORD: "41s0s3cr1t!"

55

DB_MYSQL_NAME: "npm"

56

# If you would rather use Sqlite uncomment this

57

# and remove all DB_MYSQL_* lines above

58

# DB_SQLITE_FILE: "/data/database.sqlite"

59

# Uncomment this if IPv6 is not enabled on your host

60

# DISABLE_IPV6: 'true'

61

volumes:

62

- ./data:/data

63

- ./letsencrypt:/etc/letsencrypt

depends_on:

- db

db:

image: 'jc21/mariadb-aria:latest'

68

restart: always

69

environment:

70

MYSQL_ROOT_PASSWORD: 's3cr1t'

71

MYSQL_DATABASE: 'npm'

72

MYSQL_USER: 'npm-user'

73

MYSQL_PASSWORD: '41s0s3cr1t!'

74

volumes:

75

- ./data/mysql:/var/lib/mysql

76

}}}

77

78

The content above needs to be stored in the ##docker-compose.yaml## file in the ##/opt/nginxproxymanager## directory. The commands below illustrate how to get it up and running.

79

80

(% class="box" %)

81

{{{mkdir /opt/nginxproxymanager

82

cd /opt/nginxproxymanager

83

cp ~/docker-compose.yaml .

docker-compose up -d

}}}

Generally this is the approach when creating other containers as well. All of the reside in the ##/opt/## filesystem and whenever possible we use ##docker-compose## command instead of ##docker run##. It is very important to have all subsequent containers be part of the same ##nginxproxymanager## network. This will be stressed again below.

== configuration ==

(% style="text-align:center" %)

92

[[image:Nginx Proxy Manager - Configuration.png||alt="proxy hosts configuration"]]

93

94

== DNS zone file settings ==

95

96

The hosts needs to be resolvable hence there should be a DNS where we can add them to the zone files. This is done at https://gandi.net

97

98

(% style="text-align:center" %)

99

[[image:informeer.de -Your domains - Gandi net.png||alt="informeer.de DNS records"]]

100

101

(% style="text-align:center" %)

102

[[image:bladzij.de -Your domains - Gandi net.png||alt="bladzij.de DNS records"]]

103

104

105

== Specific host settings ==

=== Nextcloud ===

The proxymanager by default limits the size of the files that can be transferred. This is a good thing but for nextcloud you might want to bypass this setting. This can be done by opening the opening the ##edit## and select the ##advanced## tab. Then enter the stanza below:

110

111

(% class="box" %)

112

{{{ proxy_set_header Host $host;

113

proxy_set_header X-Forwarded-Proto $scheme;

114

proxy_set_header X-Real-IP $remote_addr;

115

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

116

proxy_max_temp_file_size 16384m;

117

client_max_body_size 0;

}}}

references:

* https://www.reddit.com/r/unRAID/comments/ezw5jo/nginx_proxy_manager_and_nextcloud_large_file/

123

* https://forum.seafile.com/t/nginx-proxy-manager-causing-failure-when-uploading-files/11492/6

= portainer =

This is a convenient docker web-interface to docker. Together with the nginx-proxymanager these two are considered the two fundamental docker images to have available. As with other docker images it is important to put them on the same (internal) network. The following line executed as root from the ##/opt## (or oether) directory will create the desired docker container and start it daemonised.

128

129

(% class="box" %)

130

{{{docker run -d --network nginxproxymanager_default --restart=always --name portainer -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce

131

}}}

132

133

The (usual) port mapping to 8000 is removed as we don't use edge agents anyway.

= nextcloud =

Contrary to the ##portainer## instance which we created using the regular docker command line we now use ##docker-compose##. This offers more fine grain configuration possibilities. After some testing the configuration settled upon is ##docker-compose.yaml## located in ##/opt/nextcloud## and listed below. ### JBR ## are comment lines. **NB** note the space character after the hash character.

139

140

(% class="box" %)

141

{{{# JBR version: '2'

version: '3'

volumes:

nextcloud:

db:

networks:

default:

external:

name: nginxproxymanager_default

services:

db:

image: mariadb

restart: always

command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW

volumes:

- db:/var/lib/mysql

environment:

- MYSQL_ROOT_PASSWORD=Pf0kL6O

162

- MYSQL_PASSWORD="KlukKluk789MaMaLoe456!"

163

- MYSQL_DATABASE=nextcloud

164

- MYSQL_USER=nextcloud

app:

image: nextcloud

restart: always

# JBRv may not be needed in some cases e.g. proxymanagers and specific local setups

ports:

- 8080:80

# JBR^

links:

- db

volumes:

- nextcloud:/var/www/html

177

# JBRv this bind mount volume enables sharing from host with nextcloud instance. NB: permissions are governed by host!

178

- /data/shared_nextcloud:/on_host/data

179

- /home/4all/shared/nextcloud:/on_host/home_4all

180

# JBR^

181

environment:

182

- MYSQL_PASSWORD="KlukKluk789MaMaLoe456!"

183

- MYSQL_DATABASE=nextcloud

184

- MYSQL_USER=nextcloud

- MYSQL_HOST=db

}}}

Please note the two mounted volumes that the host makes available to the nextcloud container. These are used by the nextcloud plugin that make external storage available to instance (external means not within the container).

189

190

(% class="box" %)

191

{{{/data/shared_nextcloud:/on_host/data

192

/home/4all/shared/nextcloud:/on_host/home_4all

193

}}}

194

195

(% style="text-align:center" %)