Homelab, Linux, JS & ABAP (~˘▾˘)~
 

[Docker] Fefe über Container Technologien

https://blog.fefe.de/?ts=a0d07bd8

“Wisst ihr, was mir in dunklen Zeiten wie dieser Jahreszeit Erheiterung ins Leben bringt? Dieser Spirale zuzugucken:

  1. Unsere Software ist zu komplex, wir haben die Komplexität nicht im Griff! Pass auf, wir machen da ein verteiltes System daraus! Dann sind die Einzelteile weniger komplex. Vielleicht können wir das dann unter Kontrolle bringen.
  2. Das verteilte System braucht viel mehr administrativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Container! Docker!
  3. Docker-Aufsetzen braucht viel mehr administativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Kubernetes!
  4. Kubernetes braucht viel mehr administativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Ansible!
  5. Ansible braucht viel mehr administativen Aufwand. Pass auf, den automatisieren wir weg! Wir machen Chef / Salt!

Frank hat im letzten Alternativlos das wunderbare Wort “Komplexitätsverstärker” eingeführt. Das ist genau, was hier passiert. Am Ende hast du ein Schönwettersystem. Wenn das erste Mal der Wind dreht, dann hast du einen Scherbenhaufen. Niemand kann diese ganze Komplexität mehr durchblicken.”

[Nextcloud] Run OnlyOffice Document Server in Docker

If you don’t already have it, you first have to install Docker. Then just get the docker-compose.yml for OnlyOffice

wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-DocumentServer/master/docker-compose.yml

and activate the JSON Web Token validation.

nano docker-compose.yml
      - JWT_ENABLED=true
      - JWT_SECRET=your_secret
      - JWT_HEADER=Authorization

Now just run the container.

sudo docker-compose up -d

To use OnlyOffice with Nextcloud, your container needs to reachable via https, so you need to add a subdomain and SSL Certificate in your Nginx reverse proxy. Then just go to your Nextcloud installation and install the OnlyOffice Addon. There just enter the new domain to your OnlyOffice Docker Container and the JSON Web Token. Office files should now be editable in OnlyOffice.

[Nextcloud] Run NextCloudPi Docker with external storage

Links

NextCloudPi (Docs)
NextCloudPi on DockerHub
Current installation process (Outdated installation process, but contains some usefull information)

Installation

If you want to use the external storage app to mount an NFS share in Nextcloud, there are two ways when using Docker. Mount the NFS share directly inside the Docker container. This would be easier when the container is already up and runing. Or mount the NFS share on the Host and pass the mountpoint as an argument when creating the Docker container: -v /mnt/nfs/:/mnt/nfs/

DOMAIN=your.domain.com
docker run -ti -d -p 4443:4443 -p 443:443 -p 80:80 -v ncdata:/data -v /mnt/nfs/:/mnt/nfs/ --name nextcloudpi ownyourbits/nextcloudpi $DOMAIN --restart=unless-stopped

Now wait until you see ‘Init done’ in the logs.

docker logs -f nextcloudpi

ncdata

If you ever need direct access to your storage, you can find out where your files are located with:

docker inspect nextcloudpi

Scroll up to “Mounts” and look for the path behind “Source”.

"Source": "/var/lib/docker/volumes/ncdata/_data"

Now you still have to navigate through a few folders. I finally found my files here:

ls /var/lib/docker/volumes/ncdata/_data/nextcloud/data/ncp/files/

Update to latest NCP version

docker exec -it nextcloudpi ncp-update

[Docker] Wallabag installation

https://www.wallabag.org
https://github.com/wallabag/docker

Just replace https://your_domain with your domain.

docker run -d --name wallabag --restart=always -v /opt/wallabag/data:/var/www/wallabag/data -v /opt/wallabag/images:/var/www/wallabag/web/assets/images -p 80:80 -e SYMFONY__ENV__DOMAIN_NAME=https://your_domain -e SYMFONY__ENV__FOSUSER_REGISTRATION=false wallabag/wallabag

Check with docker ps if the docker container is successfully up and running. Now just add a new subdomain with ssl in your nginx-proxy-manager.
Default login is wallabag:wallabag.

Their corresponding android app is also available on F-droid: https://f-droid.org/en/packages/fr.gaulupeau.apps.InThePoche/

[NGINX] Monitoring Nginx using Netdata

Recently I saw this tutorial about monitoring Nginx with Netdata and tried it by myself. I have running Netdata on my Proxmox Host and Nginx inside LXC. So I could skip step 1 and 2 of the tutorial. Since I’m using the super simple nginx-proxy-manager, which comes as docker deployment, it took me some minutes to figure out, how to enable the Nginx ‘stub_status‘ module (which is step 3 of the tutorial). Here’s what I did.

SSH into the LXC where the Nginx Docker is running. Look up the nginx container name (root_app_1) and open a shell in the running container.

docker ps
docker exec -it root_app_1 /bin/bash

Check if the ‘stub_module‘ is already enabled. The following command should return: with-https_stub_status_module
I got it from here.

nginx -V 2>&1 | grep -o with-https_stub_status_module

Next add a location to the nginx ‘server {}‘ block in the default config, to make it reachable via Netdata. The tutorial goes to ‘/etc/nginx/sites-available/default‘, another tutorial is editing ‘/etc/nginx/nginx.conf‘, but I found the default config in ‘/etc/nginx/conf.d/default.conf’.

nano /etc/nginx/conf.d/default.conf

If nano is not installed (bash: nano: command not found), just install it. Get more information here or here.

apt update 
apt install nano -y

Insert the new location in the server { listen 80; …..} block. In my case I have running Netdata on my Proxmox host, so i added localhost and my Proxmox ip.

  location /nginx_status {
	stub_status;
	allow 192.168.178.100; #only allow requests from pve
	allow 127.0.0.1;	  #only allow requests from localhost
	deny all;		  #deny all other hosts	
  }

Save, exit your docker container and restart it.

docker restart root_app_1

SSH into Proxmox and check with curl, if you able to reach the new nginx location.

For the last step Configure Netdata to Monitor Nginx (step 4) , just follow the Netdata Wiki. Place a new file called nginx.conf on your Netdata host.

nano /etc/netdata/python.d/nginx.conf

Because Netdata is not running local, use ‘remote‘ following the url, instead of local and localhost.

update_every : 10
priority     : 90100

remote:
  url     : 'https://192.168.178.197/nginx_status'

Restart Netdata and your are done.

sudo systemctl restart netdata

[Docker] Install Docker in LXC running Debian Buster

If you already have an LXC with Debian running, add the following three lines to the lxc config (path /etc/pve/lxc/xxx.conf) and reboot the container:

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

Now simply install docker.

sudo apt update && apt upgrade -y
sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose

Running and managing docker containers requires sudo privileges. If you don’t want to type sudo for every commmand, add your current user to the docker group.

sudo usermod -aG docker ${USER}

Docker should now be installed, the daemon started, and the process enabled to start on boot. Check that it’s running.

sudo systemctl status docker

Test if the installtions is working correctly with hello-world.

sudo docker run hello-world

Each container you will create gets a unique ID and name you can look up with “docker ps”. To remove the docker instance just use “docker rm” followed by the ID or the container name.

sudo docker ps -a
sudo docker stop relaxed_williamson
sudo docker rm relaxed_williamson

[Docker] Install JDownloader2 Headless

The first JDownloader installation in an Debian Stretch Linux Container I did manually following this guide. It was running stable since then. Now I wanted to upgrade to Debian Buster and to took the chance trying a Docker JDownloader installation. I already had a Debian Buster Container with Docker installed (look here for a short installation guide), so I just had do spin up the new JDownloader Docker like it is described here.
With parameter -v you are able to mount a specific download location inside Docker. I also added Port 3129 to enable MyJdownloader direct connection.

docker run -d \
    --name=jdownloader-2 \
    -p 5800:5800 \
    -p 3129:3129 \
    -v /docker/appdata/jdownloader-2:/config:rw \
    -v /mnt/nfs/downloads:/output:rw \
    jlesage/jdownloader-2

If you want JDownloader to autostart and forgot the “–restart” parameter during the “run” command (as I did), just use docker update:

docker update --restart always jdownloader-2