Giter VIP home page Giter VIP logo

selfhost-base's Introduction

The base setup for my self-hosted docker services.

  • Traefik for reverse-proxying different subdomains to specific containers
  • a dockersock proxy to shield the docker socket from web-facing containers
  • watchtower to keep containers updated automatically
  • fail2ban to protect the Traefik dashboard from brute-force logins

Setup

Create a .env file in the root dir of the project, and fill out all the stuff you want to keep secret:

PUID=
PGID=
TZ=
PERSISTENT_DIR=
ACME_EMAIL=
DOMAIN_BASE=
DOMAIN_SHORTENER=
DOMAIN_CHAT_STATS=
POSTGRES_USER=
POSTGRES_PW=

PUID and PGID are found using id $user.
TZ is your timezone.
PERSISTENT_DIR is the base directory you want all your containers' persistent data to be kept in.
ACME_EMAIL is an email address for letsencrypt cert stuff.
DOMAIN_BASE is the base domain you have pointed at the docker network.
The rest are project specific; I symlink the same .env for all other subprojects.

Create the file where auto-requested letsencrypt certs will be stored:

touch traefik/acme.json

Create traefik.htpasswd to password-protect the traefik dashboard:

htpasswd -c traefik/traefik.htpasswd <username>

Now create a docker network for all web-facing containers:

docker network create web

And we're done, time to spin everything up!

docker-compose up -d

You should now be able to access the traefik dashboard at traefik.${DOMAIN_BASE}

Dependent Projects

Of course, there's not much you can actually do with just this base setup, but now we can easily spin up the actual services we want to run.
I clone these as subdirs to this repo checkout, but really they could be anywhere.
Traefik works via the web network and labels, which lets you be pretty flexible with organisation.

  • Tiny Tiny RSS - an RSS feed reader
  • Jackett - a tracker search and indexing service
  • pb - a pastebin and URL shortening service
  • more to come

What's Next

There's a few more things that would be nice to have as a base:

  • Authelia looks good for two-factor auth
    • this issue should hopefully provide enough hints to get it working
    • once this is done, the htpasswd auth on the traefik dashboard can probably be dropped
  • Portainer for managing everything. I would want Authelia working first
  • Cloudflare maybe?

selfhost-base's People

Contributors

starlitghost avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.