Custom installation of docker nextcloud - docker-compose

I'm trying to configure my nextcloud on my digitalocean server (debian 11). Using nginx proxy manager and nextcloud under docker
I change the root directory of the docker-compose (since I was out of disk space, I added a volume and mounted it at /var/lib/docker/volumes/volume_nyc1_01)
I created a new folder called nextcloud. Inside that created docker-co
Version: "3"
volumes:
nextcloud-data:
nextcloud-db:
npm-data:
npm-ssl:
npm-db:
networks:
frontend:
# add this if the network is already existing!
# external: true
backend:
services:
nextcloud-app:
image: nextcloud
restart: always
volumes:
- nextcloud-data:/var/lib/docker/volumes/volume_nyc1_01/var/www/html
environment:
- MYSQL_PASSWORD=raspberrypi
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=nextcloud-db
networks:
- frontend
- backend
nextcloud-db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- nextcloud-db:/var/lib/docker/volumes/volume_nyc1_01/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=raspberrypi
- MYSQL_PASSWORD=raspberrypi
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
networks:
- backend
npm-app:
image: jc21/nginx-proxy-manager:latest
restart: always
ports:
- "80:80"
- "81:81"
- "443:443"
environment:
- DB_MYSQL_HOST=npm-db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=npm
- DB_MYSQL_PASSWORD=raspberrypi
- DB_MYSQL_NAME=npm
volumes:
- npm-data:/var/lib/docker/volumes/volume_nyc1_01/data
- npm-ssl:/var/lib/docker/volumes/volume_nyc1_01/etc/letsencrypt
networks:
- frontend
- backend
npm-db:
image: jc21/mariadb-aria:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=raspberrypi
- MYSQL_DATABASE=npm
- MYSQL_USER=npm
- MYSQL_PASSWORD=raspberrypi
volumes:
- npm-db:/var/lib/docker/volumes/volume_nyc1_01/var/lib/mysql
networks:
- backend
As you could notice, I created through mkdir, each folder after volume_nyc1_01.
Finally I started the server, from /var/lib/docker/volumes/volume_nyc1_01/nextcloud, using docker-compose up -d
Once logged in the ip-addres-server:81, I created the proxy host with domain name mydomain.com and forward hostname/ip nextcloud-app port 80. Saved
When i check in the domain name, it just doesn't show anything. The same happens when tried to establish the ssl.
I know I'm missing something, but I searched a lot and couldn't find anything. I really appreciate any help or suggestion

Related

Using a docker container with a VPN

I'm kinda new to docker so maybe my question is stupid, however, I've been unable to find a solution for it for a while now and it's starting to bother me so I'm asking here:
I have a default bridge network inside which there are few containers, one of them is running gluetun which is a vpn client and the rest is what's known as apache guacamole which is used as a remote desktop gateway.
It looks something like this:
networks:
guacnetwork_compose:
driver: bridge
services:
#gluten
gluetun:
image: qmcgaw/gluetun
#trqbva da mu dadem net_admin inache openvpn ne raboti
cap_add:
- NET_ADMIN
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
# - 4823:4822
# networks:
# enable_ipv6=false
volumes:
environment:
- VPNSP=custom
- VPN_TYPE=openvpn
# OpenVPN:
- OPENVPN_USER=
- OPENVPN_PASSWORD=
- OPENVPN_CUSTOM_CONFIG=
# Timezone for accurate log times
# - TZ=
#guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
network_mode: "service:gluetun"
# networks:
# guacnetwork_compose:
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# ports:
# - 4823:4822
guacd-no-vpn:
container_name: guacd_compose_no_vpn
image: guacamole/guacd
networks:
- guacnetwork_compose
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# guacamole
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE:
POSTGRES_HOSTNAME:
POSTGRES_PASSWORD:
POSTGRES_USER:
image: guacamole/guacamole
links:
- gluetun
networks:
- guacnetwork_compose
ports:
## if not nginx
## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
- 8080/tcp
restart: always
Basically what I want to happen is for the guacd container to use the network of the VPN container and then communicate with the GUI which is the guacamole container. Currently, the guacd is using the gluetun network, however, I can not get it to communicate with the guacamole container despite my efforts. Could somebody tell me what am I doing wrong?

Minio Buckets not working behind Traefik reverse-proxy

I have a minio docker service running, which is connectable on storage/console.
My traefik also works for this.
But I suspect the connections to use the pattern BUCKET.backup.lo.domain.com which leads to a 404 from traefik.
I clearly see this pattern, for example, when using Cyberduck to connect (in the traefik logs and Cyberduck itself). The connection itself is possible (backup.lo.domain.com). I also get the buckets listed. But as soon as I click on the bucket it shows a modal with the bucket.lo.domain.com pattern and the traefik default certificate.
version: "3.8"
volumes:
minio-data:
services:
minio:
container_name: minio-backup
image: quay.io/minio/minio:RELEASE.2022-01-08T03-11-54Z
networks:
- traefik
volumes:
- minio-data:/data
command:
- server
- /data
- --console-address
- ":9001"
environment:
- TZ=${TIME_ZONE}
- MINIO_ROOT_USER=root
- MINIO_ROOT_PASSWORD=password
- MINIO_BROWSER_REDIRECT_URL=https://backup-console.lo.domain.com
- MINIO_DOMAIN=https://backup.lo.domain.com
labels:
- traefik.enable=true
- traefik.docker.network=traefik
- traefik.http.routers.minio.service=minio
- traefik.http.routers.minio.rule=Host(`backup.lo.domain.com`)
- traefik.http.routers.minio.tls.certresolver=letsenc
- traefik.http.routers.minio.entrypoints=websecure
- traefik.http.services.minio.loadbalancer.server.port=9000
- "traefik.http.routers.minio-console.service=minio-console"
- "traefik.http.routers.minio-console.rule=Host(`backup-console.lo.domain.com`)"
- "traefik.http.routers.minio-console.entrypoints=websecure"
- "traefik.http.routers.minio-console.tls.certresolver=letsenc"
- "traefik.http.services.minio-console.loadbalancer.server.port=9001"
restart: unless-stopped
traefik:
image: traefik
container_name: traefik
command:
- --providers.docker=true
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
labels:
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsenc"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.tls.domains[0].main=lo.domain.com"
- "traefik.http.routers.traefik.tls.domains[0].sans=*.lo.domain.com"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
restart: unless-stopped
networks:
traefik:
networks:
traefik_public:
Any ideas? Could I use something like wildcards for subdomains?
The problem here is that buckets do not have sub-domain DNS entries in your setup. If you disable this and use path-style requests things should work fine: https://docs.cyberduck.io/protocols/s3/#disable-use-of-virtual-host-style-requests
Specifically, you need to set s3.bucket.virtualhost.disable to true in Cyberbuck.

Minio install behind Traefik

I had the previous version (from last yr) of minio running well behind traefik and on portainer with no issues. I attempted an upgrade 4 days ago to the new version and it's been downhill since then. I get the login page but it won't accept credentials; Error:
{"code":500,"detailedMessage":"Post \"https://storage.example.com/\": dial tcp <ip>:443: i/o timeout","message":"invalid Login"}
I suspect it has something to do with the TLS certificate.
Below is my compose file, I've generated the certs as required; any assistance is is welcomed:
minio:
image: minio/minio
container_name: minio
restart: unless-stopped
command: server /data --certs-dir "./minio-data/certs" --address ":9000" --console-address ":9001"
networks:
- traefik-proxy2
expose:
- "9000"
- "9001"
volumes:
- ./minio-data:/data
environment:
- "MINIO_ROOT_USER=love"
- "MINIO_ROOT_PASSWORD=love1234"
- "MINIO_BROWSER_REDIRECT_URL=https://stash.example.com"
- "MINIO_SERVER_URL=https://storage.example.com"
labels:
- "traefik.enable=true"
- "traefik.http.services.minio.loadbalancer.server.port=9000"
- "traefik.http.routers.minio.rule=Host(`storage.example.com`)"
- "traefik.http.middlewares.minio-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.minio.middlewares=minio-https-redirect"
- "traefik.http.routers.minio.entrypoints=https"
- "traefik.http.routers.minio.service=minio"
- "traefik.http.routers.minio.tls=true"
- "traefik.http.routers.minio.tls.certresolver=http"
- "traefik.http.services.minio-console.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-console.rule=Host(`stash.example.com`)"
I was getting the same Invalid Login error: Post "http://minio.localhost/": dial tcp: lookup minio.localhost on 127.0.0.11:53: no such host.
The following docker-compose.yml works. The solution is NOT to use MINIO_DOMAIN or MINIO_SERVER_URL. See # comments at environment: variables.
version: "3.3"
services:
minio:
# Please use fixed versions :D
image: minio/minio:RELEASE.2021-10-06T23-36-31Z
networks:
- traefik-proxy2
volumes:
- minio-data:/data
command:
- server
- /data
- --console-address
- ":9001"
environment:
- MINIO_ROOT_USER=love
- MINIO_ROOT_PASSWORD=love1234
# Do NOT use MINIO_DOMAIN or MINIO_SERVER_URL with Traefik.
# All Routing is done by Traefik, just tell minio where to redirect to.
- MINIO_BROWSER_REDIRECT_URL=http://stash.localhost
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik-proxy2
- traefik.constraint-label=traefik-proxy2
- traefik.http.routers.minio.service=minio
- traefik.http.routers.minio.rule=Host(`storage.localhost`)
- traefik.http.services.minio.loadbalancer.server.port=9000
- traefik.http.routers.minio-console.service=minio-console
- traefik.http.routers.minio-console.rule=Host(`stash.localhost`)
- traefik.http.services.minio-console.loadbalancer.server.port=9001
volumes:
minio-data:
networks:
traefik-proxy2:
external: true

Traefik 2 Gateway Timeout

So I have the following docker-compose.yml
version: "3.7"
services:
roundclinic-mysql:
image: mysql:5.7
networks:
- spring-boot-mysql-network
environment:
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
- MYSQL_ROOT_PASSWORD=
volumes:
- ./mysqldata:/var/lib/mysql:rw,delegated
ports:
- "3306:3306"
web-service:
image: roundclinic/roundclinic:latest
networks:
- spring-boot-mysql-network
- traefik-network
depends_on:
- roundclinic-mysql
ports:
- 8080:8080
environment:
- "SPRING_PROFILES_ACTIVE=dev"
links:
- roundclinic-mysql
labels:
- "--providers.docker.network=traefik_default"
- "traefik.enable=true"
- "traefik.http.routers.roundclinic.rule=Host(`api-dev.roundclinic.app`)"
- "traefik.http.routers.roundclinic.entrypoints=web"
- "traefik.http.services.cal.loadbalancer.server.port=8080"
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "traefik.docker.network=traefik-network"
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
traefik-network:
driver: bridge
external: true
spring-boot-mysql-network:
driver: bridge
volumes:
my-db:
Spring boot starts up fine and can connect to mysql.
When I connect to http://api-dev.roundclinic.app:8080/../ I can hit my application just fine
When I connect to http://api-dev.roundclinic.app/../ I get a gateway timeout. I can see in the traefik logs that it's forwarding the request to what seems to be the correct IP and port, but nothing hits the actual application. I'm not sure what's going on here. Any help?
When accessing port 8080 you are bypassing Traefik and directly access your application, correct?
Generally speaking the Traefik labels look good. Entrypoint, Port and Host are defined, router and service port are present. These are usually all the requirements for Docker-based setups.
One thing that I noticed is that the traefik container uses "traefik.docker.network=traefik-network", but your web app uses:
"--providers.docker.network=traefik_default".
I am not sure if traefik_default is something that traefik provides but that mismatch in network names might be the issue.
I can't test if that is the problem but that would be the first thing to check.
One way would be to simplify your config but just always using the networks key from docker compose instead of mixing it with labels and arguments.

docker-compose.yml for Bitnami Apache, MariaDB, PrestaShop and PHPMyAdmin is not working correctly

My 1st goal is to write a docker-compose.yml file with the following:
1 docker for the MariaDB server
1 docker for the PrestaShop-1.7 server
1 docker for the PHPMyAdmin server
Can you please help me get it working correctly ?
Then, my 2nd goal is to set passwords and disallow the "no password".
Kind regards,
Arnaud.
I'm using the bitnami's dockers so I've started the following script:
version: "3"
networks:
prestashop-network:
driver: bridge
services:
mariadb:
image: 'bitnami/mariadb:10.3'
environment:
- MARIADB_USER=bn_prestashop
- MARIADB_DATABASE=bitnami_prestashop
- ALLOW_EMPTY_PASSWORD=yes
networks:
- prestashop-network
volumes:
- 'mariadb_data:/bitnami'
ports:
- 3307:3306
phpmyadmin:
image: bitnami/phpmyadmin:latest
volumes:
- 'phpmyadmin_data:/bitnami'
depends_on:
- mariadb
ports:
- 81:80
environment:
- PHPMYADMIN_ALLOW_NO_PASSWORD=true
networks:
- prestashop-network
prestashop_1.7:
image: 'bitnami/prestashop:1.7'
volumes:
- 'prestashop_data:/bitnami'
- ./docker/prestashop/custom-php.ini:/usr/local/etc/php/conf.d/custom.ini
- ./docker/prestashop/phpinfo.php:/var/www/html/phpinfo.php
depends_on:
- mariadb
ports:
- 8085:80
- 8086:443
environment:
- PRESTASHOP_FIRST_NAME=Toto
- PRESTASHOP_LAST_NAME=FAMILLE
- PRESTASHOP_PASSWORD=bitnami1
- PRESTASHOP_EMAIL=user#example.com
- PRESTASHOP_HOST=localhost
- PRESTASHOP_COUNTRY=fr
- PRESTASHOP_LANGUAGE=fr
- MARIADB_HOST=mariadb
- MARIADB_PORT_NUMBER=3306
- PRESTASHOP_DATABASE_USER=bn_prestashop
- PRESTASHOP_DATABASE_NAME=bitnami_prestashop
- PRESTASHOP_DATABASE_PASSWORD=bitnami1
- ALLOW_EMPTY_PASSWORD=yes
- MARIADB_ROOT_USER=root
- MARIADB_ROOT_PASSWORD=
- MYSQL_CLIENT_CREATE_DATABASE_NAME=bitnami_prestashop
- MYSQL_CLIENT_CREATE_DATABASE_USER=bn_prestashop
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_PROTOCOL=tls
- SMTP_USER=your_email#gmail.com
- SMTP_PASSWORD=your_password
networks:
- prestashop-network
volumes:
mariadb_data:
driver: local
prestashop_data:
driver: local
phpmyadmin_data:
driver: local
For information, I use Mac OS X Mojave with the following docker tools version:
$ docker-compose version
docker-compose version 1.24.1, build 4667896b
docker-py version: 3.7.3
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.0j 20 Nov 2018
When I launch with the following command:
docker-compose up
Then the different images are downloaded and started.
When I try to access the PhpMyAdmin instance using http://localhost:81 I can reach the PhpMyAdmin instance correctly using root and no password.
I get two major problems:
I see the 'prestashop' database is created but empty
When I try to access the PrestaShop instance using http://localhost:8085 I get an error 500
When tying your docker-compose file I got this errors:
mariadb_1 | 2019-08-15 9:28:47 13 [Warning] Access denied for user 'bn_prestashop'#'192.168.48.4' (using password: YES)
prestashop_1.7_1 | mysql-c ERROR [canConnect] Connection with 'bn_prestashop' user is unsuccessful
You need to set up the user password in the mariadb container too.
This docker-compose file worked for me, may be you can build up from here.
version: '2'
services:
mariadb:
image: 'bitnami/mariadb:10.1'
environment:
- MARIADB_USER=bn_prestashop
- MARIADB_DATABASE=bitnami_prestashop
- MARIADB_PASSWORD=my_passwd
- ALLOW_EMPTY_PASSWORD=yes
volumes:
- 'mariadb_data:/bitnami'
prestashop:
image: 'bitnami/prestashop:1.7'
environment:
- MARIADB_HOST=mariadb
- MARIADB_PORT_NUMBER=3306
- PRESTASHOP_DATABASE_USER=bn_prestashop
- PRESTASHOP_DATABASE_NAME=bitnami_prestashop
- PRESTASHOP_DATABASE_PASSWORD=my_passwd
- ALLOW_EMPTY_PASSWORD=yes
- PRESTASHOP_FIRST_NAME=Toto
- PRESTASHOP_LAST_NAME=FAMILLE
- PRESTASHOP_PASSWORD=bitnami1
- PRESTASHOP_EMAIL=user#example.com
- PRESTASHOP_HOST=localhost
- PRESTASHOP_COUNTRY=fr
- PRESTASHOP_LANGUAGE=fr
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_PROTOCOL=tls
- SMTP_USER=your_email#gmail.com
- SMTP_PASSWORD=your_password
ports:
- '80:80'
- '443:443'
volumes:
- 'prestashop_data:/bitnami'
depends_on:
- mariadb
phpmyadmin:
image: 'bitnami/phpmyadmin:4'
ports:
- '8080:80'
- '8443:443'
depends_on:
- mariadb
volumes:
- 'phpmyadmin_data:/bitnami'
volumes:
mariadb_data:
driver: local
prestashop_data:
driver: local
phpmyadmin_data:
driver: local