Docker Assistant (Set Me Up)
April 23rd, 2023 9:19 AM Mr. Q Categories: Docker, Setup
Follow these steps to get sites/apps working…
1) Clone Docker Assistant
Clone docker_assistant to your server. (preferable one (1) level from the root directory) i.e. /volume1/docker_assistant/
cd /volume1
sudo git clone https://github.com/ToolboxAid/docker_assistant
The directory and file need to be owned by you. Use the user and group that has the least amount of permissions.
- whoami command to see the user name.
- use either of these commands to get the user group:
- groups {username}
- id -Gn {username}
sudo chown -R {user:group} ./docker_assistant/
chmod 775 -R ./docker_assistant/
Now change to the directory docker_assistant
cd ./docker_assistant/
2) Execute Docker Assistant environment setup
Script to set up the environment.
sudo ./setup.env.sh
Please review/update your generated files for correctness
/voloume1 └── docker_assistant ├── custom_data ├── lan ├── scripts ├── templates │ └── .common.env ├── wan └── setup.env.sh
A macvlan is like a magic spell that lets you create a copy of your computer’s network connection, you can use it like a whole new computer on the same network! It’s kind of like having a twin that looks just like you but has its own computer to use.
3) DD-Client setup
Move into the template directory.
cd ./templates
ls -la
Execute the script to setup ddClient (as of writing this, the version is ‘v3.9.1-ls10’)
sudo ./ddclient-v3.9.1-ls100.sh
Optional step if for some reason your cache is bad when you add a new site.
sudo ./attach.sh
cd /var/cache/ddclient/
cp ddclient.cache ddclient.cache_bkup
touch ddclient.cache
Be sure to copy the firewall information (ie below ports 53, 80 & 443: ‘172.66.0.0/16’)
Remember to update your firewall rules for ports 53, 80 & 443 as destination: '172.66.0.0/16'lan2router
- TCP port 80 (HTTP): Used for communication with the DDNS provider to update the IP address.
- TCP port 443 (HTTPS): Used for secure communication with the DDNS provider to update the IP address.
- UDP port 53 (DNS): Used for resolving the domain name to the IP address.
4) Create a dynamic A record for Traefik and DD-Client
Log on to your DNS host and create a Dynamic record forwarding to ‘traefik.wan.{YOUR_DOMAIN_NAME}‘. FYI, this is your domain within your premises, not a website you want to set up. Below is based on using Google Domains.
If using Google Domains: use the following code to edit the config file
sudo cp ./config/ddclient.conf-strip-4-google ./config/ddclient.conf
cd /volume1/docker_assistant/lan/ddclient-v3.9.1-ls100/ddclient.conf
sudo vi ./config/ddclient.conf
Not Google Domains
cd /volume1/docker_assistant/lan/ddclient-v3.9.1-ls100/
sudo vi ./config/ddclient.conf
Update your DD-client config with the new DNS information.
YYYY.MM.DD protocol=googledomains login= password= traefik.wan.{YOUR_DOMAIN_NAME}
If you have a firewall in place (and you should), you will need to enter a rule for outbound traffic. The ddclient subnet will be displayed for you. You may need to look up the CIDR of > xx.xx.xx.xx/16 for most firewall rules /16 subnet is 255.255.0.0
- you can use something like: https://www.dan.me.uk/ipsubnets
After updating ‘ddclient. conf’, Execute:
sudo ./up.sh
sudo ./log.tail.sh
Review the logs to see if it is updating or failing.
Once updated, it could take up to 24 hours or more to work, with Google DNS, my works within 15 min If no errors, you should now be able to:
ping traefik.wan.{YOUR_DOMAIN_NAME} (depending if you allow replies to pings)
nslookup traefik.wan.{YOUR_DOMAIN_NAME}
(assuming the DNS gods are with you, if not, up to 24 hours)
Additional reading:
- https://plugins.traefik.io/plugins/62947353108ecc83915d778d/simple-cache
- https://plugins.traefik.io/plugins/628c9eadffc0cd18356a9799/docker-compose.local.yml
5) Point your router to your MAC-VLAN IP from step 2 to the MAC-VLAN ip address (Ports 80 and 443)
- as Traefik will be running on a MAC-VLAN, you need to forward ports 80 to 80 and 443 to 443 to your Traefik IP address
- I know, no way to test this until Traefik is running in step 6.
6) Traefik will proxy all of its HTTP & HTTPS network requests to your services
Only the Traefik container has direct access to the internet. All other containers flow through Traefik using the docker firewall rules to assist with security issues.
To set up the container (as of writing this, the version is ‘v2.8’) use:
cd /volume1/docker_assistant/templates
sudo ./traefik-v2.8.sh
cd ./wan/traefik-v2.8/
You will need access to htpasswd. On Synology: install htpasswd for MD5 passwords on Synology NAS, you can follow these steps:
- Open the Synology NAS web interface and go to “Package Center.”
- Search for “Apache HTTP Server 2.4” and install it.
To create a user: password pair to log in to Traefik, use the following commands to add, update, and verify users. At this point, add a user using htpasswd.add.sh.
Add a user using:
sudo ./htpasswd.add.sh
Delete a user:
./htpasswd.delete.sh
Verify a user:
./htpasswd.verify.sh
Let’s get things started.
sudo ./up.sh
sudo ./log.tail.sh
If you are using a Synology NAS, you can route it through Traefik
- uncomment Synology (service and router) section in /volume1/docker_assistant/templates/traefik-v2.8/dynamic.yml
- in-service update {synology_nas_ip}:{no_secure_port}
- in router update {YOUR_DOMAIN_NAME}
- if you enabled redirect http to https on your Synology NAS.
- In the control panel, under DSM
- disable Automatically redirect HTTP connection to HTTPS
- disable HSTS force browsers to use a secured connection
- In the control panel, under DSM
- You can use this as a template to redirect requests to non-docker containers
cd ../wan/traefik.wan.{YOUR_DOMAIN_NAME}/
vi dynamic.yml
Uncomment by removing the first ‘#‘ on each line.
Also, replace {synology_nas_ip}:{port}
# services: # # - - - - - - - - - - - - - - - - - # synology: # loadBalancer: # servers: # - url: "http://{synology_nas_ip}:{port}" # passHostHeader: true # # remember to uncomment the router as well. # # - - - - - - - - - - - - - - - - - #
# synology: # rule: "Host(`synology.lan.{YOUR_DOMAIN_NAME}`)" # # entrypoints: # - websecure # # middlewares: # - TBA-headers # - TBA-whitelist # - TBA-compress # # service: synology # # tls: # certResolver: lets-encrypt
Let’s start it up:
sudo ./up.sh
sudo ./log.tail.sh
At this point, you should be able to browse to traefik.wan.{YOUR_DOMAIN_NAME}
7) Test your setup of single deployable sites.
Setup whoami – simple test site
cd /volume1/docker_assistant/templates
sudo ./whoami.sh
cd ../lan/whoami.lan.{YOUR_DOMAIN_NAME}/
sudo ./up.sh
Launch your browser pointed to whoami.lan.{YOUR_DOMAIN_NAME}
8) Now that you see what to do, you can deploy the other containers:
- From directory ‘./template’ use the {script_name}.sh to create new containers
- use ‘cd ./template’ and ‘ls -la’ to see the templated directory
- From directory ‘./template’ use the {script_name}.sh to create new containers
- Point your router to your MAC-VLAN IP (Ports 80 and 443) to the MAC-VLAN IP address
NOTE: if the script requires the parameter {SITE}, you can deploy multiple instances of it
After each deployment where you see a network created (remember to do this):
- You will need to change the directory to the deployment folder (it will be displayed to you)
- Review/edit the ‘.env’ file generated for correctness
- Execute: user@server:/volume1/docker_assistant/(wan|lan)/package/ $ sudo ./up.sh to start the container
9) Deploy a single instance with predefined URLs.
- Set up PHPMyAdmin – the ability to get to your database when needed.
- Setup Portainer – easy way to see details about a container
10) Deploy multiple instances of a container with different URLs
Run WordPress – your first site to manage with a DB Additional reading:
11) Backing up sites
Update the BACKUP_PATH in ‘./docker_assistant/scripts/.docker.zip.env’
docker_zip_backup.sh requires one (1) parameter: base – backup only custom_data, scripts & templates site – backup only wan, lan, dev directories full – backup site & base
Run a backup of your work ‘./docker_assistant/scripts/docker_zip_backup.sh {parameter}’ To restore a site, just drag the folder to the correct location and start it.