docker services :: x33u — yet another website

shell odoo


# install db
> docker run -d \
  -e POSTGRES_USER=odoo \
  -e POSTGRES_PASSWORD=odoo \
  -e POSTGRES_DB=postgres \
  --name db \
  postgres:13

# run
> docker run -d \
  -v odoo-data:/var/lib/odoo \
  -p 8069:8069 \
  --name odoo \
  --link db:db \
  -t odoo

shell hassio


# run
> docker run -d \
  --name homeassistant \
  --privileged \
  --restart=unless-stopped \
  -e TZ=Europe/Berlin \
  -v $(pwd)/hassio:/config \
  --network=host \
  ghcr.io/home-assistant/home-assistant:stable

shell octoprint


# create volume
> docker volume create octoprint

# run
> docker run -d \
  -v octoprint:/octoprint \
  --device /dev/ttyACM0:/dev/ttyACM0 \
  --device /dev/video0:/dev/video0 \
  -e ENABLE_MJPG_STREAMER=true \
  -p 80:80 \
  --name octoprint \
  octoprint/octoprint

shell icinga


# get repo
> git clone \
  https://github.com/lippserd/docker-compose-icinga

# compose
> docker-compose -p icinga-playground up

# extras
login: "icingaadmin:icinga"

shell uptime-kuma


# create volume
> docker volume create uptime-kuma

# run
> docker run -d \
  --restart=always \
  -p 3001:3001 \
  -v uptime-kuma:/app/data \
  --name uptime-kuma \
  louislam/uptime-kuma:1

shell gitlab


# env
> mkdir /srv/gitlab
> export GITLAB_HOME=/srv/gitlab

# run
> docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 --publish 22:22 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  gitlab/gitlab-ee:latest

# watch
> docker logs -f gitlab

shell traefik


# create traefik.yml
api:
  dashboard: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
certificatesResolvers:
  http:
    acme:
      email: admin@example.com
      storage: acme.json
      httpChallenge:
        entryPoint: http

# create password: 
> echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g

# create docker-compose.yml
version: '3'
services:
  traefik:
    image: traefik:v2.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.x33u.org`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=data_user:$$apr1$$xxx"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.x33u.org`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
networks:
  proxy:
    external: true

security | server | software | stuff