The following Apps are implemended:
- Nextcloud + Collabora / OnlyOffice + Talk
- Joomla
- Wordpress
- Drupal
- Bookstack
- Grav
- Rocket.Chat
- Wallabag
- Draw.io
- Portainer
- Adminer
- restic & rclone Backup
Right now this will run on Ubuntu 16/18, Debian 9, CentOS 7, Amazon Linux 2.
The playbook runs on x86_64. It's tested on both architektures on AWS EC2 and Scaleway Server. Arm server are not yet tested. But may work.
WARNING: This is work in progress. Not everything is tested. Before you use this in production check the installation very carefully.
Install Ansible and some needed tools by running the following command with a user that can sudo or is root.
curl -s https://raw.githubusercontent.com/ReinerNippes/selfhosted_on_docker/master/prepare_ansible.sh | /bin/bash
Clone this repo and change into the directory selfhosted_on_docker
.
git clone https://github.com/ReinerNippes/selfhosted_on_docker
cd selfhosted_on_docker
Note that root must have also sudo right otherwise the script will complain. Some hoster use distros where is is not in the sudoers file. In this case you have to add root ALL=(ALL) NOPASSWD:ALL
to /etc/sudoers.
Prepare your OS to run the playook and install Docker on your server.
./prepare_os.yml
You may skip this steps if you have already a running docker installation. Nevertheless you may miss some python packages. You have to install them manually.
Now you can configure the whole thing by editing the file selfhosted_sites.yml
and some other files.
First of all you must configure the base system.
# Define your the top level domain for for selfhosted sites
base_domain: selfhosted.example.tld
# Your email adresse for letsencrypt
ssl_cert_email: [email protected]
# set this to true if you want to enable a postfix mail relay for all your selfhosted services
# edit group_vars/mail_relay.yml to set user/password for your upstream mail server
# all container can use this relay server to send mail
mailrelay_enabled: true
# your maildomain
selfhosted_mail_domain: '{{ base_domain }}'
# Enable to backup your server
backup_enabled: false
# adminer is a webfront end for your database at https://base.{{ base_domain }}/adminer/
adminer_enabled: false
# portainer is a webfront end for docker host at https://base.{{ base_domain }}/portainer/
portainer_enabled: true
# user for traefik dashboard at https://base.{{ base_domain }}/traefik/
traefik_api_enabled: false
Now you can define the apps you want to run by editing the variable selfhosted_sites
in the file selfhosted_sites.yml
Lets start with the base setup
selfhosted_sites:
- name: base
type: base
server_fqdn: base.{{ base_domain }}
Don't edit or delete this. It's the base setup. It provides the basic container to run your apps. If you delete this the playbook will abort with an error. Of course you may change the server_fqdn
.
If you want to use Talk with Nextcloud setup a turnserver. All Nextcloud instances will share the same turnserver. The server_fqdn must be the same as the base setup. Otherwise no certificates wil be created.
- name: talk
type: turnserver
server_fqdn: base.{{ base_domain }}
If you want to start an Joomla app named myjoomla at joomla.selfhosted.example.tld it would like this
- name: myjoomla
type: joomla
server_fqdn: joomla.{{ base_domain }}
The name variable is used as the container name. So be carefull with special charaters.
If you want to run several joomla installations just copy and change name
and server_fqdn
. type
must be joomla
- name: myjoomla
type: joomla
server_fqdn: joomla.{{ base_domain }}
- name: another_joomla
type: joomla
server_fqdn: another-joomla.{{ base_domain }}
Nextcloud has some additional variables. You can define if you want to install Collabora, OnlyOfiice and/or Talk additional. If you want to install Collabora you can choice your dictionaries as well.
- name: nextcloud
type: nextcloud
server_fqdn: nextcloud.{{ base_domain }}
collabora: true
collabora_dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"
onlyoffice: true
talk: true
talk_server: {{ base_domain }}
This a list of all available apps:
- name: nextcloud
type: nextcloud
server_fqdn: nextcloud.{{ base_domain }}
collabora: true
collabora_dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"
onlyoffice: true
talk: true
talk_server: {{ base_domain }}
- name: joomla
type: joomla
server_fqdn: joomla.{{ base_domain }}
- name: wordpress
type: wordpress
server_fqdn: wordpress.{{ base_domain }}
- name: bookstack
type: bookstack
server_fqdn: bookstack.{{ base_domain }}
- name: grav
type: grav
server_fqdn: grav.{{ base_domain }}
- name: rocketchat
type: rocketchat
server_fqdn: rocketchat.{{ base_domain }}
- name: wallabag
type: wallabag
server_fqdn: wallabag.{{ base_domain }}
- name: drawio
type: drawio
server_fqdn: drawio.{{ base_domain }}
How many apps you can host on one machine depends on your machine and your users. Well. What else.
Run
./prepare_site.yml
You'll find all passwords in /opt/selfhosted/secrets. To get a complete list run sudo grep -r '' /opt/selfhosted/secrets
.
/opt/selfhosted/secrets/bookstack_database_user_secret:kAO4pbmWbcalPq7fsp3z5PQLZbDD5C2n
/opt/selfhosted/secrets/bookstack_mysql_root_secret:36OeJ3KNjGQLOz7HqLsjNA1Rkr2uBuD6
/opt/selfhosted/secrets/joomla_database_user_secret:hpfWmTQCT3gXkbjl05NwMcXZrcnnuQOa
/opt/selfhosted/secrets/joomla_mysql_root_secret:ap0QPc8IKNDnSmhBHosNrT8deZWXPqGo
/opt/selfhosted/secrets/nextcloud_admin_secret:TQMdYgRC6KQ2w3MAdcqZsXtaZsh1iv5k
/opt/selfhosted/secrets/nextcloud_collabora_secret:GDCOq0qUOrucUGstiawb2Z9XFinG4Lt1
/opt/selfhosted/secrets/nextcloud_db_user_secret:YFzKJFHGu8kh3JkzRPGks47Fb24dSS02
/opt/selfhosted/secrets/nextcloud_redis_secret:yyaFBfdqgKelK9fujgto2KiCE4FXfILh
/opt/selfhosted/secrets/portainer_admin_secret:EhfKBfVsKsaFqgcvVjWloQ9b6zAP3vZN
/opt/selfhosted/secrets/talk_secret:VHMKK5buOUkYW0bmOcdiEhZ6rlRQ6s5r
/opt/selfhosted/secrets/wallabag_database_user_secret:XHBOeYPivzHCCCoHiSoY6iVVkylRZXLA
/opt/selfhosted/secrets/wallabag_db_user_secret:xqUysULX9waN9Yzhfq8nzC4hDk4s3Bxq
/opt/selfhosted/secrets/wallabag_mysql_root_secret:cBz1uTHccrOr0CN3Q36V5ji3DlP5GEhV
Nextcloud is ready to run. You can login as admin and start work.
All other apps have to be configured via their web interfaces. Please note that some apps are open to world until you configure them. E.g. grav
.
The name of the database host for all apps is {{ app_name }}-db
. In the above example of myjoomla it would be myjoomla-db
. The db user you'll find in group_vars/joomla.yml
.
Enter the credentials of your upstream smtp server in group_vars/mailrelay.yml
upstream_smtp_host: ''
upstream_smtp_username: ''
upstream_smtp_password: ''
upstream_smtp_from_address: ''
Configure your mail-relay container in your app. Below is the example for Nextcloud. Other apps must be configure through there web gui.
# Nextcloud mail setup
app_configure_mail: true
app_mail_from: 'nextcloud'
app_mail_domain: 'exmaple.tld'
app_mail_smtpmode: 'smtp'
app_mail_smtpauthtype: ''
app_mail_smtpsecure: ''
app_mail_smtpauth: '0'
app_mail_smtphost: 'mail-relay'
app_mail_smtpport: '25'
app_mail_smtpname: ''
app_mail_smtppwd: ''
That's a long story. It's good to know yaml, jinja2 and ansible.
To start look at the yaml files in group_vars/*.yml
.
If you don't like /opt/selfhosted
as the base directory you may change it in group_vars/all.yml
. If your favorite Postgrsql version isn't '10-alpine' you may change it in this file as well.
But. That's not tested. You may try.
selfhosted_base_dir: '/opt/selfhosted'
selfhosted_credential_store: '{{ selfhosted_base_dir }}/secrets'
docker_default_postgres_image: '10-alpine'
docker_default_mysql_image: 'latest'
docker_default_nginx_image: 'alpine'
docker_default_redis_image: 'alpine'
docker_default_mongodb_image: 'latest'
If you want to fine tune the apps you have look into each yml file.
For example if you want to change the mysql image for bookstack you may edit bookstack.yml and change app_docker_mysql_image: '10.4.4'
---
# bookstack varibales
# docker image version
app_docker_image: 'latest'
app_docker_mysql_image: '10.4.4'
# Enable/disable auto container updates via watchtower
app_watchtower: 'false'
app_db_watchtower: 'false'
# data dir
app_base_dir: '{{ selfhosted_base_dir }}/{{ app_name }}'
app_data_dir: '{{ app_base_dir }}/data'
app_datadump_dir: '{{ app_base_dir }}/database_dump'
# database settings (choose one)
app_db_type: 'mysql' # (MariaDB)
# options for mariadb or postgres
app_db_name: 'bookstack'
app_db_user: 'bookstack'
app_db_passwd: '' # leave empty to generate random password
The watchtower container takes care about your container and can update them automatic to a newer version if a newer images is pushed to hub.docker.io. Per default all container are set to app_watchtower: false
. You have to change this to your needs.
If you want to get rid of the containers, networks and volumes run the following command.
sudo ./scripts/remove_all_container.sh
Your data won't be deleted. You have to do this with.
sudo rm -rf /opt/selfhosted
If you test your setup it's wise to have a backup of /opt/selfhosted/traefik
. Letsencrypt limits the number of certificate request to there server.