I’d definitely go for Docker!
Agreed! My question, I guess, could be better explained…
In my environment, I’ve got two options:
1.) add the LibreY container to the /e/Cloud environment directly, or
2.) add the LibreY container to a different, independent Docker host, in which case my only changes to the /e/Cloud environment would be adding the nginx config entry and the certificate.
Now, while I think the #2 option is easier (honestly, it’s pretty generic, since I’ve already got a second VM with a Docker instance for KitchenOwl, I figured it’d be worth exploring what it would take to integrate LibreY into the build, because, as we’ve already estabished, I’m the one weirdo who puts my data on my own server, rather than a VPS . If I can turn this thread into a tutorial for other users, I think there is value to be had in that.
So, if I understand the procedure correctly, it would be as follows (stay with me):
- ssh into my /e/Cloud VM and
docker-compose stop && nano /mnt/repo-base/librey.txt
- enter the contents of the linked docker-compose file, along with the recommended changes from your list (I’ll probably opt out of watchtower for the time being).
cat /mnt/repo-base/librey.txt >> /mnt/repo-base/docker-compose.yml && docker-compose up -d
Do I have that right? The logic regarding making the librey entry a separate text file and then concatenating it is that when the /e/Cloud update comes (no, I’m not looking forward to Nextcloud 29, why do you ask? =) ), I’m assuming that the upgrade will overwrite my docker-compose.yml file, so the known-working config can be re-added after an upgrade by running the append command again…that’s my logic, anyway…I promise I won’t be offended if you tell me I’m way off base here and provide some corrections =).
Now, there are two related parts here I’m not completely clear on. First, I’d assume that I’d need to add a subdomain, say ‘search.voyager529.com’ that would point to the librey instance. I’d assume that I’d need to make a search.voyager529.com.conf file and put it in /mnt/repo-base/config/nginx/sites-enabled
, as I’ve done with my Vaultwarden instance. Now, that’s something I’ve done before, but you said that I didn’t need to expose the port since I’m using the internal nginx instance. Where I’m a bit confused is that I’d assume that there’s a need to tell nginx to direct traffic to the separate container. The rspamd.conf
file uses a proxy pass and port 11334, and autodiscover gets the port 80 traffic with its proxy_pass entry, so my initial reaction was to make line 7 - 8887:8080
to avoid the possibility of a conflict (8080 seems to be a pretty commonly used port for docker containers), then make the proxy_pass line either http://librey:8887
(if the service name on line 2 can be used in this way) or http://192.168.1.2:8887
(if it can’t). Your statement about removing those lines leads me to believe that my understanding is incorrect; could I impose upon you to help me understand how to get nginx to point to the container without exposing the ports?
Second, something I haven’t done before is to use certbot to get a Let’s Encrypt cert, and this seems like as good a time as any to attempt that. Having read through the installer scripts, here’s what I think the procedures are; please tell me what I’ve got wrong here (again, same logic - separate files for custom entries to allow simple concatenation commands after updates):
echo 'search.voyager529.com' >> /etc/repo-base/config/letsencrypt/autorenew/custom_domains.txt
cat /etc/repo-base/config/letsencrypt/autorenew/custom_domains.txt >> /etc/repo-base/config/letsencrypt/autorenew/ssl-domains.dat
- in the nginx config file I make, set the
ssl_certificate
line to /certs/live/search.voyager529.com/fullchain.pem
and a similar path to the .key file.
- stop the nginx container.
- run
./mnt/repo-base/scripts/ssl-renew.sh
- check /certs/live folder that the cert and key were created. Assuming they were, start the nginx container again.
So, I’m hoping that, with a few corrections, I can give this a shot =).
Thank you, Sylvain! And thank you @tcecyk for letting me know about the fork!