Houtworm/Wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Houtworm
2025-04-10 04:10:54 +02:00
commit 6e8a4fa4c5
33 changed files with 7674 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Guides/Docker/00Intro.md Normal file
View File

@@ -0,0 +1,25 @@
---
title: 00 Introduction
description:
published: true
date: 2023-05-03T03:38:56.954Z
tags:
editor: markdown
dateCreated: 2023-05-03T03:35:52.042Z
---
# Introduction
This guide assumes you followed my Arch Server guide therefore it will expect you already have basic knowledge about the programs we are using, have fail2ban configured and you have a storage cluster mounted to /data.
If you did not follow my complete Arch Server guide you should do a few things
1. set up fail2ban
make sure fail2ban talks to your firewall properly and test that people actually get banned
2. adjust the storage locations
Either mount your storage cluster/disk to /data or adjust the storage location in every docker compose file in the guide.
3. basic knowledge about linux, docker, fail2ban and networking
You should not execute commands or insert configuration you don't understand, so be sure to read up.
The guide should be pretty straightforward, And all the guides are optional, so only install what you will actually use. Most services will require a reverse proxy and a database so that's why we start with them, But you should again only install them if you need them.
Take your time and if you run into any problems be sure to leave a comment :)

145
Guides/Docker/01Nginx.md Normal file
View File

@@ -0,0 +1,145 @@
---
title: 01 Nginx
description:
published: true
date: 2023-05-03T03:18:59.950Z
tags:
editor: markdown
dateCreated: 2023-05-03T01:58:59.345Z
---
# Install and Configure Nginx
eNGINe X is a very powerful webserver, It can do many things and is highly configurable.
We will use it as a reverse proxy to forward requests to the correct container.
Create some folders in your home directory
mkdir -p ~/docker/nginx
Now create a docker compose file in that directory
vim ~/docker/nginx/docker-compose.yml
Add in the following text
```
version: '3'
services:
nginx:
image: nginx:latest
container_name: nginx
restart: always
volumes:
- /data/nginx/config:/etc/nginx
- /data/nginx/log/error.log:/var/log/error.log
- /data/nginx/log/access.log:/var/log/access.log
- /etc/letsencrypt/:/etc/letsencrypt/
- /etc/localtime:/etc/localtime:ro
ports:
- 80:80
- 443:443
```
First we need to create a folder for the configuration
sudo mkdir -p /data/nginx/config
We need to add the nginx configuration file
sudo vim /data/nginx/config/nginx.conf
Add in the following text
```
# Global Settings
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
worker_connections 1024;
}
# Web Traffic
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
error_log /var/log/error.log warn;
access_log /var/log/access.log;
proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m;
types_hash_max_size 2048;
types_hash_bucket_size 64;
client_max_body_size 16M;
client_body_buffer_size 16M;
client_header_buffer_size 16M;
large_client_header_buffers 2 16M;
# MIME
default_type application/octet-stream;
# Limits
limit_req_log_level warn;
limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_stapling on;
ssl_stapling_verify on;
# Services
include /etc/nginx/services/*.active;
}
```
Nginx should be good now, lets start the container
sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d
We will create 2 folders for future use auth is for password protected services and services is where nginx will look for server configuration
sudo mkdir -p /data/nginx/config/services && sudo mkdir -p /data/nginx/config/auth
Now we only need to setup fail2ban for Nginx, so create the following file
sudo vim /etc/fail2ban/filter.d/nginxx.local
add in the following content
```
[INCLUDES]
before = common.conf
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (400|401|403|404|405|406|407|423|429) .*$
```
This will ban everyone getting any of the error codes in the failregex line.
Now we need to activate the filter in our main fail2ban configuration file
sudo vim /etc/fail2ban/jail.local
Add the following to the bottom
```
## Nginx
[nginxx]
enabled = true
logpath = /data/nginx/log/access.log
```
Restart fail2ban to make the changes take effect
sudo systemctl restart fail2ban

280
Guides/Docker/02Mariadb.md Normal file
View File

@@ -0,0 +1,280 @@
---
title: 02 Mariadb
description:
published: true
date: 2023-07-14T17:31:21.541Z
tags:
editor: markdown
dateCreated: 2023-05-03T01:58:45.617Z
---
# MariaDB
MariaDB is a drop in replacement for MySQL, which is a database used by many services.
First we create some folders
mkdir -p ~/docker/mariadb
First we will create a docker compose file
vim ~/docker/mariadb/docker-compose.yml
Add in the following text
```
version: '3'
services:
mariadb:
image: mariadb:latest
container_name: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
volumes:
- /data/mariadb/data:/var/lib/mysql
- /data/mariadb/config:/etc/mysql/conf.d
- /data/mariadb/logs:/var/log/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=SETAMYSQLROOTPASSWORDHERE
```
Be sure to set your mysql root password
Mariadb should be good now, lets start the container
sudo docker-compose -f ~/docker/mariadb/docker-compose.yml up -d
Now we only need to initialize the database
sudo docker exec -it mariadb mariadb-secure-installation
Answer the first 3 questions with No and the rest with Yes
You can get into the database with the following command (only if mariadb is running)
sudo docker exec -it maridb mysql -p
Enter the Mysql root password you provided during the creation of the mariadb container and you should be in.
Here you can create databases with the following command
create database DATABASENAME;
Create a user with
create user USERNAME@'LOCALIP' identified by 'USERPASSWORD';
Give privileges to a user on a database with
grant all privileges on DATABASENAME.* to USERNAME@'LOCALIP';
And Flush the privileges with
flush privileges;
You can exit the mysql prompt with `exit;` and then pressing enter.
# PHPMyAdmin
Is a database manager for Mysql/MariaDB, it can be handy to manage the database with a GUI, Only install it if you need it, It is not needed for MariaDB to function at all.
First we start with a project folder
mkdir -p ~/docker/phpmyadmin
Now we create a docker-compose file
vim ~/docker/phpmyadmin/docker-compose.yml
Paste in the following text
```
version: '3'
networks:
phpmyadmin:
external: true
name: phpmyadmin
services:
phpmyadmin:
image: phpmyadmin
container_name: phpmyadmin
restart: always
volumes:
- /data/phpmyadmin/config.inc.php:/var/www/html/config.inc.php:ro
networks:
phpmyadmin:
ipv4_address: 172.20.72.10
environment:
- PMA_ARBITRARY=1
```
Now we are going to create the phpmyadmin config folder.
sudo mkdir /data/phpmyadmin
Next we are going to create a config file
sudo vim /data/phpmyadmin/config.inc.php
Paste in the following text
```
<?php
declare(strict_types=1);
$cfg['blowfish_secret'] = 'PUT YOUR BLOWFISH SECRET HERE';
$i = 0;
$i++;
$cfg['Servers'][$i]['auth_type'] = 'HTTP';
$cfg['Servers'][$i]['host'] = '0.0.0.0';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['AuthLog'] = '/var/log/phpmyadmin.log';
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
```
Now we will create a network
sudo docker network create --subnet=172.20.72.0/24 phpmyadmin
And start the container
sudo docker-compose -f ~/docker/phpmyadmin/docker-compose.yml up -d
PHPmyAdmin ofcourse needs access to the mariadb container so lets add mariadb to the network
vim ~/docker/mariadb/docker-compose.yml
Paste in the following lines
```
services:
mariadb:
networks:
phpmyadmin:
ipv4_address: 172.20.72.30
networks:
phpmyadmin:
external: true
name: phpmyadmin
```
Restart MariaDB to add it to the PHPmyAdmin network
sudo docker-compose -f ~/docker/mariadb/docker-compose.yml down && sudo docker-compose -f ~/docker/mariadb/docker-compose.yml up -d
Now we need to add nginx to the phpmyadmin network
vim ~/docker/nginx/docker-compose.yml
Paste in the following lines
```
services:
nginx:
networks:
phpmyadmin:
ipv4_address: 172.20.72.20
networks:
phpmyadmin:
external: true
name: phpmyadmin
```
Now we finally need to create a nginx config file
sudo vim /data/nginx/config/services/phpmyadmin.active
Paste in the following lines
```
server {
server_name example.com;
listen 443 ssl;
# Settings
autoindex off;
client_max_body_size 5000M;
# Locations
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/auth/.phpmyadmin;
proxy_pass http://phpmyadmin:80;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_connect_timeout 6000s;
proxy_send_timeout 6000s;
proxy_read_timeout 6000s;
}
location ~ /\.(?!well-known) {
deny all;
}
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
log_not_found off;
}
# GZip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# Headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
}
# Redirect
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
```
Generate a auth file for phpmyadmin, be sure to replace USERNAME
sudo htpasswd -c /data/nginx/config/auth/.phpmyadmin USERNAME
now it will ask for a password, give it one and store it well.
Finally restart nginx
sudo docker-compose -f ~/docker/nginx/docker-compose.yml down && sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d
Fail2ban check on atempted logins
Eventhough there are two secuirity layers it is a good practice to keep track of failed logins on the landing page.
WIP!

43
Guides/Docker/03Postgres.md Normal file
View File

@@ -0,0 +1,43 @@
---
title: 03 Postgres
description:
published: true
date: 2023-05-03T02:55:42.498Z
tags:
editor: markdown
dateCreated: 2023-05-03T01:59:02.150Z
---
# PostgreSQL
Another Database server, It is a more modern database used by more modern applications
Create a folder for the project
mkdir -p ~/docker/postgres
Now create a compose file
vim ~/docker/postgres/docker-compose.yml
Add in the following text
```
version: '3'
services:
postgres:
image: postgres:latest
container_name: postgres
restart: always
volumes:
- /data/postgres:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=Set your postgresql root password here
```
WIP!
# PGAdmin
WIP!

336
Guides/Docker/04Nextcloud.md Normal file
View File

@@ -0,0 +1,336 @@
---
title: 04 Nextcloud
description:
published: true
date: 2023-05-03T02:50:12.377Z
tags:
editor: markdown
dateCreated: 2023-05-03T01:58:56.581Z
---
# Nextcloud
Nextcloud is a great application, It is great for storing and syncing data, storing your contacts, bookmarks, passwords, calendar, tasks. It also has a great RSS reader, full office suite and many many more. I truly can't live without it. And neither should you which is why I picked it as the example for this guide
First we need to create a network for the service.
sudo docker network create --subnet=172.20.30.0/24 nextcloud
Next we are going to create some folders
mkdir -p ~/docker/nextcloud
Now we will create a docker compose file
vim ~/docker/nextcloud/docker-compose.yml
Add in the following text
```
version: '3'
services:
nextcloud:
image: nextcloud
container_name: nextcloud
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /data/nextcloud:/var/www/html
networks:
nextcloud:
ipv4_address: 172.20.30.10
networks:
nextcloud:
external: true
name: nextcloud
ipam:
config:
- subnet: 172.20.30.0/24
```
Now we need to add a server block for nextcloud to the Nginx config file so create a file that will be included by the main nginx config file
sudo vim /data/nginx/config/services/nextcloud.active
add in the following text
```
server {
server_name example.com;
listen 443 ssl;
# Settings
autoindex off;
client_max_body_size 5000M;
# Locations
location / {
proxy_pass http://nextcloud:80;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_connect_timeout 600m;
proxy_send_timeout 600m;
proxy_read_timeout 600m;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location ~ /\.(?!well-known) {
deny all;
}
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
log_not_found off;
}
# GZip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# Headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
}
# Redirect
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
```
Be sure to replace `example.com` 6 times
Now we need to add nextcloud to the mariadb and nginx networks, because it needs a database and a proxy.
open the nginx compose file
vim ~/docker/nginx/docker-compose.yml
add the nextcloud network so it looks like this
```
version: '3'
services:
nginx:
image: nginx:latest
container_name: nginx
restart: always
volumes:
- /data/nginx/config:/etc/nginx
- /data/nginx/log/error.log:/var/log/error.log
- /data/nginx/log/access.log:/var/log/access.log
- /etc/letsencrypt/:/etc/letsencrypt/
- /etc/localtime:/etc/localtime:ro
ports:
- 80:80
- 443:443
- 8448:8448
networks:
nextcloud:
ipv4_address: 172.20.30.20
networks:
nextcloud:
external: true
name: nextcloud
```
open the mariadb compose file
vim ~/docker/mariadb/docker-compose.yml
add the nextcloud network so it looks like this
```
version: '3'
services:
mariadb:
image: mariadb:latest
container_name: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
volumes:
- /data/mariadb/data:/var/lib/mysql
- /data/mariadb/config:/etc/mysql/conf.d
- /data/mariadb/logs:/var/log/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=YOURMYSQLROOTPASSWORD
networks:
nextcloud:
ipv4_address: 172.20.30.30
networks:
nextcloud:
external: true
name: nextcloud
```
Now we are going to start the nextcloud container and restart the nginx and mariadb containers.
sudo docker-compose -f ~/docker/nextcloud/docker-compose.yml up -d
sudo docker-compose -f ~/docker/nginx/docker-compose.yml down && sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d
sudo docker-compose -f ~/docker/mariadb/docker-compose.yml down && sudo docker-compose -f ~/docker/mariadb/docker-compose.yml up -d
Nextcloud should be accessable from your browser using the domain you chose, But first we need to create a database, user and set the permissions.
You can get into the database with the following command (only if mariadb is running)
sudo docker exec -it mariadb mysql -p
Enter the Mysql root password you provided during the creation of the mariadb container and you should be in.
Now run the following commands to create a database, create a user with privileges, and make them take effect.
create database nextcloud;
create user nextcloud@'172.20.30.10' identified by 'NEXTCLOUDDATABASEPASSWORD';
grant all privileges on nextcloud.* to nextcloud@'172.20.30.10';
flush privileges;
You can exit the mysql prompt with `exit;` and then pressing enter.
Now we just need to go to example.com and follow the steps
The Database is nextcloud, the user is nextcloud, The IP is 172.30.0.30:3306 and the password is what you gave it.
We also need to force HTTPS, else it will give problems since we are running from behind a proxy
sudo vim /data/nextcloud/config/config.php
Add in the following line preferrrably under the overwrite.cli.url line.
```
'overwriteprotocol' => 'https',
```
Nextcloud requires some tasks to be executed every 5 minutes, for that we are going to use systemd timers, like we did for certbot
Create a little script
vim ~/scripts/nextcloudcron.sh
add in the following content
```
#!/bin/bash
docker exec -u 33 -t nextcloud php -f /var/www/html/cron.php
exit
```
Create a systemd service
sudo vim /etc/systemd/system/nextcloudcron.service
Add in the following content
```
[Unit]
Description=Runs Nextcloud Cron
Wants=nextcloudcron.timer
[Service]
Type=oneshot
ExecStart=/bin/bash /home/USERNAME/scripts/nextcloudcron.sh
[Install]
WantedBy=multi-user.target
```
Create a timer file
sudo vim /etc/systemd/system/nextcloudcron.timer
and add in the following content
```
[Unit]
Description=Runs Nextcloud Cron
Requires=nextcloudcron.service
[Timer]
Unit=cron5.service
OnBootSec=5min
OnUnitActiveSec=5min
[Install]
WantedBy=timers.target
```
Finally start the timer
sudo systemctl enable --now nextcloudcron.timer
Nextcloud should be all good and ready to go, You can check the persistance by completely deleting all containers and all volumes, When you start it again all your stuff should still be there :)
Nextcloud has its own Brute force protection, but we still are going to add a fail2ban filter because we want attackers to be banned from all services and not just nextcloud.
So lets create a new nextcloud filter
sudo vim /etc/fail2ban/filters.local
add in the following content
```
[Definition]
failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$
```
Now add the filter to your main fail2ban config file
sudo vim /etc/fail2ban/jail.local
Add the following to the end of the file
```
## Nextcloud
[nextcloud]
filter = nextcloud
enabled = true
logpath = /data/nextcloud/data/nextcloud.log
```
restart fail2ban to make it take effect
sudo systemctl restart fail2ban

18
Guides/Docker/05Smarthome.md Normal file
View File

@@ -0,0 +1,18 @@
---
title: 05 Smarthome
description:
published: true
date: 2023-05-03T03:00:28.766Z
tags:
editor: markdown
dateCreated: 2023-05-03T02:09:20.637Z
---
# Home Assistant
WIP!
# Mosquitto
WIP!
# Frigate
WIP!

159
Guides/Docker/06Media.md Normal file
View File

@@ -0,0 +1,159 @@
---
title: 06 Media
description:
published: true
date: 2023-05-03T03:01:17.550Z
tags:
editor: markdown
dateCreated: 2023-05-03T01:58:51.186Z
---
# Ampache
Ampache is a music server, Kind of like your own self hosted Spotify. It supports practically everything, from podcasts, to several music streaming protocols, transcoding, It even has a web player, music management, ratings and smart playlists. It truly is amazing.
First we need to create a network for the service.
sudo docker network create --subnet=172.31.0.0/16 ampache
Add the ampache network to the mariadb and nginx compose files
~/docker/mariadb/docker-compose.yml
ampache:
ipv4_address: 172.31.0.30
ampache:
external: true
name: ampache
~/docker/nginx/docker-compose.yml
ampache:
ipv4_address: 172.31.0.20
ampache:
external: true
name: ampache
Be sure to add them to the correct places, under the 2 networks: tags 1 under service and the other stands alone. Take a look at the nextcloud example.
Now simply restart the containers to make it take effect
sudo docker-compose -f ~/docker/nginx/docker-compose.yml restart
sudo docker-compose -f ~/docker/mariadb/docker-compose.yml restart
Next we are going to create some folders
mkdir -p ~/docker/ampache
Now create a compose file for Ampache
nano ~/docker/ampache/docker-compose.yml
Add in the following text
version: '3'
services:
ampache:
image: ampache/ampache:latest
container_name: ampache
restart: always
volumes:
- /data/ampache/config:/var/www/config
- /data/ampache/log:/var/log/ampache
- /data/music:/media
networks:
ampache:
ipv4_address: 172.31.0.10
networks:
ampache:
external: true
name: ampache
ipam:
config:
- subnet: 172.31.0.0/16
Now we need to add in the server blocks to the Nginx config file so open te file
sudo nano /data/nginx/nginx.conf
And add in the following blocks within the html block
server {
server_name example.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
client_max_body_size 100M;
autoindex off;
location / {
proxy_pass http://ampache:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
proxy_redirect off;
if ( !-d $request_filename ) {
rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last;
rewrite ^/rest/fake/(.+)$ /play/$1 last;
}
rewrite ^(.*) $1 break;
rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&player=$6&name=$7 last;
}
}
server {
listen 80;
server_name houtworm.vip;
return 301 https://houtworm.vip$request_uri;
}
Be sure to place it correctly, don't put it inside other server blocks. but it under the other server blocks.
Now we are going to start the container.
sudo docker-compose -f ~/docker/ampache/docker-compose.yml up -d
Now we need to give the right permissions to the ampache config folder so run the following command
sudo chown -R 33:33 /data/ampache/config
Ampache should be accessable from your browser using the domain you chose, But first we need to create a database, user and set the permissions.
You can get into the database with the following command (only if mariadb is running)
sudo docker exec -it mariadb mysql -p
Enter the Mysql root password you provided during the creation of the mariadb container and you should be in.
Now run the following commands to create a database, create a user with privileges, and make them take effect.
create database ampache;
create user ampache@'%' identified by 'set your ampache database password here';
grant all privileges on ampache.* to ampache@'%';
flush privileges;
You can exit the mysql prompt with exit; and then pressing enter.
Now we just need to go to example.com and follow the steps
The Database is ampache, the user is ampache, The hostname is 172.31.0.30 and the password is what you gave it. uncheck create database and click on inject database.
Next you leave web path empty and simply click on generate config file
One last step is forcing HTTPS, else it will give problems since we are running from behind a proxy
sudo nano /data/ampache/config/config.php
Uncomment the following line
force_ssl = "true"
Now Ampache should be all ready to go
# Jellyfin
WIP!

33
Guides/Docker/07Pirate.md Normal file
View File

@@ -0,0 +1,33 @@
---
title: 07 Pirate
description:
published: true
date: 2023-05-03T06:02:24.470Z
tags:
editor: markdown
dateCreated: 2023-05-03T02:09:07.436Z
---
# Pirating
WIP!
# Transmission
WIP!
# Nzbget
WIP!
# Lidarr
WIP!
# Sonarr
WIP!
# Radarr
WIP!
# Prowlarr
WIP!
# Bazarr
WIP!

318
Guides/Docker/08Matrix.md Normal file
View File

@@ -0,0 +1,318 @@
---
title: 08 Matrix
description:
published: true
date: 2023-05-03T06:04:33.804Z
tags:
editor: markdown
dateCreated: 2023-05-03T01:58:48.449Z
---
# Matrix
WIP!
# Conduit
WIP!
# Synapse
Synapse is a Matrix server, It can be used for all sorts of things, but it is mainly used for private communication. I can certainly recommend it.
First we need to create a network
sudo docker network create --subnet=172.32.0.0/16 synapse
Now create the folder for the project
mkdir -p ~/docker/synapse
Now create the compose file
nano ~/docker/synapse/docker-compose.yml
Add in the following text
version: '3'
services:
synapse:
image: matrixdotorg/synapse:latest
container_name: synapse
restart: always
volumes:
- /data/synapse:/data
networks:
synapse:
ipv4_address: 172.32.0.10
networks:
synapse:
external: true
name: synapse
ipam:
config:
- subnet: 172.32.0.0/16
Now we need to create the database user, database and set the privileges First the user
sudo docker exec -it -u postgres postgres psql
create user synapse with encrypted password 'set your synapse user password here';
exit;
Now the database
sudo docker exec -it -u postgres postgres bash
createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse synapse
exit
And finally the permissions
sudo docker exec -it -u postgres postgres psql
grant all privileges on database synapse to synapse;
exit;
Now we need to run the synapse config generation
sudo docker run -it --rm -v "/data/synapse:/data" -e SYNAPSE_SERVER_NAME=example.com -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate
Now we are going to adjust the config file a bit
sudo nano /data/synapse/homeserver.yaml
Here we comment in the sqlite database and uncomment the postgres settings so it looks like this
database:
name: psycopg2
txn_limit: 10000
args:
user: synapse
password: the password you set for the synapse user
database: synapse
host: 172.32.0.30
port: 5432
cp_min: 5
cp_max: 10
#database:
# name: sqlite3
# args:
# database: /data/homeserver.db
We can now start the synapse container
sudo docker-compose -f ~/docker/synapse/docker-compose.yml up -d
Now we need to add nginx to the synapse network (notice we already added synapse to postgres)
nano ~/docker/nginx/docker-compose.yml
Add the following bits in the correct place
- 8448:8448
synapse:
ipv4_address: 172.32.0.20
synapse:
external: true
name: synapse
Now we finally add the server block to the nginx config file
sudo nano /data/nginx/nginx.conf
Add in the following block
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# For the federation port
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
server_name example.com;
location ~ ^(/_matrix|/_synapse/client) {
# note: do not add a path (even a single /) after the port in `proxy_pass`,
# otherwise nginx will canonicalise the URI and cause signature verification
# errors.
proxy_pass http://synapse:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
}
}
The last thing we need to do is open up port 8448 in our router.
Now Synapse should be up and running, as a last step we need to add a user.
sudo docker exec -it synapse bash
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
Simply follow the steps, give a name, give a password, and say wether it is an admin yes or no.
# Element
Element is a Web client for Matrix, You can use it to chat with other Matrix users
First we are going to create the network
sudo docker network create --subnet=172.33.0.0/16 element
Now we are going to create a folder for the compose file
mkdir ~/docker/element
Create the compose file
nano ~/docker/element/docker-compose.yml
Add in the following text
version: '3'
services:
element:
image: vectorim/element-web:latest
container_name: element
restart: always
volumes:
- /data/element/element-config.json:/app/config.json
networks:
element:
ipv4_address: 172.33.0.10
networks:
element:
external: true
name: element
ipam:
config:
- subnet: 172.33.0.0/16
Now we need to create the element folder for the data
sudo mkdir /data/element/
Now we are going to create element the config file
sudo nano /data/element/element-config.json
Add in the following text
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://example.com",
"server_name": "example.com"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"hosting_signup_link": "https://element.io/matrix-services?utm_source=element-web&utm_medium=web",
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"uisi_autorageshake_app": "element-auto-uisi",
"showLabsSettings": true,
"piwik": {
"url": "https://piwik.riot.im/",
"siteId": 1,
"policyUrl": "https://element.io/cookie-policy"
},
"roomDirectory": {
"servers": [
"matrix.org",
"gitter.im",
"libera.chat"
]
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"terms_and_conditions_links": [
{
"url": "https://element.io/privacy",
"text": "Privacy Policy"
},
{
"url": "https://element.io/cookie-policy",
"text": "Cookie Policy"
}
],
"hostSignup": {
"brand": "Element Home",
"cookiePolicyUrl": "https://element.io/cookie-policy",
"domains": [
"matrix.org"
],
"privacyPolicyUrl": "https://element.io/privacy",
"termsOfServiceUrl": "https://element.io/terms-of-service",
"url": "https://ems.element.io/element-home/in-app-loader"
},
"sentry": {
"dsn": "https://029a0eb289f942508ae0fb17935bd8c5@sentry.matrix.org/6",
"environment": "develop"
},
"posthog": {
"projectApiKey": "phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO",
"apiHost": "https://posthog.hss.element.io"
},
"features": {
"feature_spotlight": true
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}
Now we are going to add the network to the nginx compose file
nano ~/docker/nginx/docker-compose.yml
Add the following to the correct place
element:
ipv4_address: 172.33.0.20
element:
external: true
name: element
Now we only need to edit the nginx config file
sudo nano /data/nginx/nginx.conf
Add in the following location block between the synapse server
location / {
proxy_pass http://element:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
}
Now finally restart the nginx container and start the element container.
sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d
sudo docker-compose -f ~/docker/element/docker-compose.yml up -d
Element should be ready to use :)
# Synapse Admin
WIP!

75
Guides/Docker/09Mumble.md Normal file
View File

@@ -0,0 +1,75 @@
---
title: 09 Mumble
description:
published: true
date: 2023-05-03T02:58:14.663Z
tags:
editor: markdown
dateCreated: 2023-05-03T01:58:53.909Z
---
Install and Configure Mumble
Mumble is an encrypted voice chat service, It is pretty much amazing, and nothing comes close to it.
First we are going to create a network
sudo docker network create --subnet=172.34.0.0/16 mumble
now we are going to create a folder
mkdir -p ~/docker/mumble
now we need to create the docker compose file
nano ~/mumble/docker-compose.yml
Add in the following text
version: '3'
services:
mumble:
image: mumblevoip/mumble-server
container_name: mumble
restart: always
volumes:
- /data/mumble/:/data
environment:
- SUPERUSER_PASSWORD=CHANGE ME INTO SOMETHING
ports:
- 64738:64738
- 64738:64738/udp
networks:
mumble:
ipv4_address: 172.34.0.10
networks:
mumble:
external: true
name: mumble
ipam:
config:
- subnet: 172.34.0.0/24
Lets create a config file now
sudo nano /data/mumble/murmur.ini
Add in the following text and adjust it where needed
logfile=/data/murmur.log
welcometext="Welcome to my Mumble server"
bandwidth=144000
users=1000
timeout=30
registerName=Mumble Server Root
registerLocation=NL
Now we finally change the owner of the folder to let Murmur access it
sudo chown -R 1000:1000 /data/mumble
Let it run with the following command
sudo docker-compose -f ~/docker/mumble/docker-compose.yml up -d

15
Guides/Docker/10Proxies.md Normal file
View File

@@ -0,0 +1,15 @@
---
title: 10 Proxies
description:
published: true
date: 2023-05-03T02:59:29.821Z
tags:
editor: markdown
dateCreated: 2023-05-03T02:09:17.751Z
---
# SearxNG
WIP!
# Invidious
WIP!

12
Guides/Docker/11Gitea.md Normal file
View File

@@ -0,0 +1,12 @@
---
title: 11 Gitea
description:
published: true
date: 2023-05-03T03:09:28.099Z
tags:
editor: markdown
dateCreated: 2023-05-03T02:09:10.059Z
---
# Gitea
WIP!

12
Guides/Docker/12Wiki.md Normal file
View File

@@ -0,0 +1,12 @@
---
title: 12 Wiki
description:
published: true
date: 2023-05-03T03:10:07.363Z
tags:
editor: markdown
dateCreated: 2023-05-03T02:09:23.239Z
---
# WikiJS
WIP!

24
Guides/Docker/13Monitoring.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: 13 Monitoring
description:
published: true
date: 2023-05-03T06:05:30.852Z
tags:
editor: markdown
dateCreated: 2023-05-03T02:09:15.119Z
---
# Grafana
WIP!
# Prometheus
WIP!
# Dex
WIP!
# Dozzle
WIP!
# UptimeKuma
WIP!

1664
Guides/Docker/14Mail.md Normal file
View File

File diff suppressed because it is too large Load Diff

21
Guides/Docker/15DNS.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: 15 DNS
description:
published: true
date: 2023-05-03T06:08:29.594Z
tags:
editor: markdown
dateCreated: 2023-05-03T06:08:29.594Z
---
# Authoritative
WIP!
# Recursive
WIP!
# DNSdist
WIP!
# PowerDNS Admin
WIP!