Update readme and enable certificates in traefik.
This commit is contained in:
115
readme.md
115
readme.md
@@ -2,17 +2,115 @@
|
||||
|
||||
This repo is used to deploy the containers for the home server infrastructure. If you want to move infrastructure to another host you have to install docker and docker-compose at first.
|
||||
|
||||
## Requirements
|
||||
|
||||
### Docker
|
||||
|
||||
[Offical docker installation guide for ubuntu](https://docs.docker.com/engine/install/ubuntu/)
|
||||
|
||||
To be able to use this repo, you must have running system with a running docker instance.
|
||||
Installing docker on ubuntu:
|
||||
|
||||
````
|
||||
sudo apt update && sudo apt upgrade
|
||||
sudo apt install ca-certificates curl gnupg lsb-release
|
||||
````
|
||||
|
||||
Next docker's GPG key must be added to repo list:
|
||||
|
||||
``curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg``
|
||||
|
||||
To setup the stable repostiory:
|
||||
|
||||
````
|
||||
echo \
|
||||
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
|
||||
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
````
|
||||
|
||||
Now docker engine can be installed:
|
||||
|
||||
````
|
||||
sudo apt- update
|
||||
sudo apt install docker-ce docker-ce-cli containerd.io
|
||||
````
|
||||
|
||||
### Networking with macvlan
|
||||
|
||||
To expose containers to the local network a macvlan can be used. Containers that are
|
||||
attached to this network can not be reached from the host system. To be able to reach
|
||||
these containers from the host, a second bridge has to be created and traffic must be routed to this network.
|
||||
|
||||
* Network-Adapter of host: ``enp3s0``
|
||||
* Name of the network bridge: ``docker-bridge``
|
||||
* Free IP address of subnet out of dhcp range: ``192.168.178.19``
|
||||
|
||||
````
|
||||
ip link add docker-bridge link enp3s0 type macvlan mode bridge
|
||||
ip addr add 192.168.178.19/32 dev docker-bridge
|
||||
ip link set docker-bridge up
|
||||
ip route add 192.168.178.0/24 dev docker-bridge
|
||||
````
|
||||
|
||||
### IPv6 networking
|
||||
|
||||
IPv6 is not enabled by default in docker networking. If you don't want to disable the complete IPv6 networking stack
|
||||
in your routers configuration and use pihole or unbound, IPv6 has to be enabled.
|
||||
Configuration is a bit tricky, and there might be better possibilities to get the stack running.
|
||||
|
||||
#### Determine data that has to be used:
|
||||
|
||||
* Private IPv6 prefix of home network \
|
||||
``Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> IPv6 Präfix des Heimnetz``
|
||||
* Unique local address of router \
|
||||
``Fritz!Box -> Heimnetz -> Netzwerk -> Netzwerkeinstellungen -> IPv6-Einstellungen -> Unique Local Address der Fritz!Box``
|
||||
* Unique local address prefix (ULA) \
|
||||
``Usually the first 64 bits of routers address``
|
||||
|
||||
#### Docker settings
|
||||
|
||||
Edit or create ``/etc/docker/daemon.json`` and use the private IPv6 prefix of home network
|
||||
|
||||
````
|
||||
{
|
||||
"ipv6": true,
|
||||
"fixed-cidr-v6": "2a02:8070:c3b6:2b00::/64"
|
||||
}
|
||||
````
|
||||
|
||||
Then do a docker restart ``sudo systemctl restart docker``. Reloading was not successful in my setup.
|
||||
|
||||
#### Docker networking
|
||||
|
||||
For the macvlan use the router as gateway and the correct subnet. Select an IP range that has a longer Prefix for the network.
|
||||
If the prefix is as long as the ULA prefix, there is no chance to build up a second macvlan network.
|
||||
|
||||
````
|
||||
networks:
|
||||
home:
|
||||
external: false
|
||||
driver: macvlan
|
||||
enable_ipv6: true
|
||||
driver_opts:
|
||||
parent: enp2s0
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 192.168.178.0/24
|
||||
gateway: 192.168.178.1
|
||||
ip_range: 192.168.178.2/30 # .2 and .3
|
||||
- subnet: fd00::/64
|
||||
gateway: fd00::de15:c8ff:feec:9960
|
||||
ip_range: fd00::1/80
|
||||
name: home
|
||||
````
|
||||
|
||||
## Components and structure
|
||||
|
||||
The root's docker-compose ist used to install common components like databases and traefik.
|
||||
The root's docker-compose is used to install common components like databases and traefik.
|
||||
Subdirectories are used to structure and keep components independent. You have to run the common part, after that you can run single components.
|
||||
|
||||
### Common
|
||||
|
||||
Traefik needs an external network so it can properly work. Create docker network with name **proxy**:
|
||||
|
||||
`docker network create --gateway 192.168.2.1 --subnet 192.168.2.0/24 proxy`
|
||||
|
||||
- traefik 2
|
||||
- portainer
|
||||
- mysql 8
|
||||
@@ -27,14 +125,11 @@ Traefik needs an external network so it can properly work. Create docker network
|
||||
|
||||
### Networking
|
||||
|
||||
https://sensepost.com/blog/2020/building-a-hipster-aware-pi-home-server/ \
|
||||
https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/docker-compose.yaml
|
||||
|
||||
- pihole
|
||||
- unbound
|
||||
- wireguard
|
||||
- smokeping: Not used at the moment
|
||||
- netdata
|
||||
- netdata: Not used at the moment
|
||||
|
||||
### Nextcloud
|
||||
|
||||
@@ -47,7 +142,7 @@ https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/do
|
||||
|
||||
### VPN
|
||||
|
||||
- wireguard
|
||||
- wireguard: Not working at the moment
|
||||
|
||||
### Wiki
|
||||
|
||||
|
||||
Reference in New Issue
Block a user