wieerwill/self-hosted-cookbook
1
0
Fork 0
mirror of https://github.com/tborychowski/self-hosted-cookbook.git synced 2025-05-18 21:47:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

clean-up docker-compose files: remove version and ---

Browse Source
This commit is contained in:
Dziad Borowy 2025-05-16 20:54:32 +01:00
parent 307bff4aad
commit 0f04279afa
115 changed files with 130 additions and 367 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/ad-blockers/adguard.md
View File

@ -10,8 +10,6 @@
## `docker-compose.yml`
```yml
---
version: '3.7'
services:
adguard:
container_name: adguard

1
apps/ad-blockers/pihole.md
View File

@ -10,7 +10,6 @@
## `docker-compose.yml`
```yml
---
services:
pihole:
container_name: pihole

1
apps/analytics/matomo.md
View File

@ -15,7 +15,6 @@
## `docker-compose.yml`
```yml
---
services:
db:
image: mariadb

1
apps/analytics/plausible.md
View File

@ -32,7 +32,6 @@ SMTP_RETRIES=2
## `docker-compose.yml`
```yml
---
services:
mail:
image: bytemark/smtp

1
apps/analytics/umami.md
View File

@ -100,7 +100,6 @@ INSERT INTO account (username, password, is_admin) values ('admin', '$2b$10$BUli
Original here: [docker-compose.yml](https://github.com/umami-software/umami/blob/master/docker-compose.yml).
```yml
---
services:
db:
image: postgres:12-alpine

2
apps/backup/duplicati.md
View File

@ -13,8 +13,6 @@
## docker-compose.yml
```yml
---
version: '3.3'
services:
duplicati:
image: linuxserver/duplicati

1
apps/bookmarks/cherry.md
View File

@ -18,7 +18,6 @@
## docker-compose.yml
```yml
---
services:
cherry:
image: haishanh/cherry

1
apps/bookmarks/hoarder.md
View File

@ -25,7 +25,6 @@ NEXTAUTH_URL=http://localhost:3123
## docker-compose.yml
```yml
---
services:
redis:

1
apps/bookmarks/linkace.md
View File

@ -68,7 +68,6 @@ QUEUE_DRIVER=database
## docker-compose.yml
```yml
---
services:
db:
image: mariadb:10.5

2
apps/bookmarks/linkding.md
View File

@ -11,8 +11,6 @@
## docker-compose.yml
```yml
---
version: '3.3'
services:
linkding:
image: sissbruecker/linkding:latest

1
apps/bookmarks/shaarli.md
View File

@ -23,7 +23,6 @@ sudo chown 100:101 cache/ data/
## docker-compose.yml
```yml
---
services:
shaarli:
image: shaarli/shaarli:master

1
apps/bookmarks/shiori.md
View File

@ -7,7 +7,6 @@
## docker-compose.yml
```yml
---
services:
shiori:
image: radhifadlillah/shiori

1
apps/cloud/filebrowser.md
View File

@ -38,7 +38,6 @@ The db file can remain empty (will be used by the app), the config - we need to
## docker-compose.yml
```yaml
---
services:
filebrowser:
image: filebrowser/filebrowser

1
apps/cloud/filerun.md
View File

@ -17,7 +17,6 @@
## docker-compose.yml
```yml
---
services:
db:
image: mariadb:10.1

1
apps/cloud/nextcloud.md
View File

@ -14,7 +14,6 @@
## docker-compose.yml
More examplex [here](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose).
```yml
---
services:
app:
image: nextcloud:latest

7
apps/cloud/nginx-webdav.md
View File

@ -1,6 +1,6 @@
## docker-nginx-webdav-nononsense
## docker-nginx-webdav-nononsense
aims to be a Docker image that enables a no-nonsense WebDAV system on the latest available nginx, stable and mainline. Serves a file server
aims to be a Docker image that enables a no-nonsense WebDAV system on the latest available nginx, stable and mainline. Serves a file server
<br>
@ -9,7 +9,6 @@ aims to be a Docker image that enables a no-nonsense WebDAV system on the latest
## docker-compose-yml
```yml
---
services:
nginxwebdav:
container_name: nginxwebdav
@ -29,7 +28,7 @@ services:
- CLIENT_MAX_BODY_SIZE=120M # must end with M(egabytes) or G(igabytes)
ports:
- 32080:80
```
```
## Tips & Tricks

1
apps/cloud/oasis.md
View File

@ -15,7 +15,6 @@
## docker-compose.yml
```yml
---
services:
oasis:
image: machengim/oasis

1
apps/cloud/pydio.md
View File

@ -12,7 +12,6 @@
## docker-compose.yml
```yml
---
services:
cells:
image: pydio/cells:latest

1
apps/cloud/screenly.md
View File

@ -32,7 +32,6 @@ FILESYSTEM_DRIVER=public
## docker-compose.yml
```yml
---
services:
screenly:
image: hadogenes/screeenly

1
apps/cloud/seafile.md
View File

@ -17,7 +17,6 @@
Original file [here](https://download.seafile.com/d/320e8adf90fa43ad8fee/files/?p=/docker/docker-compose.yml).
```yml
---
services:
db:
image: mariadb:10.5

2
apps/cms/ghost.md
View File

@ -9,8 +9,6 @@ Flat file cms/blogging platform.
## docker-compose.yml
```yml
---
version: '3.1'
services:
ghost:
image: ghost:4-alpine

2
apps/cms/wordpress.md
View File

@ -13,8 +13,6 @@ The ultimate CMS/blogging platform.
## docker-compose.yml
```yml
---
version: '3.1'
services:
wordpress:
image: wordpress

3
apps/contacts-calendars/baikal.md
View File

@ -10,7 +10,6 @@ lightweight CalDAV+CardDAV server. It offers an extensive web interface with eas
## docker-compose
```yml
---
services:
baikal:
image: ckulka/baikal:nginx
@ -69,6 +68,6 @@ Then create a user
### Android caldav carddav client
On DAVx5 use Base URL: /dav.php/
On DAVx5 use Base URL: /dav.php/
(e.g. https://server.example/dav.php/)

1
apps/dashboard/dashmachine.md
View File

@ -12,7 +12,6 @@
## docker-compose.yml
```yml
version: '3.3'
services:
dashmachine:
image: rmountjoy/dashmachine:latest

2
apps/dashboard/flame.md
View File

@ -13,8 +13,6 @@
## docker-compose.yml
```yml
---
version: '3.6'
services:
flame:

1
apps/dashboard/homarr.md
View File

@ -9,7 +9,6 @@ Customizable browser's home page to interact with your homeserver's Docker conta
## docker-compose.yml
```yml
---
services:
homarr:
image: ghcr.io/ajnart/homarr:latest

2
apps/dashboard/homer.md
View File

@ -13,7 +13,6 @@
## docker-compose.yml
```yml
---
services:
homer:
image: b4bz/homer
@ -27,7 +26,6 @@ services:
## config.yml
```yml
---
title: "Home"
subtitle: "start.example.com"
logo: false

2
apps/dashboard/mafl.md
View File

@ -12,8 +12,6 @@ Minimalistic flexible homepage.
## docker-compose.yml
```yml
---
version: '3.8'
services:
mafl:

1
apps/database/baserow.md
View File

@ -9,7 +9,6 @@
## docker-compose.yml
```yml
---
services:
baserow:
image: baserow/baserow:latest

1
apps/database/nocodb.md
View File

@ -14,7 +14,6 @@
## docker-compose.yml
```yml
---
services:
root_db:
image: mysql:5.7

2
apps/database/seatable.md
View File

@ -11,8 +11,6 @@
## docker-compose.yml
That this didn't work for me at the time of testing.
```yml
---
version: '2.0'
services:
db:
image: mariadb:10.5

1
apps/docker/diun.md
View File

@ -12,7 +12,6 @@
## docker-compose.yml
```yml
---
version: "3.2"
services:
diun:

1
apps/docker/doku.md
View File

@ -11,7 +11,6 @@ Doku is a web-based Docker disk usage monitor.
## docker-compose.yml
```yml
---
services:
doku:
image: amerkurev/doku

1
apps/docker/portainer.md
View File

@ -9,7 +9,6 @@ A nice UI for managing docker/kubernetes/swarm containers.
## docker-compose.yml
```yml
---
services:
portainer:
image: portainer/portainer-ce

1
apps/docker/watch-tower.md
View File

@ -11,7 +11,6 @@
## docker-compose.yml
```yml
---
services:
watchtower:
image: containrrr/watchtower

1
apps/documents/paperless-ngx.md
View File

@ -34,7 +34,6 @@ PAPERLESS_OCR_LANGUAGE=eng
## docker-compose.yml
```yml
---
services:
broker:
image: docker.io/library/redis:6.0

2
apps/downloads/deluge.md
View File

@ -12,8 +12,6 @@
## docker-compose.yml
```yml
---
version: "2.1"
services:
deluge:
image: linuxserver/deluge

1
apps/downloads/qbit.md
View File

@ -14,7 +14,6 @@
## docker-compose.yml
```yml
---
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest

1
apps/downloads/simple-torrent.md
View File

@ -13,7 +13,6 @@
## docker-compose.yml
```yml
---
services:
cloud-torrent:
image: boypt/cloud-torrent

2
apps/downloads/transmission.md
View File

@ -14,8 +14,6 @@
## docker-compose.yml
```yml
---
version: "2.1"
services:
transmission:
image: linuxserver/transmission

1
apps/git/gitea.md
View File

@ -12,7 +12,6 @@ Can easily mirror repos from different sources (periodically re-syncing them), a
## docker-compose.yml
```yml
---
services:
db:
image: postgres:14

1
apps/home-automation/homebridge.md
View File

@ -20,7 +20,6 @@ Some of the most popular plugins include:
## docker-compose.yml
```yml
---
services:
homebridge:
image: oznu/homebridge:latest

1
apps/home-automation/n8n.md
View File

@ -56,7 +56,6 @@ fi
## docker-compose.yml
```yml
---
services:
postgres:
image: postgres:16

2
apps/media/audiobookshelf.md
View File

@ -13,8 +13,6 @@ Self-hosted Audiobook Server.
## docker-compose.yml
```yml
---
version: '3.3'
services:
audiobookshelf:
image: advplyr/audiobookshelf

1
apps/media/bazarr.md
View File

@ -10,7 +10,6 @@ Bazarr is a companion application to Sonarr and Radarr. It manages and downloads
## docker-compose.yml
```yml
---
services:
bazarr:
image: linuxserver/bazarr

2
apps/media/calibre.md
View File

@ -12,7 +12,6 @@ This will allow you to generate calibre library needed for the Calibre Web.
### docker-compose.yml
```yml
---
services:
calibre:
image: linuxserver/calibre
@ -46,7 +45,6 @@ Connects to calibre server's database (server does not need to be running).
### docker-compose.yml
```yml
---
services:
calibre-web:
image: linuxserver/calibre-web

2
apps/media/deemix.md
View File

@ -5,8 +5,6 @@
## docker-compose.yml
```yml
---
version: '3.3'
services:
deemix:
image: registry.gitlab.com/bockiii/deemix-docker

1
apps/media/jackett.md
View File

@ -9,7 +9,6 @@ API Support for your favorite torrent trackers.
## docker-compose.yml
```yml
---
services:
jackett:
image: linuxserver/jackett

1
apps/media/jellyfin.md
View File

@ -12,7 +12,6 @@ okdocker run -d -v /srv/jellyfin/config:/config -v /srv/jellyfin/cache:/cache -v
## docker-compose.yml
```yml
---
services:
jellyfin:
image: jellyfin/jellyfin:latest

1
apps/media/kavita.md
View File

@ -13,7 +13,6 @@ Probably the best self-hosted ebook & comic reader.
## docker-compose.yml
```yml
---
services:
kavita:
image: jvmilazz0/kavita:latest

2
apps/media/komga.md
View File

@ -12,8 +12,6 @@ A very good self-hosted comic books reader.
## docker-compose.yml
```yml
---
version: '3.3'
services:
komga:
image: gotson/komga

1
apps/media/metube.md
View File

@ -7,7 +7,6 @@
## docker-compose.yml
```yml
---
services:
metube:
image: alexta69/metube

1
apps/media/navidrome.md
View File

@ -13,7 +13,6 @@ Music streaming service.
## docker-compose.yml
```yml
---
services:
navidrome:
image: deluan/navidrome:latest

1
apps/media/plex.md
View File

@ -13,7 +13,6 @@ Audio, Video & Photo manager.<br>
## docker-compose.yml
```yml
---
services:
plex:
image: ghcr.io/linuxserver/plex

1
apps/media/radarr.md
View File

@ -10,7 +10,6 @@ Movie manager.
## docker-compose.yml
```yml
---
services:
radarr:
image: linuxserver/radarr

1
apps/media/sonarr.md
View File

@ -10,7 +10,6 @@ TV show manager.
## docker-compose.yml
```yml
---
services:
sonarr:
image: linuxserver/sonarr

1
apps/media/tautulli.md
View File

@ -12,7 +12,6 @@ Monitor for Plex Media Server.
## docker-compose.yml
```yml
---
services:
tautuli:
image: tautulli/tautulli

1
apps/media/tubearchivist.md
View File

@ -25,7 +25,6 @@
## docker-compose.yml
```yml
---
services:
archivist-es:
image: bbilly1/tubearchivist-es

1
apps/media/youtubedl-material.md
View File

@ -6,7 +6,6 @@
## docker-compose.yml
```yml
---
services:
metube:

1
apps/media/youtubedl-web.md
View File

@ -7,7 +7,6 @@
## docker-compose.yml
```yml
---
services:
youtubedl-web:
image: franhp/youtubedl-web:latest

1
apps/monitors/cachet.md
View File

@ -10,7 +10,6 @@
## docker-compose.yml
```yml
version: '3.3'
services:
cachet:
image: cachethq/docker:latest

8
apps/monitors/checkmk.md
View File

@ -1,7 +1,7 @@
# CheckMK
- Pretty complete solution for whole infrastructure monitoring
- Based on Nagios
- Based on Nagios
- Complex UI (not very intuitive)
- Requires "some" learning & setup and doesn't do anything out of the box
@ -14,13 +14,11 @@
## docker-compose.yml
```yml
---
version: '3.6'
services:
checkmk:
image: checkmk/check-mk-raw
container_name: checkmk
container_name: checkmk
restart: unless-stopped
ulimits:
nofile: 1024
@ -31,6 +29,6 @@ services:
- ./monitoring:/omd/sites
```
- Open http://localhost:8080/cmk/check_mk/
- Open http://localhost:8080/cmk/check_mk/
- Username is `cmkadmin`
- Password is written in the logs when the container starts the first time, so just run `docker-compose logs` after starting the container

1
apps/monitors/monocker.md
View File

@ -11,7 +11,6 @@ There is no web ui or fancy dashboard.
## docker-compose
```yml
---
services:
monocker:
container_name: monocker

1
apps/monitors/php-server-monitor.md
View File

@ -13,7 +13,6 @@
## docker-compose.yml
```yml
version: '3.8'
services:
psm:
image: alwynpan/phpservermonitor

1
apps/monitors/statping.md
View File

@ -16,7 +16,6 @@
## docker-compose.yml
```yml
---
statping:
container_name: statping
image: hunterlong/statping

8
apps/notes/joplin-web.md
View File

@ -15,8 +15,6 @@ A Joplin server to that stores your notes
## docker-compose.yml
```yml
---
version: '3.4'
x-common-variables: &common-variables
ORIGINS: "'http://localhost', 'http://192.168.1.24' , 'https://my-ddns-domain.com'"
@ -51,17 +49,17 @@ volumes:
networks:
joplin-net: {}
```
```
## Tips & Tricks
###
You can access your notebooks: https://your_domain/joplin (⚠ don't forget the /joplin ⚠)
- first you set up url/admin and then login to url/joplin
- first you set up url/admin and then login to url/joplin
mind the /admin and /joplin
- for webdav sync you can select the nextcloud option
- for webdav sync you can select the nextcloud option
- To decryt the notes run

1
apps/notes/joplin.md
View File

@ -9,7 +9,6 @@ This is the Joplin sync server.
## docker-compose.yml
```yml
---
services:
db:
image: postgres:13.1

1
apps/notes/memos.md
View File

@ -14,7 +14,6 @@ An open-source, self-hosted memo hub with knowledge management and collaboration
## docker-compose.yml
```yaml
---
services:
memos:
image: neosmemo/memos:latest

2
apps/notifications/synology-sms-relay.md
View File

@ -7,8 +7,6 @@
## docker-compose.yml
```yml
---
version: '3.7'
services:
synology-sms-relay:
container_name: synology-sms-relay

1
apps/other/bitwarden.md
View File

@ -12,7 +12,6 @@ bitwarden_rs is an unofficial Bitwarden compatible server.
## docker-compose.yml
```yml
---
services:
bitwarden:
image: bitwardenrs/server:latest

154
apps/other/brave-sync.md
View File

@ -1,226 +1,139 @@
# Brave Sync
Brave go-sync server v2 aims to make a wire compatible server side protocol which understands components/sync/protocol/sync.proto used by the official Google sync service.
**Differences from chromium sync**
# Brave Sync
Brave go-sync server v2 aims to make a wire compatible server side protocol which understands components/sync/protocol/sync.proto used by the official Google sync service.
## Differences from chromium sync
Enforce client side encryption
Doesn't require sign-in to use sync (Uses "Sync Chain" concept)
Uses a Brave-operated sync server so no data is sent to Google servers
**Authentication**
## Authentication
A "Sync Chain" is configured using a 32-byte random seed generated by the initial client. Then the seed is encoded using BIP39. If another client wants to join the sync chain, they can enter the BIP39 key phrase from the initial client by entering the words manually or scanning a QR code.
<br>
- Server code is available at [Github repo](https://github.com/brave/go-sync)
- Server code is at [Github repo](https://github.com/brave/go-sync)
## dynamo.Dockerfile
```
```Dockerfile
ARG DB_LOCATION=/home/dynamodblocal/db
FROM amazon/dynamodb-local:1.12.0 AS install
USER root
RUN yum -y install awscli
USER dynamodblocal
ENV AWS_ACCESS_KEY_ID=#
ENV AWS_SECRET_ACCESS_KEY=#
ARG AWS_ENDPOINT=http://localhost:8000
ARG AWS_REGION=us-west-2
ARG DB_LOCATION
ARG TABLE_NAME=client-entity-dev
COPY schema/dynamodb/ .
RUN mkdir -p ${DB_LOCATION} && \
java -jar DynamoDBLocal.jar -sharedDb -dbPath ${DB_LOCATION} & \
DYNAMO_PID=$! && \
aws dynamodb create-table --cli-input-json file://table.json \
--endpoint-url ${AWS_ENDPOINT} --region ${AWS_REGION} && \
kill $DYNAMO_PID
FROM amazon/dynamodb-local:1.12.0
ARG DB_LOCATION
COPY --chown=dynamodblocal:dynamodblocal --from=install ${DB_LOCATION} /db
CMD ["-jar", "DynamoDBLocal.jar", "-sharedDb", "-dbPath", "/db"]
```
## Dockerfile
```
```Dockerfile
FROM bitnami/golang:1.18 as builder
ARG VERSION
ARG BUILD_TIME
ARG COMMIT
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build \
-ldflags "-X github.com/brave/go-sync/server.version=${VERSION} -X github.com/brave/go-sync/server.buildTime=${BUILD_TIME} -X github.com/brave/go-sync/server.commit=${COMMIT}" \
-o main .
FROM alpine:3.6 as artifact
RUN apk add --update ca-certificates # Certificates for SSL
COPY --from=builder /src/main main
EXPOSE 8295
CMD ["./main"]
```
## docker-compose.yml
```yml
---
networks:
sync:
driver: bridge
services:
web:
build:
context: .
target: artifact
args:
VERSION: "${VERSION}"
COMMIT: "${COMMIT}"
BUILD_TIME: "${BUILD_TIME}"
depends_on:
- dynamo-local
- redis
networks:
- sync
environment:
- PPROF_ENABLED=true
- SENTRY_DSN
- ENV=local
- DEBUG=1
- AWS_ACCESS_KEY_ID=#
- AWS_SECRET_ACCESS_KEY=#
- AWS_REGION=us-west-2
- AWS_ENDPOINT=http://dynamo-local:8000
- TABLE_NAME=client-entity-dev
- REDIS_URL=redis:6379
ports:
- "8295:8295"
depends_on:
- dynamo-local
- redis
networks:
- sync
environment:
- PPROF_ENABLED=true
- SENTRY_DSN
- ENV=local
- DEBUG=1
- AWS_ACCESS_KEY_ID=#
- AWS_SECRET_ACCESS_KEY=#
- AWS_REGION=us-west-2
- AWS_ENDPOINT=http://dynamo-local:8000
- TABLE_NAME=client-entity-dev
- REDIS_URL=redis:6379
dynamo-local:
build:
context: .
dockerfile: dynamo.Dockerfile
ports:
- "8000:8000"
networks:
- sync
redis:
image: public.ecr.aws/ubuntu/redis:latest
environment:
- ALLOW_EMPTY_PASSWORD=yes
networks:
- sync
ports:
- "6379:6379"
environment:
```
- ALLOW_EMPTY_PASSWORD=yes
networks:
- sync
```
## Tips & Tricks
#### Dynamodb image for ARM
#### Dynamodb image for ARM
dynamo.Dockerfile uses the amazon/dynamodb-local:1.12.0 image for the dynamo db. Although it builds fine for x86 CPU's it is exiting on ARM64 cpu's (tested on a raspberry pi 400) . The amazon/dynamodb-local:1.13.5@sha256:d39583bcf1a5aab6e9276e15ff681c83f2dac055e1d6604bc0dcd0092c305911 image builds fine on ARM. More recent images may also work.
#### How to select the selfhosted sync server
#### How to select the selfhosted sync server
Follow the "Run Chromium with command-line switches" how to in the [chromium wiki](https://www.chromium.org/developers/how-tos/run-chromium-with-flags/)
For android Enable "command line on non-rooted devices" in brave://flags, then create the file /data/local/tmp/chrome-command-line over adb.
For android Enable "command line on non-rooted devices" in brave://flags, then create the file /data/local/tmp/chrome-command-line over adb.
```
```sh
adb shell
echo "_ --sync-url=192.168.1.24:8295/v2" > /data/local/tmp/chrome-command-line
```
@ -228,9 +141,8 @@ When doing that, mind that the first command-line item should be a "_" (undersco
#### Verify sync status
Visit `brave://sync-internals`
#### Warning message
#### Warning message
Brave displays a warning message on every mew tab for some seconds acted enabling a command line feature flag saying it is unsupported. You can ignore it . Havent find a way to disable it

1
apps/other/budibase.md
View File

@ -11,7 +11,6 @@
## docker-compose.yml
```yml
---
services:
budibase:
image: budibase/budibase:latest

1
apps/other/change-detection.md
View File

@ -14,7 +14,6 @@ Periodically monitors websites for changes and sends a notification when a chang
## docker-compose.yml
```yml
---
services:
playwright-chrome:
hostname: playwright-chrome

1
apps/other/code.md
View File

@ -10,7 +10,6 @@ VSCode in the browser!
## docker-compose.yml
```yml
---
services:
code-server:
image: linuxserver/code-server

3
apps/other/crowdsec.md
View File

@ -94,9 +94,10 @@ labels:
type: traefik
```
## docker-compose.yml
```yml
---
services:
crowdsec:
image: crowdsecurity/crowdsec

1
apps/other/firefox-sync.md
View File

@ -12,7 +12,6 @@
## docker-compose.yml
```yml
---
services:
firefox-sync:
image: mozilla/syncserver:latest

1
apps/other/firefox.md
View File

@ -11,7 +11,6 @@ It's a browser inside a browser!
## docker-compose.yml
```yml
---
services:
firefox:
image: lscr.io/linuxserver/firefox:latest

2
apps/other/language-tool.md
View File

@ -21,7 +21,6 @@ LanguageTool can make use of large n-gram data sets to detect errors with words
## docker-compose.yml
```yml
---
services:
languagetool:
image: erikvl87/languagetool
@ -51,7 +50,6 @@ This is using [libregrammar](https://github.com/TiagoSantos81/libregrammar) vers
```yml
---
services:
languagetool:
image: registry.gitlab.com/py_crash/docker-libregrammar

1
apps/other/ntfy.md
View File

@ -36,7 +36,6 @@ upstream-base-url: "https://ntfy.sh"
## docker-compose.yml
```yml
---
services:
ntfy:
image: binwiederhier/ntfy

1
apps/other/openspeedtest.md
View File

@ -10,7 +10,6 @@ Measure the speed between your server and your computer.
## docker-compose.yml
```yml
---
services:
openspeedtest:
image: openspeedtest/latest

158
apps/other/owntracks.md
View File

@ -5,7 +5,7 @@
- Recorder is a lightweight program for storing and accessing location data published via MQTT (or HTTP) and displays the in a web ui on a map as tracks, points etc
- The android app tracks location and sends the location data to mosquitto, then owntracks recorder get the data from mosquitto and graphically displays them in a webui
- mTLS is used to authenticate clients, whereas "normal" TLS just authenticates the server. The authentication is now mutual!
- mTLS is one of the puzzle pieces of building a Zero Trust Network as it strictly controls which clients are allowed to connect to a service regardless of where a user or device is connecting from
- mTLS is one of the puzzle pieces of building a Zero Trust Network as it strictly controls which clients are allowed to connect to a service regardless of where a user or device is connecting from
- in the below setup the android app connects with mtls with mosquitto and the browser connects with mtls with the webui through caddy
- Caddy 2 is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
- Recorder also supports tls but I suffered trying to make it work without success as it talks with mosquitto only inside our lan and is basic auth protected I'm still fine with the current setup.
@ -13,17 +13,14 @@
<br>
- [github repo](https://github.com/owntracks/docker-recorder)
- [client certs](https://owntracks.org/booklet/features/tlscert/)
- [Mosquitto tls](http://www.steves-internet-guide.com/mosquitto-tls/)
- [Mosquitto tls 2](https://medium.com/himinds/mqtt-broker-with-secure-tls-and-docker-compose-708a6f483c92)
- [caddy mtls](https://www.reddit.com/r/selfhosted/comments/shvkkb/reverse_proxy_client_certificates_for_dummies/)
## certs.sh
```
```sh
#!/bin/bash
IP="your_lan_ip"
@ -44,7 +41,7 @@ function generate_server () {
function generate_client () {
echo "$SUBJECT_CLIENT"
openssl req -new -nodes -sha256 -subj "$SUBJECT_CLIENT" -out client.csr -keyout client.key
openssl req -new -nodes -sha256 -subj "$SUBJECT_CLIENT" -out client.csr -keyout client.key
openssl x509 -req -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650
}
@ -54,27 +51,24 @@ generate_client
```
## v3.ext
```
```ini
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign
subjectAltName = DNS:mqtt.example.org, DNS:localhost
issuerAltName = issuer:copy
```
## PKCS#12 cert
`openssl pkcs12 -export -out cert.p12 -inkey client.key -in client.crt -legacy`
```sh
openssl pkcs12 -export -out cert.p12 -inkey client.key -in client.crt -legacy
```
## config/recorder.conf
```
```ini
OTR_TOPICS = "owntracks/#"
OTR_HTTPHOST = "0.0.0.0"
OTR_HOST = "your lan ip"
@ -83,7 +77,7 @@ OTR_PASS = "pass"
```
## mosquitto/config/mosquitto.conf
```
```conf
persistence true
persistence_location /mosquitto/data/
listener 1883
@ -98,14 +92,18 @@ require_certificate true
use_identity_as_username true
protocol websockets
```
docker-compose.yml
## docker-compose.yml
```yml
---
services:
mosquitto:
image: eclipse-mosquitto:openssl
container_name: mosquitto
container_name: owntracks-mosquitto
restart: unless-stopped
user: "1000:1000"
environment:
- TZ=Europe/Athens
ports:
- "1883:1883"
- "8883:8883"
@ -113,26 +111,22 @@ services:
- "./mosquitto/config:/mosquitto/config"
- "./mosquitto/data:/mosquitto/data"
- "./mosquitto/config/passwd:/mosquitto/passwd"
environment:
- TZ=Europe/Athens
user: "1000:1000"
otrecorder:
image: ot-arm:latest
container_name: owntracks-recorder
restart: unless-stopped
ports:
- 8083:8083
volumes:
- ./config:/config
- ./store:/store
restart: unless-stopped
```
## Dockerfile
```
```Dockerfile
FROM alpine:3.16 AS builder
ARG RECORDER_VERSION=0.9.3
# ARG RECORDER_VERSION=master
RUN apk add --no-cache \
make \
gcc \
@ -155,9 +149,7 @@ RUN make -j $(nprocs)
RUN make install DESTDIR=/app
FROM alpine:3.16
VOLUME ["/store", "/config"]
RUN apk add --no-cache \
curl \
jq \
@ -188,62 +180,55 @@ ENV OTR_TOPIC="owntracks/#"
ENTRYPOINT ["/usr/sbin/entrypoint.sh"]
```
## basic auth
`docker exec -it --user root mosquitto mosquitto_passwd -c /mosquitto/passwd/pass username`
## Basic auth
```sh
docker exec -it --user root mosquitto mosquitto_passwd -c /mosquitto/passwd/pass username
```
## android app settings
## Android app settings
```
Connection:
mode mqtt
host mqtt.example.org
Port 8883 (open port on router)
Client ID random name
Websockets toggle enabled
Identification:
Username random name (will be displayed on recorder ui)
Password empty
Device ID random name
Tracker ID random name
Security:
TLS enabled
select client cert under preferences>connection>security
CA cert empty (installed the ca.crt in the device user store)
```
## Caddy certs
Request a new key and crt
`openssl req -x509 -newkey rsa:4096 -keyout cert_name.key -out cert_name.crt -days 365`
```sh
# Request a new key and crt
openssl req -x509 -newkey rsa:4096 -keyout cert_name.key -out cert_name.crt -days 365
Request a new certificate signing request
`openssl req -new -key cert_name.key -out cert_name.CSR`
# Request a new certificate signing request
openssl req -new -key cert_name.key -out cert_name.CSR
Request a new certificate authority
`openssl x509 -req -days 365 -in cert_name.csr -signkey cert_name.key -out cert_name-CA.crt`
# Request a new certificate authority
openssl x509 -req -days 365 -in cert_name.csr -signkey cert_name.key -out cert_name-CA.crt
Create a pem certificate
`cat cert_name.crt cert_name.key > cert_name.pem`
# Create a pem certificate
cat cert_name.crt cert_name.key > cert_name.pem
# Create a pkcs12 certificate
openssl pkcs12 -export -out cert_name.p12 -inkey cert_name.key -in cert_name.pem -legacy
```
Create a pkcs12 certificate
`openssl pkcs12 -export -out cert_name.p12 -inkey cert_name.key -in cert_name.pem -legacy`
## /etc/caddy/Caddyfile
```
```Caddyfile
#cert directive
(fancy_name) {
tls {
@ -257,8 +242,8 @@ Create a pkcs12 certificate
#owntracks
owntracks.example.org {
import fancy_name
reverse_proxy localhost:8083
import fancy_name
reverse_proxy localhost:8083
}
```
@ -283,69 +268,68 @@ ghash last monitor rec
data.mdb lock.mdb
```
## Tips & Tricks
#### create the certificates for mosquitto and owntracks android app
1. Change IP and ST,L,O for ca,server,client crt's also pick an appropriate -days for them in certs.sh
2. Copy ca.crt,server.crt,server.key to mosquitto/config
Change IP and ST,L,O for ca,server,client crt's also pick an appropriate -days for them in certs.sh
Copy ca.crt,server.crt,server.key to mosquitto/config
#### v3.ext file for filling S.A.N. field
Note subjectAltName use your dynamic dns address
Note subjectAltName use your dynamic dns address.
This is mantatory this will be the allowed domain for this certificate
Place ext file on the same dir with the script
#### pkcs12 bundle
Transfer ca.crt and cert.p12 on android device
Install ca.crt on android>settings>security>encryption>install a certificate>ca certificate
Select cert.p12 under owntracks>preferences>connection>security
1. Transfer ca.crt and cert.p12 on android device
2. Install ca.crt on android>settings>security>encryption>install a certificate>ca certificate
3. Select cert.p12 under owntracks>preferences>connection>security
Android can't handle modern pkcs encryption algorythms (PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256) that is used on openssl v3 . You can omit the -legacy flag if you are creating the pkcs cert with older openssl versions
#### directories
`mkdir {config,mosquitto,store,store/last}`
#### Directories
```sh
mkdir {config,mosquitto,store,store/last}
```
Before everything else create the needed directories
#### Dockerfile
#### Dockerfile
Owntracks recorder publishes x86 images on dockerhub but there are no official ARM images so you have to build if you are on arm
Mosquitto publishes images for all aarch's
#### Basic auth
#### Basic auth
Comment password_file on mosquitto/config/mosquitto.conf on first run then run mosquitto_passwd command as user root on the mosquitto container and finaly uncomment password_file and re-run docker compose up
#### Caddy certs
#### Caddy certs
On android you have to install the cert_name.p12 cert as vpn & app user certificate under settings > security > more > credentials > install > VPN & app user cert
Copy cert_name-CA.crt and cert_name.crt to /var/lib/caddy/cert/
#### domains
#### domains
We used two domains
One for publishing mqtt location messages from android to mosquitto (mqtt.example.org)
And one for accessing the recorder webui with our browser (owntracks.e.ample.org)
- One for publishing mqtt location messages from android to mosquitto (mqtt.example.org)
- One for accessing the recorder webui with our browser (owntracks.e.ample.org)
#### certificates
We installed two certificates on the android certificate store
The certificate authority for the mosquitto client cert ca.crt
The caddy client certificate cert_name.p12
We selected the mosquitto client cert from within the owntracks app cert.p12
We created two certificate authorities. The caddy directive "fancy_name" can be imported for other services that you reverse proxy with caddy also
- We installed two certificates on the android certificate store
- The certificate authority for the mosquitto client cert ca.crt
- The caddy client certificate cert_name.p12
- We selected the mosquitto client cert from within the owntracks app cert.p12
- We created two certificate authorities. The caddy directive "fancy_name" can be imported for other services that you reverse proxy with caddy also
#### Launch
You can view your location history visiting owntracks.example.org
If more than one device connects to the same broker (mqtt.example.org ) you can also view each others current location on the android app and the history on ot-recorder (owntracks.example.org)
- You can view your location history visiting owntracks.example.org
- If more than one device connects to the same broker (mqtt.example.org ) you can also view each others current location on the android app and the history on ot-recorder (owntracks.example.org)

1
apps/other/traccar.md
View File

@ -31,7 +31,6 @@ In `traccar.xml` file update the following section:
## docker-compose.yml
```yaml
---
services:
traccar-db:
image: yobasystems/alpine-mariadb

2
apps/other/vpn.md
View File

@ -9,7 +9,6 @@ An account with a compatible VPN provider is required.
## docker-compose.yml
```yml
---
services:
gluetun:
image: qmcgaw/gluetun
@ -37,7 +36,6 @@ services:
and then - in the corresponding service `docker-compose.yml`, e.g.:
```yml
---
services:
jackett:
image: ghcr.io/linuxserver/jackett

1
apps/other/windows.md
View File

@ -5,7 +5,6 @@
## docker-compose.yml
```yml
---
services:
windows:
image: dockurr/windows

8
apps/photos/libre-photos.md
View File

@ -68,8 +68,6 @@ workerTimeOut=1800
## docker-compose.yml
```yml
---
version: '2.1'
services:
proxy:
image: reallibrephotos/librephotos-proxy:${tag}
@ -144,15 +142,17 @@ services:
restart: unless-stopped
```
## Tips & tricks
### Librephotos backup/restore
Docker offers volumes so /data and /code/protected_media are safely mounted on host. Simply rsync backup of these dirs
Docker offers volumes so /data and /code/protected_media are safely mounted on host. Simply rsync backup of these dirs
posstgres db backup
Usefull to avoid a full scan
Usefull to avoid a full scan
`docker ps`

1
apps/photos/lychee.md
View File

@ -98,7 +98,6 @@ http {
## docker-compose.yml
```yml
---
services:
lychee_db:
container_name: lychee_db

1
apps/photos/photoprism.md
View File

@ -10,7 +10,6 @@ Personal Photo Management powered by Go and Google TensorFlow.
## docker-compose.yml
```yml
version: '3.3'
services:
photoprism:

2
apps/photos/photostructure.md
View File

@ -15,8 +15,6 @@
## docker-compose.yml
```yml
---
version: "3.7"
services:
photostructure:
image: photostructure/server

1
apps/photos/photoview.md
View File

@ -9,7 +9,6 @@ Photo gallery for self-hosted personal servers.
## docker-compose.yml
```yml
---
services:
db:
image: mariadb

1
apps/photos/pigallery.md
View File

@ -13,7 +13,6 @@
## docker-compose.yml
```yml
---
services:
pigallery2:
image: bpatrik/pigallery2:latest

1
apps/photos/piwigo.md
View File

@ -13,7 +13,6 @@
## docker-compose.yml
```yml
---
services:
piwigo:
image: linuxserver/piwigo

1
apps/photos/pixelfed.md
View File

@ -14,7 +14,6 @@ First create `.env` file like this one: https://github.com/pixelfed/pixelfed/blo
## docker-compose.yml
```yml
---
services:
app:
image: pixelfed

1
apps/project-mgmt/jira.md
View File

@ -11,7 +11,6 @@
## docker-compose.yml
```yml
---
services:
jira:
image: atlassian/jira-software

1
apps/project-mgmt/open-project.md
View File

@ -12,7 +12,6 @@ Full-featured & complicated.
## docker-compose.yml
```yml
---
services:
openproject:
image: openproject/community

1
apps/project-mgmt/planka.md
View File

@ -6,7 +6,6 @@
## docker-compose.yml
```yml
---
services:
planka:
image: meltyshev/planka:latest

1
apps/project-mgmt/wekan.md
View File

@ -10,7 +10,6 @@ Probably the best of the ones tested. A good balance between features & complexi
## docker-compose.yml
```yml
---
services:
wekandb:
image: mongo:latest

1
apps/reverse-proxy-sso/authelia.md
View File

@ -11,7 +11,6 @@ The config files below, will use a file-storage for users, because it's simpler
## docker-compose.yml
```yml
version: '3.3'
networks:
net:
driver: bridge

1
apps/reverse-proxy-sso/npm.md
View File

@ -13,7 +13,6 @@
## docker-compose.yml
```yml
---
services:
app:
image: 'jc21/nginx-proxy-manager:latest'

1
apps/rss/miniflux-filter.md
View File

@ -18,7 +18,6 @@ The new version adds a UI for managing filters. The UI "borrows" the css & javas
## docker-compose.yml
```yml
---
services:
miniflux-filter:
image: tborychowski/miniflux-filter:latest

1
apps/rss/rssbridge.md
View File

@ -9,7 +9,6 @@ RSS-Bridge is a PHP project capable of generating RSS and Atom feeds for website
# docker-compose.yml
```yml
---
services:
rss-bridge:
image: rssbridge/rss-bridge:latest

Some files were not shown because too many files have changed in this diff Show More