Quick Setup Debian Server
Ansible setup to configure a blank Debian 8 server automatically with only one command.
cd roles && git clone https://github.com/abaez/ansible-role-docker
- Customise variables in
./group_vars/all/vars_file.txtand change extention of the file from
make initfor first run of the script (on a blank server) or
make updateto update an already secured server.
Included in this Setup
- Securisation of the server:
- Create a new user with its own password,
- Disable root & password authentification (use of SSH keys),
- Install and configure security services, including:
- Change SSH default port.
- Installation of Newrelic agent to monitor the server.
- Installation of basic stuff for various uses:
- Installation of Docker. This will be the only thing running in the server considered, all services will be dockerized.
- Installation of various Docker services:
reverse-proxy: install & configure a reverse proxy to route all the http requests to the good dockerized service. Based on
jwilder/nginx-proxydocker scripts. See: https://github.com/jwilder/nginx-proxy
srv-voeux: install & configure a php website used in my portfolio. You probably won't need that... ;)
seedbox: install & configure several seedbox. Based on
kfei/docktorrentdocker scripts. See: https://github.com/kfei/docktorrent. Also install & configure several https web interface to retrieve the files downloaded by the seedbox. Based on
clue/h5aidocker scripts. See: https://hub.docker.com/r/clue/h5ai/.
jenkins: install & configure Jenkins.
gogs: install & configure a git repo for this server. Use of gogs, see: https://github.com/gogits/gogs
cadvisor: install & configure cAdvisor to monitor all the services created. Use of cAdvisor, see: https://github.com/google/cadvisor.
owncloud: install & configure an ownCloud server.
elk: install & configure an ELK stack to monitore both server & docker itself.
All the websites & services published can be SSL-ized using LetsEncrypt.
How to Run the Scripts
- Identify which services you need. The file
main.ymlis used to tell Ansible which roles to play. Simply comment/uncomment the ones you don't need. :)
- Customise variables. Under
./group_vars/all/, there is a file named
- Change all the variables you need inside of this file,
- Change the extension of the file from
- Create template files (htpasswd files, ...) needed to configure the different services (see next section for more explanations about the templates and files needed)
- Run the command
make (init|update)(init for blank server, update for already secured server); type the password you have configured in
- Grab a coffee, chill out... Because everything is done now - you only have to wait for the end of the execution. :)
Note: if for some reason, the deployment fails after the securisation of the server, you should comment the
- securisation role. If you forget to do so, you will have an error (server unreachable) because root auth is disabled & SSH port is changed after the securisation!
Main Configuration File
Unix Encrypted Password
To generate the encrypted password of your user:
If this utility is not installed on your system then you can still easily generate these passwords using Python. See: http://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module
It is possible to run multiple seedbox on the same server. If you want to do so, a
rtorrent will be used as a master and this master can have several slaves.
That is why there is two Ansible variable dictionaries: one for
seedbox_master and one for
portsare the ports you need to expose to make the service run
name[s]are the names of the docker containers.
Further information concerning the customisation of the seedboxes can be found at the following address, see: https://github.com/kfei/docktorrent
If you are using a reverse proxy, it is certainly because you have
some-url.pointing-to-your-server.co ; in this section, you can customise the URL of each of the services.
Configure certs, special configurations and htpassword for desired services. For more details, see:
- SSL: https://github.com/jwilder/nginx-proxy#ssl-support
- HTTP Auth: https://github.com/jwilder/nginx-proxy#basic-authentication-support
- Special configuration for one service: https://github.com/jwilder/nginx-proxy#per-virtual_host
This folder contains everything needed in previous step, such as:
- htpasswd files,
- Special configuration files...
This folder contains the htpasswd files needed to secure the seedbox, and also some special conf files for h5ai.
Improvements & TODOs
- Write tests.
If you find bugs & improvements, feel free to submit an issue, fork this project and send pull requests! :)