cargoship

hosting unifi, pihole, gitea etc. using docker-compose and nginx

• System Setup
  • Linux
  • Update, upgrade and install software
  • Hostfile and network configuration
  • Profile configuration
  • Hardware monitoring and configuration
• Docker configuration
  • gitea folders
  • unifi folders
  • pihole admin password
  • docker-compose reference
• Rclone and cron configuration
  • Rclone
  • cron
• Copyright Notice(s)
• Contributing to this Project
• Security Policy for this Project

Running on a x86-64 micro server, this configuration uses docker-compose to serve several useful network appliances via https. Each appliance is served as a unique fqdn through the nginx reverse proxy which also manages the tls certificates.

Components

Each service runs inside the cargonet docker network and is exposed via the nginx reverse proxy. Using pihole to serve memorable domain names "example.bonner.uk" results in a clean setup and very few ports shared with the host (currently a Dell OptiPlex 7040 micro PC).

Infrastructure

• Unifi Controller (docker): Control all of my Ubiquiti/Unifi devices
• PiHole (docker): DNS-based adblocking
• NGM (docker): Nginx Reverse-Proxy with TSL/SSL Management

Web Apps

• Gitea (docker): Self-Hosted Source Forge (like GitHub)
• OpenSpeedTest (docker): SpeedTest the network via HTML5
• NTP Server (docker): Simple NTP server running on port 123

Useful Links / Further Reading:

• Dropbox + Rclone auto-backup of unifi-controller from lazyadmin.nl
• Cloudflare DNS (1.1.1.1)
• Configure L2TP VPN in Unifi
• Generate a Secure PSK
• Firebog Block Lists: collection of adblock lists

System Setup

Linux

Debian installer image: https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.1.0-amd64-netinst.iso

This project used Debian linux, due to my familiarty with Raspberry Pi OS (formerly Rasbian) and the community, stability and support a popular distorbution offers. Debian 12 is supported until June 2026 (ref.)

Update, upgrade and install software

sudo apt update
sudo apt upgrade
sudo apt install htop
sudo apt install tmux
sudo apt install vim
sudo apt install git
sudo apt install docker-compose
sudo apt install rclone
sudo apt install smartmontools

Hostfile and network configuration

edits to /etc/hostname

cargoship

edits to /etc/hosts

127.0.0.1       localhost
10.10.10.10    cargoship.bonner.uk cargoship

# allow this server to see git hosting
10.10.10.10     code.bonner.uk

edits to /etc/network/interfaces

iface XXXXXXXXX inet static
   address 10.10.10.10
   netmask 255.255.255.0
   gateway 10.10.10.1
   dns-nameservers 1.1.1.1

restart network after configuration edits

sudo service networking restart

Profile configuration

.bashrc profile additions

# alias
alias ll='ls -lah'
alias cls='clear'
alias dc='docker-compose'

# functions
temp() {
        paste <(cat /sys/class/thermal/thermal_zone*/type) <(cat /sys/class/thermal/thermal_zone*/temp) | column -s $'\t' -t | sed 's/\(.\)..$/.\1°C/'
}

ctop() {
   docker run --rm -ti --name=ctop -v /var/run/docker.sock:/var/run/docker.sock quay.io/vektorlab/ctop:latest
}

# other
if [ "$color_prompt" = yes ]; then
        PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@$(hostname -f)\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
        PS1='${debian_chroot:+($debian_chroot)}\u@$(hostname -f):\w\$ '
fi

Hardware monitoring and configuration

HDD S.M.A.R.T charcateristics

sudo smartctl -i /dev/sda -a

Check a NTP time server

sudo ntpdate -q time.google.com

Check a NTP time server (from Windows)

w32tm /stripchart /computer:time.bonner.uk /samples:1 /dataonly

Check disk usage

df -h

Docker configuration

give user (adam) permission to run docker

sudo usermod -aG docker adam

create the network used by cargoship, we'll call this cargonet

docker network create cargonet

gitea folders

create the data and config folders

mkdir -p gitea/{data,config}

assign permissions

sudo chown 1000:1000 config/ data/

unifi folders

workaround to get crontab backing up unifi

sudo chown 1000:1000 unifi/
cd unifi/
sudo chown 1000:1000 data/
cd data/
sudo chown 1000:1000 backup/
cd backup/
sudo chown 1000:1000 autobackup/

pihole admin password

execute command inside the docker container

pihole -a -p changeme

docker-compose reference

start up service xxxxx

dc up -d xxxxx

stop service xxxxx

dc stop xxxxx

view docker processes

dc ps

Rclone and cron configuration

Rclone

setup rclone

rclone config

simple config steps

N
dropbox
13
enter key (client id = blank)
enter key (client secret = blank)
N
N

switch to wintows and install command line version

rclone authorize dropbox

switch back to linux and complete install

Paste the key
Y

cron

copy command for unifi (with progress)

rclone copy /home/adam/cargo/unifi/data/backup/ dropbox:Rclone/optiplex-unifi -P

sync command for gitea (with progress)

rclone sync /home/adam/cargo/gitea/data/git/ dropbox:Rclone/optiplex-gitea -P

sync command for nginx (with progress)

rclone sync /home/adam/cargo/nginx/ dropbox:Rclone/optiplex-nginx -P

configure backup jobs for all three, with crontab -e, configure...

0 6 * * * rclone copy /home/adam/cargo/unifi/data/backup/ dropbox:Rclone/optiplex-unifi
0 4 * * 0 rclone sync /home/adam/cargo/gitea/data/git/ dropbox:Rclone/optiplex-gitea
0 3 7 * * rclone sync /home/adam/cargo/nginx/ dropbox:Rclone/optiplex-nginx

export crontab to a text file

crontab -l > ~/my-crontab.txt

Copyright Notice(s)

• Debian name and Logo copyright of the Debian Project
• Dell Logo and Hardwre copyright of Dell Inc.

Contributing to this Project

This project welcomes contributions of all types. We ask that before you start work on a feature that you would like to contribute, please read the Contributor's Guide.

Security Policy for this Project

This project seeks to build secure, versatile and robust portable software. If you find an issue, please report it following the Security Policy