docker-compose configuration for my webserver at coldfix.de - very early stage!
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
etc
modules
var
.gitmodules
COPYING.GPLv3.txt
README.rst
cert-config.sh
cert-reload.sh
cert-renew.sh
docker-compose.yml

README.rst

Overview

This is the docker-compose configuration for my server at coldfix.de. You may adapt it to your purposes and use it for your own purposes. Note that this repository is put under the GPLv3.

Usage

git clone git@github.com:coldfix/server --recursive
cd server
docker-compose up

Services

docker-compose up will start the following sites/services:

maintenance

letsencrypt

letsencrypt cronjob is currently not run within docker container because it needs to restart the mail system which is not yet dockerized. You need to setup a cronjob like this manually:

# min   hour    dom     mon     dow     cmd
0       5,21    *       *       *       /home/server/cert-renew.sh --wait 60 --quiet

ejabberd

Create backup:

docker exec server_ejabberd_1 /usr/local/sbin/ejabberdctl backup /opt/ejabberd/backup/ejabberd.backup
docker cp server_ejabberd_1:/opt/ejabberd/backup/ejabberd.backup /tmp/ejabberd.backup

Restore backup:

docker cp /tmp/ejabberd.backup server_ejabberd_1:/opt/ejabberd/backup/ejabberd.backup
docker exec server_ejabberd_1 /usr/local/sbin/ejabberdctl restore /opt/ejabberd/backup/ejabberd.backup

Create admin user:

docker exec server_ejabberd_1 \
    /usr/local/sbin/ejabberdctl register admin coldfix.de "password"

Replace SSL certificate:

uid=$(docker exec server_ejabberd_1 id -u ejabberd)
gid=$(docker exec server_ejabberd_1 id -g ejabberd)
crt=$(pwd)/var/ssl/ejabberd.pem
cat /etc/letsencrypt/live/coldfix.de/{fullchain,privkey}.pem $crt
chown $uid:$gid $crt
chmod 700 $crt
docker restart server_ejabberd_1

Missing

The following services running on coldfix.de are not yet dockerized:

  • letsencrypt
  • postfix/dovecot
  • logrotate

Big TODOs

  • drop privileges in all containers