This repository contains configuration scripts and instructions for configuring a NeedForHeat Server, comprising of multiple Docker containers hosted on a Linux server, based on the following technologies: Traefik proxy, Portainer, MariaDB, CloudBeaver, Duplicati, NeedForHeat Server API and JupyterLab.
NB: Where you read energietransitiewindesheim.nl below, you should subsitute your own domain; where you read etw below, you should subsitute your own server abbreviation.
For easy ssh/scp access to the server, copy your ssh certificate to the server. This requires the root password once; after that, your ssh key will be used for authentication.
Open a Linux command window on your local system. On Windows, you can use e.g. Windows Subsystem for Linux for this.
Generate a public/private key pair (files .ssh/etw.pub and .ssh/etw)
ssh-keygen -f ~/.ssh/etwWhen asked for passphrase, leave that empty.
Now, upload your public key to the server.
ssh-copy-id -i ~/.ssh/etw root@energietransitiewindesheim.nlLogin with ssh, without using a password
ssh -i ~/.ssh/etw root@energietransitiewindesheim.nlAppend the following to your .ssh/config
Host etw
User root
HostName energietransitiewindesheim.nl
IdentityFile ~/.ssh/etw
With this config in place, login to the server is simply
ssh etwWe have production (prd) and test (tst) environment, each on a separate server. The production and test environment can be destinguished by their URL.
- Production URL's:
<service>.energietransitiewindesheim.nl - Test URL's:
<service>.tst.energietransitiewindesheim.nl
If you wish to copy our configuration, then you will need to find and replace energietransitiewindesheim.nl with your own domain in all configuration files.
The URL's we use for our public services:
| Service | Environment | URL |
|---|---|---|
| API | production | api.energietransitiewindesheim.nl |
| API | test | api.tst.energietransitiewindesheim.nl |
| Manuals | production | manuals.energietransitiewindesheim.nl |
| Manuals | test | manuals.tst.energietransitiewindesheim.nl |
The URL's we use for system services:
| Service | Environment | URL |
|---|---|---|
| Portainer | production | docker.energietransitiewindesheim.nl |
| Portainer | test | docker.tst.energietransitiewindesheim.nl |
| CloudBeaver | production | db.energietransitiewindesheim.nl |
| CloudBeaver | test | db.tst.energietransitiewindesheim.nl |
| Duplicati | production | backup.energietransitiewindesheim.nl |
| Duplicati | test | backup.tst.energietransitiewindesheim.nl |
| JupyterLab | production | analysis-<name>.energietransitiewindesheim.nl |
| JupyterLab | test | analysis-<name>.tst.energietransitiewindesheim.nl |
This setup has to be done with SSH access to the server. During these steps, portainer is shorly exposed to the public internet without protection of credentials or IP whitelists.
- Log into the server using SSH.
- Create a volume for portainer:
docker volume create portainer_data
- Start the container:
docker run -d --rm -p 9443:9443 --name portainer-bootstrap \ -v /var/run/docker.sock:/var/run/docker.sock \ -v portainer_data:/data \ portainer/portainer-ce:latest
- Open Portainer in your browser:
https://server-external-ip-address:9443. - Add portainer and traefik as a stack by following the steps described here.
- Stop the bootstrapping container:
docker stop portainer-bootstrap
- Restart portainer:
docker restart portainer
- Portainer is now available at
docker.energietransitiewindesheim.nl.
Use the following steps to deploy a service as a Portainer stack.
At Windesheim we use Portainer stacks, but the docker-compose files can also be deployed without Portainer, using Docker Compose.
Add a new stack according to the following steps:
- Go to
stacksin portainer. - Click on
Add stack. - Give the stack a name.
- Select
git repositoryas the build method. - Set the
repository URLto:https://github.com/energietransitie/needforheat-server-configuration - Set the
repository referenceto:refs/heads/main - Set the
compose pathto point to the docker-compose.yml you want to deploy.Refer to the stack-specific README's for each stack's compose path.
- Optionally add environment variables if used in the docker-compose file. Click on
Add an environment variableto add additional variables.Refer to the stack-specific README's for each stack's environment variables.
- Click on
Deploy the stack.
When a docker-compose.yml for a stack is changed, the new configuration can be retrieved by following the steps below:
- Go to
Stacksin portainer. - Click on the stack you want to update.
- You can change environment variables if you want.
- Click on
Pull and redeployto retrieve the configuration from the main branch and update the container(s). - A pop-up will open. Click on
Updateto confirm. - The stack will update. Wait for the notification to know that the stack was updated successfully.
List of features ready and TODOs for future development. Ready:
- Implementing automated backup solution
- Limiting access by IPv4 address
- Ratelimiting on the API
- Further implementation of Dependabot
To-do:
- Create only docker-compose file for Traefik instead of .toml files
- Integrated deployment of the entire NeedForHeat Server stack
Optional:
- force use of SSH tunnel to
portainercontainer - force use of SSH tunnel to
cloudbeavercontainer - force use of SSH tunnel to
traefikcontainer
This software is available under the Apache 2.0 license, Copyright 2022 Research group Energy Transition, Windesheim University of Applied Sciences
This configuration repository was originally created by:
- Arjan Peddemors · @arpe
It was extended by:
- Harris Mesic · @Labhatorian
- Nick van Ravenzwaaij · @n-vr
- Erik Krooneman · @Erikker21
- Leon Kampstra · @LeonKampstra
- Jorrin Kievit · @JorrinKievit
- Henri ter Hofte · @henriterhofte · Twitter @HeNRGi
Product owner:
- Henri ter Hofte · @henriterhofte · Twitter @HeNRGi
We use and gratefully acknowlegde the efforts of the makers of the following technologies:
- Traefik proxy, by Traefik Labs, licensed under MIT
- Portainer, by Portainer.io, licensed under Zlib
- MariaDB, licensed under GNU GPL-2.0
- CloudBeaver, by DBeaver Corp, licensed under Apache-2.0)
- Duplicati, by duplicati.com, licensed under LGPL-2.1
- NeedForHeat Server API, by Research group Energy Transition, Windesheim University of Applied Sciences, licensed under Apache-2.0
- JupyterLab, by Project Jupyter Contributors, licensed under this license