Skip to content
/ costack Public

Simple multi-service small business or personal server via docker-compose

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jonbirge/costack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

111 Commits
conf
conf
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
config.env
config.env
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Server in a (Docker) Box

About

This repo is a docker-compose file and associated environment settings files that will allow you to instantly stand up a decent company/personal server, including:

  • Public-facing web site
  • Guacamole for access to internal desktops
  • Server log monitorin

The goal here is to create something affordable to run on a single cloud server with low RAM requirements.

Traefik is used to distribute traffic to the various backend services, as well as offer IP-based protection. The default configuration discards traffic from the top ten countries for cyber attacks for public services, and only allows internal service connections from the US. Of course, you can configure this yourself to allow only your own IP address range to connect for even more protection.

This is still under development, so not everything is implemented yet. See the next section for work that still needs to be done.

Future work

  • Break traefik routing into public- and private-facing services by domain name
  • LDAP server that is also used for auth
  • Internal landing page that authenticates internal users against LDAP
  • Mail server with SMTP and web-based back-end
  • Script to create the initial dB for Guacamole.
  • Implement as Digital Ocean custom droplet with automatic configuration
  • Add VPN server
  • Expand to use stacks/k8 to support scaling to multiple servers, if desired. This would be especially useful for having a break between internal-use and public-facing servers.

Installation

Configuration

Rename the file called config.env to .env and edit the content to match your system:

SQL_PASS=[any password you choose]
HOSTNAME=[your external hostname]
EMAIL=[admin e-mail address]

You will also probably want to configure the dynamic Traefik configuration file to match your desired level of security paranoia. The default settings are pretty restrictive, discarding traffic from several countries based on IP.

Lastly, and I know this sucks, you'll have to initialize the SQL database for Guacamole, if you're planning on using that. See the instructions from their hub.docker.com page for that. I'm working on a better solution for that, but in the meanwhile you have to do it manually.

Certificates

If you want root-signed certs from Let's Encrypt, then do the following in .env:

  • Make sure HOSTNAME is your full public server domain name.
  • Set EMAIL to something you're willing to give to the good folks at Let's Encrypt.

Running

Once you've configured the environment variables in the .env file, you should just be able to run:

$ docker-compose up -d

About

Simple multi-service small business or personal server via docker-compose

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages