This repo holds scripts and configuration files to self-host some web services such as Bitwarden and Nextcloud on a private server. The goal is to have a simple (as in: concise, programmatic and declarative), cheap and secure setup to handle file synchronization and credential management for a few users (e.g. <10).
Prerequisites
In the vms
folder is a Farmer script that creates a virtual machine
on Azure with this specs:
- SKU: Standard B2s 2vCPUs, 4GB RAM, 60GB SSD (~20€/mo as of 8/2020)
- region: North Europe
- OS: Ubuntu 20.04
To create the virtual machine, change directory to vms
and:
- copy
env.example
to.env
and edit it as suitable for username, password, host and resource name - issue:
make deploy
. The script will deploy the VM and generate the related ARM template json file. A setup script similar tosetup-vm.sh
will be executed upon deployment to install required tools (e.g. Docker, etc) - setup passwordless authentication
- copy your public key to the VM:
ssh-copy-id -i ~/.ssh/mypub.key user@server
- editing the following settings in
/etc/ssh/sshd_config
on the VM:PasswordAuthentication no
;ChallengeResponseAuthentication no
;UsePAM no
. Then restart sshd:sudo systemctl restart ssh
.
- copy your public key to the VM:
- set up start and stop VM automation during off hours as described here, and make the VM IP static (TODO: automate)
Prerequisites
This setup assumes you own a DNS domain, and you've made its "A Record"s for naked domain ("@") and subdomains ("*") point to the VM's public IP. Failing that, you'll still be able to run the applications, but Caddy will have issues creating the certificates to use for the HTTPS connections. Notice that while Azure virtual machines have a public DNS name (e.g. name.region.cloudapp.azure.net), their DNS setting does not allow using subdomains, so it won't work.The apps
directory contains a Docker Compose file
to run Bitwarden and Nextcloud (with its MariaDB database) behind Caddy reverse proxy.
At the end of the instructions
- Nextcloud will be reachable at
https://nc.<your domain>
andhttps://<your domain>
- Bitwarden will be reachable at
https://bw.<your domain>
To deploy the applications:
- copy the app directory to your server (or clone this repo)
- change to
apps
folder, copyenv.example
to.env
and edit it as suitable - run
make up
. You can follow the progress of the setup by issuingmake log
.
To upgrade the applications just issue:
docker-compose pull
docker-compose down
docker-compose up -d
Or, more cautiously, issue the same commands but for one application at a time,
e.g.docker-compose pull nextcloud
.
Beware that some applications require additional steps when upgrading
between major versions, so make sure to read their upgrade documentation too.
- add instructions for adding Prometheus and Graphana to monitor host VM, Docker and applications
- add instructions for backup
- automate the remaining manual steps of VM creation