Skip to content

Instantly share code, notes, and snippets.

@jerkovicl

jerkovicl/docker_setup.md

Last active April 7, 2020 17:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. jerkovicl revised this gist Apr 7, 2020. No changes.
  2. jerkovicl revised this gist Apr 7, 2020. No changes.
  3. jerkovicl revised this gist Apr 7, 2020. No changes.
  4. jerkovicl revised this gist Mar 14, 2020. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -236,7 +236,7 @@ sudo apt full-upgrade

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/b5c6fb29ccc016cf0c43991405aa4f59/raw/7c52a742b66b18e57ba23d9b9f63be6ebef17c31/home_server_docker_setup.sh | sudo bash -s
    curl -vsL https://gist.githubusercontent.com/jerkovicl/b5c6fb29ccc016cf0c43991405aa4f59/raw/923f58fe82d5f9a01e781ee6d9f8909da8fc6b17/home_server_docker_setup.sh | sudo bash -s
    ```
    * usefull aliases
    ```
  5. jerkovicl revised this gist Mar 1, 2020. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -230,6 +230,8 @@ sudo apt full-upgrade

    * [10 Docker image security best practices](https://snyk.io/blog/10-docker-image-security-best-practices/)

    * [Docker - Lesser known tips](https://offby2.com/posts/001-docker-lesser-known-tips/)

    * [Check the security of your private Nextcloud server](https://scan.nextcloud.com/Check the security of your private Nextcloud server)

    * install script to use:
  6. jerkovicl revised this gist Feb 24, 2020. 1 changed file with 8 additions and 0 deletions.
    8 changes: 8 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -182,6 +182,14 @@ docker system prune
    docker image prune
    docker volume prune
    # WARNING! This will remove:
    # - all stopped containers
    # - all networks not used by at least one container
    # - all volumes not used by at least one container
    # - all images without at least one container associated to them
    # - all build cache
    docker system prune -a --volumes
    // validate docker compose file
    docker-compose -f docker-compose.yml config
  7. jerkovicl revised this gist Feb 19, 2020. 2 changed files with 6 additions and 35 deletions.
    7 changes: 6 additions & 1 deletion docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -195,7 +195,12 @@ usermod -aG sudo username
    chmod +x script.sh
    // set folder permissions
    sudo chown username:usergroup path-to-folder
    sudo chown username:usergroup path-to-folder
    // fix home directory folder permissions
    DIR=/home/user
    find $DIR -type d -not -path "$DIR/.ssh" -print0 | xargs -0 chmod 0775
    find $DIR -type f -not -path "$DIR/.ssh/*" -print0 | xargs -0 chmod 0664
    // fully update packages including dependencies
    sudo apt full-upgrade
    34 changes: 0 additions & 34 deletions traefik_docker_setup.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -1,34 +0,0 @@
    #!/bin/bash

    # sudo -i
    #sudo su
    # install dependencies
    add-apt-repository universe
    apt-get update
    apt-get install -y apparmor-utils apt-transport-https avahi-daemon ca-certificates curl dbus jq network-manager socat software-properties-common
    # install docker
    curl -sSL https://get.docker.com | sh
    # install docker-compose
    curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    # set permissions
    chmod +x /usr/local/bin/docker-compose
    # add user to docker group
    usermod -aG docker ${USER}
    # refresh group membership without logging , enter pass
    #su - ${USER}
    newgrp docker
    # docker and traefik folders setup
    mkdir -p ~/docker/shared/ && touch ~/docker/shared/.htpasswd
    # extra config for docker-gc image
    curl -vL https://raw.githubusercontent.com/clockworksoul/docker-gc-cron/master/compose/docker-gc-exclude -o ~/docker/shared/docker-gc-exclude
    setfacl -Rdm g:docker:rwx ~/docker
    chmod -R 775 ~/docker
    mkdir -p ~/docker/traefik/acme && touch ~/docker/traefik/acme/acme.json
    chmod 600 ~/docker/traefik/acme/acme.json
    touch ~/docker/traefik/traefik.toml
    touch ~/docker/traefik/rules.toml

    # create Traefix docker network
    docker network create traefik_proxy
    # install hassio
    curl -sL "https://raw.githubusercontent.com/home-assistant/hassio-installer/master/hassio_install.sh" | bash -s
  8. jerkovicl revised this gist Oct 12, 2019. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -194,6 +194,9 @@ usermod -aG sudo username
    // make script executable, add #!/bin/bash at top of script
    chmod +x script.sh
    // set folder permissions
    sudo chown username:usergroup path-to-folder
    // fully update packages including dependencies
    sudo apt full-upgrade
    ```
  9. jerkovicl revised this gist Oct 6, 2019. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -193,6 +193,9 @@ usermod -aG sudo username
    // make script executable, add #!/bin/bash at top of script
    chmod +x script.sh
    // fully update packages including dependencies
    sudo apt full-upgrade
    ```
    * Docker bench for security
    [here](https://github.com/docker/docker-bench-security)
  10. jerkovicl revised this gist Sep 29, 2019. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -226,4 +226,7 @@ dup() {
    ddown() {
    docker-compose -f /home/$USER/docker/$1.yml -p $1 down
    }
    fsize() {
    du -h $1
    }
    ```
  11. jerkovicl revised this gist Sep 24, 2019. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -157,6 +157,7 @@ exposedbydefault = false
    ```
    // Check logs for status
    docker-compose logs -tf --tail="50" traefik
    docker-compose logs --no-color --tail=1000 CONTAINER_NAME > logs.txt
    // check container stats
    docker stats traefik
  12. jerkovicl revised this gist Sep 19, 2019. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -214,7 +214,7 @@ chmod +x script.sh

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
    curl -vsL https://gist.githubusercontent.com/jerkovicl/b5c6fb29ccc016cf0c43991405aa4f59/raw/7c52a742b66b18e57ba23d9b9f63be6ebef17c31/home_server_docker_setup.sh | sudo bash -s
    ```
    * usefull aliases
    ```
  13. jerkovicl revised this gist Sep 16, 2019. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -210,6 +210,8 @@ chmod +x script.sh

    * [10 Docker image security best practices](https://snyk.io/blog/10-docker-image-security-best-practices/)

    * [Check the security of your private Nextcloud server](https://scan.nextcloud.com/Check the security of your private Nextcloud server)

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
  14. jerkovicl revised this gist Sep 16, 2019. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -208,6 +208,8 @@ chmod +x script.sh

    * [Security Audit](https://secalerts.co/security-audit)

    * [10 Docker image security best practices](https://snyk.io/blog/10-docker-image-security-best-practices/)

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
  15. jerkovicl revised this gist Sep 15, 2019. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -158,6 +158,9 @@ exposedbydefault = false
    // Check logs for status
    docker-compose logs -tf --tail="50" traefik
    // check container stats
    docker stats traefik
    // starting containers
    docker-compose -f ~/docker/docker-compose.yml up -d
  16. jerkovicl revised this gist Sep 13, 2019. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -203,6 +203,8 @@ chmod +x script.sh

    * [Security Headers - Test your site](https://securityheaders.com/)

    * [Security Audit](https://secalerts.co/security-audit)

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
  17. jerkovicl revised this gist Sep 11, 2019. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -28,6 +28,7 @@ AUTH_CLIENT_ID=sdadsad // google client id
    AUTH_CLIENT_SECRET=sdasd // google client secret
    KEYCLOAK_USER=username
    KEYCLOAK_PASSWORD=password
    SLACK_WEBHOOK_URL=dada
    ```

    * PUID and PGID – the user ID of the linux user, who we want to run the home server apps as, and group ID of docker.
  18. jerkovicl revised this gist Sep 11, 2019. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -200,6 +200,8 @@ chmod +x script.sh

    * [Script to setup Traefik reverse-proxy in Docker with Compose](https://github.com/Starttoaster/docker-traefik)

    * [Security Headers - Test your site](https://securityheaders.com/)

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
  19. jerkovicl revised this gist Sep 11, 2019. 1 changed file with 12 additions and 0 deletions.
    12 changes: 12 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -196,9 +196,21 @@ chmod +x script.sh

    * [Handy docker compose cheatsheet](https://jstobigdata.com/docker-compose-cheatsheet/)

    * [A curated list of Docker resources and projects](https://awesome-docker.netlify.com/)

    * [Script to setup Traefik reverse-proxy in Docker with Compose](https://github.com/Starttoaster/docker-traefik)

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
    ```
    * usefull aliases
    ```
    dup() {
    docker-compose -f /home/$USER/docker/$1.yml -p $1 up -d
    }
    ddown() {
    docker-compose -f /home/$USER/docker/$1.yml -p $1 down
    }
    ```
  20. jerkovicl revised this gist Sep 9, 2019. 1 changed file with 4 additions and 0 deletions.
    4 changes: 4 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -24,6 +24,10 @@ DOMAINNAME=example.com
    CLOUDFLARE_EMAIL=email@example.com
    CLOUDFLARE_API_KEY=XXXXXXXXXXXX // Global API key
    PLEX_CLAIM=claim-YYYYYYYYY // get from plex.tv/claim
    AUTH_CLIENT_ID=sdadsad // google client id
    AUTH_CLIENT_SECRET=sdasd // google client secret
    KEYCLOAK_USER=username
    KEYCLOAK_PASSWORD=password
    ```

    * PUID and PGID – the user ID of the linux user, who we want to run the home server apps as, and group ID of docker.
  21. jerkovicl revised this gist Sep 9, 2019. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -79,8 +79,8 @@ defaultEntryPoints = ["https", "http"]
    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]
    minVersion = "VersionTLS12"
    cipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]
    [entryPoints.monitor]
    address = ":8081"
  22. jerkovicl revised this gist Sep 9, 2019. 1 changed file with 4 additions and 0 deletions.
    4 changes: 4 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -79,6 +79,10 @@ defaultEntryPoints = ["https", "http"]
    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"]
    [entryPoints.monitor]
    address = ":8081"
    [file]
    watch = true
  23. jerkovicl revised this gist Sep 6, 2019. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -177,6 +177,7 @@ sudo netstat -tulpn | grep LISTEN
    // add non root user to sudo group
    usermod -aG sudo username
    // make script executable, add #!/bin/bash at top of script
    chmod +x script.sh
    ```
  24. jerkovicl revised this gist Sep 6, 2019. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -169,6 +169,9 @@ docker system prune
    docker image prune
    docker volume prune
    // validate docker compose file
    docker-compose -f docker-compose.yml config
    // check all running ports
    sudo netstat -tulpn | grep LISTEN
  25. jerkovicl revised this gist Sep 6, 2019. 1 changed file with 2 additions and 4 deletions.
    6 changes: 2 additions & 4 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -180,11 +180,9 @@ chmod +x script.sh
    * Docker bench for security
    [here](https://github.com/docker/docker-bench-security)

    * Turn docker run command to docker compose snippet:
    [Composerize](https://Composerize.com)
    * [Turn docker run command to docker compose snippet](https://Composerize.com)

    * Handy docker compose cheatsheet
    [Cheatsheet](https://jstobigdata.com/docker-compose-cheatsheet/)
    * [Handy docker compose cheatsheet](https://jstobigdata.com/docker-compose-cheatsheet/)

    * [Script to setup Traefik reverse-proxy in Docker with Compose](https://github.com/Starttoaster/docker-traefik)

  26. jerkovicl revised this gist Sep 6, 2019. 1 changed file with 5 additions and 0 deletions.
    5 changes: 5 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -183,6 +183,11 @@ chmod +x script.sh
    * Turn docker run command to docker compose snippet:
    [Composerize](https://Composerize.com)

    * Handy docker compose cheatsheet
    [Cheatsheet](https://jstobigdata.com/docker-compose-cheatsheet/)

    * [Script to setup Traefik reverse-proxy in Docker with Compose](https://github.com/Starttoaster/docker-traefik)

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
  27. jerkovicl revised this gist Sep 6, 2019. 1 changed file with 5 additions and 1 deletion.
    6 changes: 5 additions & 1 deletion docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -178,7 +178,11 @@ usermod -aG sudo username
    chmod +x script.sh
    ```
    * Docker bench for security
    > https://github.com/docker/docker-bench-security
    [here](https://github.com/docker/docker-bench-security)

    * Turn docker run command to docker compose snippet:
    [Composerize](https://Composerize.com)

    * install script to use:
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
  28. jerkovicl revised this gist Sep 5, 2019. 1 changed file with 3 additions and 1 deletion.
    4 changes: 3 additions & 1 deletion docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -180,4 +180,6 @@ chmod +x script.sh
    * Docker bench for security
    > https://github.com/docker/docker-bench-security
    * install script to use:
    `curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s`
    ```
    curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s
    ```
  29. jerkovicl revised this gist Sep 5, 2019. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -179,5 +179,5 @@ chmod +x script.sh
    ```
    * Docker bench for security
    > https://github.com/docker/docker-bench-security
    * install script to use:
    ``
    * install script to use:
    `curl -vsL https://gist.githubusercontent.com/jerkovicl/c31d1a0323f2e9104e4fae8eadf9c7f7/raw/3d5dc9040219b4095f75ada40e5ae31aa6503400/traefik_docker_setup.sh | bash -s`
  30. jerkovicl revised this gist Sep 5, 2019. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions docker_setup.md
    View file
    Original file line number Diff line number Diff line change
    @@ -179,3 +179,5 @@ chmod +x script.sh
    ```
    * Docker bench for security
    > https://github.com/docker/docker-bench-security
    * install script to use:
    ``