Richard Applegate

Blog

  • How to set up Baserow on Portainer with nginx proxy manager

    This baserow is my absolute favorite, it’s more like a spreadsheet with more options and an easy-to-use database. It also had a Grid and Form and a Gallery and a Calendar! It’s great for our list of things to do.

    Look over Baserow.io!

    You’ll need Portainer and nginx running, remember? If not, here are my instruction to set up on your server.

    Let’s build stacks now.

    Open Portainer site → stacks → add stacks

    version: "3.4"
services:
  baserow:
    container_name: applegate-baserow
    image: baserow/baserow:1.24.2
    networks:
      - nginx
      - mariadb
    environment:
      BASEROW_PUBLIC_URL: 'https://sub.domain.com'
    volumes:
      - /yourpath/baserow/data:/baserow/data
networks:
  nginx:
    external: true
  mariadb:
    external: true

    Before you deploy, please ensure you follow the high light and modify and edit the networks to match your nginx proxy manager and MariaDB Database Network. Then, deploy the stack and this app is online but not show on site. We need to go to nginx proxy manager to set up a proxy host for baserow.

    Scheme – HTTP
    Forward Hostname – Your container_name here
    Forward port – Expose 80 to here.
    ensure to enable SSL and HTTP/2 and HSTS

    The sign-up form should appear when you open the base row. Please complete it for the first user, and this account will provide you with an admin account.

  • How to set up agent edge on multiserver

    Docker-compose is my go-to for secondary or distributed servers. It’s better than docker run because it’s more clean and organized and easier to set up. And one time, too.

    So all you need to do is make sure the Secondary Server or Multiserver needs to install Docker and Docker Compose. Please follow this step by step.

    Install Docker Engine on Ubuntu | Docker Documentation

    Now that we have created the docker-compose files, we can create them where you want them to be saved. The secondary server has not yet set up Portainer, so this tutorial is for using SSH instead of Portainer. The docker compose will do the job, and our primary server will attach secondary from an outside server. This is cool, no need to use a port or anything else.

    Open the Portainer site on the primary server, then go to environment, add environment, Docker standalone, start wizard, and edge agent standard. Write down your edge ID and key in this way.

    You should see Edge ID and Edge Key on the primary Portainer site.

    Please ensure that you obtain the Edge ID and Edge Key. Make sure to change your volume path and change your volume path. Look for the highlights below.

    Version: '3.9'
services:
    agent:
        image: 'portainer/agent:2.20.2'
        container_name: portainer_edge_agent
        environment:
            - EDGE_INSECURE_POLL=1
            - EDGE_KEY=
            - EDGE_ID=
            - EDGE=1
        restart: always
        volumes:
            - '/yourpathportainer/data:/data'
            - '/:/host'
            - '/var/lib/docker/volumes:/var/lib/docker/volumes'
            - '/var/run/docker.sock:/var/run/docker.sock'

    After deploying the stack, your secondary portainer should be active and should appear on your primary portainer. Look like this:

    Continue to deploy and build Docker Portainer many more servers to benefit the future!

  • Fail2ban – how to unbanip on your sshd

    IP address unban

    Fail2Ban is an intrusion prevention system that protects computer servers from brute-force attacks. It can monitor specific logs and block IP addresses that act like brute-force attacks.

    Fail2Ban particularly monitors the number of connection attempts. After 5 failed SSH connection attempts, Fail2Ban will ban the IP address from connecting via SSH for 10 minutes. If this address fails several times, it might be banned permanently until you contact admin@richardapplegate.io and explain why you are attacking my server.

    Unban an IP address

    To unblock an IP address, you must first access it from another IP (VPN) address or internet connection than the one that is blocked.

    Look at the Fail2Ban log to find out where the IP address was banned.jail

    sudo tail /var/log/fail2ban.log 
2019-01-07 16:24:47 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44 
2019-01-07 16:24:49 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44 
2019-01-07 16:24:51 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44 
2019-01-07 16:24:54 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44 
2019-01-07 16:24:57 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44 
2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE  [sshd] Ban 11.22.33.44 
2019-01-07 16:24:57 fail2ban.filter  [1837]: NOTICE  [recidive] Ban 11.22.33.44

    Here, the 11.22.33.44 IP address has been banned in the sshd and recidive jails.

    Then use the following commands to unban the IP address.

    sudo fail2ban-client set sshd unbanip 11.22.33.44
sudo fail2ban-client set recidive unbanip 11.22.33.44

  • Backup and Restore with Docker Compose

    All of my data is on folder drive mounts that where our data is to make backup and restore operations easier. Stopping your stack with docker-compose down will allow you to back up all the files and subfolders in the folder next to the docker-compose.yml file.

    For example, if you want to create a ZIP archive, you can use the following command:

    zip -r myarchive.zip .

    To restore from a ZIP archive, please unzip the archive into the original folder using the following command.

    unzip myarchive.zip -d /path/to/original/folder

    Once your backup has been completed, you can start your stack again with the following command:

    docker-compose up -d

    This is all. With these simple steps, you can easily backup and restore your data volumes with Docker Compose.

  • How to add SecurityEdge to allow our site on our business Internet? Here is how,

    Log in to your Comcast Business Account.

    https://business.comcast.com/connectivity/internetdashboard/

    After you log in, go to the correct location to update your internet. Scrolling down to Subscribed Services ⇾ SecuirtyEdge.

    After you click that SecuirtyEdge(https://securityedge.comcast.com/#home)

    You can go over to the Block and Allow list.

    Place your website into the Check URL text box and then click Check.

    Make sure that you click allow, so we can access your site from your stores or office.

    So yes you notice we disable our SecuirtyEdge because we had our own 3 DNS Server .

    After you publish and save, it will take about 30 min for your store’s or office’s modem to update, and then it will unblock/SSL invalid won’t show that anymore.

    If you still face the issue, I am happy to swing by and work that out for you to get it to success on the website for every customer view..

  • How to Install Immich(v1.99.0) on Docker Portainer with Nginx Proxy Manager

    This document presents Docker compose version 3.8 for Immich Latest (1.99.0). I just changed the volume to the correct path because I want them to save in our large storage data and permission user so that any users can’t see our file except root.

    I added networks because they’re going to be proxied by Nginx Proxy Manager and own Redis.

    version: "3.8"

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: [ "start.sh", "immich" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - stack.env
    networks:
      - nginx
      - personalphotos
    labels:
      - com.centurylinklabs.watchtower.enable=false
    depends_on:
      - redis
      - database
    restart: always

  immich-microservices:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: [ "start.sh", "microservices" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - stack.env
    networks:
      - personalphotos
    labels:
      - com.centurylinklabs.watchtower.enable=false
    depends_on:
      - redis
      - database

    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - ${MODEL_CACHE}:/cache
    labels:
      - com.centurylinklabs.watchtower.enable=false
    env_file:
      - stack.env
    networks:
      - personalphotos
    restart: always


  redis:
    container_name: immich_redis
    image: redis:6.2-alpine
    env_file:
      - stack.env
    labels:
      - com.centurylinklabs.watchtower.enable=false
    networks:
      - personalphotos
    restart: always

  database:
    container_name: immich_postgres
    image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    labels:
      - com.centurylinklabs.watchtower.enable=false
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
    networks:
      - personalphotos
    volumes:
      - ${PGDATA}:/var/lib/postgresql/data

    restart: always
networks:
  nginx:
     external: true
  personalphotos:
     external: true

    Here is Environment variables

    DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_PASSWORD=postgres
DB_DATABASE_NAME=immich
TZ=America/Los_Angeles
REDIS_HOSTNAME=immich_redis
UPLOAD_LOCATION=changeyourpath/data
TYPESENSE_API_KEY=Your own create random letter
PUBLIC_LOGIN_PAGE_MESSAGE=
IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003
MODEL_CACHE=/changeyourpath/model_cache
PGDATA=/changeyourpath/postgresqlbackup
TSDATA=/changeyourpath/tsdata

  • Nextcloud: Server has no maintenance window start time configured. Error.

    Nextcloud Version: 28.0.3

    There’s a link in the warning message to the documentation

    You have to add the following line to your config.php:'maintenance_window_start' => 1,

    Nextcloud Documentation:
    https://docs.nextcloud.com/server/28/go.php?to=admin-background-jobs

  • Mailcow : renew Certification with nginx proxy manager

    Make a file called “scriptmailssl.sh” and open the nano file editor. Paste these codes and save it!

    
#!/bin/bash

# This script takes the certs generated by Nginx Proxy Manager
# and copies it to the mailcow docker container.
# Before use, make sure you update the path to your docker data and locate which cert belongs to mailcow

cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/fullchain.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/cert.pem
cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/privkey.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/key.pem
postfix_c=$(docker ps -qaf name=postfix-mailcow)
dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
nginx_c=$(docker ps -qaf name=nginx-mailcow)
docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    chmod +x /home/applegater/docker/scriptmailssl.sh

    Add a cronjob every month.

    crontab -e 
    0 1 * */2 * bash /home/applegater/docker/scriptmailssl.sh >/dev/null 2>&1

    It’s going to do the job for you every month.

  • Nextcloud 28.03 : annoy error message: 4 errors in the logs since… on Portainer

    Nextcloud 28.03 : annoy error message: 4 errors in the logs since… on Portainer

    Delete Nextcoud.log to fix the error, but it will come back again and make sure you fix the error, so it won’t pop up again. This is similar to the engine light.

    Follow this command line

    After deleting the logs, Checks have now passed.

  • Nextcloud After Update and get this Error Message. I am Use Portainer, Docker.

    Nextcloud After Update and get this Error Message. I am Use Portainer, Docker.

    Error Message:

    Go to Portainer Web and log in with your admin account. Then select the correct environment server. Then go to Nextcloud Container to enter the console.

    Please make sure you change the user root to www-data, then connect.

    Now you can see that you have a terminal on your webgui and fill out this command line.

    php occ db:add-missing-indices
    Sucess and now Error gone.

    Before:

    After