Richard Applegate

Tag: nginx proxy manger

  • How to set up Baserow on Portainer with nginx proxy manager

    This baserow is my absolute favorite, it’s more like a spreadsheet with more options and an easy-to-use database. It also had a Grid and Form and a Gallery and a Calendar! It’s great for our list of things to do.

    Look over Baserow.io!

    You’ll need Portainer and nginx running, remember? If not, here are my instruction to set up on your server.

    Let’s build stacks now.

    Open Portainer site → stacks → add stacks

    version: "3.4"
services:
  baserow:
    container_name: applegate-baserow
    image: baserow/baserow:1.24.2
    networks:
      - nginx
      - mariadb
    environment:
      BASEROW_PUBLIC_URL: 'https://sub.domain.com'
    volumes:
      - /yourpath/baserow/data:/baserow/data
networks:
  nginx:
    external: true
  mariadb:
    external: true

    Before you deploy, please ensure you follow the high light and modify and edit the networks to match your nginx proxy manager and MariaDB Database Network. Then, deploy the stack and this app is online but not show on site. We need to go to nginx proxy manager to set up a proxy host for baserow.

    Scheme – HTTP
    Forward Hostname – Your container_name here
    Forward port – Expose 80 to here.
    ensure to enable SSL and HTTP/2 and HSTS

    The sign-up form should appear when you open the base row. Please complete it for the first user, and this account will provide you with an admin account.

  • Mailcow : renew Certification with nginx proxy manager

    Make a file called “scriptmailssl.sh” and open the nano file editor. Paste these codes and save it!

    
#!/bin/bash

# This script takes the certs generated by Nginx Proxy Manager
# and copies it to the mailcow docker container.
# Before use, make sure you update the path to your docker data and locate which cert belongs to mailcow

cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/fullchain.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/cert.pem
cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/privkey.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/key.pem
postfix_c=$(docker ps -qaf name=postfix-mailcow)
dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
nginx_c=$(docker ps -qaf name=nginx-mailcow)
docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    chmod +x /home/applegater/docker/scriptmailssl.sh

    Add a cronjob every month.

    crontab -e 
    0 1 * */2 * bash /home/applegater/docker/scriptmailssl.sh >/dev/null 2>&1

    It’s going to do the job for you every month.

  • How to build Redis on Portainer (Stacks) and attach to Nextcloud docker network

    I have developed Redis for my Nextcloud to prevent file locking errors, thereby facilitating smooth uploads and enabling 24/7 usage instead of a failure to upload.

    Lets start by creating a network.

    docker network create redis

    Then go Portainer to create stacks.

    Portainer site → login admin account → stacks → add stacks

    version: '3.3'
services:
  redis:
    container_name: redis
    image: redis
    networks:
      - redis
    restart: unless-stopped
    command: redis-server --requirepass KWPvQ9VQ%V3KKShgg%SDq
networks:
  redis:
    external: true

    Deploy the stack and this app is now online. Make sure you put Nextcloud config to connect to the Redis server we created.

    config.php – added my sever Redis information going in Nextcloud’s config.php 
      'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis',
    'port' => 6379,
    'timeout' => 0.0,
    'password' => 'KWPvQ9VQ%V3KKShgg%SDq',
  ),

    You’re now ready to use Redis with your Nextcloud.

  • How to build VaultWarden/MariaDB on Portainer with Nginx

    VaultWarden is a password manager, this app is the best I have, and my company uses this password manager. It is very helpful for our team to be able to log in for our business and help employees access it, instead of waiting for the leader or owner to respond. You should build this for your small business or over 500 employees. It will help save you from headaches. And times.

    Before we begin, please verify you are running the Portainer and Nginx Proxy Manager.

    We will need to go to PhpMyAdmin and create a Database and User for the VaultWarden. If you do not have one, please follow these steps. This instruction to set up PhpMyAdmin.

    Sign in to PhpMyAdmin and make a database.

    Login to your admin account

    Then click ‘New’ for the database to be created.

    Create any name you prefer, only you need to make sure it matches on your docker-compose below.

    Now we need to create a user, so we have to go to “privileges” in the menu.

    Click Privileges on the top bar

    Then click add user account

    Make sure you create a username and password(I used generate password) since it is not exposed public, so my database is safe.

    Now, we will create the vault warden on Portainer.

    Open Portainer site → login admin → stacks → Add Stacks:

    version: '3.3'
services:
  vaultwarden:
    networks:
      - nginx
      - mariadb
    container_name: vaultwarden
    image: vaultwarden/server:latest
    restart: unless-stopped
    environment:
      - ROCKET_PORT=80
      - DATABASE_URL=mysql://user:password@databasecontainer_name:3306/databasename
      - ADMIN_TOKEN=
      - TZ=America/los_Angeles
      - SMTP_HOST=mail.email.com
      - SMTP_FROM=username@email.com
      - SMTP_PORT=465
      - SMTP_SECURITY=force_tls
      - SMTP_USERNAME=username@email.com
      - SMTP_PASSWORD=P@ssW0rd
      - WEBSOCKET_ENABLED=true
    expose:
      - 80
      - 3012
    volumes:
      - /mnt/applegatebackup/vaultwarden/data/:/data/
networks:
  nginx:
   external: true
  mariadb:
   external: true

    Please ensure that you have modified the admin token, SMTP environment, and database.

  • How to set up Portainer with nginx Proxy Manager.

    Step 1 – Setting up Docker and Portainer

    Before we start, you will need to install Docker and Docker-Compose on your Linux server before we can start this.

    Install Docker Engine on Ubuntu | Docker Documentation

    Since we don’t have one in the active tutorial, we have to create Portainer on Docker Compose in SSH Terminal instead of Portainer WebGui, since we don’t have one.

    1. I am not using Docker Volumes to save our data, so create the folder where you want to save because I am not using Docker Volumes for a reason.

    mkdir /mnt/nasdrive/portainer/ && mkdir /mnt/nasdrive/nginx

    2. In the SSH terminal, create the network for nginx.

    docker network create nginx

    3. Please go to the folder you created for Portainer and create the file docker-compose.yml.

    cd /mnt/nasdrive/portainer && touch docker-compose.yml

    4. Here’s my configure docker-compose.yml.

    version: '3.3'
services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    ports:
      - 8000:8000
      - 9443:9443
    networks:
      - nginx
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/nasdrive/portainer/data:/data
networks:
  nginx:
   external: true

    5. Now that the Portainer is up and running, we can start to use it. To make my site secure and HTTPS with let’s encrypt, we need to create Let’s encrypt on Portainer. I already have and made an account. You should expect to see a first time creation of an account. https://yourIP:port

    Now, you can log in to Portainer to start creating a docker nginx proxy manager.

    Step 2 – setting up nginx proxy manager

    1. After selecting the Server for your initial Portainer Docker, you will notice the option “Stacks” on the front page of Portainer. To add a stack, click the blue button.

    2. You can choose any name you want, but it’s helpful for me to keep things organized. We made a program called nginx__. I use compose docker configure, but we have MariaDB Database separate docker compose because I want to use one database for all my General apps. If you desire to utilize the MariaDB database, the following tutorial provides guidance on setting up the database on Portainer.

    version: '3.8'
services:
  app:
    container_name: nginx
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    networks:
      - nginx
      - mariadb
    ports:
      - target: 443
        published: 443 # Outside port
        mode: host
        protocol: tcp
      - target: 80
        published: 80 # Outside port
        mode: host
        protocol: tcp
      - target: 81
        published: 81
        mode: host
        protocol: tcp
    environment:
      # Mysql/Maria connection parameters:
      DB_MYSQL_HOST: "mariadb"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "Password"
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      DISABLE_IPV6: 'true'
      TZ: 'America/Los_Angeles'
    volumes:
      - /mnt/nasdrive/nginx/data:/data
      - /mnt/nasdrive/nginx/letsencrypt:/etc/letsencrypt
networks:
  nginx:
    external: true
  mariadb:
    external: true

    I already created a MariaDB database and a user for the NGINX proxy manager. So easy with PhpMyAdmin method instead, terminal console. Learn more about set up PhpMyAdmin!

    3. Launching the stack for nginx!

    Now open the Docker Nginx Proxy Manager at http://yourIP:81.

    There is a default login because there is no creation page for users.

    Email: admin@example.com Password: changeme
    Immediately after logging in with this default user, you will be asked to modify your details and change your password.

    After you change the password and Username you set, then now you should see this:

    You should be said “0 Proxy Hosts”. I just have many domains here to use all my apps.

    Now you can open the Proxy hosts to make HTTPS certificates for NGINX proxy manager and Portainer.

    Nginx Proxy Manager – Nginx Proxy Host Detail

    This for Nginx proxy Manager. That form you should fill out. Just a reminder, the Forward hostname/IP can work with docker-compose “container_name: nginx”.
    You see docker-compose.yml have container_name: that you create, and container_name needs to be on form where is Forward Hostname/IP. So that way this machine can communicate with container_name to more secure because never know IP changed.
    Last, for nginx proxy Manager – Force SSL and HTTP2 and HSTS need to be enabled.
    Now, our sites are secure, and you have to remove port 81 on docker-compose to secure our HTTP. We will never expose 80 or 81, but our nginx proxy manager needs port 80 for Let’s Encrypt. So, we leave port for 80 and 443 on our docker-compose.yml.

    Portainer – Nginx Proxy Host Detail

    Portainer – scheme for HTTPS and port for 9443 and make sure you enable block common exploits and Web sockets support.
    Portainer – you will need to enable SSL and HTTP/2 and HSTS.

    Advanced custom nginx configurations won’t be needed anymore. Then now your Portainer and NGINX are secured!

    HTTPS on Portainer sites. 🙂

    I recommend you all to force HTTPS only on private network too. It’s really safe. So, the Portainer itself app will not work with the HTTP port anymore.

    Portainer ⇾ settings ⇾ scroll down until you see SSL Certificate