fixed some stuff

2026-03-06 03:30:24 +01:00
parent 8084a603de
commit 0ecd665187
10 changed files with 332 additions and 2 deletions
--- a/deploy.sh
+++ b/deploy.sh
@@ -258,6 +258,7 @@ curl "https://dockge.kuma.pet/compose.yaml?port=5001&stacksPath=%2Fopt%2Fstacks"
 # write configuration to compose files
 cp -r $scriptdir/stacks /opt
 cp $scriptdir/setup /opt/stacks
 chmod -R 775 /opt/stacks
 cd /opt/stacks
@@ -446,9 +447,37 @@ cd /opt/stacks/dashboard
 docker compose up -d
 echo -e "${cyan}dashboard${nc} has been launched from http://dash.$domain, verify it is online, check that its entries work and press any button to continue"
 pause_if_enabled
 #doesnt work yet
 cat >/opt/stacks/setup/npmcertlist.txt <<EOF 
 browser.$domain
 cloud.$domain
 convert.$domain
 dash.$domain
 dns.$domain
 docker.$domain
 docs.$domain
 download.$domain
 dozzle.$domain
 office.$domain
 proxy.$domain
 status.$domain
 tools.$domain
 vault.$domain
 video.$domain
 vpn.$domain
 www.$domain
 test.$domain
 temp.$domain
 $domain
 llm.$domain
 mail.$domain
 private.$domain
 site.$domain
 Add any other subdomains you want to use.
 EOF
 echo ""
 echo ""
 echo ""
@@ -466,6 +495,10 @@ echo -e "${cyan}Dockge${nc} has been installed and launched. go to http://docker
 echo ""
 echo "you may have to go to settings > additional in owncloud and click "save" for the onlyoffice server settings."
 echo ""
 echo "-------------------------------"
 echo -e "the following set up steps must still be completed, you can find them in the "setup" folder at http://browser.$domain, this is required for vaultwarden to work"
 echo -e "${cyan}Nginx Proxy Manager${nc}: lets-encrypt certificate needs to be set up"
 echo -e "${cyan}Uptime Kuma#{nc}: Monitoring and status page configuration"
 # Capture the end time (Unix timestamp)
 END_TIME=$(date +%s)
--- a/Certificates.txt
+++ b/Certificates.txt
@@ -0,0 +1,30 @@
 # Step 1:
 go to proxy.?domain? and log in with your admin account
 # Step 2:
 go to the "Certificates" tab and click Add Certificate > Let's Encrypt via HTTP
 # Step 3: 
 copy the contents of the "npmcertlist.txt" file into the domain names field.
 copy one line at a time if using ctrl+c/ctrl+v, be sure to press enter between each line.
 if you make use of clickpaste (or any tool that allows you to paste by simulating keyboard input), you can use that to paste the entire list in one go
 or you can type the entire list manually
 # Step 4:
 hit "save" and wait.
 # Step 5:
 go to the Hosts > proxy hosts tab and go through each of the hosts
 # Step 6: 
 repeat for each host: 
 >go to the SSL tab
 >select your certificate
 >enable force SSL
 in the case of owncloud you may also want to enable HTTP/2 
 then hit save.
 once you've done this for all your sites, your entire cloud is now running with SSL encryption. 
--- a/OpenWebUI.txt
+++ b/OpenWebUI.txt
@@ -0,0 +1,203 @@
 In this document, i'll be guiding you through setting up an additional service on this cloud stack.
 I'll be using OpenWebUI as the example here. It's a frontend for interacting with various LLM APIs. we'll be setting it up with Mistral.
 to starT: Obtain a compose.yml for the service you want.
 most of this tutorial will happen on docker.?domain?
 when you press "compose" in the top left, you'll see an interface with a stack name on the left, a text editor on the right and a deploy button at the top.
 this text editor on the right is where you need to write your compose file.
 a compose file defines the service. generally it looks a bit like this:
 services:
    servicename:
        image: username/imagename:versiontag
        restart: restartbehaviour (generally should be unless-stopped)
        container_name: containername
        ports:
            - externalport:internalport/protocol (for example: 1234:5678/udp forwards port 1234 on the host to port 5678 on the container for the UDP protocol)
        networks:
            - network_name
        volumes:
            - dockervolume:/path/in/container (this is for docker volumes, these need to be declared separately or pre-made using commands)
            - ./relativefolder:/path/in/container (this is for if you want the volume to mount to a folder in the same folder as the compose.yml)
            - /absolute/path:/path/in/container (this is mounting an absolute path on the host as a container path)
        privileged: false/true (privileged containers have more capabilities, most notably access to systemd, you'll rarely see this, don't use this unless the container needs it)
        user: username/userID (this allows you to configure which host user the container runs under, sharing that user's file permissions)
        environment:
            variable1: value1
            variable2: value2
            variable3: value3
        healthcheck: 
            test: (defines how to run the healthcheck)
                - type (for example CMD)
                - value (for example wget)
                - arg1
                - arg2
                - arg3
                - arg4
            interval: 10s (Defines how often to run the healthcheck)
            timeout: 5s (defines how long the healthcheck waits for response)
            retries: 5 (defines how many times the healthcheck retries before marking as unhealthy)
            start_period: 30s (defines how long the container is up before healthchecks start)
 networks:
    network_name:
        external: true (this must be declared for any network that is not natively part of the stack, for example a network that was made with a command or by another compose file)
 this is an example compose file that contains basically everything, but most of these are optional.
 the minimum required is:
 services:
    servicename:
        image: username/imagename:versiontag
 but generally, i'd recommend one of the following three based on networking needs:
 >option 1: port-exposed. this is used for (for example) your proxy at proxy.?domain?
 services:
    app:
    image: my/appname:version
    restart: unless-stopped
    ports:
        - 81:81
        - 80:80
        - 443:443
    environment:
        TZ: ?timezone?
    volumes:
        - ./data:/data
 this does not have access to the internal cross-container network, but you can reach it using ?localip?:portnumber
 >option 2: internally networked. this is used for MOST of your services (for example, for convert.?domain?)
 services:
    app:
    image: my/appname:version
    restart: unless-stopped
    networks:
        - dockge_default
    environment:
        TZ: ?timezone?
    volumes:
        - ./data:/data
 networks:
    dockge_default:
        external: true
 this allows the application to communicate with other docker containers, but also means you cannot reach the container externally.
 this is good because in this deployment, Nginx proxy manager handles access to the containers.
 so the user always hits up Nginx proxy manager at ports 80 and 443 (which are forwarded), and nginx internally forwards the traffic to the container.
 this is more secure because frequently, communication from the proxy to the container is http, unencrypted. 
 it also means that there's no way to bypass any security measures you use in nginx proxy manager (such as access lists or third-party auth)
 >option 3: hybrid. this is best for services that do other things they need ports for alongside serving web pages (for example, a minecraft server that also has a web interface)
 services:
    app:
    image: my/appname:version
    restart: unless-stopped
    ports:
        - 81:81
        - 80:80
        - 443:443
    networks:
        - dockge_default
    environment:
        TZ: ?timezone?
    volumes:
        - ./data:/data
 networks:
    dockge_default
        external: true
 this allows you to both access a port externally AND access another port internally via nginx.
 this is done for wireguard. the container has two ports: 51820 and 51821. 51820 is the port the VPN itself communicates on, so it needs to be publicly exposed and forwarded.
 51821 is the web admin portal port. we want to protect the admin portal so we did not forward this, instead it's internally forwarded using nginx, meaning we can ensure our admin access list applies.
 for OpenWebUI, we've provided a compose.yml file. to host any other service, simply get an example compose file for it or a docker run command.
 example docker run command: 
 docker run -d -p 3000:8080 -v open-webui:/app/backend/data --name open-webui ghcr.io/open-webui/open-webui:main
 you can turn these into compose files with dockge by going to "Home" (top right) and pasting the command into the docker run section.
 the above docker run command maps to the following compose file:
 services:
  open-webui:
    ports:
      - 3000:8080
    volumes:
      - open-webui:/app/backend/data
    container_name: open-webui
    image: ghcr.io/open-webui/open-webui:main
 volumes:
  open-webui:
    external: true
    name: open-webui
 networks: {}
 AVOID ANY COMPOSE FILE WITH BUILD IN IT. this requires you to know how to use docker build, and tends to not work via dockge unless you manually clone the whole repo into /opt/stacks
 now that you've found your compose file example, paste it into dockge in the compose UI and edit it.
 if the service only provides a web page, remember the internal port (for example, for openwebui it's 8080) and replace ports: with networks:
 put the service on the dockge_default internal network. 
 also make sure all volumes are relative volumes (starting with ./), so they appear in the stacks directory and you can access them via filebrowser
 be sure to read the documentation for the compose image you're using to verify which environment variables you need to set. 
 in the case of our pre-provided compose.yml, you'll need to set two keys: the mistral API key and the webUI secret key. 
 the secret key can just be randomly generated. 
 for mistral, head to https://console.mistral.ai/home
 make an account if you haven't already and make sure to request the free tier API
 go to the API keys menu, make a key and paste that key into your compose.yml
 once you're done, you can press "Deploy" on your service.
 your service is now up, but it is not accessible. 
 for that, we need to first configure your proxy at proxy.?domain?
 first, determine which subdomain you want to use, in our case we'll be using llm.?domain?
 verify that you have a certificate that includes this subdomain under the certificates tab.
 if you do not, make one. it's fine if this certificate is a separate certificate from the others. We did already include llm.?domain? into the list of domains for the original cert.
 then go to hosts > proxy hosts and make a new proxy host.
 fill in your domain name at the top.
 for forward hostname, fill in the container name of your new service. in our case this is "openwebui"
 for port, fill in the internal port from the compose file if it came with one, or google what the default port is.
 in our case it's 8080 for the forward port.
 enable any access list if desired, turn on websockets support and enable the SSL certificate with "force SSL" in the SSL tab.
 now go to your configured subdomain (in our case llm.?domain?) and follow any post-install configuration. generally, the service will guide you through it.
 congrats! you've brought up an additional service.
 you can do this for any service you can find a docker compose file for. I'd recommend starting simple though. 
--- a/monitoring.txt
+++ b/monitoring.txt
@@ -0,0 +1,27 @@
 # Step 1:
 head to status.?domain? and log in.
 # Step 2:
 click on "Add New Monitor"
 # Step 2.5 (optional):
 Set monitor type to "Group", friendly name to the group name and retries to 10. 
 repeat this for any groups you want, for example: Frontend and Backend
 # Step 3:
 use the following settings:
 type: HTTP(s)
 Friendly Name: Name of your service (for example: Cloud)
 url: the URL for the site (for example: https://cloud.?domain?)
 Retries: 10
 certificate expiry notification: on
 cachebuster: on
 group: optionally set this to the group you want
 leave all the other settings as default
 # Step 4:
 repeat step 3 for every service, for an easy list of URLs, go to proxy.?domain? and log in, you can see the list of proxy hosts which is also all of your URLs. 
 # Step 5 (optional):
 make a status page, instructions in Uptime Kuma - status page.txt
--- a/setup/Uptime
+++ b/setup/Uptime
@@ -0,0 +1,14 @@
 # Step 1: 
 log in to status.?domain and click on "Status Pages" in the top right.
 # Step 2:
 make a new status page, Name it whatever you want and use slug "default"
 # Step 3: add all of the monitors you want to the page.
 # step 4: add a description if you'd like. 
 this status page is available at status.?domain?/status
 any other status pages you make are available at status.?domain?/status/<slug>
--- a/setup/compose.yml
+++ b/setup/compose.yml
@@ -0,0 +1,19 @@
 services:
  openwebui:
    container_name: openwebui
    restart: always
    networks:
      - dockge_default
    volumes:
      - ./data:/app/backend/data
    environment:
      - TZ=?timezone?
      - OPENAI_API_BASE=https://api.mistral.ai/v1
      - OPENAI_API_KEY=<YOUR_MISTRAL_KEY_HERE>
      - WEB_NAME=OpenWebUI
      - AIOHTTP_CLIENT_TIMEOUT_MODEL_LIST=30
      - WEBUI_SECRET_KEY=<RANDOM_SECRET_KEY_HERE>
    image: ghcr.io/open-webui/open-webui:main
 networks:
  dockge_default:
    external: true
--- a/stacks/browser/compose.yml
+++ b/stacks/browser/compose.yml
@@ -9,6 +9,7 @@ services:
    volumes:
      - /opt/stacks:/srv/stacks
      - /opt/stacks/jellyfin/media:/srv/media
      - /opt/stacks/setup:/srv/setup
      - ./filebrowser.db:/database.db
    restart: unless-stopped
 networks:
--- a/stacks/dashboard/config/www/app.sqlite
+++ b/stacks/dashboard/config/www/app.sqlite
--- a/stacks/owncloud/compose.yml
+++ b/stacks/owncloud/compose.yml
@@ -16,8 +16,9 @@ services:
      OWNCLOUD_DB_USERNAME: owncloud
      OWNCLOUD_DB_PASSWORD: ?ownclouddbpass?
      OWNCLOUD_DB_HOST: owncloud_db
-      OWNCLOUD_ADMIN_USERNAME: ?adminemail?
+      OWNCLOUD_ADMIN_USERNAME: administrator
      OWNCLOUD_ADMIN_PASSWORD: ?adminpass?
      OWNCLOUD_ADMIN_EMAIL: ?adminemail?
      OWNCLOUD_MYSQL_UTF8MB4: true
      OWNCLOUD_REDIS_ENABLED: true
      OWNCLOUD_REDIS_HOST: owncloud_redis
--- a/todo.txt
+++ b/todo.txt
@@ -0,0 +1,2 @@