🌐 Self-hosted

🛠️ Setup instructions

🛠️ Configuration Setup

1. Create .env File: Add a .env file in your local repository with the following variables:

REMOTE_USER=
REMOTE_HOST=
REMOTE_PATH=

These variables will be utilized by the Makefile to synchronize configurations from your local environment to the server without exposing sensitive information in your Git repository.

Set up Tailscale

Tailscale provides a seamless way to connect your devices to your internal network securely.

🛠️ Installation and Configuration Steps

1. Add Tailscale’s package signing key and repository:

curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

2. Install Tailscale:

sudo apt-get update
sudo apt-get install tailscale

3. Connect your machine to your Tailscale network and authenticate in your browser:

sudo tailscale up

4. Find your Tailscale IPv4 address by running:

tailscale ip -4

🛠️ Preparing the System

Update System and Install Dependencies: Update the package list and install essential dependencies.

sudo apt update
sudo apt install ca-certificates curl gnupg lsb-release

🔑 Adding Docker Repository

1. Add Docker's GPG key

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

2. Add Docker Repository

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

🚀 Installing Docker and Docker Compose

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io
sudo docker --version && docker compose version

Set up Docker

🔄 Removing Old Docker Versions

1. Remove Existing Docker Packages: Ensure you have a clean slate by removing any existing Docker packages.

sudo apt remove docker docker-engine docker.io containerd runc

2. Delete Existing Repositories: Remove any existing Docker repositories to avoid conflicts.

sudo rm /etc/apt/sources.list.d/docker.list

📦 Adding a new service

1. Create Service Directory: Inside your repository, create a new directory under /service for your new self-hosted service.

2. Add Configuration Files:

• Place the docker-compose.yml file inside the newly created service directory.
• If additional configuration files like .env or app.ini are required for your service, add them to the same directory.

3. Synchronize Configuration: To upload the .env file (or any other necessary configuration files) to the server, run the following command:

make upload-{service_name}

Replace {service_name} with the name of your service directory. This command will sync the configurations to the specified server path using the variables defined in your .env file.

📦 Make service publicly available

Add the following labels:

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(${HOST})"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.docker.network=traefik_network"

Set HOST in your .env file.

Add your service to the traefik_network network:

networks:
      - traefik_network

Add:

networks:
  traefik_network:
    external: true

Rebuild Docker image:

docker compose up --build -d

🛠️ Storage

📦 Mounting a New Volume Using Hetzner's Storage Box

This guide walks you through the process of mounting a Storage Box folder (nextcloud_data) to a specific mount point (/mnt/nextcloud_data) on your server.

📝 Prerequisites

Create a sub-account in Hetzner's Robot Control Panel with SSH and Samba support enabled. Note down the sub-account username and the generated password provided by Hetzner.

🚀 Steps to Mount the Storage Box

1. SSH into the Storage Box: Connect to your Storage Box via SSH using the sub-account username and the provided password.

ssh -p23 SB_USERNAME@SB_USERNAME.your-storagebox.de

2. Create a Directory: Inside the Storage Box, create a new directory named nextcloud_data.

mkdir nextcloud_data

3. Update /etc/fstab: Add an entry to the /etc/fstab file on your server to automatically mount the Storage Box folder to /mnt/nextcloud_data. Replace YOUR_PATH with nextcloud_data and YOUR_MOUNT_POINT with /mnt/nextcloud_data.

//SB_USERNAME.your-storagebox.de/YOUR_PATH /YOUR_MOUNT_POINT cifs seal,vers=3,iocharset=utf8,rw,credentials=/etc/secure_config/cifs-nextcloud-credentials.txt,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 0 0

4. Create Credentials File: Add a credentials file (cifs-nextcloud-credentials.txt) in /etc/secure_config directory on your server with the sub-account username and password.

username=SB_SUBACCOUNT_USERNAME
password=SB_SUBACCOUNT_PASSWORD

5. Mount and test: Mount the Storage Box folder using the mount -a command and verify the mount status.

mount -a

6. Verify Mount Point: Ensure that the Storage Box is correctly mounted by checking the mount point using the df -h command.

df -h

Troubleshooting

mount: /mnt/nextcloud_data: mount(2) system call failed: No route to host. dmesg(1) may have more information after failed mount system call. Make sure Samba support is enabled.

Volume encryption

To be added

🧰 Maintenance

Backup

To be added

Monitoring

To be added

🐞 Troubleshooting

Firefox detected a potential security threat and did not continue to {host}.velouria.dev because this website requires a secure connection.

Could be an issue in the docker-compose.yml set up - check your docker compose and Traefik logs