diff --git a/manuscript/CHANGELOG.md b/manuscript/CHANGELOG.md index d4f4f65..b8fb180 100644 --- a/manuscript/CHANGELOG.md +++ b/manuscript/CHANGELOG.md @@ -15,13 +15,12 @@ ## Recently added recipes -* Added [KeyCloak](/recipes/keycloak), an open source identity and access management solution which backends neatly into [OpenLDAP](/recipes/openldap/) (among other providers), providing true SSO (_13 Dec 2018_) +* Added [phpIPAM])(/reipes/phpipam), an IP address managament tool (_18 Dec 2018_) +* Added [KeyCloak](/recipes/keycloak), an open source identity and access management solution which backends neatly into [OpenLDAP](/recipes/openldap/) (_among other providers_), providing true SSO (_13 Dec 2018_) * Added [OpenLDAP](/recipes/openldap/), a 20-year old project which [refuses to die](https://www.youtube.com/watch?v=cnQEo4bazIo), underpinning many of today's authentication platforms, and providing a single authentication backend for multiple recipes (_9 Dec 2018_) * Added [Wetty](/recipes/wetty/), a remote terminal client in your web browser (_22 Nov 2018_) * Added [PrivateBin](/recipes/privatebin/), a self-hosted pastebin alternative (_5 Nov 2018_) -* Added [Realms](/recipes/realms/), another git-based wiki, like [Gollum](/recipes/gollum/), but including basic user auth and registration -* Added a list of useful funkypenguin Docker [containers](/reference/containers/) (_7 Oct 2018_) -* Added [Swarmprom](/recipes/swarmprom/), the sexiest way visualise detailed performance metrics from your swarm (_17 Sep 2018_) + ## Recent improvements diff --git a/manuscript/images/phpipam.png b/manuscript/images/phpipam.png new file mode 100644 index 0000000..8ebc090 Binary files /dev/null and b/manuscript/images/phpipam.png differ diff --git a/manuscript/recipes/collabora-online.md b/manuscript/recipes/collabora-online.md new file mode 100644 index 0000000..e52b32e --- /dev/null +++ b/manuscript/recipes/collabora-online.md @@ -0,0 +1,245 @@ +# Collabora Online + +!!! important + Development of this recipe is sponsored by [The Common Observatory](https://www.observe.global/). Thanks guys! + + [![Common Observatory](../images/common_observatory.png)](https://www.observe.global/) + +Collabora Online Development Edition (or "[CODE](https://www.collaboraoffice.com/code/#what_is_code)"), is the lightweight, or "home" edition of the commercially-supported [Collabora Online](https://www.collaboraoffice.com/collabora-online/) platform. It + +It's basically the [LibreOffice](https://www.libreoffice.org/) interface in a web-browser. CODE is not a standalone app, it's a backend intended to be accessed via "WOPI" from an existing interface (_in our case, [NextCloud](/recipes/nextcloud/)_) + +![CODE Screenshot](../images/collabora-online-development-environment.png) + +## Ingredients + +1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md) +2. [Traefik](/ha-docker-swarm/traefik_public) configured per design +3. DNS entry for the hostname (_i.e. "collabora.your-domain.com"_) you intend to use for LDAP Account Manager, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP +4. [NextCloud](/recipes/nextcloud/) installed and operational +5. [Docker-compose](https://docs.docker.com/compose/install/) installed on your node(s) - this is a special case which needs to run outside of Docker Swarm + +## Preparation + +### Explanation for complexity + +Due to the clever magic that Collabora does to present a "headless" LibreOffice UI to the browser, the CODE docker container requires system capabilities which cannot be granted under Docker Swarm (_specifically, MKNOD_). + +So we have to run Collabora itself in the next best thing to Docker swarm - a docker-compose stack. Using docker-compose will at least provide us with consistent and version-able configuration files. + +This presents another problem though - Docker Swarm with Traefik is superb at making all our stacks "just work" with ingress routing and LetsEncyrpt certificates. We don't want to have to do this manually (_like a cave-man_), so we engage in some trickery to allow us to still use our swarmed Traefik to terminate SSL. + +We run a single swarmed Nginx instance, which forwards all requests to an upstream, with the target IP of the docker0 interface, on port 9980 (the port exposed by the CODE container_) + +We attach the necessary labels to the Nginx container to instruct Trafeik to setup a front/backend for collabora.. Now incoming requests to https://collabora. will hit Traefik, be forwarded to nginx (wherever in the swarm it's running), and then to port 9980 on the same node that nginx is running on. + +What if we're running multiple nodes in our swarm, and nginx ends up on a different node to the one running Collabora via docker-compose? Well, either constrain nginx to the same node as Collabora, or just launch an instance of Collabora on _every_ node then. It's just a rendering / GUI engine after all, it doesn't hold any persistent data. + +Here's a diagram to illustrate: + +![CODE traffic flow](../images/collabora-traffic-flow.png) + +### Setup data locations + +We'll need a directory for holding config to bind-mount into our containers, so create ```/var/data/collabora```, and ```/var/data/config/collabora``` for holding the docker/swarm config + +``` +mkdir /var/data/collabora/ +mkdir /var/data/config/collabora/ +``` + +### Prepare environment + +Create /var/data/config/collabora/collabora.env, and populate with the following variables, customized for your installation. + +!!! warning + Note the following: + + 1. Variables are in lower-case, unlike our standard convention. This is to align with the CODE container + 2. Set domain to your [NextCloud](/recipes/nextcloud/) domain, and escape all the periods as per the example + 3. Set your server_name to collabora.. Escaping periods is unnecessary + 4. Your password cannot include triangular brackets - the entrypoint script will insert this password into an XML document, and triangular brackets will make bad(tm) things happen 🔥 + +``` +username=admin +password=ilovemypassword +domain=nextcloud\.batcave\.com +server_name=collabora.batcave.com +termination=true +``` + +### Create docker-compose.yml + +Create ```/var/data/config/collabora/docker-compose.yml``` as follows: + +``` +version: "3.0" + +services: + local-collabora: + image: funkypenguin/collabora + # the funkypenguin version has a patch to include "termination" behind SSL-terminating reverse proxy (traefik), see CODE PR #50. + # Once merged, the official container can be used again. + #image: collabora/code + env_file: /var/data/config/collabora/collabora.env + volumes: + - /var/data/collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml + cap_add: + - MKNOD + ports: + - 9980:9980 +``` + +### Create nginx.conf + +Create ```/var/data/config/collabora/nginx.conf``` as follows, changing the ```server_name``` value to match the environment variable you established above. + +``` +upstream collabora-upstream { + # Run collabora under docker-compose, since it needs MKNOD cap, which can't be provided by Docker Swarm. + # The IP here is the typical IP of docker0 - change if yours is different. + server 172.17.0.1:9980; +} + +server { + listen 80; + server_name collabora.batcave.com; + + # static files + location ^~ /loleaflet { + proxy_pass http://collabora-upstream; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass http://collabora-upstream; + proxy_set_header Host $http_host; + } + + # Main websocket + location ~ /lool/(.*)/ws$ { + proxy_pass http://collabora-upstream; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # Admin Console websocket + location ^~ /lool/adminws { + proxy_buffering off; + proxy_pass http://collabora-upstream; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ /lool { + proxy_pass https://collabora-upstream; + proxy_set_header Host $http_host; + } +} +``` + +# FIXME + +``` +wsd-00030-00031 2018-12-15 07:52:49.973053 [ prisoner_poll ] INF Have 1 spare child after adding [36].| wsd/LOOLWSD.cpp:431 +wsd-00030-00030 2018-12-15 07:52:49.978874 [ loolwsd ] TRC Have 1 new children.| wsd/LOOLWSD.cpp:2987 +wsd-00030-00030 2018-12-15 07:52:49.978940 [ loolwsd ] INF WSD initialization complete: setting log-level to [warning] as configured.| wsd/LOOLWSD.cpp:2994 +wsd-00030-00051 2018-12-15 07:55:06.385786 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.20.0.1| wsd/LOOLWSD.cpp:1851 +``` + +### Setup Docker Swarm + +Create ```/var/data/config/collabora/collabora.yml``` as follows, changing the traefik frontend_rule as necessary: + +!!! tip + I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍 + +``` +version: "3.0" + +services: + + nginx: + image: nginx:latest + networks: + - traefik_public + deploy: + labels: + - traefik.frontend.rule=Host:collabora.observe.global + - traefik.docker.network=traefik_public + - traefik.port=80 + - traefik.frontend.passHostHeader=true + # uncomment this line if you want to force nginx to always run on one node (i.e., the one running collabora) + #placement: + # constraints: + # - node.hostname == ds1 + volumes: + - /var/data/collabora/nginx.conf:/etc/nginx/conf.d/default.conf:ro + +networks: + traefik_public: + external: true +``` + +### Obtain loolwsd.xml + +Where do we find this? Do we still need it given we patched it? + +## Serving + +### Launch Collabora + +Launching Collabora is a 2-step process. First we launch collabora itself, by running: + +``` +cd /var/data/config/collabora/ +docker-compose -d up +``` + +Output looks something like this: + +``` +root@ds1:/var/data/config/collabora# docker-compose up -d +WARNING: The Docker Engine you're using is running in swarm mode. + +Compose does not use swarm mode to deploy services to multiple nodes in a swarm. All containers will be scheduled on the current node. + +To deploy your application across the swarm, use `docker stack deploy`. + +Pulling local-collabora (funkypenguin/collabora:latest)... +latest: Pulling from funkypenguin/collabora +7b8b6451c85f: Pull complete +ab4d1096d9ba: Pull complete +e6797d1788ac: Pull complete +e25c5c290bde: Pull complete +4b8e1b074e06: Pull complete +f51a3d1fb75e: Pull complete +8b826e2ae5ad: Pull complete +Digest: sha256:6cd38cb5cbd170da0e3f0af85cecf07a6bc366e44555c236f81d5b433421a39d +Status: Downloaded newer image for funkypenguin/collabora:latest +Creating collabora_local-collabora_1 ... +Creating collabora_local-collabora_1 ... done +root@ds1:/var/data/config/collabora# +``` + +Once collabora is up, we launch the swarm stack, by running: + +``` +docker stack deploy collabora -c /var/data/config/collabora/collabora.yml +``` + +Visit https://collabora. and confirm you can login with the user/password you specified in collabora.env + +### Integrate into NextCloud + +Create the auth_internal overlay network, by running ```docker stack deploy auth -c /var/data/config/openldap/auth.yml`, then launch the OpenLDAP stack by running ```docker stack deploy openldap -c /var/data/config/openldap/openldap.yml``` + + + +PR is https://github.com/CollaboraOnline/Docker-CODE/pull/50 diff --git a/manuscript/recipes/cryptominer.md b/manuscript/recipes/cryptominer.md index 5427cd4..337598f 100644 --- a/manuscript/recipes/cryptominer.md +++ b/manuscript/recipes/cryptominer.md @@ -8,7 +8,7 @@ I honestly didn't expect to enjoy the mining process as much as I did. Part of t Since a [mining rig](/recipes/cryptominer/mining-rig/) relies on hardware, we can't really use a docker swarm for this one! -![NAME Screenshot](../images/cryptominer.png) +![CryptoMiner Screenshot](../images/cryptominer.png) This recipe isn't for everyone - if you just want to make some money from cryptocurrency, then you're better off learning to [invest](https://www.reddit.com/r/CryptoCurrency/) or [trade](https://www.reddit.com/r/CryptoMarkets/). However, if you want to (_ideally_) make money **and** you like tinkering, playing with hardware, optimising and monitoring, read on! diff --git a/manuscript/recipes/homeassistant/ibeacon.md b/manuscript/recipes/homeassistant/ibeacon.md new file mode 100644 index 0000000..875f202 --- /dev/null +++ b/manuscript/recipes/homeassistant/ibeacon.md @@ -0,0 +1,24 @@ +# iBeacons with Home assistant + +!!! warning + This is not a complete recipe - it's an optional additional of the [HomeAssistant](/recipes/homeassistant/) "recipe", since it only applies to a subset of users + +One of the most useful features of Home Assistant is location awareness. I don't care if someone opens my office door when I'm home, but you bet I care about (_and want to be notified_) it if I'm away! + +## Ingredients + +1. [HomeAssistant](/recipes/home-assistant/) per recipe +2. iBeacon(s) - This recipe is for https://s.click.aliexpress.com/e/bzyLCnAp +4. [LightBlue Explorer](https://itunes.apple.com/nz/app/lightblue-explorer/id557428110?mt=8) + +## Preparation + +### Write UUID to iBeacon + +The iBeacons come with no UUID. We use the LightBlue Explorer app to pair with them (_code is "123456"_), and assign own own UUID. + +Generate your own UUID, or get a random one at https://www.uuidgenerator.net/ + +Plug in your iBeacon, launch LightBlue Explorer, and find your iBeacon. The first time you attempt to interrogate it, you'll be prompted to pair. Although it's not recorded anywhere in the documentation (_grr!_), the pairing code is **123456** + +Having paired, you'll be able to see the vital statistics of your iBeacon. diff --git a/manuscript/recipes/mattermost.md b/manuscript/recipes/mattermost.md index 662ad57..21f1a49 100644 --- a/manuscript/recipes/mattermost.md +++ b/manuscript/recipes/mattermost.md @@ -2,7 +2,7 @@ Intro -![NAME Screenshot](../images/mattermost.jpg) +![MatterMost Screenshot](../images/mattermost.jpg) Details @@ -16,7 +16,7 @@ Details ### Setup data locations -We'll need several directories to bind-mount into our container, so create them in /var/data/wekan: +We'll need several directories to bind-mount into our container, so create them in /var/data/mattermost: ``` mkdir -p /var/data/mattermost/{cert,config,data,logs,plugins,database-dump} @@ -110,9 +110,9 @@ networks: ## Serving -### Launch Wekan stack +### Launch MatterMost stack -Launch the Wekan stack by running ```docker stack deploy wekan -c ``` +Launch the MatterMost stack by running ```docker stack deploy mattermost -c ``` Log into your new instance at https://**YOUR-FQDN**, with user "root" and the password you specified in gitlab.env. diff --git a/manuscript/recipes/phpipam.md b/manuscript/recipes/phpipam.md new file mode 100644 index 0000000..1e3a356 --- /dev/null +++ b/manuscript/recipes/phpipam.md @@ -0,0 +1,216 @@ +# phpIPAM + +phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features. + +![phpIPAM Screenshot](../images/phpipam.png) + +phpIPAM fulfils a non-sexy, but important role. It helps you manage your IP address allocation. + +## Why should you care about this? + +You probably have a home network, with 20-30 IP addresses, for your family devices, your IOT devices, your smart TV, etc. If you want to (a) monitor them, and (b) audit who does what, you care about what IPs they're assigned by your DHCP server. + +You could simple keep track of all devices with leases in your DHCP server, but what happens if your (_hypothetical_) Ubiquity Edge Router X crashes and burns due to lack of disk space, and you loose track of all your leases? Well, you have to start from scratch, is what! + +And that [HomeAssistant](/recipes/homeassistant/) config, which you so carefully compiled, refers to each device by IP/DNS name, so you'd better make sure you recreate it consistently! + +Enter phpIPAM. A tool designed to help home keeps as well as large organisations keep track of their IP (_and VLAN, VRF, and AS number_) allocations. + +## Ingredients + +1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md) +2. [Traefik](/ha-docker-swarm/traefik_public) configured per design +3. DNS entry for the hostname (_i.e. "phpipam.your-domain.com"_) you intend to use for phpIPAM, pointed to your [keepalived](ha-docker-swarm/keepalived/) IPIP + +## Preparation + +### Setup data locations + +We'll need several directories to bind-mount into our container, so create them in /var/data/phpipam: + +``` +mkdir /var/data/phpipam/databases-dump -p +mkdir /var/data/runtime/phpipam -p +``` + +### Prepare environment + +Create phpipam.env, and populate with the following variables +``` +# Setup for github, phpipam application +OAUTH2_PROXY_CLIENT_ID= +OAUTH2_PROXY_CLIENT_SECRET= +OAUTH2_PROXY_COOKIE_SECRET= + +# For MariaDB/MySQL database +MYSQL_ROOT_PASSWORD=imtoosecretformyshorts +MYSQL_DATABASE=phpipam +MYSQL_USER=phpipam +MYSQL_PASSWORD=secret + +# phpIPAM-specific variables +MYSQL_ENV_MYSQL_USER=phpipam +MYSQL_ENV_MYSQL_PASSWORD=secret +MYSQL_ENV_MYSQL_DB=phpipam +MYSQL_ENV_MYSQL_HOST=db + +# For backup +BACKUP_NUM_KEEP=7 +BACKUP_FREQUENCY=1d +``` + +Additionally, create phpipam-backup.env, and populate with the following variables: + +``` +# For MariaDB/MySQL database +MYSQL_ROOT_PASSWORD=imtoosecretformyshorts +MYSQL_DATABASE=phpipam +MYSQL_USER=phpipam +MYSQL_PASSWORD=secret + +# For backup +BACKUP_NUM_KEEP=7 +BACKUP_FREQUENCY=1d +``` + +### Create nginx.conf + +I usually protect my stacks using an [oauth proxy](/reference/oauth_proxy/) container in front of the app. This protects me from either accidentally exposing a platform to the world, or having a insecure platform accessed and abused. + +In the case of phpIPAM, the oauth_proxy creates an additional complexity, since it passes the "Authorization" HTTP header to the phpIPAM container. phpIPAH then examines the header, determines that the provided username (_my email address associated with my oauth provider_) doesn't match a local user account, and denies me access without the opportunity to retry. + +The (_dirty_) solution I've come up with is to insert an Nginx instance in the path between the oauth_proxy and the phpIPAM container itself. Nginx can remove the authorization header, so that phpIPAM can prompt me to login with a web-based form. + +Create /var/data/phpipam/nginx.conf as follows: + + +``` +upstream app-upstream { + server app:80; +} + +server { + listen 80; + server_name ~.; + + # Just redirect everything to the upstream + # Yes, it's embarassing. We are just a mechanism to strip an AUTH header :( + location ^~ / { + proxy_pass http://app-upstream; + proxy_set_header Authorization ""; + } + +} +``` + +### Setup Docker Swarm + +Create a docker swarm config file in docker-compose syntax (v3), something like this: + +!!! tip + I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍 + + +``` +version: '3' + +services: + + db: + image: mariadb:10 + env_file: /var/data/config/phpipam/phpipam.env + networks: + - internal + volumes: + - /var/data/runtime/phpipam/db:/var/lib/mysql + + proxy: + image: funkypenguin/oauth2_proxy + env_file: /var/data/config/phpipam/phpipam.env + networks: + - internal + - traefik_public + deploy: + labels: + - traefik.frontend.rule=Host:phpipam.example.com + - traefik.docker.network=traefik_public + - traefik.port=4180 + volumes: + - /var/data/config/phpipam/authenticated-emails.txt:/authenticated-emails.txt + command: | + -cookie-secure=false + -upstream=http://nginx + -redirect-url=https://phpipam.example.com + -http-address=http://0.0.0.0:4180 + -email-domain=example.com + -provider=github + -authenticated-emails-file=/authenticated-emails.txt + + # Wait, what? Why do we have an oauth_proxy _and_ an nginx frontend for a simple webapp? + # Well, it's a long story. Basically, the phpipam container sees the "auth" headers passed by the + # oauth_proxy, and decides to use these exclusively to authenticate users. So no web-based login form, just "access denied" + # To work around this, we add nginx reverse proxy to the mix. A PITA, but an easy way to solve without altering the PHPIPAM code + nginx: + image: nginx:latest + networks: + - internal + volumes: + - /var/data/phpipam/nginx.conf:/etc/nginx/conf.d/default.conf:ro + + app: + image: pierrecdn/phpipam + env_file: /var/data/config/phpipam/phpipam.env + networks: + - internal + + db-backup: + image: mariadb:10 + env_file: /var/data/config/phpipam/phpipam.env + volumes: + - /var/data/phpipam/database-dump:/dump + - /etc/localtime:/etc/localtime:ro + entrypoint: | + bash -c 'bash -s < /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.sql.gz + (ls -t /dump/dump*.sql.gz|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.sql.gz)|sort|uniq -u|xargs rm -- {} + sleep $$BACKUP_FREQUENCY + done + EOF' + networks: + - internal + +networks: + traefik_public: + external: true + internal: + driver: overlay + ipam: + config: + - subnet: 172.16.47.0/24 +``` + +!!! note + Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here. + + + +## Serving + +### Launch phpIPAM stack + +Launch the phpIPAM stack by running ```docker stack deploy phpipam -c ``` + +Log into your new instance at https://**YOUR-FQDN**, and follow the on-screen prompts to set your first user/password. + +## Chef's Notes + +1. If you wanted to expose the phpIPAM UI directly, you could remove the oauth2_proxy and the nginx services from the design, and move the traefik_public-related labels directly to the phpipam container. You'd also need to add the traefik_public network to the phpipam container. + +### Tip your waiter (donate) 👏 + +Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏 + +### Your comments? 💬 diff --git a/manuscript/recipes/sso-stack/collabora.md b/manuscript/recipes/sso-stack/collabora.md deleted file mode 100644 index 7bd1155..0000000 --- a/manuscript/recipes/sso-stack/collabora.md +++ /dev/null @@ -1,100 +0,0 @@ -don't use special characetrs in your password - - -perl -pi -e "s/.*<\/termination>/${termination}<\/termination>/" /etc/loolwsd/loolwsd.xml - -Cretaed /var/data/collabora/loolwsd.xml and bind-mounted it for editing ssl bool = false - -docker-compose.yml - -``` -version: "3.0" - -services: - local-collabora: - image: funkypenguin/collabora - # the funkypenguin version has a patch to include "termination" behind SSL-terminating reverse proxy (traefik) - #image: collabora/code - env_file: /var/data/config/collabora/collabora.env - volumes: - - /var/data/collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml - cap_add: - - MKNOD - ports: - - 9980:9980 -``` - -nginx.conf - -``` -upstream collabora-upstream { - # Run collabora under docker-compose, since it needs MKNOD cap, which can't be provided by Docker - server 172.17.0.1:9980; -} - -server { - listen 80; - server_name collabora.observe.global; - - # static files - location ^~ /loleaflet { - proxy_pass http://collabora-upstream; - proxy_set_header Host $http_host; - } - - # WOPI discovery URL - location ^~ /hosting/discovery { - proxy_pass http://collabora-upstream; - proxy_set_header Host $http_host; - } - - # Main websocket - location ~ /lool/(.*)/ws$ { - proxy_pass http://collabora-upstream; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } - - # Admin Console websocket - location ^~ /lool/adminws { - proxy_buffering off; - proxy_pass http://collabora-upstream; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; - proxy_read_timeout 36000s; - } - - # download, presentation and image upload - location ~ /lool { - proxy_pass https://collabora-upstream; - proxy_set_header Host $http_host; - } -} -``` - -collabora.yml -``` -version: "3.0" - -services: - - nginx: - image: nginx:latest - networks: - - traefik_public - deploy: - labels: - - traefik.frontend.rule=Host:collabora.observe.global - - traefik.docker.network=traefik_public - - traefik.port=80 - - traefik.frontend.passHostHeader=true - volumes: - - /var/data/collabora/nginx.conf:/etc/nginx/conf.d/default.conf:ro - -networks: - traefik_public: - external: true -``` diff --git a/manuscript/reference/networks.md b/manuscript/reference/networks.md index f73c05f..5ef71ae 100644 --- a/manuscript/reference/networks.md +++ b/manuscript/reference/networks.md @@ -46,6 +46,7 @@ Network | Range [FlightAirMap](https://geek-cookbook.funkypenguin.co.nz/recipes/flightairmap/) |172.16.44.0/24 [Wetty](https://geek-cookbook.funkypenguin.co.nz/recipes/wetty/) | 172.16.45.0/24 [FileBrowser](https://geek-cookbook.funkypenguin.co.nz/recipes/filebrowser/) | 172.16.46.0/24 +[phpIPAM](https://geek-cookbook.funkypenguin.co.nz/recipes/phpipam/) | 172.16.47.0/24 ## Chef's Notes diff --git a/mkdocs.yml b/mkdocs.yml index 65154a8..38fa286 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -55,13 +55,16 @@ pages: - Heimdall: recipes/autopirate/heimdall.md - End: recipes/autopirate/end.md - Emby: recipes/emby.md - - Home Assistant: recipes/homeassistant.md + - Home Assistant: + - Start: recipes/homeassistant.md + - iBeacon: recipes/homeassistant/ibeacon.md - Huginn: recipes/huginn.md - Kanboard: recipes/kanboard.md - Miniflux: recipes/miniflux.md - Munin: recipes/munin.md - NextCloud: recipes/nextcloud.md - OwnTracks: recipes/owntracks.md + - phpIPAM: recipes/phpipam.md - Plex: recipes/plex.md - PrivateBin: recipes/privatebin.md - Swarmprom: recipes/swarmprom.md @@ -80,12 +83,13 @@ pages: - Monitoring: recipes/cryptominer/monitor.md - Profit!: recipes/cryptominer/profit.md - Calibre-Web: recipes/calibre-web.md +# - Collabora Online: recipes/collabora-online.md - Ghost: recipes/ghost.md - GitLab: recipes/gitlab.md - GitLab Runner: recipes/gitlab-runner.md - Gollum: recipes/gollum.md - InstaPy: recipes/instapy.md - - KeyCloak: recipes/keycloak.md + - KeyCloak: recipes/keycloak.md - OpenLDAP: recipes/openldap.md - Piwik: recipes/piwik.md - Portainer: recipes/portainer.md