diff options
Diffstat (limited to 'doc/md/docker')
-rw-r--r-- | doc/md/docker/docker-101.md | 78 | ||||
-rw-r--r-- | doc/md/docker/reverse-proxy-configuration.md | 116 | ||||
-rw-r--r-- | doc/md/docker/shaarli-images.md | 13 |
3 files changed, 204 insertions, 3 deletions
diff --git a/doc/md/docker/docker-101.md b/doc/md/docker/docker-101.md index b02dd149..a9c00b85 100644 --- a/doc/md/docker/docker-101.md +++ b/doc/md/docker/docker-101.md | |||
@@ -60,3 +60,81 @@ wheezy: Pulling from debian | |||
60 | Digest: sha256:c584131da2ac1948aa3e66468a4424b6aea2f33acba7cec0b631bdb56254c4fe | 60 | Digest: sha256:c584131da2ac1948aa3e66468a4424b6aea2f33acba7cec0b631bdb56254c4fe |
61 | Status: Downloaded newer image for debian:wheezy | 61 | Status: Downloaded newer image for debian:wheezy |
62 | ``` | 62 | ``` |
63 | |||
64 | Docker re-uses layers already downloaded. In other words if you have images based on Alpine or some Ubuntu version for example, those can share disk space. | ||
65 | |||
66 | ### Start a container | ||
67 | A container is an instance created from an image, that can be run and that keeps running until its main process exits. Or until the user stops the container. | ||
68 | |||
69 | The simplest way to start a container from image is ``docker run``. It also pulls the image for you if it is not locally available. For more advanced use, refer to ``docker create``. | ||
70 | |||
71 | Stopped containers are not destroyed, unless you specify ``--rm``. To view all created, running and stopped containers, enter: | ||
72 | ```bash | ||
73 | $ docker ps -a | ||
74 | ``` | ||
75 | |||
76 | Some containers may be designed or configured to be restarted, others are not. Also remember both network ports and volumes of a container are created on start, and not editable later. | ||
77 | |||
78 | ### Access a running container | ||
79 | A running container is accessible using ``docker exec``, or ``docker copy``. You can use ``exec`` to start a root shell in the Shaarli container: | ||
80 | ```bash | ||
81 | $ docker exec -ti <container-name-or-id> bash | ||
82 | ``` | ||
83 | Note the names and ID's of containers are listed in ``docker ps``. You can even type only one or two letters of the ID, given they are unique. | ||
84 | |||
85 | Access can also be through one or more network ports, or disk volumes. Both are specified on and fixed on ``docker create`` or ``run``. | ||
86 | |||
87 | You can view the console output of the main container process too: | ||
88 | ```bash | ||
89 | $ docker logs -f <container-name-or-id> | ||
90 | ``` | ||
91 | |||
92 | ### Docker disk use | ||
93 | Trying out different images can fill some gigabytes of disk quickly. Besides images, the docker volumes usually take up most disk space. | ||
94 | |||
95 | If you care only about trying out docker and not about what is running or saved, the following commands should help you out quickly if you run low on disk space: | ||
96 | |||
97 | ```bash | ||
98 | $ docker rmi -f $(docker images -aq) # remove or mark all images for disposal | ||
99 | $ docker volume rm $(docker volume ls -q) # remove all volumes | ||
100 | ``` | ||
101 | |||
102 | ### Systemd config | ||
103 | Systemd is the process manager of choice on Debian-based distributions. Once you have a ``docker`` service installed, you can use the following steps to set up Shaarli to run on system start. | ||
104 | |||
105 | ```bash | ||
106 | systemctl enable /etc/systemd/system/docker.shaarli.service | ||
107 | systemctl start docker.shaarli | ||
108 | systemctl status docker.* | ||
109 | journalctl -f # inspect system log if needed | ||
110 | ``` | ||
111 | |||
112 | You will need sudo or a root terminal to perform some or all of the steps above. Here are the contents for the service file: | ||
113 | ``` | ||
114 | [Unit] | ||
115 | Description=Shaarli Bookmark Manager Container | ||
116 | After=docker.service | ||
117 | Requires=docker.service | ||
118 | |||
119 | |||
120 | [Service] | ||
121 | Restart=always | ||
122 | |||
123 | # Put any environment you want in an included file, like $host- or $domainname in this example | ||
124 | EnvironmentFile=/etc/sysconfig/box-environment | ||
125 | |||
126 | # It's just an example.. | ||
127 | ExecStart=/usr/bin/docker run \ | ||
128 | -p 28010:80 \ | ||
129 | --name ${hostname}-shaarli \ | ||
130 | --hostname shaarli.${domainname} \ | ||
131 | -v /srv/docker-volumes-local/shaarli-data:/var/www/shaarli/data:rw \ | ||
132 | -v /etc/localtime:/etc/localtime:ro \ | ||
133 | shaarli/shaarli:latest | ||
134 | |||
135 | ExecStop=/usr/bin/docker rm -f ${hostname}-shaarli | ||
136 | |||
137 | |||
138 | [Install] | ||
139 | WantedBy=multi-user.target | ||
140 | ``` | ||
diff --git a/doc/md/docker/reverse-proxy-configuration.md b/doc/md/docker/reverse-proxy-configuration.md index 91ffecff..6066140e 100644 --- a/doc/md/docker/reverse-proxy-configuration.md +++ b/doc/md/docker/reverse-proxy-configuration.md | |||
@@ -1,6 +1,120 @@ | |||
1 | ## Foreword | ||
2 | |||
3 | This guide assumes that: | ||
4 | |||
5 | - Shaarli runs in a Docker container | ||
6 | - The host's `10080` port is mapped to the container's `80` port | ||
7 | - Shaarli's Fully Qualified Domain Name (FQDN) is `shaarli.domain.tld` | ||
8 | - HTTP traffic is redirected to HTTPS | ||
9 | |||
10 | ## Apache | ||
11 | |||
12 | - [Apache 2.4 documentation](https://httpd.apache.org/docs/2.4/) | ||
13 | - [mod_proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) | ||
14 | - [Reverse Proxy Request Headers](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#x-headers) | ||
15 | |||
16 | The following HTTP headers are set by using the `ProxyPass` directive: | ||
17 | |||
18 | - `X-Forwarded-For` | ||
19 | - `X-Forwarded-Host` | ||
20 | - `X-Forwarded-Server` | ||
21 | |||
22 | ```apache | ||
23 | <VirtualHost *:80> | ||
24 | ServerName shaarli.domain.tld | ||
25 | Redirect permanent / https://shaarli.domain.tld | ||
26 | </VirtualHost> | ||
27 | |||
28 | <VirtualHost *:443> | ||
29 | ServerName shaarli.domain.tld | ||
30 | |||
31 | SSLEngine on | ||
32 | SSLCertificateFile /path/to/cert | ||
33 | SSLCertificateKeyFile /path/to/certkey | ||
34 | |||
35 | LogLevel warn | ||
36 | ErrorLog /var/log/apache2/shaarli-error.log | ||
37 | CustomLog /var/log/apache2/shaarli-access.log combined | ||
38 | |||
39 | RequestHeader set X-Forwarded-Proto "https" | ||
40 | |||
41 | ProxyPass / http://127.0.0.1:10080/ | ||
42 | ProxyPassReverse / http://127.0.0.1:10080/ | ||
43 | </VirtualHost> | ||
44 | ``` | ||
1 | 45 | ||
2 | TODO, see https://github.com/shaarli/Shaarli/issues/888 | ||
3 | 46 | ||
4 | ## HAProxy | 47 | ## HAProxy |
5 | 48 | ||
49 | - [HAProxy documentation](https://cbonte.github.io/haproxy-dconv/) | ||
50 | |||
51 | ```conf | ||
52 | global | ||
53 | [...] | ||
54 | |||
55 | defaults | ||
56 | [...] | ||
57 | |||
58 | frontend http-in | ||
59 | bind :80 | ||
60 | redirect scheme https code 301 if !{ ssl_fc } | ||
61 | |||
62 | bind :443 ssl crt /path/to/cert.pem | ||
63 | |||
64 | default_backend shaarli | ||
65 | |||
66 | |||
67 | backend shaarli | ||
68 | mode http | ||
69 | option http-server-close | ||
70 | option forwardfor | ||
71 | reqadd X-Forwarded-Proto: https | ||
72 | |||
73 | server shaarli1 127.0.0.1:10080 | ||
74 | ``` | ||
75 | |||
76 | |||
6 | ## Nginx | 77 | ## Nginx |
78 | |||
79 | - [Nginx documentation](https://nginx.org/en/docs/) | ||
80 | |||
81 | ```nginx | ||
82 | http { | ||
83 | [...] | ||
84 | |||
85 | index index.html index.php; | ||
86 | |||
87 | root /home/john/web; | ||
88 | access_log /var/log/nginx/access.log; | ||
89 | error_log /var/log/nginx/error.log; | ||
90 | |||
91 | server { | ||
92 | listen 80; | ||
93 | server_name shaarli.domain.tld; | ||
94 | return 301 https://shaarli.domain.tld$request_uri; | ||
95 | } | ||
96 | |||
97 | server { | ||
98 | listen 443 ssl http2; | ||
99 | server_name shaarli.domain.tld; | ||
100 | |||
101 | ssl_certificate /path/to/cert | ||
102 | ssl_certificate_key /path/to/certkey | ||
103 | |||
104 | location / { | ||
105 | proxy_set_header X-Real-IP $remote_addr; | ||
106 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
107 | proxy_set_header X-Forwarded-Proto $scheme; | ||
108 | proxy_set_header X-Forwarded-Host $host; | ||
109 | |||
110 | proxy_pass http://localhost:10080/; | ||
111 | proxy_set_header Host $host; | ||
112 | proxy_connect_timeout 30s; | ||
113 | proxy_read_timeout 120s; | ||
114 | |||
115 | access_log /var/log/nginx/shaarli.access.log; | ||
116 | error_log /var/log/nginx/shaarli.error.log; | ||
117 | } | ||
118 | } | ||
119 | } | ||
120 | ``` | ||
diff --git a/doc/md/docker/shaarli-images.md b/doc/md/docker/shaarli-images.md index 6d108d21..1d19510a 100644 --- a/doc/md/docker/shaarli-images.md +++ b/doc/md/docker/shaarli-images.md | |||
@@ -5,14 +5,23 @@ The images can be found in the [`shaarli/shaarli`](https://hub.docker.com/r/shaa | |||
5 | repository. | 5 | repository. |
6 | 6 | ||
7 | ### Available image tags | 7 | ### Available image tags |
8 | - `latest`: master branch (tarball release) | 8 | - `latest`: latest branch (tarball release) |
9 | - `master`: master branch (tarball release) | ||
9 | - `stable`: stable branch (tarball release) | 10 | - `stable`: stable branch (tarball release) |
10 | 11 | ||
11 | All images rely on: | 12 | The `latest` and `master` images rely on: |
13 | |||
14 | - [Alpine Linux](https://www.alpinelinux.org/) | ||
15 | - [PHP7-FPM](http://php-fpm.org/) | ||
16 | - [Nginx](http://nginx.org/) | ||
17 | |||
18 | The `stable` image relies on: | ||
19 | |||
12 | - [Debian 8 Jessie](https://hub.docker.com/_/debian/) | 20 | - [Debian 8 Jessie](https://hub.docker.com/_/debian/) |
13 | - [PHP5-FPM](http://php-fpm.org/) | 21 | - [PHP5-FPM](http://php-fpm.org/) |
14 | - [Nginx](http://nginx.org/) | 22 | - [Nginx](http://nginx.org/) |
15 | 23 | ||
24 | |||
16 | ### Download from DockerHub | 25 | ### Download from DockerHub |
17 | ```bash | 26 | ```bash |
18 | $ docker pull shaarli/shaarli | 27 | $ docker pull shaarli/shaarli |