Difference between revisions of "Docker"
(→Unifi) |
(→Containers) |
||
(53 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
== Updating container == | == Updating container == | ||
+ | |||
+ | === Manually === | ||
+ | sudo docker pull <image> | ||
+ | sudo docker stop <container> | ||
+ | sudo docker rm <container> | ||
+ | <docker run command> | ||
+ | |||
+ | === Automatically === | ||
sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock taisun/updater --oneshot <container> | sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock taisun/updater --oneshot <container> | ||
== Containers == | == Containers == | ||
+ | |||
+ | === Portainer === | ||
+ | sudo docker run -d --name portainer \ | ||
+ | -p 8000:8000 -p 9443:9443 \ | ||
+ | -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/portainer:/data \ | ||
+ | -v /etc/ssl/bretts.org:/certs \ | ||
+ | --restart unless-stopped \ | ||
+ | portainer/portainer-ce \ | ||
+ | --sslcert /certs/fullchain.pem --sslkey /certs/key.pem | ||
+ | |||
=== Plex === | === Plex === | ||
+ | |||
+ | Get your claim token: https://www.plex.tv/claim/ | ||
+ | |||
+ | Create the container with the claim token substituted: | ||
sudo docker run -d --name plex --network=host -e PLEX_UID=111 -e PLEX_GID=127 -e TZ=Europe/London -e PLEX_CLAIM=<CLAIM_TOKEN> \ | sudo docker run -d --name plex --network=host -e PLEX_UID=111 -e PLEX_GID=127 -e TZ=Europe/London -e PLEX_CLAIM=<CLAIM_TOKEN> \ | ||
− | -v /var/lib/plexmediaserver:/config -v / | + | -v /var/lib/plexmediaserver:/config -v /srv:/srv --device=/dev/dri:/dev/dri \ |
+ | --restart unless-stopped \ | ||
plexinc/pms-docker:plexpass | plexinc/pms-docker:plexpass | ||
Line 18: | Line 41: | ||
sudo docker run -d --name tautulli -e PUID=127 -e PGID=138 -e TZ=Europe/London \ | sudo docker run -d --name tautulli -e PUID=127 -e PGID=138 -e TZ=Europe/London \ | ||
-p 8181:8181 \ | -p 8181:8181 \ | ||
− | -v /var/lib/torrent/tautulli/config:/config -v /var/lib/ | + | -v /var/lib/torrent/tautulli/config:/config -v /var/lib/plexmediaserver/Library/Logs:/logs \ |
--restart unless-stopped \ | --restart unless-stopped \ | ||
linuxserver/tautulli | linuxserver/tautulli | ||
Line 28: | Line 51: | ||
--restart unless-stopped \ | --restart unless-stopped \ | ||
linuxserver/jackett | linuxserver/jackett | ||
+ | |||
+ | === FlareSolverr (CloudFlare proxy bypass) === | ||
+ | sudo docker run -d --name=flaresolverr \ | ||
+ | -p 8191:8191 \ | ||
+ | -e LOG_LEVEL=info \ | ||
+ | --restart unless-stopped \ | ||
+ | ghcr.io/flaresolverr/flaresolverr:latest | ||
+ | |||
+ | === Deluge === | ||
+ | sudo docker run -d --name deluge -e PUID=127 -e PGID=138 -e TZ=Europe/London \ | ||
+ | --net=host \ | ||
+ | -v /var/lib/torrent/deluged/config:/config -v /srv/incoming/torrents/deluge:/srv/incoming/torrents/deluge \ | ||
+ | -v /etc/ssl/bretts.org:/etc/ssl/bretts.org \ | ||
+ | --restart unless-stopped \ | ||
+ | linuxserver/deluge | ||
+ | |||
+ | Since user groups don't seem to apply across the docker boundary, "torrent" will need to be given explicit permission to the private key file via an ACL: | ||
+ | setfacl -m "u:torrent:rw" /etc/ssl/bretts.org/key.pem | ||
=== Radarr (Movie Downloads) === | === Radarr (Movie Downloads) === | ||
sudo docker run -d --name radarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \ | sudo docker run -d --name radarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \ | ||
-p 7878:7878 \ | -p 7878:7878 \ | ||
− | -v /var/lib/torrent/radarr/config:/config -v / | + | -v /var/lib/torrent/radarr/config:/config -v /srv/videos/programs/movies:/movies -v /srv/incoming/torrents/deluge:/downloads \ |
--restart unless-stopped \ | --restart unless-stopped \ | ||
linuxserver/radarr | linuxserver/radarr | ||
Line 39: | Line 80: | ||
sudo docker run -d --name=sonarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \ | sudo docker run -d --name=sonarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \ | ||
-p 8989:8989 \ | -p 8989:8989 \ | ||
− | -v /var/lib/torrent/sonarr/config:/config -v / | + | -v /var/lib/torrent/sonarr/config:/config -v /srv/videos/programs/tv:/tv -v /srv/incoming/torrents/deluge:/downloads \ |
--restart unless-stopped \ | --restart unless-stopped \ | ||
linuxserver/sonarr | linuxserver/sonarr | ||
Line 45: | Line 86: | ||
=== Unifi === | === Unifi === | ||
sudo docker run -d --name=unifi-controller -e PUID=140 -e PGID=150 \ | sudo docker run -d --name=unifi-controller -e PUID=140 -e PGID=150 \ | ||
− | -p 3478:3478/udp -p 10001:10001/udp -p | + | -p 3478:3478/udp -p 10001:10001/udp -p 18080:18080 -p 18081:18081 -p 18443:18443 -p 18880:18880 -p 6789:6789 \ |
− | -v | + | -v /var/lib/unifi:/config \ |
--restart unless-stopped \ | --restart unless-stopped \ | ||
linuxserver/unifi-controller | linuxserver/unifi-controller | ||
− | === Home-Assistant ( | + | === Home-Assistant (as part of host network) === |
+ | sudo docker run -d --name=home-assistant -e TZ=Europe/London \ | ||
+ | --net=host \ | ||
+ | -v /var/lib/home-assistant/config:/config -v /srv:/media -v /etc/ssl/bretts.org:/etc/ssl/bretts.org -v /var/www/html/arlo-snapshots:/arlo-snapshots \ | ||
+ | --restart unless-stopped \ | ||
+ | homeassistant/home-assistant | ||
− | sudo docker | + | === Stash === |
− | + | sudo docker run -d --name stash \ | |
+ | -e STASH_GENERATED=/generated/ -e STASH_METADATA=/metadata/ -e STASH_CACHE=/cache/ \ | ||
+ | -e STASH_STASH=/data/ \ | ||
+ | -p 9999:9999 \ | ||
+ | -v /var/lib/stash:/root/.stash -v /var/lib/stash/metadata:/metadata -v /var/lib/stash/cache:/cache -v /var/lib/stash/blobs:/blobs -v /var/lib/stash/generated:/generated \ | ||
+ | -v /var/lib/stash/data:/data -v /srv/porn:/srv/porn -v /srv/incoming/torrents/deluge/porn:/srv/incoming/torrents/deluge/porn \ | ||
+ | -v /etc/localtime:/etc/localtime:ro \ | ||
+ | --restart unless-stopped \ | ||
+ | stashapp/stash | ||
− | == Tautulli slow to start == | + | === Atlassian === |
+ | |||
+ | ==== JIRA ==== | ||
+ | Note: In this instance JIRA is configured (with `-v`) using a named volume, rather than a bind mount | ||
+ | sudo docker volume create --name jira | ||
+ | sudo docker run -d --name=jira -e TZ=Europe/London \ | ||
+ | -e ATL_TOMCAT_SCHEME=https -e ATL_TOMCAT_SECURE=true -e ATL_PROXY_NAME=jira.bretts.org -e ATL_PROXY_PORT=443 \ | ||
+ | -p 7980:8080 \ | ||
+ | -v jira:/var/atlassian/application-data/jira \ | ||
+ | --restart unless-stopped \ | ||
+ | atlassian/jira-software | ||
+ | |||
+ | Docker JIRA runs with a uid and gid of 2001. To ensure they show up as a named user in the hosting system you can run: | ||
+ | sudo addgroup --gid 2001 jira-docker | ||
+ | sudo adduser --system --no-create-home --uid 2001 --gid 2001 jira-docker | ||
+ | |||
+ | ==== Bitbucket==== | ||
+ | Note: In this instance Bitbucket is configured (with `-v`) using a named volume, rather than a bind mount | ||
+ | sudo docker volume create --name bitbucket | ||
+ | sudo docker run -d --name=bitbucket -e TZ=Europe/London \ | ||
+ | -e SERVER_SCHEME=https -e SERVER_SECURE=true -e SERVER_PROXY_NAME=bitbucket.bretts.org -e SERVER_PROXY_PORT=443 \ | ||
+ | -p 7990:7990 -p 7999:7999 \ | ||
+ | -v bitbucket:/var/atlassian/application-data/bitbucket \ | ||
+ | --restart unless-stopped \ | ||
+ | atlassian/bitbucket-server | ||
+ | |||
+ | Docker Bitbucket runs with a uid and gid of 2003. To ensure they show up as a named user in the hosting system you can run: | ||
+ | sudo addgroup --gid 2003 bitbucket-docker | ||
+ | sudo adduser --system --no-create-home --uid 2003 --gid 2003 bitbucket-docker | ||
+ | |||
+ | ==== Bamboo ==== | ||
+ | Note: In this instance Bamboo is configured (with `-v`) using a named volume, rather than a bind mount | ||
+ | sudo docker volume create --name bamboo | ||
+ | sudo docker run -d --name=bamboo -e TZ=Europe/London \ | ||
+ | -p 54663:54663 -p 7970:8085 \ | ||
+ | -v bamboo:/var/atlassian/application-data/bamboo \ | ||
+ | --restart unless-stopped \ | ||
+ | atlassian/bamboo-server | ||
+ | |||
+ | ===== Limitations ===== | ||
+ | * Bamboo runs with a uid of 1000, which means it's likely to clash with a real user in the containing host | ||
+ | * Bamboo container doesn't support any reverse proxy configuration, which means hiding it behind nginx is likely to result in broken Application Links. This can be worked around by manually editing /opt/atlassian/bamboo/conf/server.xml, but those changes will be overwritten on every container upgrade. | ||
+ | |||
+ | == Tips / Fixes == | ||
+ | |||
+ | === Tautulli slow to start === | ||
This may be due to an attempt to chown a large number of files. | This may be due to an attempt to chown a large number of files. | ||
Login to the container: | Login to the container: | ||
sudo docker exec -it <container> /bin/bash | sudo docker exec -it <container> /bin/bash | ||
Disable the chown step by editing <code>/etc/cont-init.d/30-config</code> and commenting out the chown command. | Disable the chown step by editing <code>/etc/cont-init.d/30-config</code> and commenting out the chown command. | ||
+ | |||
+ | === Adding an SSL cert for Unifi === | ||
+ | sudo openssl pkcs12 -export -inkey /etc/ssl/bretts.org/key.pem -in /etc/ssl/bretts.org/fullchain.pem -out /tmp/cert.p12 -name unifi -password pass:temppass | ||
+ | sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/data/keystore -srckeystore /tmp/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt | ||
+ | sudo docker restart unifi-controller | ||
+ | sudo rm /tmp/cert.p12 | ||
+ | |||
+ | === Local DNS resolution fails on docker 18.09 === | ||
+ | This may be the result of a bug: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1820278. Normally the container's /etc/resolv.conf should mirror that of the host, but in this case it seems to just be a default version. As a workaround, create /etc/docker/daemon.json with the following contents: | ||
+ | |||
+ | { | ||
+ | "dns": ["192.168.1.1", "8.8.8.8"], | ||
+ | "dns-search": ["bretts.org"] | ||
+ | } |
Latest revision as of 06:09, 4 December 2024
Contents
- 1 Useful Commands
- 2 Updating container
- 3 Containers
- 4 Tips / Fixes
Useful Commands
- docker ps -a
- List all containers
- docker container inspect <container>
- Show details of <container>
- docker logs <container>
- Show logs for <container>
- docker exec -it <container> /bin/bash
- Start an interactive shell in <container>
Updating container
Manually
sudo docker pull <image> sudo docker stop <container> sudo docker rm <container> <docker run command>
Automatically
sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock taisun/updater --oneshot <container>
Containers
Portainer
sudo docker run -d --name portainer \ -p 8000:8000 -p 9443:9443 \ -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/portainer:/data \ -v /etc/ssl/bretts.org:/certs \ --restart unless-stopped \ portainer/portainer-ce \ --sslcert /certs/fullchain.pem --sslkey /certs/key.pem
Plex
Get your claim token: https://www.plex.tv/claim/
Create the container with the claim token substituted:
sudo docker run -d --name plex --network=host -e PLEX_UID=111 -e PLEX_GID=127 -e TZ=Europe/London -e PLEX_CLAIM=<CLAIM_TOKEN> \ -v /var/lib/plexmediaserver:/config -v /srv:/srv --device=/dev/dri:/dev/dri \ --restart unless-stopped \ plexinc/pms-docker:plexpass
Tautulli (Plex Monitoring/Notifications)
sudo docker run -d --name tautulli -e PUID=127 -e PGID=138 -e TZ=Europe/London \ -p 8181:8181 \ -v /var/lib/torrent/tautulli/config:/config -v /var/lib/plexmediaserver/Library/Logs:/logs \ --restart unless-stopped \ linuxserver/tautulli
Jackett (Torrent Gateway)
sudo docker run -d --name=jackett -e PUID=127 -e PGID=138 -e TZ=Europe/London \ -p 9117:9117 \ -v /var/lib/torrent/jackett/config:/config -v /var/lib/torrent/jackett/downloads:/downloads \ --restart unless-stopped \ linuxserver/jackett
FlareSolverr (CloudFlare proxy bypass)
sudo docker run -d --name=flaresolverr \ -p 8191:8191 \ -e LOG_LEVEL=info \ --restart unless-stopped \ ghcr.io/flaresolverr/flaresolverr:latest
Deluge
sudo docker run -d --name deluge -e PUID=127 -e PGID=138 -e TZ=Europe/London \ --net=host \ -v /var/lib/torrent/deluged/config:/config -v /srv/incoming/torrents/deluge:/srv/incoming/torrents/deluge \ -v /etc/ssl/bretts.org:/etc/ssl/bretts.org \ --restart unless-stopped \ linuxserver/deluge
Since user groups don't seem to apply across the docker boundary, "torrent" will need to be given explicit permission to the private key file via an ACL:
setfacl -m "u:torrent:rw" /etc/ssl/bretts.org/key.pem
Radarr (Movie Downloads)
sudo docker run -d --name radarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \ -p 7878:7878 \ -v /var/lib/torrent/radarr/config:/config -v /srv/videos/programs/movies:/movies -v /srv/incoming/torrents/deluge:/downloads \ --restart unless-stopped \ linuxserver/radarr
Sonarr (TV Downloads)
sudo docker run -d --name=sonarr -e PUID=127 -e PGID=138 -e TZ=Europe/London \ -p 8989:8989 \ -v /var/lib/torrent/sonarr/config:/config -v /srv/videos/programs/tv:/tv -v /srv/incoming/torrents/deluge:/downloads \ --restart unless-stopped \ linuxserver/sonarr
Unifi
sudo docker run -d --name=unifi-controller -e PUID=140 -e PGID=150 \ -p 3478:3478/udp -p 10001:10001/udp -p 18080:18080 -p 18081:18081 -p 18443:18443 -p 18880:18880 -p 6789:6789 \ -v /var/lib/unifi:/config \ --restart unless-stopped \ linuxserver/unifi-controller
Home-Assistant (as part of host network)
sudo docker run -d --name=home-assistant -e TZ=Europe/London \ --net=host \ -v /var/lib/home-assistant/config:/config -v /srv:/media -v /etc/ssl/bretts.org:/etc/ssl/bretts.org -v /var/www/html/arlo-snapshots:/arlo-snapshots \ --restart unless-stopped \ homeassistant/home-assistant
Stash
sudo docker run -d --name stash \ -e STASH_GENERATED=/generated/ -e STASH_METADATA=/metadata/ -e STASH_CACHE=/cache/ \ -e STASH_STASH=/data/ \ -p 9999:9999 \ -v /var/lib/stash:/root/.stash -v /var/lib/stash/metadata:/metadata -v /var/lib/stash/cache:/cache -v /var/lib/stash/blobs:/blobs -v /var/lib/stash/generated:/generated \ -v /var/lib/stash/data:/data -v /srv/porn:/srv/porn -v /srv/incoming/torrents/deluge/porn:/srv/incoming/torrents/deluge/porn \ -v /etc/localtime:/etc/localtime:ro \ --restart unless-stopped \ stashapp/stash
Atlassian
JIRA
Note: In this instance JIRA is configured (with `-v`) using a named volume, rather than a bind mount
sudo docker volume create --name jira sudo docker run -d --name=jira -e TZ=Europe/London \ -e ATL_TOMCAT_SCHEME=https -e ATL_TOMCAT_SECURE=true -e ATL_PROXY_NAME=jira.bretts.org -e ATL_PROXY_PORT=443 \ -p 7980:8080 \ -v jira:/var/atlassian/application-data/jira \ --restart unless-stopped \ atlassian/jira-software
Docker JIRA runs with a uid and gid of 2001. To ensure they show up as a named user in the hosting system you can run:
sudo addgroup --gid 2001 jira-docker sudo adduser --system --no-create-home --uid 2001 --gid 2001 jira-docker
Bitbucket
Note: In this instance Bitbucket is configured (with `-v`) using a named volume, rather than a bind mount
sudo docker volume create --name bitbucket sudo docker run -d --name=bitbucket -e TZ=Europe/London \ -e SERVER_SCHEME=https -e SERVER_SECURE=true -e SERVER_PROXY_NAME=bitbucket.bretts.org -e SERVER_PROXY_PORT=443 \ -p 7990:7990 -p 7999:7999 \ -v bitbucket:/var/atlassian/application-data/bitbucket \ --restart unless-stopped \ atlassian/bitbucket-server
Docker Bitbucket runs with a uid and gid of 2003. To ensure they show up as a named user in the hosting system you can run:
sudo addgroup --gid 2003 bitbucket-docker sudo adduser --system --no-create-home --uid 2003 --gid 2003 bitbucket-docker
Bamboo
Note: In this instance Bamboo is configured (with `-v`) using a named volume, rather than a bind mount
sudo docker volume create --name bamboo sudo docker run -d --name=bamboo -e TZ=Europe/London \ -p 54663:54663 -p 7970:8085 \ -v bamboo:/var/atlassian/application-data/bamboo \ --restart unless-stopped \ atlassian/bamboo-server
Limitations
- Bamboo runs with a uid of 1000, which means it's likely to clash with a real user in the containing host
- Bamboo container doesn't support any reverse proxy configuration, which means hiding it behind nginx is likely to result in broken Application Links. This can be worked around by manually editing /opt/atlassian/bamboo/conf/server.xml, but those changes will be overwritten on every container upgrade.
Tips / Fixes
Tautulli slow to start
This may be due to an attempt to chown a large number of files. Login to the container:
sudo docker exec -it <container> /bin/bash
Disable the chown step by editing /etc/cont-init.d/30-config
and commenting out the chown command.
Adding an SSL cert for Unifi
sudo openssl pkcs12 -export -inkey /etc/ssl/bretts.org/key.pem -in /etc/ssl/bretts.org/fullchain.pem -out /tmp/cert.p12 -name unifi -password pass:temppass sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/data/keystore -srckeystore /tmp/cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt sudo docker restart unifi-controller sudo rm /tmp/cert.p12
Local DNS resolution fails on docker 18.09
This may be the result of a bug: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1820278. Normally the container's /etc/resolv.conf should mirror that of the host, but in this case it seems to just be a default version. As a workaround, create /etc/docker/daemon.json with the following contents:
{ "dns": ["192.168.1.1", "8.8.8.8"], "dns-search": ["bretts.org"] }