|
|
|
infrastructure:do2 [2017/04/08 23:01]
|
infrastructure:do2 [2020/04/11 12:01]
|
| ===== HSBNE Digital Ocean/Docker Host (do2.hsbne.org) ===== | |
| |
| Do2 is a Digital Ocean Droplet (virtual machine) hosted in Singapore that runs some of HSBNE's external facing services. | |
| |
| It is an ubuntu 15.10 installation that runs the services in separate Docker containers. | |
| |
| Currently, it's running the following services/containers and it is maintained by nog3. | |
| |
| ==== Forum: Discourse (local_discourse/app) ==== | |
| |
| The discourse forum runs based on the official Discourse installation instructions. | |
| |
| Changes from the default config file: | |
| |
| There are a few extra lines added to the env: directive in the app.yml file, namely: | |
| * VIRTUAL_HOST: forum.hsbne.org | |
| * LETSENCRYPT_HOST: forum.hsbne.org | |
| * LETSENCRYPT_EMAIL: executive@hsbne.org | |
| |
| The SMTP settings are directed to our sendgrid account (hsbne). | |
| |
| |
| |
| ==== Wiki: Dokuwiki (nog3/hsbne-dokuwiki) ==== | |
| |
| The wiki is Dokuwiki Release 2016-06-26b “Elenor of Tsort” in a custom docker container. It is run with an env variable from the docker run command of VIRTUAL_HOST:wiki.hsbne.org | |
| |
| It is automatically built from a customized Dockerfile in https://github.com/nog3/HSBNE-dokuwiki on Docker Hub's automatic building service. | |
| |
| The dockerfile installs the oauth plugin but generates the container in such a way that it stores the content of the wiki within the container. There's also the bootstrap3 theme and a few other plugins added manually after the fact. | |
| |
| Long term, I would like to fix this. | |
| ==== HTTP Proxying (jwilder/nginx-proxy) ==== | |
| |
| This docker container runs a copy of nginx inside it and ties together the wiki and discourse containers. | |
| |
| It listens on port 80 and redirects traffic for the wiki and the forum to the right internal ports exposed by the docker containers. | |
| |
| To know what Docker container to redirect traffic to, it checks an ENV variable on the container, VIRTUAL_HOST. | |
| |
| ==== SSL Management (jrcs/letsencrypt-nginx-proxy-companion) ==== | |
| |
| letsencrypt-nginx-proxy-companion is a lightweight companion container for nginx-proxy. It allows the creation/renewal of Let's Encrypt certificates automatically. | |
| |
| It uses the Let's Encrypt service to automatically create/renew a valid SSL certificate for virtual host(s) in a shared volume that nginx-proxy can serve up. | |
| |
| It requires the following environment variables to enable Let's Encrypt support for a container being proxied. This environment variables need to be declared in each to-be-proxied application containers. | |
| |
| * LETSENCRYPT_HOST | |
| * LETSENCRYPT_EMAIL | |
| |
| The LETSENCRYPT_HOST variable most likely needs to be the same as the VIRTUAL_HOST variable and must be publicly reachable domains | |
| |
| |
| |
| |
| |