Differences

This shows you the differences between two versions of the page.

Link to this comparison view

infrastructure:do2 [2020/04/11 12:01] (current)
Line 1: Line 1:
 +===== HSBNE Digital Ocean/​Docker Host (do2.hsbne.org) =====
 +
 +Do2 is a Digital Ocean Droplet (virtual machine) hosted in Singapore that runs some of HSBNE'​s external facing services.
 +
 +It is an ubuntu 17.10 installation that runs the services in separate Docker containers.
 +
 +Currently, it's running the following services/​containers and it is maintained by nog3.
 +
 +==== Forum: Discourse (local_discourse/​app) ====
 +
 +The discourse forum runs based on the official Discourse installation instructions. ​
 +
 +Changes from the default config file:
 +
 +There are a few extra lines added to the env: directive in the app.yml file, namely:
 +  * VIRTUAL_HOST:​ forum.hsbne.org
 +  * LETSENCRYPT_HOST:​ forum.hsbne.org
 +  * LETSENCRYPT_EMAIL:​ executive@hsbne.org
 +
 +The SMTP settings are directed to our sendgrid account (hsbne).
 +
 +==== Wiki: Dokuwiki (crazy-max/​dokuwiki) ====
 +
 +The wiki is Dokuwiki Release 2018-04-22b "​Greebo"​. It is run using the container'​s default instructions at https://​github.com/​crazy-max/​docker-dokuwiki,​ but with env vars VIRTUAL_HOST and LETSENCRYPT_HOST defined as wiki.hsbne.org which allows nginx-proxy and the ssl letsencrypt companion to manage ssl for it.
 +
 +The data for the wiki is deployed in /​var/​hsbnewiki,​ so the container must be run from /​var/​hsbnewiki for the data volume to map correctly. All data is now persisted OUTSIDE the container. Oorah!
 +
 +Old details:
 +The dockerfile installs the oauth plugin but generates the container in such a way that it stores the content of the wiki within the container. There'​s also the bootstrap3 theme and a few other plugins added manually after the fact.
 +
 +Long term, I would like to fix this.
 +==== HTTP Proxying (jwilder/​nginx-proxy) ====
 +
 +This docker container runs a copy of nginx inside it and ties together the wiki and discourse containers.
 +
 +It listens on port 80 and redirects traffic for the wiki and the forum to the right internal ports exposed by the docker containers. ​
 +
 +To know what Docker container to redirect traffic to, it checks an ENV variable on the container, VIRTUAL_HOST.
 +
 +==== SSL Management (jrcs/​letsencrypt-nginx-proxy-companion) ====
 +
 +letsencrypt-nginx-proxy-companion is a lightweight companion container for nginx-proxy. It allows the creation/​renewal of Let's Encrypt certificates automatically.
 +
 +It uses the Let's Encrypt service to automatically create/​renew a valid SSL certificate for virtual host(s) in a shared volume that nginx-proxy can serve up.
 +
 +It requires the following environment variables to enable Let's Encrypt support for a container being proxied. This environment variables need to be declared in each to-be-proxied application containers.
 +
 +  * LETSENCRYPT_HOST
 +  * LETSENCRYPT_EMAIL
 +
 +The LETSENCRYPT_HOST variable needs to be the same as the VIRTUAL_HOST variable and must be publicly reachable domains.
 +
 +==== Trellobot (cuongtransc/​trellobot) ====
 +Trellobot exists to push notifications from trello into Discord #​infra-notifications.
 +
 +It is a copy of https://​github.com/​cuongtransc/​trellobot stored in /​var/​trellobot,​ built from the folder with a custom config that defines which trello boards to watch and what channel to post into.
 +
 +It tracks the following trello events: ​
 +  * cardCreated
 +  * checklistItemMarkedComplete
 +  * commentAdded
 +  * cardArchived
 +  * checklistAddedToCard
 +
 +==== snipe-it (snipe/​snipe-it) ====
 +
 +This container is an asset management software we're evaluating. Its conf folder is exposed at /​var/​snipe/​conf/​ on the docker host. It has an mysql db container linked which exposes the mysql db files to /​var/​snipe/​mysql for backup.
 +
 +This was set up following modified instructions from https://​blog.networkprofile.org/​quick-and-easy-snipe-it-docker-deployment/​
 +
  
  • infrastructure/do2
  • Last modified: 4 years ago
  • (external edit)