Differences
This shows you the differences between two versions of the page.
— |
infrastructure:do2 [2020/04/11 12:01] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== HSBNE Digital Ocean/Docker Host (do2.hsbne.org) ===== | ||
+ | |||
+ | Do2 is a Digital Ocean Droplet (virtual machine) hosted in Singapore that runs some of HSBNE's external facing services. | ||
+ | |||
+ | It is an ubuntu 17.10 installation that runs the services in separate Docker containers. | ||
+ | |||
+ | Currently, it's running the following services/containers and it is maintained by nog3. | ||
+ | |||
+ | ==== Forum: Discourse (local_discourse/app) ==== | ||
+ | |||
+ | The discourse forum runs based on the official Discourse installation instructions. | ||
+ | |||
+ | Changes from the default config file: | ||
+ | |||
+ | There are a few extra lines added to the env: directive in the app.yml file, namely: | ||
+ | * VIRTUAL_HOST: forum.hsbne.org | ||
+ | * LETSENCRYPT_HOST: forum.hsbne.org | ||
+ | * LETSENCRYPT_EMAIL: executive@hsbne.org | ||
+ | |||
+ | The SMTP settings are directed to our sendgrid account (hsbne). | ||
+ | |||
+ | ==== Wiki: Dokuwiki (crazy-max/dokuwiki) ==== | ||
+ | |||
+ | The wiki is Dokuwiki Release 2018-04-22b "Greebo". It is run using the container's default instructions at https://github.com/crazy-max/docker-dokuwiki, but with env vars VIRTUAL_HOST and LETSENCRYPT_HOST defined as wiki.hsbne.org which allows nginx-proxy and the ssl letsencrypt companion to manage ssl for it. | ||
+ | |||
+ | The data for the wiki is deployed in /var/hsbnewiki, so the container must be run from /var/hsbnewiki for the data volume to map correctly. All data is now persisted OUTSIDE the container. Oorah! | ||
+ | |||
+ | Old details: | ||
+ | The dockerfile installs the oauth plugin but generates the container in such a way that it stores the content of the wiki within the container. There's also the bootstrap3 theme and a few other plugins added manually after the fact. | ||
+ | |||
+ | Long term, I would like to fix this. | ||
+ | ==== HTTP Proxying (jwilder/nginx-proxy) ==== | ||
+ | |||
+ | This docker container runs a copy of nginx inside it and ties together the wiki and discourse containers. | ||
+ | |||
+ | It listens on port 80 and redirects traffic for the wiki and the forum to the right internal ports exposed by the docker containers. | ||
+ | |||
+ | To know what Docker container to redirect traffic to, it checks an ENV variable on the container, VIRTUAL_HOST. | ||
+ | |||
+ | ==== SSL Management (jrcs/letsencrypt-nginx-proxy-companion) ==== | ||
+ | |||
+ | letsencrypt-nginx-proxy-companion is a lightweight companion container for nginx-proxy. It allows the creation/renewal of Let's Encrypt certificates automatically. | ||
+ | |||
+ | It uses the Let's Encrypt service to automatically create/renew a valid SSL certificate for virtual host(s) in a shared volume that nginx-proxy can serve up. | ||
+ | |||
+ | It requires the following environment variables to enable Let's Encrypt support for a container being proxied. This environment variables need to be declared in each to-be-proxied application containers. | ||
+ | |||
+ | * LETSENCRYPT_HOST | ||
+ | * LETSENCRYPT_EMAIL | ||
+ | |||
+ | The LETSENCRYPT_HOST variable needs to be the same as the VIRTUAL_HOST variable and must be publicly reachable domains. | ||
+ | |||
+ | ==== Trellobot (cuongtransc/trellobot) ==== | ||
+ | Trellobot exists to push notifications from trello into Discord #infra-notifications. | ||
+ | |||
+ | It is a copy of https://github.com/cuongtransc/trellobot stored in /var/trellobot, built from the folder with a custom config that defines which trello boards to watch and what channel to post into. | ||
+ | |||
+ | It tracks the following trello events: | ||
+ | * cardCreated | ||
+ | * checklistItemMarkedComplete | ||
+ | * commentAdded | ||
+ | * cardArchived | ||
+ | * checklistAddedToCard | ||
+ | |||
+ | ==== snipe-it (snipe/snipe-it) ==== | ||
+ | |||
+ | This container is an asset management software we're evaluating. Its conf folder is exposed at /var/snipe/conf/ on the docker host. It has an mysql db container linked which exposes the mysql db files to /var/snipe/mysql for backup. | ||
+ | |||
+ | This was set up following modified instructions from https://blog.networkprofile.org/quick-and-easy-snipe-it-docker-deployment/ | ||
+ | |||
- infrastructure/do2
- Last modified: 4 years ago
- (external edit)