Skip to content
/ docker-web Public

My docker compose project for my Oracle Ampere A1 instance.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xiahualiu/docker-web

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
blog
blog
 
 
nginx/conf
nginx/conf
 
 
wireguard
wireguard
 
 
zola
zola
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Nginx Jenkins Zola Docker Compose

My docker compose project for my Oracle Ampere A1 instance.

It contains several docker containers:

  • Nginx container, for serving website content such as Jenkins and blog.
  • Certbot container, for obtaining and renewing website SSL certificates.
  • Jenkins container, CI of other projects.
  • Zola container, my blog site generator.

Why Docker containers

The most straight forward answer is for security reasons, because containers are isolated from each other and the OS, even if one of them is compromised by external attacks, the bad actor cannot obtain the whole access to the system data.

And with the docker compose file, it is easier to redeploy the same services on multiple machines.

Requirements

  • A domain name. (mine is fredrice.us)

Only with a domain name you can get the SSL certificate and harden your website.

  • Docker Compose version > 3.0.

Docker compose needs to be highier than 3.0 version.

  • WireGuard VPN

The Jenkins server is hosted behind the WireGuard VPN for security reason. In order be able to access the Jenkins control website, the user must first use WireGuard VPN to connect to the internal wg0 interface on the server.

The example WireGuard server and client configuration can be found under the wireguard folder. Because WireGuard takes advantages of the kernel module, it is better to have it installed directly on the bare metal OS.

  • Firewall allows port 80, 443, and of course, your SSH port. (You don't need to enable the WireGuard port system wide, as it is included in the PostUp section of the WireGuard configuration file)

There are different firewall applications for Linux distributions such as iptables and ufw, etc. Make sure the new firewall rules are persist, otherwise you will lose them after a reboot, for iptables you will need iptables-persistent.

Most cloud providers, such as Google Cloud Platform, AWS, Oracle Cloud, have extra firewall settings which are often part of the cloud "Virtual Networks" configuration. You should also change the firewall settings there to enable these ports.

Folder Structure

  • blog folder contains the the zola blog site.
  • nginx folder contains the log and configuration files for the Nginx service.
  • wireguard folder contains server/client configuration samples.
  • zola folder contains the Dockerfile for building the zola container.

Running Services

To start/stop the webserver & Jenkins server:

docker compose up webserver # --detach
docker compose down

To build the blog static site:

docker compose run zola build
docker compose restart webserver

To renew the SSL certificate:

docker compose run certbot renew

Disable any type of DNS proxy service before you run the renew command, if you are using CDN services such as Cloudflare.

About

My docker compose project for my Oracle Ampere A1 instance.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages