public-websites-docker
Selfhosting personal static websites powered by private web analytics and private comments platform
This project shows how to configure a selfhosted server with internet access for selfhosting our static websites/blogs (for example created with Jekyll along with dynamic web services providing the capabilities to enable comments within our static sites and to track the number of visitors or the most viewed pages in our website.
This project enables to automatically deploy using Docker the following components:
- Traefik as HTTP/HTTPS reverse proxy. Traefik is the front-end for all backend web services
- remark42 as commenting platform for supporting comments in our posts
- matomo as web analytics platform for tracking visitors in our websites.
- Personal static website, automatically generated with Jekyll and exposed by a static HTTP server like nginx or apache. As alternative personal websites can be hosted in third party static web hosting provider like Github Pages.
Why Docker
Docker, as container platform, enables the portability of the software between different hosting environments (bare metal, VM, etc.), so any kind of selfhosted platform can be used: a VM running on a Cloud Service Provider or a baremetal server with internet access like a Raspberry PI.
Why Traefik
For securing the access through HTTPS using SSL certificates, Traefik will be used.
Traefik is a Docker-aware reverse proxy with a monitoring dashboard. Traefik also handles setting up your SSL certificates using Let’s Encrypt allowing you to securely serve everything over HTTPS. Docker-aware means that Traefik is able to discover docker containers and using labels assigned to those containers automatically configure the routing and SSL certificates to each service. See Traefik documentation about docker provider.
Why Matomo
Matomo is a selfhost alternative to Google Analytics service. It provides a better way to protect user's data privacy (user's data is not shared with any third party) and it can work in cookieless mode.
Why remark42
Remark is a seflhost alternative to other comments platforms (Disqus, Commento) that is free. It also provide a better way to protect user's data privacy and it enables social login (via Google, Twitter, Facebook, Microsoft, GitHub, Yandex, Patreon and Telegram) or post anonymous comments.
Requirements
For selfhosting your websites you need:
- DNS domain owned by you. Different DNS subdomains need to be assigned to each of the published web services (matomo, remark42, personal website). Traefik rules will use the DNS domain information to route the HTTP/HTTPS traffic to the proper backend web service.
- Linux VM hosted in a Public Cloud Service Provider, with associated public IP address.
- Linux VM or baremetal server hosted by you in your home network. In this case you will use the Public IP address assigned by your ISP.
Enabling Internet Access
Traefik front end need to be accesible from the Internet. Incoming HTTP/HTTPS (tcp ports 80 and 443) traffic need to be enabled and so the server.
Using Cloud Service Provider
In case of using a Cloud Service Provided, the IP address assigned to the VM for hosting the websites need to be created wih an external IP (public IP address) and the corresponding security rules (i.e.: security groups) need to be configured to enable the incoming HTTP/HTTPS traffic.
Selfhosting at home network
At home usually the ISP provide a public IP address to your home router (GPON or ADSL router) and the router provide internet access to your home network via NAT. Incoming traffic on HTTP/HTTPS ports for your home network is usually blocked by the home router.
Home router port forwarding must be enabled in order to reach a host in your home network from Internet. Traffic incoming to ports 80 (HTTP) and 443 (HTTPS) will be redirected to the IP address of the server at your home network hosting the websites.
Enable port forwarding for TCP ports 80/443 to server_ip (IP from your home network) associated to the server at home network.
| WAN Port | LAN IP | LAN Port |
|---|---|---|
| 80 | server_ip |
80 |
| 443 | server_ip |
443 |
Configure OS level Firewall
Configure local firewall at OS level to enable the incoming traffic on ports 80 and 443
For example: in case of Ubuntu OS, Ubuntu's embedded firewall (ufw) need to be configured, allowing only incoming SSH, HTTP and HTTPS traffic.
sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
If the OS is configured with Iptables rules by default (i.e.: Oracle Cloud Ubuntu's VM are created with ufw disabled but wiht Iptables configured), Iptables rules need to be added to enable the incoming traffic
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --match multiport --dports 80,443 -j ACCEPT
sudo netfilter-persistent save
DNS configuration
Using your DNS provider, add the DNS records of the webservices you want to publish pointing to the public IP address of the server.
In case of using a Cloud Service Provided, the IP address assigned to the VM created. VM need to be created with a external IP (public IP address).
In case of hosting at home the IP address assigned by your ISP (public IP address of your home network)
In case of ISP is using dynmaic IP public addresses, Dynamic DNS must be configured to keep up to date the DNS records mapped to the assigned public IP addresses
Configure Dynamic DNS (Selfhosting at home)
In case that your ISP only provide you dynamic IP address, IP address associated to DNS records need to be dynamically updated. Most DNS providers supports DynDNS with an open protocol Domain Connect enabling the automatic DNS update ousing the IP public address assigned by the ISP. For example IONOS DNS provider provides the following instructions to configure DynDNS
Step 1: Install python package
pip3 install domain-connect-dyndnsStep 2: Configure domain to be dynamically updated
domain-connect-dyndns setup --domain <your-domain>Step 3: Update it
domain-connect-dyndns update --all
Docker configuration
Installing docker and docker-compose
Docker and docker compose need to be installed on the server. Ansible can be used to automatically deploy docker and docker compose on the server
Create docker networks
Create a couple of docker network to interconnect all docker containers:
docker network create frontend
docker network create backend
Containers accesing to frontend network are the only ones that are exposing its ports to the host. Since the host will have internet acces, those exposed services will be accesible from Internet. Traefik container will be the only container to be attached to this network.
Containers accesing to backend network are not exposing any port to the server and so they are not accesible directly form internet. All backend containers will be attached to this network.
Configuring and running Traefik with Docker
Traefik discovers automatically the routing configuration to be applied to each backend service, through the annotations specified in each of the backend containers (labels section in docker-compose file).
Securing access to Docker API
For doing the automatic discovery of services, Traefik requires access to the docker socket to get its dynamic configuration. As Traefik official documentation states, "Accessing the Docker API without any restriction is a security concern: If Traefik is attacked, then the attacker might get access to the underlying host".
There are several mechanisms to secure the access to Docker API, one of them is the use of a docker proxy like the one provided by Tecnativa, Tecnativa's Docker Socket Proxy. Instead of allowing our publicly-facing Traefik container full access to the Docker socket file, we can instead proxy only the API calls we need with Tecnativa’s Docker Socket Proxy project. This ensures Docker’s socket file is never exposed to the public along with all the headaches doing so could cause an unknowing site owner.
Setting up Docker Socket Proxy. In the home directory create initial docker-compose.yaml file
version: "3.8"
services:
dockerproxy:
container_name: docker-proxy
environment:
CONTAINERS: 1
image: tecnativa/docker-socket-proxy
networks:
- backend
ports:
- 2375
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
backend:
external: true
Create folders and basic traefik configuration
Step create traefik directory within User's home directory
mkdir ~/traefik
Create Traefik configuration file
traefik.ymlapi: dashboard: true debug: false entryPoints: http: address: ":80" https: address: ":443" providers: docker: endpoint: "tcp://docker-proxy:2375" watch: true exposedbydefault: false network: backend certificatesResolvers: http: acme: email: [email protected] storage: acme.json httpChallenge: entryPoint: httpThis configuration file:
- Enables Traefik dashoard (
api.dashboard= true) - Configure Traefik HTTP and HTTPS default ports as entry points (
entryPoints) - Configure Docker as provider (
providers.docker). Instead of using docker socket file, it uses asendpointthe Socket Proxy. Do not expose the containers by default (exposedbydefault), unless specified at container level with a label (traefik.enable=true), and usebackendnetwork as default for communicating with all containers. - Configure Traefik to automatically generate SSL certificates using Let's Encrypt (
certificatesResolvers). ACME protocol is configured to use http challenge.
- Enables Traefik dashoard (
Create empty
acme.jsonfile used to store SSL certificates generated by Traefik.touch acme.json chmod 600 acme.json
Add Traefik service to docker-compose.yml file
services:
traefik:
depends_on:
- dockerproxy
image: traefik
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- frontend
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- ./traefik/traefik.yml:/traefik.yml:ro
- ./traefik/acme.json:/acme.json
Annotating containers with Traefik rules
Traefik discovers automatically the routing configuration to be applied to each backend service, through the annotations specified in each of the backend containers (labels section in docker-compose file).
For example, to configure access to a backend service exposed at myservice.domain.com Traefik router rules must be specified to redirect the traffik to the proper container. Additionally routing modifiers (middlewares) can be used for redirecting HTTP to HTTPS traffic or to apply an authentication method.
For each backend service exposed through Traefik, a couple of router rules can be specified (one for handling HTTP traffic and another for handling HTTPS)
Router for HTTP incoming traffic. Router rule name: will be the
<service_name>whereservice_nameis the associated service in the docker-compose file.traefik.http.routers.<service_name>.rule=Host(<service_domain>)traefik.http.routers.<service_name>.entrypoint=httptraefik.http.routers.<service_name>.middlewares=<service_name>-https-redirecttraefik.http.middlewares.<service_name>-https-redirect.redirectscheme.scheme=https
Where
specifies that the incoming traffic to that domain must be redirected to the container. And the configured
middlewareredirect all HTTP incoming traffic to the HTTPS entry point, and so to the HTTPS router rule.Router for HTTPS incoming traffic. Router rule name: will be
<service_name>-securetraefik.http.routers.<service_name>-secure.rule=Host(<service_domain>)traefik.http.routers.<service_name>-secure.entrypoint=httpstraefik.http.routers.<service_name>-secure.tls=true: Enabling TLS certificates generationtraefik.http.routers.<service_name>-secure>.tls.certresolver=http: Issue the SSL certificate with the resolver specified in Traefik configuration (traefik.yml): Let's Encrypt (ACME protocol) with HTTP challenge.
Additionally we need to tell Traefik which port of the container is being used.
traefik.http.services.<service_name>.loadbalancer.server.port=<backend_port>. Use container portto redirect all the traffic.
...
my_service:
labels:
# Explicitly tell Traefik to expose this container
- "traefik.enable=true"
# The domain the service will respond to
- "traefik.http.routers.whoami.rule=Host(`whoami.domain.com`)"
# Allow request only from the predefined entry point named "http"
- "traefik.http.routers.whoami.entrypoints=http"
# Redirect all incoming http traffic to HTTPS
- "traefik.http.routers.whoami.middlewares=whoami-https-redirect"
- "traefik.http.middlewares.whoami-https-redirect.redirectscheme.scheme=https"
# Domain used for secure routing configuration
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.domain.com`)"
# Allow requests in the predefined entry point "https"
- `traefik.http.routers.whoami-secure.entrypoint=https`
# Enabling TLS certificates generation
- "traefik.http.routers.whoami-secure.tls=true"
# Use SSL certificate resolver specified in configuration (Lets Encrypt)
- "traefik.http.routers.whoami-secure.tls.certresolver=http`
Configuring basic authentication access to Traefik dashboard
Traefik dashboard will be enabled. By default it does not provide any authentication mechanisms. Traefik HTTP basic authentication mechanims will be used.
In case that the backend does not provide authentication/authorization functionality, Traefik can be configured to provide HTTP authentication mechanism (basic authentication, digest and forward authentication).
Traefik's Basic Auth Middleware for providing basic auth HTTP authentication.
User:hashed-passwords pairs needed by the middleware can be generated with htpasswd utility. The command to execute is:
htpasswd -nb <user> <passwd>
htpasswd utility is part of apache2-utils package. In order to execute the command it can be installed with the command: sudo apt install apache2-utils
As an alternative, docker image can be used and the command to generate the user:hashed-password pairs is:
docker run --rm -it --entrypoint /usr/local/apache2/bin/htpasswd httpd:alpine -nb user password
For example:
htpasswd -nb admin secretpassword
admin:$apr1$3bVLXoBF$7rHNxHT2cLZLOr57lHBOv1
Add Traefik service to docker-compose.yml file
services:
traefik:
depends_on:
- dockerproxy
image: traefik
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- frontend
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- ./traefik/traefik.yml:/traefik.yml:ro
- ./traefik/acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`monitor.yourdomain.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$3bVLXoBF$$7rHNxHT2cLZLOr57lHBOv1"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`monitor.yourdomain.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
Where:
- Replace
monitor.yourdomain.comintraefik.http.routers.traefik.ruleandtraefik.http.routers.traefik-secure.rulelabels by your domain - Replace htpasswd pair generated before in
traefik.http.middlewares.traefik-auth.basicauth.userslabel.NOTE: If te resulting string has any
$you will need to modify them to be$$- this is because docker-compose uses$to signify a variable. By adding$$we still docker-compose that it’s actually a$in the string and not a variable.)
This configuration will start Traefik service and enabling its dashboard at monitor.yourdomain.com. Enabling HTTPS, generating a TLS and redirecting all HTTP traffic to HTTPS.
Configuring and running web analytics service (Matomo) behind Traefik
Matomo service is composed of two containers:
- SQL database (MariaDB)
- Apache-based PHP website
Step 1: Create matomo directories within User's home directory
mkdir ~/matomo mkdir -p ~/matomo/db mkdir -p ~/matomo/www-data
matomo/dbis a host directory to be used as docker bind mount for storing MariaDB's datamatomo/www-datais a host directory to be used as docker bind mount for storing Matomo's websiteStep 2: Create environment file
This file will contain environment variables for the two containers
~/matomo/db.envMYSQL_ROOT_PASSWORD=<mysql_root_user_password> MYSQL_DATABASE=matomo MYSQL_USER=matomo MYSQL_PASSWORD=<matomo_user_password> MATOMO_DATABASE_ADAPTER=mysql MATOMO_DATABASE_TABLES_PREFIX=matomo_ MATOMO_DATABASE_USERNAME=matomo MATOMO_DATABASE_PASSWORD=<matomo_user_password> MATOMO_DATABASE_DBNAME=matomoThis environment files contains MariaDB root user credentials
MYSQL_ROOT_PASSWORDand the database name (matomo) and the user (matomo) credentials to be used by Matomo.Step 3: Add MariaDB service to docker-compose.yml file
db: image: mariadb container_name: mariadb networks: - backend command: --max-allowed-packet=64MB restart: always volumes: - ./matomo/db:/var/lib/mysql env_file: - ./matomo/db.envNOTE: MariaDB container connected only to
backenddocker network. Host's matomo/db directory is mounted as MariaDB data base direcoty/var/lib/mysqlStep 4: Add annotated Matomo container to docker-compose.yml file
matomo: depends_on: - db image: matomo container_name: matomo restart: always networks: - backend volumes: - ./matomo/www-data:/var/www/html environment: - MATOMO_DATABASE_HOST=db env_file: - ./matomo/db.env ports: - target: 80 protocol: tcp labels: - "traefik.enable=true" - "traefik.http.routers.matomo.entrypoints=http" - "traefik.http.routers.matomo.rule=Host(`matomo.yourdomain.com`)" - "traefik.http.middlewares.matomo-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.matomo.middlewares=matomo-https-redirect" - "traefik.http.routers.matomo-secure.entrypoints=https" - "traefik.http.routers.matomo-secure.rule=Host(`matomo.yourdoamin.com`)" - "traefik.http.routers.matomo-secure.tls=true" - "traefik.http.routers.matomo-secure.tls.certresolver=http" - "traefik.http.routers.matomo-secure.service=matomo" - "traefik.http.services.matomo.loadbalancer.server.port=80"NOTE: matomo container connected only to
backenddocker network. Host's matomo/www directory is mounted as Apaches's website directory `/var/www/html.Container annotated to be discovered by Traefik, exposing container tcp port 80, and creating the Traefik's rules to route the incoming traffic to Matomo's URL (
matomo.yourdomain.com)Step 5: Finishing Matomo installation
In order to finalize Matomo installation, Apache web server running on
matomo.yourdomain.comneed to be accesed and the procedure described in the official documentation must be followed.For doing so you need to run the containers with the commad:
docker-compose up -d
Configuring and running comments platform (remark42) behind Traefik
Step 1: Create remark42 directories within User's home directory
mkdir ~/remark42 mkdir -p ~/remark42/var
remartk/varis a host directory to be used as docker bind mount for storing remark42's dataStep 2: Create environment file
This file will contain environment variables for remark42 container
~/remark42/remark42.envREMARK_URL=http://remark42.yourdoamin.com SECRET=<remark42_secret> STORE_BOLT_PATH=/srv/var/db BACKUP_PATH=/srv/var/backup SITE=<site_id> AUTH_ANON=trueWhere:
site_id: identifies the list of sites (,separated) which remark42 is storing the comments for.It must be the same
site_idin the java script code added to your website. See remark42 installation documentation
NOTE: In this case only anonymous comments are being enabled. Other environment variables enables non-anonymous comments and integration of the authorization with external platforms Github, Google, etc.
Step 3: Add annotated remark42 container to docker-compose.yml file
## Remark42 remark42: image: umputun/remark42:latest container_name: "remark42" hostname: "remark42" restart: always networks: - backend volumes: - ./remark42/var:/srv/var ports: - target: 80 protocol: tcp env_file: - ./remark42/remark42.env environment: - APP_UID=1000 # runs Remark42 app with non-default UID - TIME_ZONE=Europe/Madrid labels: - "traefik.enable=true" - "traefik.http.routers.remark42.entrypoints=http" - "traefik.http.routers.remark42.rule=Host(`remark42.yourdoamin.com`)" - "traefik.http.middlewares.remark42-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.remark42.middlewares=remark42-https-redirect" - "traefik.http.routers.remark42-secure.entrypoints=https" - "traefik.http.routers.remark42-secure.rule=Host(`remark42.yourdoamin.com`)" - "traefik.http.routers.remark42-secure.tls=true" - "traefik.http.routers.remark42-secure.tls.certresolver=http" - "traefik.http.routers.remark42-secure.service=remark42" - "traefik.http.services.remark42.loadbalancer.server.port=80" - "traefik.http.middlewares.remark42.headers.accesscontrolalloworiginlist=*"NOTE: remark42 container connected only to
backenddocker network. Host's remark42/var directory is mounted as remark42's var directory/srv/var.Container annotated to be discovered by Traefik, exposing container tcp port 80, and creating the Traefik's rules to route the incoming traffic to Remark42's URL (
remark42.yourdomain.com).Traefik middleware cors headers must be used to avoid CORS issues with remark42.
traefik.http.middlewares.remark42.headers.accesscontrolalloworiginlist=*to allow request from all orginins.
Configuring and running your static website behind Traefik using Matomo and Remark42 services
Jekyll can be used for creating your static website. HTML templates need to be modified to include remark42 and matomo javascript code and remark42's html code.
Creating your website with Jekyll
As a quick example:
Step 1: Install jekyll (as prerequisite ruby package need to be installed)
gem install bundler jekyllStep 2: Create a new jekyll site using default theme (
minima)In $HOME directory execute
jekyll new mywebsiteStep 3: Create html code snippets containing matamo and remark java sctipt code
This code snippets will be included in the HTML header of all the pages.
Include matomo code snippet. This code from Matomo UI whenever a new site is added to be tracked.
_includes/matomo-analytics.html<!-- Matomo --> <script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//matomo.yourdomain.com/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', 'mywebsite']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code -->NOTE: Here it is important to have the right URL for the matomo service
matomo.yourdomain.comand thesite_ididentifying your website.Include remark42 code snippet. Code comes from remark42 documentation
_includes/remark42.html<!-- Remark42 --> <script> var remark_config = { host: 'remark42.yourdomain.com', site_id: 'mywebsite', components: ['embed'], theme: 'dark', }; </script> <script>!function(e,n){for(var o=0;o<e.length;o++){var r=n.createElement("script"),c=".js",d=n.head||n.body;"noModule"in r?(r.type="module",c=".mjs"):r.async=!0,r.defer=!0,r.src=remark_config.host+"/web/"+e[o]+c,d.appendChild(r)}}(remark_config.components||["embed"],document);</script> <!-- End Remark42 Code -->NOTE: Here it is important to set javascript variable
remark_configcontaining thehostwhere remark42 service is running (remark42.yourdomain.com) and thesite_ididentifying your website.Step 3: Modify header html code snippets to include remark42 and matomo javascript
_includes/head.html<head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="{{ "/assets/main.css" | relative_url }}"> {% if jekyll.environment == 'production' and site.matomo_analytics %} {% include matomo-analytics.html -%} {% endif %} {% if page.comments and jekyll.environment == 'production'%} {% include remark42.html %} {% endif %} </head>Step 4: Modify posts html layout to include remark42 comments
_layouts/post.html.... {% if page.comments and jekyll.environment == 'production' %} <div id="remark42"></div> {% endif %}NOTE: matomo analytics ad remark42 snippet are only included in case the site is generated for production environment running the command
JEKYLL_ENV=production bundle exec jekyll serveMatomo analytics is only include if
matomo_analyticsis set to true in Jekylls'_config.ymlfile. Remark42's comments are only enabled for those posts having the variablecommentsset to trueStep 5: Generate site HTML code executing the command
JEKYLL_ENV=production bundle exec jekyll buildHTML generated code is under
_sitedirectory
How to deploy the static site in Docker
A simple Apache docker image (httpd) can be used and the complete static site generated by Jekyll (_site directory) can mounted in the docker container as bind mount of /usr/local/apache2/htdocs
Step 1: Create mywebsite directories within User's home directory
mkdir ~/mywebsite mkdir -p ~/mywebsite/_site
Step 2: Copy the Jekyll generated code of your website to
~/mywebsite/_siteStep 3: Add apache container server to
docker-compose.ymlfilemywebsite: depends_on: - traefik image: httpd:2.4-alpine container_name: "mywebsite" hostname: "mywebsite" restart: always networks: - backend volumes: - ./mywebsite/_site:/usr/local/apache2/htdocs/ ports: - target: 80 protocol: tcp labels: - "traefik.enable=true" - "traefik.http.routers.mywebsite.entrypoints=http" - "traefik.http.routers.mywebsite.rule=Host(`$MYWEBSITE_URL`)" - "traefik.http.middlewares.mywebsite-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.mywebsite.middlewares=mywebsite-https-redirect" - "traefik.http.routers.mywebsite-secure.entrypoints=https" - "traefik.http.routers.mywebsite-secure.rule=Host(`$MYWEBSITE_URL`)" - "traefik.http.routers.mywebsite-secure.tls=true" - "traefik.http.routers.mywebsite-secure.tls.certresolver=http" - "traefik.http.routers.mywebsite-secure.service=mywebsite" - "traefik.http.services.mywebsite.loadbalancer.server.port=80"NOTE: mywebsite container is running a basic apache image. Host's mywebsite/_site directory is mounted as Apaches's default html docs directory `/usr/local/apache2/htdocs/.
Container is annotated so it can be routed by Traefik.
Backup
Remark42
Remark42 by default makes daily backup files in ~/remark42/var/backup
This directory must be backed up daily
Matomo
Matomo website Backup
~/matomo/www-datadirectoryMatomo's MySQL database To perform Matomo's MySQl database backup use the provided script
matomo_mysql_backup.shThis script exexutes a mysql dump command storing the result in compressed format in
~/matomo/backup/This script must be executed daily and backup directory backed up daily.
Backup documents references
Docker-compose commands to create/start/stop/upgrade the containers
All commands need to be executed in $HOME directory, where docker-compose.yml file is located
Creating containers and starting the services
docker-compose up -d
Stopping the containers
To stop all the services
docker-compose stop
To stop just one of the services
docker-compose stop <service_name>
Starting the containers
To start all the services
docker-compose start
To start just one of the services
docker-compose start <service_name>
Deleting the containers
docker-compose down
NOTE: Since all data is stored in local host (using docker bind mounts), this command will not loose any important data.
Check logs of one container
docker-compose logs -f <docker_service_name>
Updating your docker images
This procedure indicates how to upgrade docker images of any of the services (matomo, remark42, etc.)
Updating with Docker Compose
Pull the new image from Docker Hub:
docker-compose pull <docker_service_name>Recreate the running container:
docker-compose up --detach <docker_service_name>