colin/nas-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
54535ebebaef151427c2ef253933e3a0cb2bc4ee
nas-compose/bootstrap/README.md
Colin Hebert 54535ebeba Fix bootstrap
2023-01-20 17:19:34 +01:00

3.1 KiB
Raw Blame History

Bootstrap

Set up a MacVLAN network

As an example, with the following network setup:

  • interface to LAN: bond0
  • Complete LAN subnet: 192.168.0.0/23
  • LAN gateway: 192.168.0.1
  • DHCP range: 192.168.0.0/24 (excluding gateway)
  • MacVLAN interface name: macvlan0 (user defined)
  • MacVLAN range: 192.168.1.0/24 (should be outside of DHCP range)
  • MacVLAN host IP: 192.168.1.1 (should be in the MacVLAN range)
ip link add macvlan0 link bond0 type macvlan mode bridge
ip addr add 192.168.1.0/32 dev macvlan0
ip link set macvlan0 up
ip route add 192.168.1.0/24 dev macvlan0

Run portainer once

docker run --rm -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce:latest

Environment variables

  • NASCOMPOSE_SERVICES: Absolute path to the services folder

Docker

alpine/socat exposes the docker socket as a port.

🌐 Ports

  • 2375 TCP: Docker API

📂 Volumes

  • /var/run/docker.sock: Socket file from host mounted as it to be exposed.

📒 Documentation

Traefik

traefik is a reverse proxy for docker services.

🌐 Ports

  • 80 TCP: HTTP access. Should always redirect to HTTPs
  • 443 TCP: HTTPs access

📂 Volumes

  • traefik_dynamic_config: Folder containing the dynamic configuration for File provider. See traefik documentation.

📝 Configs

🔒 Secrets

  • traefik_password: Basic Auth username/password to access Traefik. Encoded using htpasswd (or equivalent), use BCrypt at least.
  • traefik_tls_cert: Self-signed certificate for Traefik. Particularly useful in development to avoid generating new certificates on each restart.
  • traefik_tls_key: Self-signed private key for Traefik. Used with traefik_tls_cert.

📒 Documentation

Portainer

portainer/portainer-ce is a docker instance manager. Useful to manage the stacks/docker-compose configuration for the NAS.

Set up to use the port exposed via the Docker container. It displays information about all docker resources available on the host.
It excludes all resources with the tag nas-compose.boostrap: true.

Each compose file (except the bootstrap.docker-compose.yaml) need to be added as a stack, with the right environment variables set.

🌐 Ports

  • 9443 TCP: HTTPs (self-signed) access to the web interface

📂 Volumes

  • ⚠️ portainer_data: All configuration and application data related to portainer. It contains sensitive files

🔒 Secrets

  • portainer_password: Admin default admin's password

📒 Documentation

Reference in New Issue View Git Blame Copy Permalink