This example assumes that you have installed Docker Compose, that you have a domain name (e.g., atsumeru.example.com) for your atsumeru instance, and that it will be publicly accessible.

Docker Compose is a tool that allows the definition and configuration of multi-container applications. In our case, we want both the atsumeru server and a proxy to redirect the WebSocket requests to the correct place.

Docker Compose might be run as docker-compose <command> ... (with a dash) or docker compose <command> ... (with a space), depending on how you have installed Docker Compose. docker-compose is the original syntax, when Docker Compose was distributed as a standalone executable. You can still choose to do a standalone installation, in which case you would continue to use this syntax. However, Docker currently recommends installing Docker Compose as a Docker plugin, where compose becomes a subcommand of docker, making the syntax docker compose <command> ....

Start by making a new directory and changing into it. Next, create the docker-compose.yml below, making sure to substitute appropriate values for the DOMAIN and EMAIL variables.

version: '3.3'

networks:
  atsumeru-net:
    driver: bridge

services:
    atsumeru:
        volumes:
            - '/path/to/you/library:/library'
            - '/path/to/atsumeru/config:/app/config'
            - '/path/to/atsumeru/db:/app/database'
            - '/path/to/atsumeru/cache:/app/cache'
            - '/path/to/atsumeru/logs:/app/logs'
        restart: unless-stopped
        image: 'atsumerudev/atsumeru:latest'
        networks:
            - atsumeru-net
    caddy:
        image: caddy:latest
        restart: unless-stopped
        ports:
            - "80:80"
            - "443:443"
            - "443:443/udp"
        volumes:
            - '/path/to/you/Caddyfile:/etc/caddy/Caddyfile:ro'
        networks:
            - atsumeru-net
        environment:
            DOMAIN: "https://atsumeru.example.com"     # Your domain.
            EMAIL: "admin@example.com"                 # The email address to use for ACME registration.
        depends_on:
            - atsumeru

In the same directory, create the Caddyfile below. (This file does not need to be modified.)

{$DOMAIN}:443 {
  tls {$EMAIL}
  reverse_proxy atsumeru:31337 {
       header_up X-Forwarded-For {remote_host}
  }
}

Run

docker compose up -d  # or `docker-compose up -d` if using standalone Docker Compose

to create and start the containers. A private network for the services in this docker-compose.yml file will be created automatically, with only Caddy being publicly exposed.

docker compose down  # or `docker-compose down` if using standalone Docker Compose

stops and destroys the containers.

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address.

To set up a Cloudflare Tunnel for your app, you can follow the instructions in this guide: Creating a Tunnel through the Cloudflare Dashboard. Navigate to one.dash.cloudflare.com > Access > Tunnels and click the "Create" button.

When prompted, specify the hostname as http://atsumeru:31337. The web refers to the service named web in our docker-compose.yml file.

Once the tunnel is created, click the "Configure" button and scroll down to find the Tunnel token. Copy this token as you will need it in the next step.

Now that you've created the tunnel, set up on your server side. Create a docker-compose.yml file and add your token:

version: '3.3'

networks:
  atsumeru-net:
    driver: bridge

services:
    atsumeru:
        volumes:
            - '/path/to/you/library:/library'
            - '/path/to/atsumeru/config:/app/config'
            - '/path/to/atsumeru/db:/app/database'
            - '/path/to/atsumeru/cache:/app/cache'
            - '/path/to/atsumeru/logs:/app/logs'
        restart: unless-stopped
        image: 'atsumerudev/atsumeru:latest'
        networks:
            - atsumeru-net

    cloudflare-tunnel:
        image: cloudflare/cloudflared
        restart: unless-stopped
        command: 'tunnel --no-autoupdate run'
        volumes:
            - /etc/localtime:/etc/localtime:ro
        networks:
            - atsumeru-net
        environment:
            TUNNEL_TOKEN: "<token>"
        depends_on:
            - atsumeru

Two DNS providers are covered:

• Duck DNS -- This gives you a subdomain under duckdns.org (e.g., my-atsumeru.duckdns.org). This option is simplest if you don't already own a domain.
• Cloudflare -- This lets you put your atsumeru instance under a domain you own or control. Note that Cloudflare can be used as just a DNS provider (i.e., without the proxying functionality that Cloudflare is best known for).

Start by making a new directory and changing into it. Next, create the docker-compose.yml below, making sure to substitute appropriate values for the DOMAIN and EMAIL variables.

version: '3.3'

networks:
  atsumeru-net:
    driver: bridge

services:
    atsumeru:
        volumes:
            - '/path/to/you/library:/library'
            - '/path/to/atsumeru/config:/app/config'
            - '/path/to/atsumeru/db:/app/database'
            - '/path/to/atsumeru/cache:/app/cache'
            - '/path/to/atsumeru/logs:/app/logs'
        restart: unless-stopped
        image: 'atsumerudev/atsumeru:latest'
        networks:
            - atsumeru-net
    caddy:
        image: caddy:latest
        restart: unless-stopped
        ports:
            - "80:80"
            - "443:443"
            - "443:443/udp"
        volumes:
            - '/path/to/you/binary/caddy:/usr/bin/caddy'  # Your custom build of Caddy.
            - '/path/to/you/Caddyfile:/etc/caddy/Caddyfile:ro'
        networks:
            - atsumeru-net
        environment:
            DOMAIN: "https://atsumeru.duckdns.org"     # Your domain.
            EMAIL: "admin@example.com"                 # The email address to use for ACME registration.
            DUCKDNS_TOKEN: "<token>"                   # Your Duck DNS token.
        depends_on:
            - atsumeru

The stock Caddy builds (including the one in the Docker image) don't include the DNS challenge modules, so next you'll need to download Caddy custom build, search for duckdns. Rename the custom build as caddy and move it under the same directory as docker-compose.yml. Make sure the caddy file is executable (e.g., chmod a+x caddy). The docker-compose.yml file above bind-mounts the custom build into the caddy:2 container, replacing the stock build.

If you don't already have an account, create one at https://www.duckdns.org/. Create a subdomain for your atsumeru instance (e.g., my-atsumeru.duckdns.org) and set its IP to your atsumeru host's private IP (e.g., 192.168.1.100). Make note of your account's token (a string in UUID format). Caddy will need this token to solve the DNS challenge.

In the same directory, create the Caddyfile below. (This file does not need to be modified.)

{$DOMAIN}:443 {

  tls {
    dns duckdns {$DUCKDNS_TOKEN}
  }

  reverse_proxy atsumeru:31337 {
    header_up X-Forwarded-For {remote_host}
  }
}

If you don't already have an account, create one at https://www.cloudflare.com/; you'll also have to go to your domain registrar to set your nameservers to the ones assigned to you by Cloudflare. Create a subdomain for your atsumeru instance (e.g., atsumeru.example.com), setting its IP to your atsumeru host's private IP (e.g., 192.168.1.100). For example:

Create an API token for the DNS challenge (for more background, see https://github.com/libdns/cloudflare/blob/master/README.md):

1. In the upper right, click the person icon and navigate to My Profile, and then select the API Tokens tab.
2. Click the Create Token button, and then Use template on Edit zone DNS.
3. Edit the Token name field if you prefer a more descriptive name.
4. Under Permissions, the Zone / DNS / Edit permission should already be populated. Add another permission: Zone / Zone / Read.
5. Under Zone Resources, set Include / Specific zone / example.com (replacing example.com with your domain).
6. Under TTL, set an End Date for when your token will become inactive. You might want to choose one far in the future.
7. Create the token and copy the token value.

Your token list should look like:

Create a file named Caddyfile with the following content:

{$DOMAIN}:443 {
  tls {$EMAIL}
  reverse_proxy atsumeru:31337 {
       header_up X-Forwarded-For {remote_host}
  }
}

Important: If necessary, in some routers an exception must be set for the domain (e.g., atsumeru.example.com) due to DNS rebind protection.

The stock Caddy builds (including the one in the Docker image) don't include the DNS challenge modules, so next you'll need to download Caddy custom build, search for cloudflare. Rename the custom build as caddy and move it under the same directory as docker-compose.yml. Make sure the caddy file is executable (e.g., chmod a+x caddy). The docker-compose.yml file above bind-mounts the custom build into the caddy:2 container, replacing the stock build.

version: '3.3'

networks:
  atsumeru-net:
    driver: bridge

services:
    atsumeru:
        volumes:
            - '/path/to/you/library:/library'
            - '/path/to/atsumeru/config:/app/config'
            - '/path/to/atsumeru/db:/app/database'
            - '/path/to/atsumeru/cache:/app/cache'
            - '/path/to/atsumeru/logs:/app/logs'
        restart: unless-stopped
        image: 'atsumerudev/atsumeru:latest'
        networks:
            - atsumeru-net
    caddy:
        image: caddy:latest
        restart: unless-stopped
        ports:
            - "80:80"
            - "443:443"
            - "443:443/udp"
        volumes:
            - '/path/to/you/binary/caddy:/usr/bin/caddy'  # Your custom build of Caddy.
            - '/path/to/you/Caddyfile:/etc/caddy/Caddyfile:ro'
        networks:
            - atsumeru-net
        environment:
            DOMAIN: "https://atsumeru.example.com"     # Your domain.
            CLOUDFLARE_API_TOKEN: "<token>"            # Your cloudflare token.
        depends_on:
            - atsumeru

As with the HTTP challenge example, run to create and start the containers.

docker compose up -d  # or `docker-compose up -d` if using standalone Docker Compose

You should now be able to reach your atsumeru instance at https://atsumeru.example.com.

curl https://raw.githubusercontent.com/OlegEnot/atsu-docker/master/Dockerfile --output Dockerfile

Or assembly from source:

curl https://raw.githubusercontent.com/OlegEnot/atsu-docker/master/Dockerfile-build --output Dockerfile

docker buildx create --name atsumeru --platform=linux/amd64,linux/arm64/v8,linux/arm/v7 --use

docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 --builder=atsumeru -t atsumeru:latest .