serverr
Docker, *arr-based, media server stack with Traefik 2, Google OAuth2, and LetsEncrypt
Heavily based on htpcBeginner/docker-traefik
Setup Tips:
- Insall Docker and Docker Compose
- Set privileges on folder and sub-folders:
sudo setfacl -Rdm g:docker:rwx serverr
sudo chmod -R 775 serverr
- Set privileges on folder and sub-folders:
- Make sure to have domain/DNS up to date, and API access to provider (whitelist your IP if needed)
- Update router settings:
- Make machine static internal IP
- Port forward 80, 443 (Traefik) and 32400 (Plex)
cp serverr/.env.template serverr/.env
and fill out variables- Setup Traefik2 files:
touch serverr/app-data/traefik2/acme/acme.json
chmod 600 serverr/app-data/traefik2/acme/acme.json
touch serverr/app-data/traefik2/traefik.log
- Setup docker secrets:
mkdir serverr/secrets
sudo chown root:root serverr/secerts
sudo chmod 600 serverr/secrets
- Domain Name Providers (I use Namecheap,
docker-compose.yml
will need to be updated if provider changes)
- Set up Google Cloud Platform oauth/credentials
- SSL certs:
- Uncomment traefik sections
docker-compose up -d traefik
and check certs attraefik.domain.com
and/oracme.json
- Comment staging, clear out
acme.json
- Bring up traefik again and check certs at
traefik.domain.com
and/oracme.json
- Comment out certresolver label and bring up traefik last time
- Configure various containers via their subdomain.domain.com addresses, things to note:
- Sabnzbd
- Have to access Sabnzbd via IP:Port/sabnzbd before whitelisting the subdomain in config
- MariaDB and Guacamole
- Copy initialization script
sudo docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > mariadb/guac_initdb.sql
- Enter mariadb container, login as root, create the guac db, user/password, and set privileges
- In mariadb container, run guac initialization script
cat /config/guac_initdb.sql | mysql -u <guac_user> -p <guac_db>;
- Login to guac as guacadmin, setup new admin, delete old admin. Configure connections.
- Ubuntu no longer supports rsa, but guacd still uses it for now. Add
HostKeyAlgorithms +ssh-rsa
to the end of /etc/ssh/sshd_config and restart withsudo systemctl restart ssh.service
.
- Copy initialization script
- Tauttulli
- If using the official remote app, disable oauth, register device token, update .env, re-enable oauth.
- Sabnzbd
- Install UFW:
- Allow 80, 443, 32400 from anywhere
- Allow 22 from 192.168.0.0/16
- Change DOCKER_OPTS to Respect IP Table Firewall
sudo vi /etc/default/docker
- add
DOCKER_OPTS="--iptables=false"
- Install snapraid, gitclone snapraid-runner and update conf, install and configure mergerFs, install rclone and configure to Dropbox
- Update scripts/crontab.template and copy to
sudo crontab -e
- CrowdSec Setup Guide