serverr

Docker, *arr-based, media server stack with Traefik 2, Google OAuth2, and LetsEncrypt

Heavily based on htpcBeginner/docker-traefik

Setup Tips:

1. Insall Docker and Docker Compose
   1. Set privileges on folder and sub-folders:
      1. sudo setfacl -Rdm g:docker:rwx serverr
      2. sudo chmod -R 775 serverr
2. Make sure to have domain/DNS up to date, and API access to provider (whitelist your IP if needed)
3. Update router settings:
   1. Make machine static internal IP
   2. Port forward 80, 443 (Traefik) and 32400 (Plex)
4. cp serverr/.env.template serverr/.env and fill out variables
5. Setup Traefik2 files:
   1. touch serverr/app-data/traefik2/acme/acme.json
   2. chmod 600 serverr/app-data/traefik2/acme/acme.json
   3. touch serverr/app-data/traefik2/traefik.log
6. Setup docker secrets:
   1. mkdir serverr/secrets
   2. sudo chown root:root serverr/secerts
   3. sudo chmod 600 serverr/secrets
   4. Domain Name Providers (I use Namecheap, docker-compose.yml will need to be updated if provider changes)
7. Set up Google Cloud Platform oauth/credentials
8. SSL certs:
   1. Uncomment traefik sections
   2. docker-compose up -d traefik and check certs at traefik.domain.com and/or acme.json
   3. Comment staging, clear out acme.json
   4. Bring up traefik again and check certs at traefik.domain.com and/or acme.json
   5. Comment out certresolver label and bring up traefik last time
9. Configure various containers via their subdomain.domain.com addresses, things to note:
   1. Sabnzbd
      1. Have to access Sabnzbd via IP:Port/sabnzbd before whitelisting the subdomain in config
   2. MariaDB and Guacamole
      1. Copy initialization script sudo docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > mariadb/guac_initdb.sql
      2. Enter mariadb container, login as root, create the guac db, user/password, and set privileges
      3. In mariadb container, run guac initialization script cat /config/guac_initdb.sql | mysql -u <guac_user> -p <guac_db>;
      4. Login to guac as guacadmin, setup new admin, delete old admin. Configure connections.
      5. Ubuntu no longer supports rsa, but guacd still uses it for now. Add HostKeyAlgorithms +ssh-rsa to the end of /etc/ssh/sshd_config and restart with sudo systemctl restart ssh.service.
   3. Tauttulli
      1. If using the official remote app, disable oauth, register device token, update .env, re-enable oauth.
10. Install UFW:
    1. Allow 80, 443, 32400 from anywhere
    2. Allow 22 from 192.168.0.0/16
11. Change DOCKER_OPTS to Respect IP Table Firewall
    1. sudo vi /etc/default/docker
    2. add DOCKER_OPTS="--iptables=false"
12. Install snapraid, gitclone snapraid-runner and update conf, install and configure mergerFs, install rclone and configure to Dropbox
13. Update scripts/crontab.template and copy to sudo crontab -e
14. CrowdSec Setup Guide