The LinuxServer.io team brings you another container release featuring easy user mapping and community support. Find us for support at:
- forum.linuxserver.io
- IRC on freenode at
#linuxserver.io
- Podcast covers everything to do with getting the most from your Linux Server plus a focus on all things Docker and containerisation!
This docker image, forked from our letsencrypt image, was developed by the LinuxServer.io team specfically for use by fanart.tv and is not recommended for use by the general public.
docker create \
--privileged \
--name=fanartstatic \
-v <path to data>:/config \
-e PGID=<gid> -e PUID=<uid> \
-e EMAIL=<email> \
-e URL=<url> \
-p 80:80 -p 443:443 \
-e TZ=<timezone> \
-e VALIDATOR=<true> \
-e SLAVEIPS=<IPs,comma,separated> \
lsiodev/fanart-nginx
docker create \
--privileged \
--name=fanartstatic \
-v <path to data>:/config \
-e PGID=<gid> -e PUID=<uid> \
-e URL=<url> \
-p 80:80 -p 443:443 \
-e TZ=<timezone> \
-e VALIDATOR=<false> \
-e VALIDATORIP=<ipaddress> \
lsiodev/fanart-nginx
The parameters are split into two halves, separated by a colon, the left hand side representing the host and the right the container side. For example with a port -p external:internal - what this shows is the port mapping from internal to external of the container. So -p 8080:80 would expose port 80 from inside the container to be accessible from the host's IP on port 8080 http://192.168.x.x:8080 would show you what's running INSIDE the container on port 80.
-p 80 -p 443
- the port(s)-v /config
- all the config files including the webroot reside here-e URL
- the url for server-e PGID
for GroupID - see below for explanation-e PUID
for UserID - see below for explanation-e TZ
- timezone ie.America/New_York
-e VALIDATOR
- determines whether the server should run letsencrypt-e VALIDATORIP
- mandatory for slave servers-e SLAVEIPS
- IPs for cert distribution, comma separated, no spaces. Required for cert distribution to slaves. Leave out in a single server scenario.
Optional settings:
-e EMAIL
- your e-mail address for cert registration and notifications-e DHLEVEL
- dhparams bit value (default=2048, can be set to1024
or4096
)
It is based on alpine linux with s6 overlay, for shell access whilst the container is running do docker exec -it letsencrypt /bin/bash
.
- Create the slave container and start it.
- The container will stop after generating the DH parameter due to not existing cert.
- Add the public ssh key to new slave's
authorized_keys
- On the validator, create a new folder for the slave info and copy the sample.conf
cp -R /config-folder-path/distribute/XX.XX.XX.XX /config-folder-path/distribute/<new.slave.ip.address>
- Edit the sample.conf with the new slave details
- Copy the private ssh key into the folder with the name
private
(no password) - Recreate the validator container with the new slave's IP address added into the
SLAVEIPS
variable - Restart the new slave
- Add the new slave to the round robin dns
- Remove the slave from the round robin DNS
- Remove the slave container
- Recreate the validator with the slave's IP removed from the
SLAVEIPS
variable
- Recreate all other slaves with the
VALIDATORIP
changed to reflect the new validator server - Remove the old validator from the round robin DNS
- Add the new validator to round robin DNS
- Create the new validator container (initially with no
SLAVEIPS
defined so folders are created) - Create the slave IP named folders under /config/distribute for each slave, with their sample.conf and private ssh keys (as described above)
- Recreate the new validator with the slave IPs defined