Ruben's Blog | ีีธึีขีฅีถีซ ิฒีฌีธีฃีจ
๐ ..Configuring own homebrew server - part 3: The Final Setup ๐๐งโ๏ธ
If you have read my previous part 1 and part 2, here is the configuration.
Note: my server hardware is very slow, I use AMD E-350 Processor CPU with 8 GB DDR3 RAM with a speed of 1600 MT/s. it’s 12 years old already when AMD didn’t have the glory it has now.
This is a docker-compose file I use while writing the post.
version: '3.7'
services:
################################################
# vpn #
################################################
wireguard:
image: lscr.io/linuxserver/wireguard:latest
restart: always
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Hong_Kong
- SERVERURL=YOUR_SERVER_URL.COM
- SERVERPORT=51820
- PEERS=myPC1,myPC2,myPC3,myPhone4
- PEERDNS=auto
ports:
- 51820:51820/udp
volumes:
- ./wireguard/config:/config
- ./wireguard/modules:/lib/modules
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- "net.ipv4.conf.all.rp_filter=2"
networks:
- vpn
################################################
# nextcloud #
################################################
nextcloud-db:
image: mariadb:10.5.9
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- ./nextcloud/nextcloud-db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=VERY_SECURE_PASSWORD
- MYSQL_PASSWORD=VERY_SECURE_PASSWORD
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
networks:
- nextcloud-internal
my.cloud:
image: nextcloud:27
restart: always
volumes:
- ./nextcloud/nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=VERY_SECURE_PASSWORD
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=nextcloud-db
- NEXTCLOUD_TRUSTED_DOMAINS=my.cloud next.cloud
depends_on:
- nextcloud-db
networks:
vpn:
ipv4_address: 192.168.104.10
nextcloud-internal:
cron:
image: nextcloud:27
container_name: nextcloud-cron
restart: unless-stopped
depends_on:
- my.cloud
environment:
- MYSQL_PASSWORD=VERY_SECURE_PASSWORD
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=nextcloud-db
- NEXTCLOUD_TRUSTED_DOMAINS=my.cloud next.cloud
- TRUSTED_PROXIES=192.168.104.13
volumes:
- ./nextcloud/nextcloud:/var/www/html
entrypoint: /cron.sh
networks:
- nextcloud-internal
phpmyadmin.cloud:
image: phpmyadmin
restart: always
environment:
- PMA_ARBITRARY=1
depends_on:
- nextcloud-db
networks:
vpn:
ipv4_address: 192.168.104.12
nextcloud-internal:
################################################
# gitea #
################################################
git.cloud:
image: gitea/gitea:1.16.6
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
vpn:
ipv4_address: 192.168.104.14
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
################################################
# mirotalk #
################################################
call.cloud:
image: mirotalk
volumes:
- ./mirotalk/.env:/src/.env:ro
- ./mirotalk/server.js:/src/app/src/server.js:ro
- ./mirotalk/client.js:/src/public/js/client.js:ro
restart: unless-stopped
networks:
vpn:
ipv4_address: 192.168.104.6
coturn.cloud:
image: coturn/coturn
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
volumes:
- ./mirotalk-conf/turnserver.conf:/etc/turnserver.conf:ro
networks:
vpn:
ipv4_address: 192.168.104.5
networks:
vpn:
ipam:
config:
- subnet: 192.168.104.0/28
nextcloud-internal:
Let’s go over each server and config one by one.
wireguard
Is a server that allows us to have a secure VPN and to all our servers.
To add devices just modify PEERS environment variable by adding new device names, when doing so the run
docker-compose logs -f wireguard
You will find a QR code with configuration for all devices you wrote. If you want to add more devices or remove some, just edit the “PEERS” environment variable and check the logs again.
In order not to route all my traffic through VPN I modified my configuration to only include IPs I need.
AllowedIPs = 192.168.104.0/24, 10.13.13.0/24, ::/0
Security
Everything is HTTP because it’s under VPN and it’s my VPN, so I don’t want to worry about the SSL configuration.
NOTE: make sure you don’t expose any ports that might be accessible through the internet to avoid being HACKED ๐ต๐ป.
DNS
In this configuration, you will not need a separate DNS as all DNS is handled by docker network once by the hostnames. For example, you can access nextcloud by typing http://my.cloud in your browser.
nextcloud
http://my.cloud
Make sure to change MYSQL_PASSWORD and MYSQL_DATABASE. Access http://phpmyadmin.cloud to view the DB.
Now you can install every plugin that you can find on nextcloud plugin website.
git server
http://git.clud:3000 - server is running on port 3000.
Ever wanted to run your github or gitlab like application to store your source code? Gitea is a wonderful solution, as I run it alone or with my family it can be run without complicated SQL, in my case SQLite works just fine.
mirotalk
http://call.cloud
You need to clone mirotalk https://github.com/miroslavpejic85/mirotalk to run this server.
This is a simple call application to do secure calls similar to Zoom or Google Meet. I was hosting Jitsy and other solutions that were hanging up the machine. If your server could support it I would put some nextcloud plugin.
My .env file.
PORT=443
NGROK_ENABLED=false
STUN=stun:coturn.cloud:3478
TURN_ENABLED=true
TURN_URLS=turn:coturn.cloud
TURN_USERNAME=username
TURN_PASSWORD=password
API_KEY_SECRET=mirotalk_super_duper__secret
SENTRY_ENABLED=false
SLACK_ENABLED=false
Run your server be FREE
Please give me feedback, comment on whatever you think about my blog post, and help me improve. โค๏ธ
Blog Menu
- ๐ผ hire me
- โน๏ธ about me
- ๐ฐ rss
- ๐ธ a young blog
- ๐ blog
- 2024-10-19
The Meaning ๐ฌ๏ธ
I wrote about this again, but investing time in meaningful connections is crucial. It’s not just spending; it’s a real investment. You can...
- 2024-10-18
Complexity in Multi-model Architectures ๐
I can move from cities and even to countries with a single backpack and or a single hanger with a couple of clothes, be able to attend the event, and ...
- 2024-10-18
Buying Problems ๐
I must always remember that buying into any relationship, be that business, employment, or personal once, you are always buying problems first. It&rsq...
- 2024-10-16
Every Company Is Different ๐คฆ๐ปโโ๏ธ
Doing the podcasts I talk to different friends from tech and other industries. There are so many approaches, and so many different opinions, there is ...
- 2024-10-15
Lazy Art ๐จ
Art is something you do more not less, but what if you generate NFTS, is it lazy art? You do more but with code. Are you making more art? If you creat...
- 2024-10-14
Tribute to Mothers Part 3? ๐คฑ๐ป
Again I’m alone, this is hard. Though I don’t consider myself a passive father, being 2 parents is a bit much, and it’s hard as much...
- 2024-10-13
Weekends โญ๏ธ
Yesterday, I spent the day picking pears and sleeping. Today, I spent the day caring for the baby and trying to rest; I can’t rest with a small ...
- 2024-10-12
I Fell Out of the Internet for Today ๐
My phone is broken and My current phone is a Banana Nokia. I spent half of the day sleeping and another half picking pears from the ground and cooking...
- 2024-10-11
Life Lessons ๐
My phone broke down so I couldn’t post shorts on YouTube, today I spent time running Android on my laptop. Well, Weydroid ran with a plain Andro...
- 2024-10-10
Podcasting Is Fun ๐ช
But it’s hard work.:) You need to try to engage with the person you are doing a podcast with! It’s good but hard. Tomorrow I don’t h...
- See all...
- ๐ links