ServNest containers and compose files, for use with Podman/Docker

Find a file

Miraty 8c645c8cc8 add /.env to .gitignore		2025-03-15 23:29:56 +01:00
conf	add certbot-dns.ini and compose volume	2025-03-15 23:25:20 +01:00
core@d9ff87a833	rename root directories	2024-07-26 01:43:56 +02:00
data	*.ht.servnest.test. in zone template	2025-03-15 23:27:27 +01:00
logs	add knot-secondary container	2024-12-19 15:50:52 +01:00
sock	add .gitkeep for more required directories	2024-09-22 18:33:09 +02:00
tmp	add compatibility with rootless docker	2024-10-14 22:02:31 +02:00
.gitignore	add /.env to .gitignore	2025-03-15 23:29:56 +01:00
alpine-minirootfs-3.21.2-x86_64.tar.gz.sha256	add upstream.sh + move php to base.yaml	2025-01-22 18:58:35 +01:00
alpine.Containerfile	add arguments for alpine major version and mirror	2025-01-27 00:47:31 +01:00
apache.Containerfile	fully qualified images + static ips	2025-01-20 17:24:27 +01:00
base.yaml	add certbot-dns.ini and compose volume	2025-03-15 23:25:20 +01:00
cleanup.sh	new cleanup.sh script	2025-02-20 20:52:50 +01:00
compose.yaml	format	2025-03-15 23:27:15 +01:00
cronie.Containerfile	fully qualified images + static ips	2025-01-20 17:24:27 +01:00
knot.Containerfile	fully qualified images + static ips	2025-01-20 17:24:27 +01:00
LICENSE.md	Set CNPLv7+ as license	2022-08-29 21:01:16 +02:00
nginx.Containerfile	fully qualified images + static ips	2025-01-20 17:24:27 +01:00
nsd.Containerfile	add nsd service	2025-01-20 19:24:44 +01:00
permissions.sh	permissions.sh: recursive chmod on every root dir	2025-02-20 20:52:29 +01:00
php.Containerfile	create variable for php version + upgrade to php 8.4	2025-01-22 21:44:16 +01:00
README.md	update readme	2025-03-15 23:29:31 +01:00
reset.sh	update readme	2025-03-15 23:29:31 +01:00
setup-xoq.sh	readme: document profiles	2025-01-22 19:15:17 +01:00
sftpgo-v2.6.4.tar.gz.sha256	add upstream.sh + move php to base.yaml	2025-01-22 18:58:35 +01:00
sftpgo.Containerfile	add upstream.sh + move php to base.yaml	2025-01-22 18:58:35 +01:00
tor.Containerfile	fully qualified images + static ips	2025-01-20 17:24:27 +01:00
upstream.sh	format	2025-03-15 23:27:15 +01:00

README.md

ServNest setup with Compose

Use with Podman

Preparation

Set the following in ~/.config/containers/containers.conf (or /etc/containers/containers.conf):

[containers]
no_hosts=true

./reset.sh # (re)initialize data
cp data/reg/servnest.test.zone.default data/reg/servnest.test.zone
cp data/reg/test.servnest.test.zone.default data/reg/test.servnest.test.zone
./upstream.sh # download and verify upstream software
git clone https://code.antopie.org/servnest/sernvest/ core
sqlite3 core/db/servnest.db < core/db/schema.sql
echo "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';" | sqlite3 core/db/servnest.db
msgfmt core/locales/fr/C/LC_MESSAGES/messages.po -o core/locales/fr/C/LC_MESSAGES/messages.mo
cp core/config.template.ini core/config.ini
mkdir data/ht/uri/ht.servnest.test
./permissions.sh

Build

Add --no-cache after build to update packages.

# build base images
podman-compose -f compose.yaml -f base.yaml build alpine
podman-compose -f compose.yaml -f base.yaml build php
# build every other service images
podman-compose build

TLS certificates

podman-compose run -u root core certbot register
podman-compose run -u root core certbot register --test-cert
podman-compose run -u root core cat /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/regr.json
podman-compose run -u root core find /etc/letsencrypt/accounts/ -name regr.json -exec cat {} \;
# Set CAA records for servnest.test and ht.servnest.test
podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest.ini" -d "servnest.test"
podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest.ini" -d "ht.servnest.test"
podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest-dns.ini" -d "*.ht.servnest.test" --cert-name "*.ht.servnest.test"
# Update certificates paths in conf/nginx/

Run

Optionally, to enable the knot-secondary service, uncomment notify: lines in knot.conf, then:

podman-compose --profile=secondary up knot knot-secondary # generate QUIC keys
./setup-xoq.sh # setup mutual XFR over QUIC

podman-compose --podman-run-args="--replace" up --detach # start containers
podman-compose logs # get logs

Test

podman-compose exec core sh -c 'php$PHP_VERSION /srv/servnest/core/jobs/check.php'

Test without public IP

Before running check.php:

Set local_only_check to false in config.ini.
Add the following configuration to /etc/hosts on the host system:

::1 servnest.test
::1 ht.servnest.test
::1 sftp.servnest.test

For ht, the subdomain and dedicated site tests will fail anyway.

Bugs

When running up, the only expected error messages are:

[sftpgo] | WRN provider initialized but data loading failed: stat sftpgo.db: no such file or directory [tor] | [warn] You are running Tor as root. You don't need to, and you probably shouldn't.

Podman Compose 1.2.0 randomly fails to start some services (see issue 921). The workaround is to retry multiple times.

Delete old images

podman images prune

Reset

podman container rm --all
podman image rm --all
podman rm $(podman container list --external -q)
docker rm $(docker ps -qa)
docker image rm -f $(docker image list -q)

Use with rootless Docker

export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock

Then use the instructions for Podman but replace podman with docker in command names.

License

This project is published under the Cooperative Nonviolent Public License No Attributions, version 7 or any later version (CNPL-NAv7+), as found in LICENSE.md or at https://git.pixie.town/thufie/npl-builder.