Using docker-compose +proxy to install scripts

beat · June 7, 2021, 10:59am

Operating system: Ubuntu
OS version: 20.04

Just for your thoughts on script installers future:

Lately, I have installed in a very simple way Redmine using docker-compose, and it is way simpler to install and maintain then using Virtualmin’s installation script, specially when running together with other scripts on same server. I just created a virtual server with a proxy to the localhost port exposed by docker, and it runs flawlessly. I put the docker-compose.yml file and its folder inside the home directory of the virtual server of the site and mapped the config files to the virtualmin virtual server’s home directory, and used the mysql database of the host system instead of a dockerized one. That way Virtualmin backups backup the config and database and docker-compose file too. In case of a restore, it would then just be a docker-compose up -d to restart everything. Thought that this is simple and elegant enough to share to Virtualmin’s team.

Adding a new script installer method to install scripts using docker-compose would make the Virtualmin systems more robust and the Virtualmin script installers much easier to maintain, as you would benefit from the docker’s scripts maintainance, Additionally, it would allow to install in a simple way any docker application from docker hub.

This thread got auto-closed Using Docker to run services managed by Virtualmin so starting this new one.

Any new thoughts on this modern way to install scripts and apps ?

Joe · June 7, 2021, 6:23pm

Yes, it’s a good idea, especially for apps with a lot of dependencies, like Ruby on Rails apps. This forum runs in containers.

system · August 6, 2021, 6:24pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

efleurimond · January 18, 2022, 2:43pm

Hello Beat, my name is Ernst and I’m trying to have Virtualmin and Docker running on the same machine so I can have websites hosted directly using Virtualmin server and some othe app like an ERP using Docker container. What I did so far is install Docker on the host then Virtualmin (+Portainer for easier management for me), Virtualmin seems to work fine I can access any server I create and I also can access Portainer using a specific port; my issue is running ERPnext inside Docker there is not a lot of documentation available for that and I find it difficult to have it working. When I manage to install ERPnext I cannot access it because Traefik is conflicting with Apache. I dont know how to configure the reverse proxy correctly. I’m temped to rebuild the server with Docker and Traefik using a guide found on Digital Ocean but I cannot picture how my DNS, database and mail server will work if I do not have Virtualmin. Can you please help? Thank you in advance.

beat · January 18, 2022, 3:29pm

Hi Ernst,
I’m not using Traefik, as Virtualmin+Apache is already doing the job (and I have the application-level firewall modsecurity installed on it that I wanted to keep working).

I am using a proxy setting in the Apache site config. Below is the config I added to the https virtual host, together with the references where I found the configuration tips.

But I guess you could do same in the default Apache server serving *:80 and *:443 and proxy them to Traefik if you want to use Traefik ? Disadvantage is that it would go through Apache then Traefik and again trhough an Apache or Nginx server. The other way would be to disable apache alltogether in Virtualmin and install your own Traefik port service.

Here is my config (replace 1.2.3.4 and mysite and port 83 with your own ones):

Inside the <VirtualHost 1.2.3.4:443> of /etc/apache2/sites-available/mysite.conf:

  ###Ref: https://gitlab.com/gitlab-org/gitlab-recipes/blob/8-2-stable/web-server/apache/gitlab-ssl-apache24.conf

  ProxyPreserveHost on

  # Ensure that encoded slashes are not decoded but left in their encoded state.
  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
  AllowEncodedSlashes NoDecode

  <Location />
    # New authorization commands for apache 2.4 and up
    # http://httpd.apache.org/docs/2.4/upgrading.html#access
    Require all granted

    #Allow forwarding to docker container:
    ProxyPassReverse http://127.0.0.1:83/
  </Location>

  # Apache equivalent of nginx try files
  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  RewriteEngine on
  RewriteRule .* http://127.0.0.1:83%{REQUEST_URI} [P,QSA,NE]

  RequestHeader set X_FORWARDED_PROTO 'https'
  RequestHeader set X-Forwarded-Ssl on

And inside the docker-compose.yml file, I expose the service to localhost port 83 (which is blocked from outside by the firewall):

services:
  myproject:
    image: myimagesource
    restart: always
    ports:
      - 83:3000

I also edited the docker-compose.yml file of the app to use the MySQL server of Virtualmin instead of a containerized one, as my dockerized app has everything stored in a MySql database and none in filesystem except for the ones remapped to the local /home/mysite/... directories (no docker volumes) so that Virtualmin backups do indeed backup everything needed to restore the site, except for the docker-compose up command. Additionally, everything in the Virtualmin backup file is in cleartext which is an added continuity joker.

This is my entire docker-compose.yml file to run Redmine inside a Docker container on Virtualmin (together with the Apache site-config file modification above, and a (apache-server) group-writable directory /home/myredminesite/redmine-files created):

version: '3.8'

services:

  forge-redmine:
    image: redmine
    restart: always
    ports:
      - 83:3000
    environment:
      # REDMINE_DB_MYSQL: db
      REDMINE_DB_MYSQL: localhost
      REDMINE_DB_DATABASE: forge_redmine
      REDMINE_DB_USERNAME: forge
      REDMINE_DB_PASSWORD: MyComplexDatabasePasswordHere
      # REDMINE_SECRET_KEY_BASE: 12312312312312312312312312312312312312312312312312312312312312312312312312
    volumes:
      - "/var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock"
      - "/home/myredminesite/redmine-files:/usr/src/redmine/files"

By lack of time, I haven’t found the right way to use a port instead of a socket for mysql in my dockerized app (redmine), so when the mysql server is restarted on the Virtualmin host, e.g. by an automated security-upgrade, the dockerized app needs to be restarted too.

Finally, I upgrade the app regularly with:

cd /home/mysite/docker/
docker-compose pull
docker-compose down
docker-compose up -d
docker image prune -f

This all is manual configuration, but works great.

It would be sure great if Virtualmin would take in charge installing and upgrading popular apps via docker-compose.

Does that work for you too ?

Please share your solution in reply, would love to have Traefik working on my next project!