Fixes and Enhancements (#16)

* Add more instructions after successfully creating a new subdomain. * Update the container name. * Add a just-in-case step. * Add an alias and improve comments. * Fix manage path. * Add limits but no reservations for PP. Start off somewhat relaxed rather than strict. * Always restart PP containers. * Move URL to env file. Do not recommend using HTTPS in the value. * Format comments. * Put commands in shells so they cannot exit the full program. * Updating apps like this did not seem to be working, but also do not want it to work anymore.
2023-10-17 04:35:57 -07:00 · 2023-10-17 04:35:57 -07:00 · f45cc326fc
commit f45cc326fc
parent eb79978adf
6 changed files with 47 additions and 10 deletions
--- a/Config/Nextcloud/cron.sh
+++ b/Config/Nextcloud/cron.sh
@ -12,10 +12,11 @@ if (( $RUNNING > 0 )); then
 fi

 # 2023-08-25 From crontab.
-docker exec -u www-data nc-app php cron.php --define apc.enable_cli=1
+sh -c "docker exec -u www-data nc-app php cron.php --define apc.enable_cli=1"

 # 2023-08-25 From fixes.sh, keep ownership correct and apps up to date.
-docker exec -it nc-app chown -Rc www-data:www-data .
-docker exec -itu www-data nc-app ./occ app:update --all
+sh -c "docker exec -it nc-app chown -Rc www-data:www-data ."
+# No longer update apps in advance of NC updates, allow the upgrade process to do it.
+#sh -c "docker exec -itu www-data nc-app ./occ app:update --all"

 exit 0
--- a/Config/PhotoPrism/docker-compose.yml
+++ b/Config/PhotoPrism/docker-compose.yml
@ -28,7 +28,6 @@
 #
 #   CLI Commands:
 #   - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
-#
 ##

 ##
@ -45,7 +44,8 @@ services:
    ## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
    ## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
    ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
-    # restart: unless-stopped
+    #restart: unless-stopped
+    restart: always
    stop_grace_period: 10s
    depends_on:
      - pp-db
@ -58,7 +58,7 @@ services:
      PHOTOPRISM_ADMIN_USER: $PHOTOPRISM_ADMIN_USER         # admin login username
      PHOTOPRISM_ADMIN_PASSWORD: $PHOTOPRISM_ADMIN_PASSWORD # initial admin password (8-72 characters)
      PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_SITE_URL: $PHOTOPRISM_SITE_URL      # server URL in the format "http(s)://domain.name(:port)/(path)"
      PHOTOPRISM_DISABLE_TLS: "false"                # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
      PHOTOPRISM_DEFAULT_TLS: "true"                 # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
      PHOTOPRISM_ORIGINALS_LIMIT: $PHOTOPRISM_ORIGINALS_LIMIT # file size limit for originals in MB (increase for high-res video)
@ -119,6 +119,12 @@ services:
      # *Optional* base folder from which files can be imported to originals
      # Importing reorganizes files+folders, would rather they remain intact.
      #- "../../Volumes/PhotoPrism/imports_go_here:/photoprism/import"
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '2.00'
+          memory: 2G

  ## Database Server (recommended)
  ## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
@ -127,7 +133,8 @@ services:
    image: mariadb:10.11
    ## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
    ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
-    restart: unless-stopped
+    #restart: unless-stopped
+    restart: always
    stop_grace_period: 5s
    security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
      - seccomp:unconfined
@ -143,6 +150,12 @@ services:
      MARIADB_USER: $MARIADB_USER
      MARIADB_PASSWORD: $MARIADB_PASSWORD
      MARIADB_ROOT_PASSWORD: $MARIADB_ROOT_PASSWORD
+    deploy:
+      mode: global
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 512M

  # Configured but not using this, would prefer to update manually, and the
  # volume needs also seem sort of odd. Do not want it to harm other projects.
--- a/Config/PhotoPrism/env.example
+++ b/Config/PhotoPrism/env.example
@ -7,6 +7,12 @@
 PHOTOPRISM_ADMIN_USER = "admin"                 # admin login username
 PHOTOPRISM_ADMIN_PASSWORD = "PleaseChangeMe"    # initial admin password (8-72 characters)

+# External FQDN
+#  Should be in the format "http(s)://domain.name(:port)/(path)".
+#  Seems to work best if you leave off the s if behind a revese proxy,
+#   such as: PHOTOPRISM_SITE_URL = "http://photoprism.example.com"
+PHOTOPRISM_SITE_URL = "http://localhost:2342"
+
 # Max Storage Space?
 PHOTOPRISM_ORIGINALS_LIMIT = 5000               # file size limit for originals in MB (increase for high-res video)

--- a/Config/ReverseProxy/README.md
+++ b/Config/ReverseProxy/README.md
@ -72,3 +72,12 @@ If wanted as a one-line command:
 ```
 # docker compose down && docker compose build && docker compose up -d
 ```
+
+## Add New Config
+1. Modify your `./config/hosts/domain` file and add the resource.
+1. Create the `./config/conf.d/fqdn` file as needed, using the resource.
+1. (Optional) If the system needs a cert added, run the placeholder script.
+1. Restart the project based on Update Config above.
+1. (Optional) Now you may run the letsencrypt script for a real certificate.
+1. (Optional) Run another Update Config to make sure the certs are loaded.
+1. Done! If set up correctly the site should be live.
--- a/Config/ReverseProxy/create_letsencrypt_certs.sh
+++ b/Config/ReverseProxy/create_letsencrypt_certs.sh
@ -21,7 +21,7 @@ if [[ ! -d $CERT_DIR ]]; then
 fi

 # The container needs to be running in order to use the certbot command.
-certbot_running=`docker ps | grep -c reverseproxy-certbot-1`
+certbot_running=`docker ps | grep -c rp-certbot`
 if [[ $certbot_running != 1 ]]; then
 	echo "ERROR: Certbot container does not appear to be running, cannot continue." >&2
 	exit 1
@ -85,12 +85,12 @@ grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
 		echo "Domains='$domains'"

 		echo "Attempting to create certs at $CERT_DIR/$filename."
-		docker exec reverseproxy-certbot-1  \
+		docker exec rp-certbot  \
 				certbot certonly -n --webroot $dry_run \
 				-w /etc/letsencrypt --agree-tos -m $email -d $filename

 		if [[ -z $dry_run ]]; then
-			docker exec reverseproxy-certbot-1 \
+			docker exec rp-certbot \
 					sh -c "cp -rL /etc/letsencrypt/live/$filename /etc/letsencrypt/nginx/"
 			ls -lh $CERT_DIR/$filename/*
 		fi
--- a/source.env
+++ b/source.env
@ -12,12 +12,20 @@ if [[ "$DIR" == '.'* ]]; then
 	cd "$RETURN"
 fi

+## Variables ##
+
 DOCKER_HOME="$DIR"
 DOCKER_PATH="$DOCKER_HOME/bin"
 PATH="$DOCKER_PATH:$PATH"

 export DOCKER_HOME DOCKER_PATH PATH

+## Aliases ##
+
+alias manage="$DOCKER_HOME/bin/manage.sh"
+
+## Validations ##
+
 if [[ -e $DOCKER_HOME/$PROG ]]; then
 	echo "'$DOCKER_HOME/$PROG' has been loaded successfully."
 else