Djeex/docudjeex
1
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity

Fully translated (but some work to do about urls)

Browse Source
This commit is contained in:
Djeex
2025-07-04 12:54:44 +00:00
parent acdebcb682
commit e9ccda2e14
26 changed files with 1002 additions and 846 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
content/3.serveex/2.core/1.installation.md
View File

@ -1,75 +0,0 @@
---
navigation: true
title: Debian 12
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Debian 12
::alert{type="info"}
🎯 __Goal:__ Install Debian 12 and the main dependencies to have a ready-to-use OS, accessible via SSH.
::
![picture](/img/serveex/server.svg)
## Installation
---
1. [BIOS Setup](https://www.debian.org/releases/stable/i386/ch03s06.fr.html#bios-setup)
2. [Download Debian Image](https://www.debian.org/download.fr.html)
3. [Create Bootable USB (Rufus)](https://dev.to/devops2808/how-to-create-bootable-usb-installer-for-debian-12-4f66)
4. [Install Debian and Set Up SSH](https://www.howtoforge.com/tutorial/debian-minimal-server/)
5. Install sudo and add a user to the sudo group for administrative privileges.
Log in as root:
```shell
su -
```
Enter your password, then type:
```shell
apt install sudo
```
Add the user to the sudo group:
```shell
adduser <username> sudo
```
Next time the user logs in, they will be able to use the `sudo` command to execute commands with administrative privileges.
6. [Everything About Remote Console Access (SSH)](https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys)
7. Optional - [UPS Client in Case of Power Outage](https://www.sindastra.de/p/2078/how-to-connect-linux-server-to-synology-ups-server) / [also here](https://www.reddit.com/r/synology/comments/gtkjam/use_synology_nas_as_ups_server_to_safely_power/)
8. Optional - Wake up after power outage → configure BIOS S0 state
9. Optional - [Wake Server Remotely (WoW - WoL)](https://dev.to/zakery1369/enable-wake-on-lan-on-debian-4ljd)
## Must-Have CLI Apps
---
Some essential apps youll likely need at some point, so might as well install them early:
```shell
sudo apt update
sudo apt upgrade
sudo apt install vim btop ranger git duf neofetch samba cifs-utils tree unzip ufw
```
Additionally:
- [gping](https://www.linode.com/docs/guides/how-to-use-gping-on-linux/) - Graphical ping tool
- [lazydocker](https://github.com/jesseduffield/lazydocker) - CLI Docker container manager
## Useful Features
---
### Firewall
- [ufw](https://www.zenarmor.com/docs/network-security-tutorials/how-to-set-up-a-firewall-with-ufw-on-debian)
- [Firewalld](https://linuxcapable.com/how-to-install-firewalld-on-debian-linux/)
### Samba Sharing (Access a Remote Network Disk)
- [Create and Access a Samba Share](/generalites/samba)
### File Transfer via rsync
```shell
sudo rsync -avhHSP /source /destination
```
::alert{type="info" icon="exclamation-circle"}
:::list{type="info"}
- Add ` --exclude @eaDir`{lang=shell} if the source is a Synology NAS
:::
::

174
content/3.serveex/2.core/2.docker.md
View File

@ -1,174 +0,0 @@
---
navigation: true
title: Docker
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Docker
Docker, to install deployable services in seconds and manage them with just a few commands or clicks.
::alert{type="info"}
🎯 __Goals:__
- Install [Docker](https://www.docker.com/)
- Install [Dockge](https://github.com/louislam/dockge) to manage stacks
- Install [Watchtower](https://github.com/containrrr/watchtower) to update containers
::
![picture](/img/serveex/docker.svg)
## Install Docker
---
Add the Docker repositories and GPG key:
```shell
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
```
Install the packages:
```shell
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
```
That's it!
**More options:** [Install Docker for Debian 12](https://docs.docker.com/engine/install/debian/)
::alert{type="info" icon="exclamation-circle"}
:::list{type="info"}
- From here on, we assume the stacks are installed in the `/docker` folder, created using the command:
:::
```shell
sudo mkdir /docker
::
## Install [Dockge](https://github.com/louislam/dockge) to manage and deploy containers
---
[Dockge](https://github.com/louislam/dockge) is a web tool to create, configure, launch, and manage Docker containers. It's a simple, intuitive interface thats lighter and easier for beginners than using the CLI or Portainer.
![picture](/img/serveex/dockge.png)
### Configuration
File structure we will create:
```console
root
└── docker
└── dockge
└── compose.yml
```
Create the stack folder:
```shell
cd /docker
sudo mkdir dockge
```
Then create the `compose.yml` file in this folder using `vim`:
```shell
cd /docker/dockge
sudo vi compose.yml
```
Press `i` to enter insert mode and paste the following:
```yaml
---
services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
container_name: dockge
ports:
- 3555:5001 # LAN-accessible port will be 3555
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /docker/dockge/data:/app/data
- /docker:/docker
environment:
- DOCKGE_STACKS_DIR=/docker
```
Press `Esc` and type `:x` to save and exit.
To launch the container:
```shell
cd /docker/dockge
sudo docker compose up -d
```
Then go to `http://yourserverip:3555` in your browser to access the login page.
More info on [Dockge and how to use it](https://github.com/louislam/dockge)
And there you go — Docker and a tool to easily manage your containers are ready!
## [Watchtower](https://github.com/containrrr/watchtower?tab=readme-ov-file), to auto-update containers
---
Watchtower is a container that checks for updates and pulls new images automatically, just by adding a label in your containers `compose.yml` files.
### Configuration
- Open Dockge in your browser
- Click `compose`
- Name the stack `watchtower`
- Paste the config below into the default config area in Dockge
```yaml
---
services:
watchtower:
container_name: watchtower
image: containrrr/watchtower:latest
restart: unless-stopped
env_file:
- .env
environment:
- TZ=Europe/Paris
- WATCHTOWER_SCHEDULE=${SCHEDULE}
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_REMOVE_VOLUMES=true
# Discord notifications - uncomment if used
#- WATCHTOWER_NOTIFICATIONS=slack
#- WATCHTOWER_NOTIFICATION_SLACK_IDENTIFIER=Watchtower
#- WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL=${WH_URL}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
```
Then fill in the `.env` section in Dockge with the following:
```properties
SCHEDULE=
WH_URL=
```
| Property | Value | Examples |
|----------------|--------------------------------------------------------------------|----------------------------------------------|
| `SCHEDULE` | Cron format | `0 0 6 * * *` (every day at 6 AM) |
| `WH_URL` | Your Discord webhook URL - append `/slack` at the end | `https://yourdiscordserver/webhook/slack` |
To have Watchtower monitor your other containers, add this to their `compose.yml`:
```yaml
labels:
- com.centurylinklabs.watchtower.enable=true
```
Then restart the modified stacks. And that's it — you now have a solid base to start deploying the services you want!

223
content/3.serveex/2.core/3.swag.md
View File

@ -1,223 +0,0 @@
---
navigation: true
title: SWAG
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# SWAG
::alert{type="info"}
🎯 __Goals:__
- Install Swag
- Enable SSL
- Access the dashboard
- Configure regional blocking
- Expose Dockge
::
[Swag](https://docs.linuxserver.io/general/swag/) is the core of this homelab. It is a powerful reverse proxy that allows you to expose services on the internet via domain names, handling SSL certificates, request routing, and access security. Full documentation is [available here](https://docs.linuxserver.io/general/swag).
::alert{type="warning"}
:::list{type="warning"}
- SWAG is only useful if you plan to expose your services on the internet (e.g., `https://service.mydomain.com`). If you prefer to use a VPN instead, skip to [this section](/serveex/securite/wireguard).
:::
::
Below is an example for exposing Dockge. We'll install SWAG, the dbip mod for geo-blocking, and the dashboard mod for managing SWAG, fail2ban, and geolocation.
**What is a reverse proxy and how it works for us:**
![Picture](/img/serveex/reverse-proxy.svg)
## Installation
---
::alert{type="info" icon="exclamation-circle"}
:::list{type="info"}
- This tutorial assumes you have a domain name pointing to your server, and a NAT rule forwarding port `443` to your server. Example domain: `mydomain.com`.
:::
::
File structure we'll edit:
```console
root
└── docker
└── swag
├── config
│ ├── dns-conf
│ │ └── ovh.ini
│ └── nginx
│ ├── dbip.conf
│ ├── nginx.conf
│ └── proxy-confs
│ └── dockge.subdomain.conf
├── compose.yml
└── .env
```
Open Dockge, click `compose`, name the stack `swag`, and paste this config:
```yaml
services:
swag:
image: lscr.io/linuxserver/swag:latest
container_name: swag
cap_add:
- NET_ADMIN
env_file:
- .env
environment:
- TZ=Europe/Paris
- URL=${DOMAIN}
- EXTRA_DOMAINS=${DOMAINS}
- SUBDOMAINS=wildcard # couvre les sous-domaines
- VALIDATION=dns
- DNSPLUGIN=${PLUGIN}
- EMAIL=${EMAIL}
- DOCKER_MODS=linuxserver/mods:swag-dbip|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-reload
volumes:
- /docker/swag/config:/config
ports:
- 80:80
- 443:443
- 81:81 # Nécessaire pour le dashboard
restart: unless-stopped
networks:
- swag
networks:
swag:
name: swag_default
```
::alert{type="success"}
__Tip:__
Add a watchtower label to auto-update containers:
```yaml
services:
swag:
#...
labels:
- com.centurylinklabs.watchtower.enable=true
```
::
In your `.env`:
```properties
DOMAIN=
DOMAINS=
EMAIL=
PLUGIN=
```
Fill in the values:
| Property | Value | Examples |
|-----------|-------|----------|
| DOMAIN | Your main domain | mydomain.com |
| DOMAINS | Other domains (if any) | seconddomain.com |
| EMAIL | Your email for SSL | you@email.com |
| PLUGIN | Your DNS provider's plugin | ovh, cloudflare |
Edit `ovh.ini`:
```shell
sudo vi /docker/swag/config/dns-conf/ovh.ini
```
```properties
dns_ovh_endpoint = ovh-eu
dns_ovh_application_key =
dns_ovh_application_secret =
dns_ovh_consumer_key =
```
Generate your token [here](https://www.ovh.com/auth/?onsuccess=https%3A%2F%2Fwww.ovh.com%2Fauth%2Fapi%2FcreateToken). Required permissions:
* GET /domain/zone/*
* PUT /domain/zone/*
* POST /domain/zone/*
* DELETE /domain/zone/*
Now configure dbip:
```shell
sudo vi /docker/swag/config/nginx/nginx.conf
```
Add this under `http`:
```nginx
include /config/nginx/dbip.conf
```
Restart the stack.
## Dashboard
---
Access the dashboard at `http://yourserverip:81`. Details [here](https://www.linuxserver.io/blog/introducing-swag-dashboard).
## DBIP
---
Geo-block config example:
```nginx
# ... (Same geo-block nginx example as before)
```
## Exposing Dockge
---
::alert{type="info"}
📋 __Prerequisites:__ A subdomain `dockge.mydomain.com` with CNAME pointing to `mydomain.com`, and NAT port 443 properly configured.
::
::alert{type="warning"}
:::list{type="warning"}
- Dockge lacks MFA. Only expose it with MFA (e.g., Authentik). Otherwise, use VPN.
:::
::
Configure `dockge.subdomain.conf` as:
```nginx
# ... (Same nginx reverse proxy config)
```
Edit SWAGs `compose.yml` to add Dockge's network:
```yaml
services:
swag:
# ...
networks:
- dockge
networks:
dockge:
name: dockge_default
external: true
```
Redeploy SWAG. Access Dockge via `https://dockge.mydomain.com`.
## Exposing Other Services
---
SWAG includes many sample confs: `service.subdomain.conf.sample`. Duplicate and configure them:
```shell
cd /docker/swag/config/proxy-confs
sudo cp service.subdomain.conf.sample service.subdomain.conf
```
::alert{type="danger"}
:::list{type="danger"}
- __If subdomain isnt routing correctly:__
:::
- Check container name in `set $upstream_app ...;`
- Ensure the services network is added to SWAGs `compose.yml`
::

1
content/3.serveex/2.core/_dir.yml
View File

@ -1 +0,0 @@
navigation.title: Server core