search

hestiacp / hestiacp

Hestia Control Panel | A lightweight and powerful control panel for the modern web.
https://hestiacp.com
GNU General Public License v3.0
3.31k stars 675 forks source link

WIP & PoC: Docker #643

Closed JOduMonT closed 4 years ago

JOduMonT commented 4 years ago

ok I got it; https://github.com/hestiacp/hestiacp/issues/236

WHY DOCKER

Hestia is great but mostly dedicate to PHP. Docker could be usefull in case you want to run Python and Node.js apps.

THE PROBLEM

One of the missing link was how to tell nginx which "container" to connect to which "server_name", while it might be obvious it is through a proxy_pass, like most projects, the main issue difference is nginx is not in a container, so to interact with them we have to dns-proxy-server, which allow us to resolv the hostname of each container

PROOF OF CONCEPT

I'm able to use the NGINX of HESTIA as proxy for any docker container. Most of the job is done by dns-proxy-server which allow to do simple nginx server config like for each apps.

DOCKER INSTALLATION

I know you trust me, but don't execute everything you find on the net, please review the code first

curl -sSL https://raw.githubusercontent.com/JOduMonT/Debian/master/hestia-docker.sh | bash

DOCKER-COMPOSE.YML

mkdir ./docker
echo -e "version: '3'
services:
  dns-proxy:
    container_name: dns-proxy
    image: defreitas/dns-proxy-server
    hostname: dns-proxy.docker
    restart: always
    volumes:
    - ./data/dns-proxy-server/conf:/app/conf
    - /var/run/docker.sock:/var/run/docker.sock
    - /etc/resolv.conf:/etc/resolv.conf" > docker/docker-compose.yml

DOCKER-COMPOSE.OVERRIDE.YML

put your apps inside docker-compose.override.yml

echo -e "version: '3'
services:
  adminer:
    container_name: adminer
    depends_on:
    - dns-proxy
    image: adminer
    hostname: adminer.docker
    restart: unless-stopped" > docker/docker-compose.override.yml

START IT

cd docker
docker-compose up -d

NGINX CONFIG

nano /usr/local/hestia/data/templates/web/nginx/adminer.tpl

server {
    listen      %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;
    root        %docroot%;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;

    location / {
        proxy_pass http://adminer:8080;
        }
    }

nano /usr/local/hestia/data/templates/web/nginx/adminer.stpl

server {
    listen      %ip%:%web_ssl_port% ssl http2;
    server_name %domain_idn% %alias_idn%;
    root        %sdocroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    ssl_stapling on;
    ssl_stapling_verify on;

    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

    location / {
        proxy_pass http://adminer.docker:8080;
        }
    }

    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location /vstats/ {
        alias   %home%/%user%/web/%domain%/stats/;
        include %home%/%user%/web/%domain%/stats/auth.conf*;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

TODO

[ ] clarify this post/issue [ ] make the installation compatible with Ubuntu [ ] adding user in docker group [ ] variable for proxy_pass [ ] more example in docker-compose.override.yml [ ] find more todo

adding user in docker group

Do we want to give access to every hestia-users ? ref: v-add-user

variable for proxy_pass

from this point we simply need to use variable for: proxy_pass http://adminer.docker:8080; where adminer.docker is the internal DNS of the container and 8080 is the port ref: v-add-web-domain-backend

NOTE: I will obviously continue to work on it, but any help would be appreciate.

ghost commented 4 years ago

Hi @JOduMonT,

Thanks for submitting this to us. While I do not want to discourage you from your efforts, support for Docker/containers is not on our roadmap and doesn't fit within the project's scope; after an internal team discussion we won't be pursuing this at this time, as we have a lot of work left to do on the core product and won't be able to provide assistance in implementing this.

You are more than welcome to continue developing support for Docker in your own personal branch and submit a pull request for review when it has been completed, at which time we can re-evaluate.

JOduMonT commented 4 years ago

@kristankenney thank for the following and the honesty ;)