_Last updated on 2018-07-01._ ## Goals - Getting a Virtual Private Server (VPS) - Running Shaarli: - as a Docker container, - using the Træfik reverse proxy, - securized with TLS certificates from Let's Encrypt. The following components and tools will be used: - [Debian](https://www.debian.org/), a GNU/Linux distribution widely used in server environments; - [Docker](https://docs.docker.com/engine/docker-overview/), an open platform for developing, shipping, and running applications; - [Docker Compose](https://docs.docker.com/compose/), a tool for defining and running multi-container Docker applications. More information can be found in the [Resources](#resources) section at the bottom of the guide. ## Getting a Virtual Private Server For this guide, I went for the smallest VPS available from DigitalOcean, a Droplet with 1 CPU, 1 GiB RAM and 25 GiB SSD storage, which costs $5/month ($0.007/hour): - [Droplets Overview](https://www.digitalocean.com/docs/droplets/overview/) - [Pricing](https://www.digitalocean.com/pricing/) - [How to Create a Droplet from the DigitalOcean Control Panel](https://www.digitalocean.com/docs/droplets/how-to/create/) - [How to Add SSH Keys to Droplets](https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/) - [Initial Server Setup with Debian 8](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-debian-8) (also applies to Debian 9) - [An Introduction to Securing your Linux VPS](https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps) ### Creating a Droplet Select `Debian 9` as the Droplet distribution: <img src="../images/01-create-droplet-distro.jpg" width="500px" alt="Droplet distribution" /> Choose a region that is geographically close to you: <img src="../images/02-create-droplet-region.jpg" width="500px" alt="Droplet region" /> Choose a Droplet size that corresponds to your usage and budget: <img src="../images/03-create-droplet-size.jpg" width="500px" alt="Droplet size" /> Finalize the Droplet creation: <img src="../images/04-finalize.jpg" width="500px" alt="Droplet finalization" /> Droplet information is displayed on the Control Panel: <img src="../images/05-droplet.jpg" width="500px" alt="Droplet summary" /> Once your VPS has been created, you will receive an e-mail with connection instructions. ## Obtaining a domain name After creating your VPS, it will be reachable using its IP address; some hosting providers also create a DNS record, e.g. `ns4853142.ip-01-47-127.eu`. A domain name (DNS record) is required to obtain a certificate and setup HTTPS (HTTP with TLS encryption). Domain names can be obtained from registrars through hosting providers such as [Gandi](https://www.gandi.net/en/domain). Once you have your own domain, you need to create a new DNS record that points to your VPS' IP address: <img src="../images/06-domain.jpg" width="650px" alt="Domain configuration" /> ## Host setup Now's the time to connect to your freshly created VPS! ```shell $ ssh root@188.166.85.8 Linux stretch-shaarli-02 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sun Jul 1 11:20:18 2018 from <REDACTED> root@stretch-shaarli-02:~$ ``` ### Updating the system ```shell root@stretch-shaarli-02:~$ apt update && apt upgrade -y ``` ### Setting up Docker _The following instructions are from the [Get Docker CE for Debian](https://docs.docker.com/install/linux/docker-ce/debian/) guide._ Install package dependencies: ```shell root@stretch-shaarli-02:~$ apt install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common ``` Add Docker's package repository GPG key: ```shell root@stretch-shaarli-02:~$ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - ``` Add Docker's package repository: ```shell root@stretch-shaarli-02:~$ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" ``` Update package lists and install Docker: ```shell root@stretch-shaarli-02:~$ apt update && apt install -y docker-ce ``` Verify Docker is properly configured by running the `hello-world` image: ```shell root@stretch-shaarli-02:~$ docker run hello-world ``` ### Setting up Docker Compose _The following instructions are from the [Install Docker Compose](https://docs.docker.com/compose/install/) guide._ Download the current version from the release page: ```shell root@stretch-shaarli-02:~$ curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose root@stretch-shaarli-02:~$ chmod +x /usr/local/bin/docker-compose ``` ## Running Shaarli Shaarli comes with a configuration file for Docker Compose, that will setup: - a local Docker network - a Docker [volume](https://docs.docker.com/storage/volumes/) to store Shaarli data - a Docker [volume](https://docs.docker.com/storage/volumes/) to store Træfik TLS configuration and certificates - a [Shaarli](https://hub.docker.com/r/shaarli/shaarli/) instance - a [Træfik](https://hub.docker.com/_/traefik/) instance [Træfik](https://docs.traefik.io/) is a modern HTTP reverse proxy, with native support for Docker and [Let's Encrypt](https://letsencrypt.org/). ### Compose configuration Create a new directory to store the configuration: ```shell root@stretch-shaarli-02:~$ mkdir shaarli && cd shaarli root@stretch-shaarli-02:~/shaarli$ ``` Download the current version of Shaarli's `docker-compose.yml`: ```shell root@stretch-shaarli-02:~/shaarli$ curl -L https://raw.githubusercontent.com/shaarli/Shaarli/master/docker-compose.yml -o docker-compose.yml ``` Create the `.env` file and fill in your VPS and domain information (replace `<MY_SHAARLI_DOMAIN>` and `<MY_CONTACT_EMAIL>` with your actual information): ```shell root@stretch-shaarli-02:~/shaarli$ vim .env ``` ```shell SHAARLI_VIRTUAL_HOST=<MY_SHAARLI_DOMAIN> SHAARLI_LETSENCRYPT_EMAIL=<MY_CONTACT_EMAIL> ``` ### Pull the Docker images ```shell root@stretch-shaarli-02:~/shaarli$ docker-compose pull Pulling shaarli ... done Pulling traefik ... done ``` ### Run! ```shell root@stretch-shaarli-02:~/shaarli$ docker-compose up -d Creating network "shaarli_http-proxy" with the default driver Creating volume "shaarli_traefik-acme" with default driver Creating volume "shaarli_shaarli-data" with default driver Creating shaarli_shaarli_1 ... done Creating shaarli_traefik_1 ... done ``` ## Conclusion Congratulations! Your Shaarli instance should be up and running, and available at `https://<MY_SHAARLI_DOMAIN>`. <img src="../images/07-installation.jpg" width="500px" alt="Shaarli installation page" /> ## Resources ### Related Shaarli documentation - [Docker 101](../docker/docker-101.md) - [Shaarli images](../docker/shaarli-images.md) ### Hosting providers - [DigitalOcean](https://www.digitalocean.com/) - [Gandi](https://www.gandi.net/en) - [OVH](https://www.ovh.co.uk/) - [RackSpace](https://www.rackspace.com/) - etc. ### Domain Names and Registrars - [Introduction to the Domain Name System (DNS)](https://opensource.com/article/17/4/introduction-domain-name-system-dns) - [ICANN](https://www.icann.org/) - [Domain name registrar](https://en.wikipedia.org/wiki/Domain_name_registrar) - [OVH Domain Registration](https://www.ovh.co.uk/domains/) - [Gandi Domain Registration](https://www.gandi.net/en/domain) ### HTTPS and Security - [Transport Layer Security](https://en.wikipedia.org/wiki/Transport_Layer_Security) - [Let's Encrypt](https://letsencrypt.org/) ### Docker - [Docker Overview](https://docs.docker.com/engine/docker-overview/) - [Docker Documentation](https://docs.docker.com/) - [Get Docker CE for Debian](https://docs.docker.com/install/linux/docker-ce/debian/) - [docker logs](https://docs.docker.com/engine/reference/commandline/logs/) - [Volumes](https://docs.docker.com/storage/volumes/) - [Install Docker Compose](https://docs.docker.com/compose/install/) - [docker-compose logs](https://docs.docker.com/compose/reference/logs/) ### Træfik - [Getting Started](https://docs.traefik.io/) - [Docker backend](https://docs.traefik.io/configuration/backends/docker/) - [Let's Encrypt and Docker](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/) - [traefik](https://hub.docker.com/_/traefik/) Docker image