Created
January 20, 2015 10:55
-
-
Save martin-hewitt/2e022bba0775c8ac1e39 to your computer and use it in GitHub Desktop.
Docker Stack - Ghost, piwik & ownCloud under SSL'd nginx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get a server, somehow. Mine runs CentOS 7 | |
| # All commands to be run as root, so either sudo su, or add sudo to each one | |
| # Install Docker | |
| yum install docker | |
| # This nginx proxy listens to the main Docker socket for containers starting | |
| # and stopping. It then reads the VIRTUAL_HOST environment variable for that | |
| # container and creates a proxy route for each one. Containers without a | |
| # VIRTUAL_HOST environment variable will be ignored. This fork also allows | |
| # the overriding of the default max_upload_size, important for uploading pictures | |
| # or photos to Ghost. | |
| docker pull zedtux/nginx-proxy | |
| mkdir -p /opt/docker/ssl | |
| # Obtain, upload, and copy the primary domain's SSL certs | |
| cp ~/my.domain.crt /opt/docker/ssl | |
| cp ~/my.domain.key /opt/docker/ssl | |
| # Creating (and linking) this volume allows you to inspect the generated | |
| # nginx config files, which is useful for debugging | |
| mkdir -p /opt/docker/sites-enabled | |
| # Start the nginx container, linking in the SSL volume, Docker socket, and the sites-enabled folder | |
| docker run -d -p 80:80 -p 443:443 -v /opt/docker/ssl:/etc/nginx/ssl/ -v /var/run/docker.sock:/tmp/docker.sock -v /opt/docker/sites-enabled/:/etc/nginx/sites-enabled -name nginx zedtux/nginx-proxy | |
| docker pull dockerfile/ghost | |
| # Make a ghost-override directory so we can use custom themes | |
| # and alter the config.js file | |
| mkdir -p /opt/docker/ghost | |
| # Start the Ghost container, with dual virtual hosts, because I put the | |
| # main www. host under Cloudflare, but still want to be able to access | |
| # the site uncached. SSL_FILENAME will map my.domain.crt and my.domain.key | |
| # inside the nginx container to SSL secure these subdomains | |
| docker run -d -e VIRTUAL_HOST=www.my.domain,raw.my.domain -e SSL_FILENAME=my.domain -e MAX_UPLOAD_SIZE=1g -v /opt/docker/ghost/:/ghost-override --name ghost dockerfile/ghost | |
| docker pull bprodoehl/docker-piwik-mariadb | |
| # Create a persistent location for piwik's data | |
| mkdir -p /opt/mariadb | |
| # Start the piwik container | |
| docker run -d -e VIRTUAL_HOST=analytics.my.domain -e SSL_FILENAME=my.domain -e MAX_UPLOAD_SIZE=1g -v /opt/mariadb/:/data -e USER="super" -e PASS="$(pwgen -s -1 16)" --name piwik bprodoehl/docker-piwik-mariadb | |
| docker pull jchaney/owncloud | |
| # Create a persistent location for ownCloud's data | |
| mkdir -p /opt/docker/owncloud/data | |
| # Start the owncloud container, which will appear at https://cloud.my.domain/owncloud/ | |
| # Both the -h values and the -e VIRTUAL_HOST values are required | |
| docker run -d -h cloud.my.domain -e VIRTUAL_HOST=cloud.my.domain -e SSL_FILENAME=my.domain -v /opt/docker/owncloud/data:/var/www/owncloud/data --name owncloud jchaney/owncloud |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment