From 708b47f4b17f792792ab1132752cdeb592e468de Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Mon, 27 Feb 2023 11:19:11 +0100 Subject: [PATCH 1/6] Added passbolt --- README.md | 11 +++++---- examples/passbolt/README.md | 15 ++++++++++++ examples/passbolt/docker-compose.yml | 36 ++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 5 deletions(-) create mode 100644 examples/passbolt/README.md create mode 100644 examples/passbolt/docker-compose.yml diff --git a/README.md b/README.md index a57f66c..01059d8 100644 --- a/README.md +++ b/README.md @@ -47,11 +47,12 @@ docker compose up ### Password Management - [Vaultwarden](examples/vaultwarden) - Lightweight Bitwarden server API implementation written in Rust. Unlocks paid Bitwarden features such as 2FA. -- [Bitwarden Unified](examples/bitwarden-unified) - Official Bitwarden deployment option (beta) targeting selfhosters by providing a resource-efficient, single Docker image with multiple database support. +- [Bitwarden Unified](examples/bitwarden-unified) - Official Bitwarden deployment option (beta) targeting selfhosters by providing a resource-efficient, single Docker image with multiple database support. +- [Passbolt CE](examples/passbolt) - Passbolt CE open source password manager for teams based on GPG ### Reverse Proxies - [Traefik](examples/traefik) - Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Marathon, …) to manage its configuration automatically and dynamically. -- [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination. +- [Nginx Proxy Manager](examples/nginx-proxy-manager) - Nginx Proxy Manager is an easy way to accomplish reverse proxying hosts with SSL termination. - [Caddy](examples/caddy) - The Caddy web server is an extensible, cross-platform, open-source web server written in Go. Caddy obtains and renews TLS certificates for your sites automatically. ### Virtual Private Network (VPN) @@ -62,7 +63,7 @@ docker compose up - ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO. ### Domain Name Service (DNS) -- [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking. +- [AdGuard Home](examples/adguard-home) - AdGuard Home is a network-wide software for blocking ads and tracking. - [AdGuard Home Sync](examples/adguard-home-sync) - Synchronize AdGuardHome config to replica instances. - [Technitium DNS](examples/technitium-dns) - An open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. - [Pihole](examples/pihole) - Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. @@ -72,7 +73,7 @@ docker compose up - [Gitea](examples/gitea) - Community managed fork of Gogs, lightweight code hosting solution. - [Drone](examples/drone) - Drone is a continuous delivery system built on container technology. Drone uses a simple YAML build file, to define and execute build pipelines inside Docker containers. - [Gitlab Community](examples/gitlab-ce) - Self Hosted Git repository management, code reviews, issue tracking, activity feeds and wikis. -- [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server. +- [Code-Server](examples/code-server) - VS Code in the browser, hosted on a remote server. - [Obsidian-Remote](examples/obsidian-remote) - This docker image allows you to run obsidian in docker as a container and access it via your web browser. - [Onedev](examples/onedev) - Self-hosted Git Server with CI/CD and Kanban. - [n8n](examples/n8n) - Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services. @@ -164,7 +165,7 @@ docker compose up ### Finance - [TRSync](examples/trsync) - Django web frontend for pytr to download all Trade Republic depot data. - [Money-Balancer](examples/money-balancer) - A simple application for managing debt with your friends! -- [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances. +- [Firefly III](examples/firefly-iii) - A self-hosted manager for your personal finances. ### Communication and Social - [Mirotalk P2P](examples/mirotalk) - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms. diff --git a/examples/passbolt/README.md b/examples/passbolt/README.md new file mode 100644 index 0000000..779fd79 --- /dev/null +++ b/examples/passbolt/README.md @@ -0,0 +1,15 @@ +# References + +- https://www.passbolt.com + +Passbolt container runs as specific user with a UID and GUID of `33`. + +Therefore, ensure proper permissions on the Docker data bind mount volumes: + +```` +sudo chgrp 33 /mnt/docker-volumes/passbolt/gpg +sudo chmod 770 /mnt/docker-volumes/passbolt/gpg + +sudo chgrp 33 /mnt/docker-volumes/passbolt/jwt +sudo chmod 770 /mnt/docker-volumes/passbolt/jwt +```` diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml new file mode 100644 index 0000000..a18b290 --- /dev/null +++ b/examples/passbolt/docker-compose.yml @@ -0,0 +1,36 @@ +version: '3.9' +services: + db: + image: mariadb:10.3 + restart: unless-stopped + environment: + MYSQL_RANDOM_ROOT_PASSWORD: "true" + MYSQL_DATABASE: "passbolt" + MYSQL_USER: "passbolt" + MYSQL_PASSWORD: "P4ssb0lt" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/mariadb:/var/lib/mysql + + passbolt: + image: passbolt/passbolt:latest-ce + #Alternatively you can use rootless: + #image: passbolt/passbolt:latest-ce-non-root + restart: unless-stopped + depends_on: + - db + environment: + APP_FULL_BASE_URL: https://passbolt.local + DATASOURCES_DEFAULT_HOST: "db" + DATASOURCES_DEFAULT_USERNAME: "passbolt" + DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt" + DATASOURCES_DEFAULT_DATABASE: "passbolt" + volumes: + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/gpg:/etc/passbolt/gpg + - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/jwt:/etc/passbolt/jwt + command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"] + ports: + - 80:80 + - 443:443 + #Alternatively for non-root images: + # - 80:8080 + # - 443:4443 From 93fd7724c41ed94ded817686c19f7ea7bc24f9aa Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Mon, 27 Feb 2023 11:26:54 +0100 Subject: [PATCH 2/6] small typo on the rootless comment --- examples/passbolt/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index a18b290..6884f6d 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -33,4 +33,4 @@ services: - 443:443 #Alternatively for non-root images: # - 80:8080 - # - 443:4443 + # - 443:4433 From 180cf1076f2587e1bf98b13ebf5b5b0cf316a492 Mon Sep 17 00:00:00 2001 From: LRVT <21357789+l4rm4nd@users.noreply.github.com> Date: Mon, 27 Feb 2023 14:05:31 +0100 Subject: [PATCH 3/6] Update README.md punctuation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 01059d8..156e2ba 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ docker compose up ### Password Management - [Vaultwarden](examples/vaultwarden) - Lightweight Bitwarden server API implementation written in Rust. Unlocks paid Bitwarden features such as 2FA. - [Bitwarden Unified](examples/bitwarden-unified) - Official Bitwarden deployment option (beta) targeting selfhosters by providing a resource-efficient, single Docker image with multiple database support. -- [Passbolt CE](examples/passbolt) - Passbolt CE open source password manager for teams based on GPG +- [Passbolt CE](examples/passbolt) - Passbolt CE open source password manager for teams based on GPG. ### Reverse Proxies - [Traefik](examples/traefik) - Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Marathon, …) to manage its configuration automatically and dynamically. From 70ca8e43e5312a4e56163d2280765ef61799365f Mon Sep 17 00:00:00 2001 From: LRVT <21357789+l4rm4nd@users.noreply.github.com> Date: Mon, 27 Feb 2023 14:06:54 +0100 Subject: [PATCH 4/6] Update README.md add notes section --- examples/passbolt/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/passbolt/README.md b/examples/passbolt/README.md index 779fd79..d21c686 100644 --- a/examples/passbolt/README.md +++ b/examples/passbolt/README.md @@ -2,6 +2,8 @@ - https://www.passbolt.com +# Notes + Passbolt container runs as specific user with a UID and GUID of `33`. Therefore, ensure proper permissions on the Docker data bind mount volumes: From 92920ed4c96edad65990f89501c163c173ce5a1a Mon Sep 17 00:00:00 2001 From: LRVT <21357789+l4rm4nd@users.noreply.github.com> Date: Mon, 27 Feb 2023 14:09:29 +0100 Subject: [PATCH 5/6] Update docker-compose.yml fix yml struture, comments and add container names --- examples/passbolt/docker-compose.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index 6884f6d..ee5c5e9 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -1,7 +1,10 @@ version: '3.9' + services: db: image: mariadb:10.3 + container_name: passbolt-db + hostname: passbolt-db restart: unless-stopped environment: MYSQL_RANDOM_ROOT_PASSWORD: "true" @@ -12,14 +15,14 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/mariadb:/var/lib/mysql passbolt: - image: passbolt/passbolt:latest-ce - #Alternatively you can use rootless: - #image: passbolt/passbolt:latest-ce-non-root + image: passbolt/passbolt:latest-ce # alternatively, you can use the rootless image passbolt/passbolt:latest-ce-non-root + container_name: passbolt + hostname: passbolt restart: unless-stopped depends_on: - db environment: - APP_FULL_BASE_URL: https://passbolt.local + APP_FULL_BASE_URL: https://passbolt.example.com # adjust DATASOURCES_DEFAULT_HOST: "db" DATASOURCES_DEFAULT_USERNAME: "passbolt" DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt" @@ -31,6 +34,5 @@ services: ports: - 80:80 - 443:443 - #Alternatively for non-root images: - # - 80:8080 - # - 443:4433 + # - 80:8080 # alternative port mappings if rootless image is used + # - 443:4433 # alternative port mappings if rootless image is used From 244195fada47d77af221df83a3ba0df8a3d60e9c Mon Sep 17 00:00:00 2001 From: LRVT <21357789+l4rm4nd@users.noreply.github.com> Date: Mon, 27 Feb 2023 14:17:10 +0100 Subject: [PATCH 6/6] Update docker-compose.yml fix port mappings and APP_FULL_BASE_URL --- examples/passbolt/docker-compose.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index ee5c5e9..1e08bcf 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -22,7 +22,7 @@ services: depends_on: - db environment: - APP_FULL_BASE_URL: https://passbolt.example.com # adjust + APP_FULL_BASE_URL: http://127.0.0.1:8543 # adjust http/https and add your hostname or domain DATASOURCES_DEFAULT_HOST: "db" DATASOURCES_DEFAULT_USERNAME: "passbolt" DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt" @@ -32,7 +32,7 @@ services: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/passbolt/jwt:/etc/passbolt/jwt command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"] ports: - - 80:80 - - 443:443 - # - 80:8080 # alternative port mappings if rootless image is used - # - 443:4433 # alternative port mappings if rootless image is used + - 8543:80 # HTTP + - 8432:443 # HTTPS + # - 8543:8080 # alternative port mappings if rootless image is used + # - 8432:4433 # alternative port mappings if rootless image is used