Archives
/
docker_deployment_notes
mirror of https://github.com/StarWhiz/docker_deployment_notes
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c3c6e61c2'
${ noResults }
docker_deployment_notes/outline-wiki/README.md

258 lines
8.2 KiB
Markdown
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Outline Wiki
This is the hardest deployment Ive ever done. I wouldnt have been able to deploy this without [Guru Computings Blog](https://blog.gurucomputing.com.au/Knowledgebases%20with%20Outline/Installing%20Outline%20Knowledgebase/)! I do not advise deploying this unless youve had some experience with deploying any of the other apps in this repostitory. If you get stuck here please refer to Gurus Computings blog!
## Minimum File Structure
```
/home/
└── ~/
└── docker/
└── outline/
├── .env
├── docker-compose.yml
├── docker.env
└── keycloak/
├── .env
├── docker-compose.yml
```
## Add to Caddyfile (from \~/docker/caddy)
Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
```
outline.yourdomain.com {
reverse_proxy outline:3000
}
outlinedata.yourdomain.com {
reverse_proxy outline-minio:9000
}
outlinedata-admin.yourdomain.com {
reverse_proxy outline-minio:9001
}
auth.yourdomain.com {
reverse_proxy keycloak:8080
}
```
outline-minio is the s3 bucket well be using.
keycloak is the auth provider we will be self hosting
# The “keycloak” directory
We will start with keycloak for single sign on first because it is easier and we need to get the client secret from it for outline! Start by creating a empty keycloak directory similar to the minimum file structure section above.
## docker-compose.yml
Copy and use the same docker-compose.yml in this repos ./keycloak directory
Feel free to change the version of the pull in this repo I'm using 0.72.0
Then you copy the .env in this repo to the same directory and modify it
## modifying the .env
This is self explanatory. There are 3 lines to modify after the = sign
```javascript
KC_DB_PASSWORD=<insert long and scary password>
KC_HOSTNAME=auth.yourdomain.com
KEYCLOAK_ADMIN_PASSWORD=<insert another long and scary password>
```
After you have both the docker-compose.yml and .env ready its time to start up the instances
```javascript
docker-compose up -d
```
### Keycloak Configuration
On your browser go to `https://auth.yourdomain.com/`and login to the Administration Console
* In your keycloak portal, under **clients**, create a new **oidc** client for **outline.yourdomain.com**. Set the following values:
```javascript
Client Auth: On
Client ID (can be whatever): outline.<your-domain>.com
Name (can be whatever): outline.<your-domain>.com
Root URL: https://outline.<your-domain>.com
Home URL: https://outline.<your-domain>.com
redirect URI: https://outline.<your-domain>.com/auth/oidc.callback
```
![Keycloak Create Client](https://github.com/StarWhiz/docker_deployment_notes/assets/9423276/c4b8f19e-912d-44e7-8d67-51a33d22e891)
Finally create an account under users and set a password.
![Keycloak Create User](https://github.com/StarWhiz/docker_deployment_notes/assets/9423276/c74e2045-7ec2-4c64-856d-5f2a156a710a)
![Keycloak Setpassword](https://github.com/StarWhiz/docker_deployment_notes/assets/9423276/ac64c774-fdbb-4c3b-9968-e64fe99e7c1c)
# The “outline” directory
This one is much harder!
## docker-compose.yml
Use the same docker-compose.yml located inside the outline directory of this repository
## docker.env
From the same directory in this repo copy and make modifications to `docker.env` to suit your environment
5 variables that contain `yourdomain.com`needs to have `yourdomain.com`substituted with your own domain
1 variables that say `<insert long and scary minio password>` need to be replaced with your own password
2 variables that say `<insert long and scary PG password>` need to be replaced with your own password
1 variable `SECRET_KEY=<Generate with openssl rand -hex 32>` needs to have its SECRET_KEY replaced by the output of `openssl rand -hex 32`
1 variable `UTILS_SECRET=<Generate with openssl rand -hex 32>` needs to have its UTIL_SECRET replaced by the output of `openssl rand -hex 32`
### Modify the OIDC Authentication section of docker.env
The 5 lines below need modification where `yourdomain.com` is replaced with your actual domain!
```javascript
OIDC_CLIENT_ID=outline.yourdomain.com
OIDC_CLIENT_SECRET=<use your own client secret generated in keycloak>
OIDC_AUTH_URI=https://auth.yourdomain.com/realms/master/protocol/openid-connect/auth
OIDC_TOKEN_URI=https://auth.yourdomain.com/realms/master/protocol/openid-connect/token
OIDC_USERINFO_URI=https://auth.yourdomain.com/realms/master/protocol/openid-connect/userinfo
```
### Optional: Set up SMTP variables to receive emails from outline
```javascript
SMTP_HOST=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_EMAIL=hello@example.com
SMTP_REPLY_EMAIL=hello@example.com
SMTP_TLS_CIPHERS=
SMTP_SECURE=true
```
## .env modifications needed
The three variables `MINIO_ROOT_PASSWORD`, `MINIO_BROWSER_REDIRECT_URL`, and `POSTGRES_PW` need to be replaced similarly to docker.env. Use the same minio password `<insert long and scary minio password>` and PG `<insert long and scary PG password>` password as above. As for the URL replace `yourdomain.com` with your actual domain you will be hosting this on.
```javascript
MINIO_ROOT_PASSWORD=<insert long and scary minio password>
MINIO_BROWSER_REDIRECT_URL=https://outlinedata.yourdomain.com
POSTGRES_PW=<insert long and scary PG password>
```
## Now that all files and modifications are in place. In the outline directory…
Create the db by running
```javascript
docker-compose run --rm outline yarn db:create --env=production-ssl-disabled
```
Youll get some error saying
```javascript
ERROR: getaddrinfo EAI_AGAIN outline-postgres
```
Dont worry we will carry on. Now run
```javascript
sudo chown -R 999:999 ./psqldatabase-data
```
Then run the migration command below
```javascript
docker-compose run --rm outline yarn db:migrate --env=production-ssl-disabled
```
After migration is complete. You can start the app with
```javascript
docker-compose up -d
```
Optional: If you run into any problems inspect the logs with
```javascript
docker-compose logs -f
```
Optional: Anytime you want to start over from scratch you can run the following in the ./outline directory
```javascript
docker-compose down --remove-orphans -v
sudo rm -R container-data/ psqldatabase-data/ redis.conf/
```
Okay so outline is finished hosting!
## Logging into your minio bucket and creating outlinebucket
This step needs to be done so you can drag / drop upload files to your outline pages
In your browser go to `https://outlinedata-admin.yourdomain.com` and login
Finally create a bucket called `outlinebucket`
After creation, under the anonymous tab add two access rules: `avatar` and `public` as readonly access rules. Dont worry if youre confused heres a gif below explaining all this.
![Minio](https://github.com/StarWhiz/docker_deployment_notes/assets/9423276/32d34e39-1cb9-422a-a849-132f07893100)
Thats it!
Now login to outline with your keycloak account. And you should be able to drag and drop images to your documents!
## Troubleshooting
You may have to run
`sudo chown -R systemd-coredump:systemd-coredump psqldatabase-data/`
on your psqldatabase-data folder if you get the error (on docker-compose logs -f) that says
`initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted`
## Migrating Domain Notes
back up .env, docker-compose.yml, and docker.env
edit only docker.env (if you plan on keeping same database + keycloak)
```
URL=https://outline.stoplagging.com
PORT=3000
OIDC_CLIENT_ID=outline.stoplagging.com
```
If new instance with new database edit
```
AWS_S3_UPLOAD_BUCKET_URL=https://outlinedata.stoplagging.com
```
If new instance with new keycloak edit
```
OIDC_AUTH_URI=https://auth.stoplagging.com/realms/master/protocol/openid-connect/auth
OIDC_TOKEN_URI=https://auth.stoplagging.com/realms/master/protocol/openid-connect/token
OIDC_USERINFO_URI=https://auth.stoplagging.com/realms/master/protocol/openid-connect/userinfo
```
docker-compose up again
don't forget to edit caddy
docker exec -w /etc/caddy caddy caddy reload
Now in keycloak go to Clients
export the original domain name
edit the .json
find & replace all old domain name with new domain name in text editor.
Edit description
reimport new domain name!
Reference in New Issue View Git Blame Copy Permalink