Docker is, at its heart, a way to organize, deploy and scale software in a compartmentalized fashion. It’s easy accessibility has revolutionised both the developer and IT industries and driven cloud adoption by leaps and bounds.
This guide is designed for people who want to learn docker infrastructure. Not just how to use docker, but how to stand up docker services in a robust and secure manner. This guide is about standing up a single node docker environment with backups, IP whitelisting, non-root containers (where supported), single sign-on and reverse proxying.
- An x86 based computer or virtual machine. Anything celeron or higher should be fine.
- A secondary btrfs based machine for hosting backups (a raspberry pi + external drive will work)
Why would I want to follow this guide?
If you’re a homelabber, you’re probably using docker already. Great! This guide is a ground-up perspective on how to create a resilient and secure docker infrastructure. Not just cowboying up a passwordless web portal to the internet, but setting up secure SSO, documentation, backups, and reverse proxying. In fact you can follow this guide from start to finish without exposing your services to the internet at all!
This guide is also good for small scale production. Not every company needs a kubernetes environment running thousands of containers in the cloud. Maybe you’re a small shop and just need to stand up a wiki, or an asset manager, or a ticketing system, or a remote desktop gateway. A couple virtualized docker hosts may be all you need. This guide will show you how to set up docker in a way that can be used in small scale production.
Great! What will we cover
Quite a bit actually. We will cover:
- Setting up a docker host on fedora server 34 using cockpit
- Installing Portainer for docker management (and showing portainer alternatives)
- Setting up source control and documentation with gitea
- Implementing reverse proxies and IP whitelisting with nginx proxy manager
- Setting up validated SSL certificates with Let’s encrypt, either DNS01 or HTTP01
- Backing up docker leveraging a remote target and the magic of btrfs
- Setting up central authentication and authorization with keycloak
- Demonstrating oauth proxying to secure passwordless services like code-server
- Setting up a next generation wiki with keycloak and outline
Shall we get started?
Yep! you can start with installing fedora