I've spent the past couple weekends teaching myself Rancher and Docker for the intended purpose of migrating my Jails to Docker Containers. I run a Homelab & a dedicated VMHost (website and internal web apps) that I also want to migrate many of the apps to leverage many of the features of Rancher and Docker. In this guide we will install and configure a RacherOS or Ubuntu VM with Docker/Rancher. Additionally, I will also be walking you through backing up and migrating your current Plex data from a Plugin or Jail install.
Previously I was only working with RancherOS on a single host. I've since migrated to Ubuntu Server 16.04 OS w/ Docker/Rancher on two hosts managed from a single WebUI. I moved away from RancherOS as it was easier in my environment to centrally manage. This is all a work in progress and taken from my Homelab. I will try to assist in troubleshooting when time is available.
While I have things separated in stacks, you could have them all in the same one. You can pick and chose how you configure your docker environment.
Previously I was only working with RancherOS on a single host. I've since migrated to Ubuntu Server 16.04 OS w/ Docker/Rancher on two hosts managed from a single WebUI. I moved away from RancherOS as it was easier in my environment to centrally manage. This is all a work in progress and taken from my Homelab. I will try to assist in troubleshooting when time is available.
While I have things separated in stacks, you could have them all in the same one. You can pick and chose how you configure your docker environment.
Installing the VM + Docker/Rancher
Choose the VM OS you prefer
Mounting External CIFS
Plex Media Stack
Downloader Stack
Gucamole Stack
NextCloud Stack
Choose the VM OS you prefer
Log into your FreeNAS and go to VMs
Select Add VM
VM Type: Change to
Name:
Description:
Virtual CPUs:
Memory Size (MiB):
Autostart:
OK to save. You can then select the VM and then Devices at the bottom
Select the RAW device and then Edit at the bottom
Raw File: Provide a path to a
Disk boot:
Password:
Disk size:
Start the VM! It will download and install the image. You will now want to access your FreeNAS's shell through your preferred method. Now to access VM's shell by running:
You may have to hit enter to get the RancherOS login
Login with the username '
Reboot the VM by running '
Run the following to install the Rancher container so we can access the WebUI:
Note: After it completes the pull and extract processes, it may take a few minutes before the WebUI is accessible!
Once that completes, go to http://{Your_Static_IP}:8080 and go to Add Host. Verify and save the Host Registration URL. Enter the IP for the new host, copy the command and run it in the RancherOS shell
Got to Admin > Access Control and select Local Authentication
Enter in your information and Enable Local Auth. RancherOS VM is now installed!
Select Add VM
VM Type: Change to
Docker VM
Name:
Give it a name
Description:
{Optional}
Virtual CPUs:
Min of 1
Memory Size (MiB):
Min of 2048
Autostart:
Enable
OK to save. You can then select the VM and then Devices at the bottom
Select the RAW device and then Edit at the bottom
Raw File: Provide a path to a
.IMG
file. You must enter the full filename after the path but the install will create it.Disk boot:
Enable
Password:
Provide a password.
When we access RancherOS via shell, this is the password we will use.Disk size:
Enter the size of the disk
Start the VM! It will download and install the image. You will now want to access your FreeNAS's shell through your preferred method. Now to access VM's shell by running:
cu -l /dev/nmdm#B
(Replace # with number listed in /dev/)You may have to hit enter to get the RancherOS login
Login with the username '
rancher
' and the password you configured earlier for the RAW device. Next you will want to configure a static IP. First run ' ifconfig
' to get your interface name ( eth0
be default.) Then run the following after modifying what you need to depending on your network configuration:[/B] sudo ros config set rancher.network.interfaces.eth0.address 10.1.10.15/24
sudo ros config set rancher.network.interfaces.eth0.gateway 10.1.10.1
sudo ros config set rancher.network.interfaces.eth0.mtu 1500
sudo ros config set rancher.network.interfaces.eth0.dhcp false
Reboot the VM by running '
sudo reboot
'. You should be able to SSH into the VM now instead of going the FreeNAS's shell.Run the following to install the Rancher container so we can access the WebUI:
sudo docker run -d --restart=unless-stopped -p 8080:8080 rancher/server
Note: After it completes the pull and extract processes, it may take a few minutes before the WebUI is accessible!
Once that completes, go to http://{Your_Static_IP}:8080 and go to Add Host. Verify and save the Host Registration URL. Enter the IP for the new host, copy the command and run it in the RancherOS shell
Got to Admin > Access Control and select Local Authentication
Enter in your information and Enable Local Auth. RancherOS VM is now installed!
We need to create storage for our VM. Log into your FreeNAS and go to Storage. Select a Dataset where you want to store the VM's disk and then select '
zvol name:
Comments:
Size for this zvol:
The reset are defaults
Select Add zvol to create. Now go to VMs and select Add VM
VM Type:
Name:
Description:
Virtual CPUs:
Memory Size (MiB):
Boot Method:
Autostart:
Select OK and then select your new VM. At the bottom, select Devices. You should now see the two default devices, NIC & VNC. Select the NIC and then select Edit at the bottom. We need to configure a MAC Address so we do not get a random one every time it reboots.
MAC Address:
NOTE: If you are able, I recommend that you go ahead and create a DHCP reservation with the MAC address.
Select OK to save and then select Add device button near the top.
VM:
Type:
ZVol:
Mode:
Select OK to save and then select Add device button near the top.
VM:
Type:
CD-ROM (ISO):
Select OK to save and then click the X next to the VMs name near the top:
. You will need to get a VNC Viewer to view and control the VM. We will also use it to correct a booting issue will arise after performing a shutdown.
On the VM page we can see our VM and VNC Port
We will need to configure our VNC View to our FreeNAS IP and that port. Once you configure your viewer, start the VM and connect.
Press
There is an issue with UEFI boot when trying to boot up after a shutdown that we should go ahead and resolve.
We need to create a new boot directory and copy the working grubx##.elf into it
Start the VM back up and verify with VNC that it boots the the login screen without issue. I would go ahead and SSH into the VM instead of VNC. We first need to update and upgrade the VM.
Configure
Add the Docker's official GPG key
Add a stable repo for Docker
Lets update package lists again
If you are like me, and may have mutiple docker hosts, you want to run the same version. Check the available versions of Docker
Lets install the latest (or similar version of other hosts) stable version
Finally, we can install Rancher
Note: After it completes the pull and extract processes, it may take a few minutes before the WebUI is accessible!
Once that completes, go to http://{Your_Static_IP}:8080 and go to Add Host. Verify and save the Host Registration URL. Enter the IP for the new host, copy the command and run it in the RancherOS shell
Got to Admin > Access Control and select Local Authentication
Enter in your information and Enable Local Auth. Ubuntu Server VM w/Docker/Rancher is now installed!
Create zvol
'.zvol name:
{Name}
Comments:
{Optional}
Size for this zvol:
## GiB
Must end in GiBThe reset are defaults
Select Add zvol to create. Now go to VMs and select Add VM
VM Type:
Virtual Machine
Name:
{Name}
Description:
{Optoinal}
Virtual CPUs:
Minimum of 1
Memory Size (MiB):
Minimum or 2048
Boot Method:
UEFI
Autostart:
{Enabled}
Select OK and then select your new VM. At the bottom, select Devices. You should now see the two default devices, NIC & VNC. Select the NIC and then select Edit at the bottom. We need to configure a MAC Address so we do not get a random one every time it reboots.
MAC Address:
{Ramdom MAC}
HINT: Select 00:00:00:00 Format and Upper Case!NOTE: If you are able, I recommend that you go ahead and create a DHCP reservation with the MAC address.
Select OK to save and then select Add device button near the top.
VM:
{Name}
Type:
Disk
ZVol:
{The zvol we made earlier}
Mode:
AHCI
Select OK to save and then select Add device button near the top.
VM:
{Name}
Type:
CD-ROM
CD-ROM (ISO):
{Path to ISO File on dataset}
I'm using ubuntu-16.04.4-server-amd64.iso.Select OK to save and then click the X next to the VMs name near the top:
On the VM page we can see our VM and VNC Port
We will need to configure our VNC View to our FreeNAS IP and that port. Once you configure your viewer, start the VM and connect.
Press
Enter
on Install Server and allow the installer to boot.- Select your Language
- Select your Country
- Select
<No>
to Detect keyboard layout - Select Country of origin for the keyboard
- Select Keyboard layout
- Enter a hostname
- Enter a name
- Enter a username
- Enter a password & confirm
- Select
<No>
to Encrypt your home directory - Confirm the detected Time Zone
- Select
Guided - use entire disk and set up LVM
- Select disk to partition
- Select
<Yes>
to Write the changes to disk and configure LVM - Confirm the detected Amount of volume group to use for guided partitioning
- Select
<Yes>
to Force UEFI installation - Select
<Yes>
to Write the change to disks - Enter Proxy info if any
- Configure Automatic Updates
- At the Choose software to install screen, select OpenSSH server
- Finish the installation prompt now appears
- Remove the CD-ROM Device: Go to the FreeNAS WebUI > VMs > Select new VM > Devices > Select CD-ROM device > Delete
- Back to VNC Viewer, Select
<Continue>
to Reboot
There is an issue with UEFI boot when trying to boot up after a shutdown that we should go ahead and resolve.
Once you are able to type, enter
Scroll down to Boot Maintenance Manager
Scroll down to Boot From File
Navigate down until you can select the grubx64.efi and select it to start Ubuntu
exit
Scroll down to Boot Maintenance Manager
Scroll down to Boot From File
Navigate down until you can select the grubx64.efi and select it to start Ubuntu
We need to create a new boot directory and copy the working grubx##.elf into it
sudo -i
mkdir /boot/efi/EFI/BOOT
cp /boot/efi/EFI/ubuntu/grubx64.elf /boot/efi/EFI/BOOT/bootx64.elf
poweroff
Start the VM back up and verify with VNC that it boots the the login screen without issue. I would go ahead and SSH into the VM instead of VNC. We first need to update and upgrade the VM.
sudo apt-get update && sudo apt-get upgrade -y
Configure
apt
to use a repository over HTTPS sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
Add the Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Add a stable repo for Docker
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Lets update package lists again
sudo apt-get update
If you are like me, and may have mutiple docker hosts, you want to run the same version. Check the available versions of Docker
sudo apt-cache madison docker-ce
docker-ce | 17.12.1~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.12.0~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.09.1~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.09.0~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.2~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.1~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.0~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.2~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
Lets install the latest (or similar version of other hosts) stable version
sudo apt-get install docker-ce=17.12.0~ce-0~ubuntu
Finally, we can install Rancher
sudo docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:stable
Note: After it completes the pull and extract processes, it may take a few minutes before the WebUI is accessible!
Once that completes, go to http://{Your_Static_IP}:8080 and go to Add Host. Verify and save the Host Registration URL. Enter the IP for the new host, copy the command and run it in the RancherOS shell
Got to Admin > Access Control and select Local Authentication
Enter in your information and Enable Local Auth. Ubuntu Server VM w/Docker/Rancher is now installed!
Mounting External CIFS
When it's time to restore Plex, I recommend keeping your paths the same. In my configuration, Plex's Storage for the Jail had been configured to
I verified by going to my FreeNAS WebUI, navigated to Jailes > Storage and verified the jails Destination path(s).
/media
. I verified by going to my FreeNAS WebUI, navigated to Jailes > Storage and verified the jails Destination path(s).
First we need to create a
Press
Once you've configured the file to your needs, press
Run the following to merge the file into the config
Reboot the VM by running '
.YAML
file to merge into the RancherOS Config. Will will accomplish this with vi
in terminal. vi mount.yaml
Press
i
to enter insert mode. mounts:
- - //{FreeNAS}/Backup
- /media/Backup
- cifs
- username={Username},password={Password},iocharset=utf8,_netdev
- - //{FreeNAS}/Media
- /media/Media
- cifs
- username={Username},password={Password},iocharset=utf8,_netdev
- - //{FreeNAS}/Downloads
- /media/Downloads
- cifs
- username={Username},password={Password},iocharset=utf8,_netdev
- - //{FreeNAS}/NextCloud
- /media/NextCloud
- cifs
- username={Username},password={Password},iocharset=utf8,_netdev
Once you've configured the file to your needs, press
ESC
and then :x
to save and close the file.Run the following to merge the file into the config
sudo ros config merge -i mount.yaml
Reboot the VM by running '
sudo reboot
'. You can then run ' sudo df -h
' to verify everything mounted correctly. Filesystem Size Used Avail Use% Mounted on
...
//{FreeNAS}/Backup 100T 3.6T 96.3T 3% /media/Backup
//{FreeNAS}/Media 100T 3.6T 96.3T 3% /media/Media
//{FreeNAS}/Downloads 100T 3.6T 96.3T 3% /media/Downloads
//{FreeNAS}/NextCloud 100T 3.6T 96.3T 3% /media/NextCloud
...
First, we need to install
We need to edit the systems
At the end of the file, we need to mount our shares by adding the following
When you are done editing the file, press CTRL + X, press Y to confirm, and press Enter to save.
Next, we need to mount the added shares
cifs-utils
sudo apt-get install -y cifs-utils
We need to edit the systems
fstab
file. sudo nano /etc/fstab
At the end of the file, we need to mount our shares by adding the following
//{FreeNAS}/Backup /media/Backup cifs username={Username},password={Password},iocharset=utf8,sec=ntlm 0 0
//{FreeNAS}/Downloads /media/Downloads cifs username={Username},password={Password},iocharset=utf8,sec=ntlm 0 0
//{FreeNAS}/Media /media/Media cifs username={Username},password={Password},iocharset=utf8,sec=ntlm 0 0
//{FreeNAS}/Nextcloud /media/nextcloud cifs username={Username},password={Password},iocharset=utf8,sec=ntlm 0 0
When you are done editing the file, press CTRL + X, press Y to confirm, and press Enter to save.
Next, we need to mount the added shares
sudo mount -a
Plex Media Stack
Go to STACKS > Users > Add Stack
Name:
Description:
Select Add Service
Name:
Description:
Select Image*:
+ Port Map:
Add three Environment Variables
Auto Restart=
HOSTNAME=
TZ=
PLEX_CLAIM=
Configure Volumes
Configure Networking
Network:
Hostname:
Resolving Servers:
You should now be able to Create the service. It will download and configure the container for the service and you should now be able to access it at http://{Docker_IP}:32400
Name:
pms
Description:
{Optional}
Select Add Service
Name:
pms
Description:
{Optional}
Select Image*:
plexinc/pms-docker
+ Port Map:
32400:32400
Add three Environment Variables
Auto Restart=
Always
HOSTNAME=
pms
TZ=
Timezone
PLEX_CLAIM=
claim-https://www.plex.tv/claim/
Configure Volumes
/media/pms/config:/config
/media/Media:/media
/media/pms/transcode:/transcode
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Resolving Servers:
{Your DNS Servers}
You should now be able to Create the service. It will download and configure the container for the service and you should now be able to access it at http://{Docker_IP}:32400
First we need to disable some Plex features for the server migration. You will want to go to Settings > Server > Library and disable
Manual Jail Install:
Plugin Jail Install:
If you do not have a share, you will want to create one to copy your Plex data to.
I migrated my
After you've verified you can access the Plex Wizard first webapge, go ahead and stop the service. Back in the VM shell, navigate to
Delete the current
Now, lets copy the Jails
Run the following IF you need to adjust permissions
After everything was done, I was able to start the pms service and access the WebUI just as if it were in my jail! Remember to enable
Empty trash automatically after every scan
in your Plex Jail. Thanks to Where is the Plex Media Server data directory located? we also know the following:Manual Jail Install:
${JAIL_ROOT}/usr/local/plexdata/Plex Media Server
Plugin Jail Install:
${JAIL_ROOT}/var/db/plexdata/Plex Media Server/
If you do not have a share, you will want to create one to copy your Plex data to.
I migrated my
Plex Media Server
folder to an existing Backup share via shell like this: # In a shell, navigate to your plexdata folder and run the following to compress folder
tar -zcvf pms.tar.gz "Plex Media Server/"
# Copy pms.tar.gz file to share.
cp -R /mnt/Jails/plex/usr/local/plexdata/pms.tar.gz /mnt/Volume01/Backup/plexdata/pms.tar.gz
After you've verified you can access the Plex Wizard first webapge, go ahead and stop the service. Back in the VM shell, navigate to
/media/config/Library/Application Support
.Delete the current
Plex Media Server
folder by running sudo rm -R "Plex Media Server"
Now, lets copy the Jails
Plex Media Server
to /media/config/Library/Application Support
sudo cp /media/Backup/plexdata/pms.tar.gz "/media/pms/config/Library/Application Support/"
This took some time! #If running RancherOS:
sudo gunzip pms.tar.gz && sudo tar -xvf pms.tar
Must perform two commands as z
is missing from tar in RancherOS. If someone knows a better way... sudo rm pms.tar
#If running Ubuntu:
sudo tar -zxvf pms.tar.gz
sudo rm pms.tar.gz
Run the following IF you need to adjust permissions
sudo chown -R user:group "/media/config/Library/Application Support/*"
After everything was done, I was able to start the pms service and access the WebUI just as if it were in my jail! Remember to enable
Empty trash automatically after every scan
in Settings > Server > Library. Be sure and allow your PMS to re-process all your media.Under the pms stack, select Add Service
Name:
Description:
Select Image*:
+ Port Map:
Add Environment Variables
TZ=
Configure Volumes
Variables we will need to address:
Configure Networking
Network:
Hostname:
Resolving Servers:
Create the Tautulli service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:8181 to get started.
Name:
tautulli
Description:
{Optional}
Select Image*:
shiggins8/tautulli
+ Port Map:
8181:8181
Add Environment Variables
TZ=
Timezone
Configure Volumes
Variables we will need to address:
<path to plexlogs>:/logs:ro
Map to Plex Media servers log directory; preferably mapped withro
(ReadOnly) access.
/media/config/Library/Application Support/Plex Media Server/Logs
/media/tautulli:/config
/media/config/Library/Application Support/Plex Media Server/Logs:/logs:ro
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Resolving Servers:
{Your DNS Servers}
Create the Tautulli service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:8181 to get started.
Under the pms stack, select Add Service
Name:
Description:
Select Image*:
+ Port Map:
Add Environment Variables
TZ=
Configure Volumes
Configure Networking
Network:
Hostname:
Resolving Servers:
Create the Ombi service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:3579 to get started.
Name:
ombi
Description:
{Optional}
Select Image*:
linuxserver/ombi
+ Port Map:
3579:3579
Add Environment Variables
TZ=
Timezone
Configure Volumes
/media/ombi:/config
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Resolving Servers:
{Your DNS Servers}
Create the Ombi service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:3579 to get started.
docker-compose.yml
rancher-compose.yml
version: '2'
services:
ombi:
image: linuxserver/ombi
environment:
TZ: America/Chicago
stdin_open: true
volumes:
- /media/ombi:/config
dns:
- 10.1.10.3
- 10.1.10.2
tty: true
ports:
- 3579:3579/tcp
labels:
io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name
tautulli:
image: shiggins8/tautulli
hostname: tautulli
environment:
TZ: America/Chicago
stdin_open: true
volumes:
- /media/pms/config/Library/Application Support/Plex Media Server/Logs:/logs:ro
dns:
- 10.1.10.3
- 10.1.10.2
tty: true
ports:
- 8181:8181/tcp
labels:
io.rancher.container.pull_image: always
pms:
image: plexinc/pms-docker
environment:
TZ: America/Chicago
PLEX_CLAIM: claim-
stdin_open: true
volumes:
- /media/pms/config:/config
- /media/Media:/media
- /media/pms/transcode:/transcode
dns:
- 10.1.10.3
- 10.1.10.2
tty: true
ports:
- 32400:32400/tcp
labels:
io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name
rancher-compose.yml
version: '2'
services:
ombi:
scale: 1
start_on_create: true
tautulli:
scale: 1
start_on_create: true
pms:
scale: 1
start_on_create: true
Downloader Stack
I'm utilizing Deluge with an Open VPN client connected to Private Internet Access. Considering it is using an OpenVPN client this should work with other VPN providers. This will require OpenVPN configuration files and certs for your VPN provider.
PIA - The configuration files and certs for OpenVPN.
Go to STACKS > Users > Add Stack
Name:
Description:
Select Add Service
Name:
Description:
Select Image*:
+ Port Map:
+ Port Map:
+ Port Map:
+ Port Map:
Add three Environment Variables
VPN_ENABLED=
VPN_USER=
VPN_PASS=
VPN_PROV=
STRICT_PORT_FORWARD=
ENABLE_PRIVOXY=
LAN_NETWORK=
NAME_SERVERS=
DEBUG=
UMASK=
PUID=
PGID=
Configure Volumes
You will want to creat /media/deluge/config/openvpn on the host for OpenVPN configuration files and certs.
You need to copy the
Next, lets adjust permissions to match the
Configure Networking
Network:
Hostname:
Configure Security
Add:
Create the delugevpn service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:8112 to get started. The default password is '
To change the default Downloads folder go to Preferences > Downloads, configure '
To change your password go to Preferences > Interface, fill out the fields, and press the '
If you are like me, and want to tbe able to connect your PC and\or phone, we will need to add an authenticated user. From the VM's host's shell we need to modify an
On the next like, add a username and password
When you are done editing the file, press CTRL + X, press Y to confirm, and press Enter to save.
You should now be able to connect with your external clients and the WebUI!
PIA - The configuration files and certs for OpenVPN.
Go to STACKS > Users > Add Stack
Name:
downloaders
Description:
{Optional}
Select Add Service
Name:
delugevpn
Description:
{Optional}
Select Image*:
binhex/arch-delugevpn
+ Port Map:
8112:8112
+ Port Map:
8118:8118
+ Port Map:
58846:58846
+ Port Map:
58946:58946
Add three Environment Variables
VPN_ENABLED=
yes
VPN_USER=
{Username}
Your VPN UsernameVPN_PASS=
{Password}
Your VPN PasswordVPN_PROV=
pia
Your VPN ProviderSTRICT_PORT_FORWARD=
yes
ENABLE_PRIVOXY=
yes
LAN_NETWORK=
10.1.10.0/24
Your networks subnetNAME_SERVERS=
209.222.18.222,37.235.1.174,8.8.8.8,209.222.18.218,37.235.1.177,8.8.4.4
An external DNSDEBUG=
false
UMASK=
000
PUID=
1001
User permissions for the Download sharePGID=
1001
Group permissions for the Download shareConfigure Volumes
/media/deluge/data:/data
/media/deluge/config:/config
/media/Downloads:/downloads
You will want to creat /media/deluge/config/openvpn on the host for OpenVPN configuration files and certs.
sudo mkdir /media/deluge/config/openvpn
You need to copy the
ca.rsa.2048.crt crl.rsa.2048.pem
& {Location}.ovpn
files to the new folder. I placed my files in my existing Downloads CIFS share to copy. sudo cp /media/Dowloads/openvpn/ca.rsa.2048.crt /media/deluge/config/openvpn/ca.rsa.2048.crt
sudo cp /media/Dowloads/openvpn/crl.rsa.2048.pem /media/deluge/config/openvpn/crl.rsa.2048.pem
sudo cp /media/Dowloads/openvpn/{Location}.ovpn /media/deluge/config/openvpn/{Location}.ovpn
Next, lets adjust permissions to match the
PUID:PGID
that configured in our Environment Variables sudo chown -R 1001:1001 /media/deluge/config/openvpn
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Configure Security
Add:
NET_ADMIN
Create the delugevpn service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:8112 to get started. The default password is '
deluge
'.To change the default Downloads folder go to Preferences > Downloads, configure '
Download to:
' field to ' /downloads'
.To change your password go to Preferences > Interface, fill out the fields, and press the '
Change
' button.If you are like me, and want to tbe able to connect your PC and\or phone, we will need to add an authenticated user. From the VM's host's shell we need to modify an
auth
file sudo nano /media/deluge/config/auth
On the next like, add a username and password
username:password:10
When you are done editing the file, press CTRL + X, press Y to confirm, and press Enter to save.
You should now be able to connect with your external clients and the WebUI!
Under the downloaders stack, select Add Service
Name:
Description:
Select Image*:
+ Port Map:
Add Environment Variables
PUID=
PGID=
TZ=
Configure Volumes
Configure Networking
Network:
Hostname:
Resolving Servers:
Create the Sickrage service. It will take some time (took almost 3 mintues for me) to initialize but you should be able to access the Setup page http://{Docker_IP}:8081 to get started.
Name:
sickrage
Description:
{Optional}
Select Image*:
linuxserver/sickrage
+ Port Map:
8081:8081
Add Environment Variables
PUID=
1001
PGID=
1001
TZ=
Timezone
Configure Volumes
/media/sickrage:/config
/media/Downloads:/downloads
/media/Media:/media
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Resolving Servers:
{Your DNS Servers}
Create the Sickrage service. It will take some time (took almost 3 mintues for me) to initialize but you should be able to access the Setup page http://{Docker_IP}:8081 to get started.
Under the downloaders stack, select Add Service
Name:
Description:
Select Image*:
+ Port Map:
Add Environment Variables
PUID=
PGID=
TZ=
Configure Volumes
Configure Networking
Network:
Hostname:
Resolving Servers:
Create the CouchPotato service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:5050 to get started.
Name:
couchpotato
Description:
{Optional}
Select Image*:
linuxserver/couchpotato
+ Port Map:
5050:5050
Add Environment Variables
PUID=
1001
PGID=
1001
TZ=
Timezone
Configure Volumes
/media/couchpotato:/config
/media/Downloads:/downloads
/media/Media:/media
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Resolving Servers:
{Your DNS Servers}
Create the CouchPotato service. It will take some time to initialize but you should be able to access the Setup page http://{Docker_IP}:5050 to get started.
docker-compose.yml
rancher-compose.yml
version: '2'
services:
sickrage:
image: linuxserver/sickrage
environment:
PUID: '1001'
PGID: '1001'
TZ: America/Chicago
stdin_open: true
volumes:
- /media/sickrage:/config
- /media/Downloads:/downloads
- /media/Media:/media
dns:
- 10.1.10.3
- 10.1.10.2
tty: true
ports:
- 8081:8081/tcp
labels:
io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name
couchpotato:
image: linuxserver/couchpotato
environment:
PUID: '1001'
PGID: '1001'
TZ: America/Chicago
stdin_open: true
volumes:
- /media/couchpotato:/config
- /media/Downloads:/downloads
- /media/Media:/media
dns:
- 10.1.10.3
- 10.1.10.2
tty: true
ports:
- 5050:5050/tcp
labels:
io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name
delugevpn:
cap_add:
- NET_ADMIN
image: binhex/arch-delugevpn
environment:
VPN_ENABLED: 'yes'
VPN_USER: {Username}
VPN_PASS: {Password}
VPN_PROV: pia
STRICT_PORT_FORWARD: 'yes'
ENABLE_PRIVOXY: 'yes'
LAN_NETWORK: 10.1.10.0/24
NAME_SERVERS: 8.8.8.8,8.8.4.4
DEBUG: 'false'
UMASK: '000'
PUID: '1001'
PGID: '1001'
stdin_open: true
volumes:
- /media/deluge/data:/data
- /media/deluge/config:/config
- /media/Downloads:/downloads
tty: true
ports:
- 8112:8112/tcp
- 8118:8118/tcp
- 58846:58846/tcp
- 58946:58946/tcp
labels:
io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name
rancher-compose.yml
version: '2'
services:
sickrage:
scale: 1
start_on_create: true
couchpotato:
scale: 1
start_on_create: true
delugevpn:
scale: 1
start_on_create: true
Gucamole Stack
I leverage Apache Guacamole to remotely access my home network. I will also walk you through hardening the connection by adding Duo 2FA.
Go to STACKS > Users > Add Stack
Name:
Description:
Select Add Service
Name:
Description:
Select Image*:
+ Port Map:
Add Environment Variables
GUACD_HOSTNAME=
GUACD_PORT=
MYSQL_HOSTNAME=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
GUACAMOLE_HOME=
Configure Volumes
Configure Networking
Network:
Hostname:
Resolving Servers:
We're not done yet as now we need to add a guacd sidekick container.
Go to STACKS > Users > Add Stack
Name:
guacamole
Description:
{Optional}
Select Add Service
Name:
guac
Description:
{Optional}
Select Image*:
guacamole/guacamole
+ Port Map:
8090:8080
Since 8080 is already used by Rancher, you will need to change the Public Port to an unused one.Add Environment Variables
GUACD_HOSTNAME=
guacd
GUACD_PORT=
4822
MYSQL_HOSTNAME=
guacdb
MYSQL_DATABASE=
guacamole_db
MYSQL_USER=
guacamole_user
MYSQL_PASSWORD=
{Password}
GUACAMOLE_HOME=
/etc/guacamole
Configure Volumes
/media/guacamole:/etc/guacamole
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Resolving Servers:
{Your DNS Servers}
We're not done yet as now we need to add a guacd sidekick container.
Next, add guacd as a sidekick container
.
Name:
Description:
Select Image*:
Configure Networking
Network:
Hostname:
We're not done yet as now we need to add a guacdb sidekick container.
Name:
guacd
Description:
{Optional}
Select Image*:
guacamole/guacd
Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
We're not done yet as now we need to add a guacdb sidekick container.
Next, add guacdb as a sidekick container
.
Name:
Description:
Select Image*:
Add Environment Variables
MYSQL_ROOT_PASSWORD=
Configure Volumes
Configure Networking
Network:
Hostname:
Create the guacamole service but it will not work as there are still a few more steps left before the WebUI is available.
Name:
guacdb
Description:
{Optional}
Select Image*:
mariadb
Add Environment Variables
MYSQL_ROOT_PASSWORD=
{Password}
Configure Volumes
/media/Backup:/backup
You will need a way to pass along files to the MariaDB container so that we can initialize the database.Configure Networking
Network:
Managed
Hostname:
Use the container name | Set a specific hostname
Create the guacamole service but it will not work as there are still a few more steps left before the WebUI is available.
In order to create our DB user, table, apply permissions, and import the database scheme, we will need to access the guacdb container's shell.
From guacdb's host shell we need to identify the container ID
Output Example:
To enter the containers shell
Hostname will change once your are connected
Log into the database as root
The following queries create our database table, user, and configures permissions
Once the database and user are created, the database schema must be applied. In the volume we mounted for
You should be able to access the Login page http://{Docker_IP}:8090/guacamole to get started.
Default username & password:
I recommend creating a new Admin account and removing the default before proceeding with Duo 2FA.
From guacdb's host shell we need to identify the container ID
sudo docker container ls
Output Example:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
210259f0fec0 mariadb "/.r/r docker-entryp…" About a minute ago Up About a minute r-guacamole-guac-guacdb-1-3e9a8e52
To enter the containers shell
sudo docker exec -it {CONTAINER ID} bash
Hostname will change once your are connected
root@guacamole-guac-guacdb-1:/#
Log into the database as root
mysql -u root -p
The following queries create our database table, user, and configures permissions
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'%' IDENTIFIED BY '{Password}';
GRANT ALL PRIVILEGES ON guacamole_db.* TO 'guacamole_user'@'%';
FLUSH PRIVILEGES;
quit
Once the database and user are created, the database schema must be applied. In the volume we mounted for
guacdb
, you will want to place the mysql
folder found in guacamole-auth-jdbc-0.9.14.tar.gz
connector. I was able to cd /backup/mysql
to perform the following cat schema/*.sql | mysql -u root -p guacamole_db
You should be able to access the Login page http://{Docker_IP}:8090/guacamole to get started.
Default username & password:
guacadmin
| guacadmin
I recommend creating a new Admin account and removing the default before proceeding with Duo 2FA.
Apache Guacamole supports Duo two-factor authentication. I'm using the Duo Free subscription in my environment with a mix of some Google 2FA.
From your Duo Dashboard, go to Applications and click Protect and Application.
Scroll down to Web SDK and click Protect and Application.
Details will provide:
Scroll down and fill in the remainder of the information and save it. Be sure to note down the values we need for the configuration.
We also need to generate a long random string for the
Now we need to add the values to the guacamole.properties file. From our container host's shell, we need to
When you are done editing the file, press CTRL + X, press Y to confirm, and press Enter to save.
Next, we need to create the
Copy the
Restart the
From your Duo Dashboard, go to Applications and click Protect and Application.
Scroll down to Web SDK and click Protect and Application.
Details will provide:
duo-api-hostname:
duo-integration-key:
duo-secret-key:
Scroll down and fill in the remainder of the information and save it. Be sure to note down the values we need for the configuration.
We also need to generate a long random string for the
duo-application-key:
value. dd if=/dev/random count=1 | sha256sum
0+1 records in
0+1 records out
113 bytes copied, 0.000108476 s, 1.0 MB/s
d82dc0f05943de342de2630046c5e38dc083cf5f75c77ca7e81bf0548ec3c8e2 -
Now we need to add the values to the guacamole.properties file. From our container host's shell, we need to
cd /media/guacamole
sudo nano guacamole.properties
duo-api-hostname:
duo-integration-key:
duo-secret-key:
duo-application-key:
When you are done editing the file, press CTRL + X, press Y to confirm, and press Enter to save.
Next, we need to create the
extensions
folder for the guacamole-auth-duo-0.9.14.jar
extension found in guacamole-auth-duo-0.9.14.tar.gz
. sudo mkdir /media/guacamole/extensions
Copy the
guacamole-auth-duo-0.9.14.jar
into the extensions
folder.Restart the
guac
service, navigate to the login page http://{Docker_IP}:8090/guacamole, login and configure your Duo 2FA.docker-compose.yml
rancher-compose.yml
version: '2'
services:
guac:
image: guacamole/guacamole
environment:
GUACD_HOSTNAME: guacd
GUACD_PORT: '4822'
MYSQL_HOSTNAME: guacdb
MYSQL_DATABASE: guacamole_db
MYSQL_USER: guacamole_user
MYSQL_PASSWORD: {Password}
GUACAMOLE_HOME: /etc/guacamole
stdin_open: true
volumes:
- /media/guacamole:/etc/guacamole
dns:
- 10.1.10.3
- 10.1.10.2
tty: true
ports:
- 8090:8080/tcp
labels:
io.rancher.container.pull_image: always
io.rancher.sidekicks: guacd,guacdb
io.rancher.container.hostname_override: container_name
guacd:
image: guacamole/guacd
stdin_open: true
tty: true
labels:
io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name
guacdb:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: {Password}
stdin_open: true
volumes:
- /media/Backup:/backup
tty: true
labels:
io.rancher.container.pull_image: always
io.rancher.container.hostname_override: container_name
rancher-compose.yml
version: '2'
services:
guac:
scale: 1
start_on_create: true
guacd:
scale: 1
start_on_create: true
guacdb:
scale: 1
start_on_create: true
NextCloud Stack
I'm dealing with a permissions issue. I will update this guide once I've found a solution.