chun/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
docker/README.md

4.3 KiB
Raw Permalink Blame History

raine - home server

Home server running on Ubuntu (hostname: raine, local IP: 10.0.0.100). Hosts personal websites, Gitea, and a NAS for local file sharing.

Architecture

                       Internet
                           │
                           ▼
                    ┌─────────────┐
                    │ Cloudflare  │  (terminates TLS, hides home IP)
                    └──────┬──────┘
                           │
                    encrypted tunnel
                           │
                           ▼
                    ┌─────────────┐
                    │ cloudflared │  (native systemd service)
                    │  (raine)    │
                    └──────┬──────┘
                           │ HTTP :80
                           ▼
                    ┌─────────────┐
                    │    Caddy    │  (Docker, reverse proxy)
                    │             │
                    └──┬───┬───┬──┘
                       │   │   │
          oversteep.com│   │   │git.chunli.net
                       │   │   └──────┐
                       ▼   ▼          ▼
              /srv/oversteep.com   ┌──────┐
              /srv/chunli.net      │Gitea │  (Docker, :3000)
              (static sites)       └──────┘

Local-only services (not exposed via tunnel):

  • Samba — serves /mnt/nas over the LAN for file sharing between Linux/Mac clients
  • SSH — on port 22, key auth only
  • Gitea SSH — on port 2222, for local git operations

Services

Native (systemd)

Service Purpose
cloudflared Cloudflare tunnel to the internet
smbd Samba file sharing on LAN
ssh Remote shell access on LAN

Docker (managed per-directory)

Service Directory Ports Notes
caddy ./caddy/ 80, 443 Reverse proxy, serves sites
gitea ./gitea/ 3000, 2222 Self-hosted git, SQLite

Each service has its own compose.yml for independent management. They communicate over the Docker host network via host.docker.internal (configured in caddy's extra_hosts).

Domains

Domain Points to
oversteep.com Static site (Madison's)
chunli.net Static site (personal)
git.chunli.net Gitea via Caddy proxy

All domains go through the Cloudflare tunnel. Cloudflare handles TLS, so Caddy serves plain HTTP internally (the http:// prefix in the Caddyfile disables Caddy's automatic HTTPS).

Storage

  • /mnt/nas — 2TB ext4 drive (sda2), shared via Samba
    • Owned by chun:nas, mode 775
    • Users in the nas group have full read/write
    • Folder layout: photos/, media/, files/
  • Future: add more drives + mergerfs + snapraid when prices drop

Backups

Important: Gitea's data/ directory contains repos, the SQLite database, and config. It's gitignored but needs a separate backup strategy.

(TODO: set up backup scheme)

Common tasks

# Restart a service
cd ~/docker/<service>
docker compose restart

# View logs
docker logs <container-name>

# Update a service to the latest image
cd ~/docker/<service>
docker compose pull
docker compose up -d

# Check what's running
docker ps

Gotchas

  • Caddy can't reach containers in other compose projects via localhost. Use host.docker.internal:<port> instead (requires extra_hosts: ["host.docker.internal:host-gateway"]).
  • Caddy must pass X-Forwarded-Proto: https to Gitea so it generates correct URLs (since Cloudflare terminates TLS, not Caddy).
  • Group changes don't apply to existing shell sessions. After usermod -aG, log out and back in.
  • NTFS/exFAT drives auto-mount as root. If you need user-level access, either sudo or remount with uid=1000,gid=1000.
Reference in New Issue View Git Blame Copy Permalink