{"id":15148367,"url":"https://github.com/raulsanchezzt/server","last_synced_at":"2026-02-18T06:31:42.849Z","repository":{"id":177064746,"uuid":"659440583","full_name":"RaulSanchezzt/server","owner":"RaulSanchezzt","description":"Docker compose files for services","archived":false,"fork":false,"pushed_at":"2023-11-03T18:19:12.000Z","size":561,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-07T02:47:29.035Z","etag":null,"topics":["docker","docker-compose","ghostfolio","netdata","nextcloud","nginx-proxy","odoo","ouroboros","pi-hole","portainer","self-hosted","server","traefik","truffle","vaultwarden","vscode","wireguard","wordpress"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RaulSanchezzt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-27T20:59:55.000Z","updated_at":"2024-04-24T10:16:30.000Z","dependencies_parsed_at":"2023-07-10T05:16:12.888Z","dependency_job_id":"8bdc17d0-b108-4030-8379-038614f5702d","html_url":"https://github.com/RaulSanchezzt/server","commit_stats":null,"previous_names":["raulsanchezzt/server"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RaulSanchezzt/server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RaulSanchezzt%2Fserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RaulSanchezzt%2Fserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RaulSanchezzt%2Fserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RaulSanchezzt%2Fserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RaulSanchezzt","download_url":"https://codeload.github.com/RaulSanchezzt/server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RaulSanchezzt%2Fserver/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279013705,"owners_count":26085393,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-13T02:00:06.723Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-compose","ghostfolio","netdata","nextcloud","nginx-proxy","odoo","ouroboros","pi-hole","portainer","self-hosted","server","traefik","truffle","vaultwarden","vscode","wireguard","wordpress"],"created_at":"2024-09-26T13:03:20.907Z","updated_at":"2025-10-13T05:35:19.948Z","avatar_url":"https://github.com/RaulSanchezzt.png","language":"Shell","readme":"# Server\n\nThis is a repository of service configurations in docker compose for any server.\n\n## Exposed Ports\n\nList of the exposed ports in a server:\n\n- 8: File-Broser\n- 53: Pi-Hole DNS\n- 80: Reverse Proxy HTTP\n- 81: Nginx Proxy Manager Admin UI\n- 88: Nextcloud\n- 443: Reverse Proxy HTTPS\n- 888: Odoo\n- 2368: Ghost\n- 3001: Uptime-Kuma\n- 3333: Ghostfolio\n- 4000: Blockscout HTTP\n- 5353: Pi-Hole Admin UI\n- 5678: n8n\n- 6379: Redis DB Blockscout\n- 7359: Jellyfin Service Discovery\n- 7432: Postgres DB Blockscout\n- 7545: HardHat RPC\n- 7777: Anaconda Jupyter\n- 8000: Vaultwarden\n- 8080: Traefik Admin UI\n- 8081: qBittorrent Web UI\n- 8096: Jellyfin HTTP\n- 8200: Duplicati Admin UI\n- 8443: Code Server\n- 8545: Truffle Ganache RPC\n- 8888: Wordpress\n- 9000: Portainer HTTP\n- 9091: Transmission Web UI\n- 9443: Portainer HTTPS\n- 17027: MongoDB Server\n- 17028: Mongo Express HTTP\n- 19999: Netdata\n- 51413: Transmission BitTorrent Client\n- 51820: Wireguard VPN UDP\n\n## Install\n\nFirst, boot from the `Ubuntu Server` ISO.\n\n![GRUB](img/1.png)\n\nIn this case we only need the **minimized** server.\n\n![Select Minimized version](img/2.png)\n\nFormat the disk in order to have enough space and `Swap`.\n\n![File System Summary](img/3.png)\n\nConfigure the user, password and server's name.\n\n![Profile Setup](img/4.png)\n\nInstall `OpenSSH Server`.\n\n![SSH Setup](img/5.png)\n\nWait until the install is complete and restart.\n\n![Install complete](img/6.png)\n\n## Configuration\n\n### Network\n\nAfter installing [Ubuntu Server](https://ubuntu.com/download/server), we can log in using SSH.\n\n![Windows Terminal](img/7.png)\n\nThen, update the packages to install **git** and **vim** _(or nano if you prefer)_.\n\n```bash\n$ sudo apt update\n\n$ sudo apt install git vim\n```\n\nEdit the **netplan** file to configure the network settings.\n\n```bash\n$ sudo vim /etc/netplan/00-installer-config.yaml\n```\n\nThis is the network configuration of this server.\n\n```yaml\nnetwork:\n ethernets:\n ens33:\n addresses:\n - 192.168.10.130/24\n nameservers:\n addresses: [8.8.8.8, 1.1.1.1]\n routes:\n - to: default\n via: 192.168.10.1\n version: 2\n```\n\nUse the **netplan** command to apply the changes.\n\n```bash\n$ sudo netplan apply\n```\n\nReboot the server to check everything is working.\n\n```bash\n$ sudo reboot now\n```\n\n### Fail2Ban\n\nIf we are going to expose the **SSH** port to _internet_, make sure to use **fail2ban**. Edit the `jail.conf` file like this:\n\n```bash\n$ vim /etc/fail2ban/jail.conf\n```\n\nMove to the `JAILS` section and edit the settings:\n\n```python\n#\n# JAILS\n#\n\n#\n# SSH servers\n#\n\n[sshd]\n\n# To use more aggressive sshd modes set filter parameter \"mode\" in jail.local:\n# normal (default), ddos, extra or aggressive (combines all).\n# See \"tests/files/logs/sshd\" or \"filter.d/sshd.conf\" for usage example and details.\n\nenabled = true\nbantime = 86400 # 24 Hours\nport = ssh\nlogpath = %(sshd_log)s\nbackend = %(sshd_backend)s\nmaxretry = 3\n```\n\nThen, **enable** the service and **start** the service.\n\n```bash\n$ sudo systemctl enable fail2ban\n\n$ sudo systemctl start fail2ban\n\n$ sudo systemctl status fail2ban\n```\n\nNow we can see the banned **IPs**:\n\n```bash\ncat /var/log/fail2ban.log\n```\n\n### Setup\n\nFirst, clone this _repository_ on the server and navigate to the directory.\n\n```bash\n$ git clone https://github.com/RaulSanchezzt/server.git \u0026\u0026 cd server\n```\n\nGive executable **permissions** to all _bash scripts_ in this directory.\n\n```bash\n$ chmod +x *.sh\n```\n\nNow you can run the **setup** script.\n\n```bash\n$ ./setup.sh\n```\n\n### Compose\n\nBefore running this script, open `VScode` on your browser _(http://192.168.1.130:8443)_ and edit the `.env` files of the services you want to install. Then, choose the services to install in the `compose.sh` script and run it!\n\n```bash\n$ ./compose.sh\n```\n\n## Code Server\n\nSecure **Visual Studio Code** using a strong `password` in the `.env` file, then restart the container.\n\n## NextCloud\n\n### Disks\n\nFirst, let's connect using RDP.\n\n![RDP Login](img/8.png)\n\nThen, format a new hard disk in _NTFS_.\n\n![Format Volume](img/9.png)\n\nFollowing this [tutorial](https://developerinsider.co/auto-mount-drive-in-ubuntu-server-22-04-at-startup/) we can learn to automount the external drive at **startup**. First, create the Mount Point.\n\n```bash\nroot@server:/media# mkdir BACKUP1\nroot@server:/media# mkdir BACKUP2\n```\n\nThen, get the Drive **UUID** and **Type**.\n\n```bash\nroot@server:/media# lsblk -o NAME,FSTYPE,UUID,MOUNTPOINTS\nNAME FSTYPE UUID MOUNTPOINTS\nsda\n└─sda1\n ntfs 15A2E896213E30F6\nsdb\n└─sdb1\n ntfs 291D307A63875E89 /media/DATA\nsdc\n└─sdc1\n ntfs 10873988671A6AD0\nsdd\n├─sdd1\n│ vfat D9E8-536B /boot/efi\n├─sdd2\n│ ext4 9667282e-8a54-4ea9-8622-46b12c461052 /var/snap/firefox/common/host-hunspell\n│ /\n└─sdd3\n swap 4fd8c3fc-a85b-49a1-ad87-529ba9becabd [SWAP]\n```\n\nNow, edit the `/etc/fstab` file.\n\n```bash\n# DATA\nUUID=291D307A63875E89 /media/DATA ntfs defaults 0 0\n\n# BACKUP1\nUUID=15A2E896213E30F6 /media/BACKUP1 ntfs defaults 0 0\n\n# BACKUP2\nUUID=10873988671A6AD0 /media/BACKUP2 ntfs defaults 0 0\n```\n\n**Test** `fstab` before rebooting!\n\n```bash\n$ sudo findmnt --verify\nSuccess, no errors or warnings detected\n```\n\nReboot the server to check everything is working well.\n\n```bash\n$ sudo reboot now\n```\n\nCheck the drive is mounted again.\n\n```bash\n$ lsblk -o NAME,FSTYPE,UUID,MOUNTPOINTS\nNAME FSTYPE UUID MOUNTPOINTS\nsda\n└─sda1\n ntfs 15A2E896213E30F6 /media/BACKUP1\nsdb\n└─sdb1\n ntfs 291D307A63875E89 /media/DATA\nsdc\n└─sdc1\n ntfs 10873988671A6AD0 /media/BACKUP2\nsdd\n├─sdd1\n│ vfat D9E8-536B /boot/efi\n├─sdd2\n│ ext4 9667282e-8a54-4ea9-8622-46b12c461052 /var/snap/firefox/common/host-hunspell\n│ /\n└─sdd3\n swap 4fd8c3fc-a85b-49a1-ad87-529ba9becabd [SWAP]\n```\n\nHere we can see every drive is mounted after start so edit the volume settings in the `docker-compose.yml` to store the data in other hard disk.\n\nFinally, start the containers:\n\n```bash\n$ root@server:/home/administrator/server/nextcloud dcup\n[+] Running 4/0\n ✔ Container Reverse-Proxy Running 0.0s\n ✔ Container MariaDB Running 0.0s\n ✔ Container Redis Running 0.0s\n ✔ Container App Running 0.0s\n```\n\n### Post-Configurations\n\nEnter to the `App` container as **root**.\n\n```bash\n$ docker exec -it App bash\n```\n\nUpdate and install `vim`.\n\n```bash\n$ root@f7ecbe790da1:/var/www/html# apt update\nHit:1 http://deb.debian.org/debian bookworm InRelease\nHit:2 http://deb.debian.org/debian bookworm-updates InRelease\nHit:3 http://deb.debian.org/debian-security bookworm-security InRelease\nReading package lists... Done\nBuilding dependency tree... Done\nReading state information... Done\n1 package can be upgraded. Run 'apt list --upgradable' to see it.\n\n$ root@f7ecbe790da1:/var/www/html# apt install vim\nReading package lists... Done\nBuilding dependency tree... Done\nReading state information... Done\nvim is already the newest version (2:9.0.1378-2).\n0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.\n```\n\nEdit `config.php` and paste this string:\n\n`'check_data_directory_permissions' =\u003e false,`\n\n```bash\n$ root@f7ecbe790da1:/var/www/html# vim config/config.php\n```\n\nExit and restart the container.\n\n```bash\nroot@f7ecbe790da1:/var/www/html# exit\nexit\nroot@server:/home/administrator/server/nextcloud# docker restart App\nApp\n```\n\nExecute the script to fix some warnings...\n\n```bash\n$ root@server:/home/administrator/server/nextcloud# ./config.sh\n```\n\nConfigure the email server using **Zoho Mail**:\n\n![Mail Server Config](img/10.png)\n\n### Cron Error\n\nTo fix the cron error, first make sure **cron** is selected on the settings. Then, create a new **cronjob**.\n\n```bash\nroot@server:/home/administrator# crontab -l\nno crontab for root\n\nroot@server:/home/administrator# crontab -e\nno crontab for root - using an empty one\n\nSelect an editor. To change later, run 'select-editor'.\n 1. /bin/nano \u003c---- easiest\n 2. /usr/bin/vim.basic\n 3. /usr/bin/vim.tiny\n 4. /bin/ed\n\nChoose 1-4 [1]: 1\n```\n\nFinally, paste this command to make sure the crontab jobs are working every **5 minutes**.\n\n`*/5 * * * * docker exec -u www-data App php -f /var/www/html/cron.php`\n\n## DuckDNS\n\nIt's a good practice to use a **Dynamic DNS** because the public **IP address** can change. Log in to [DuckDNS](https://www.duckdns.org/) and create a new domain pointing to the **actual IP address**.\n\nThen, copy the `token` and paste it to the `.env` file and start the service.\n\nNow if your **public IP address** changes, this service will update automatically.\n\n## Domains\n\nOnce we have configured the **DynDNS**, let's create some `DNS Records` to access our services:\n\n![DNS Records](img/14.png)\n\nFinally, open the ports `80, 443 \u0026 51820` on the **router** to make sure all service can work.\n\n## Nginx Proxy Manager\n\nIf we want to access from **Internet** to some services, we have to configure the `Reverse Proxy`. Log in to the [web](http://192.168.1.130:81) using the [default credentials](https://nginxproxymanager.com/guide/#quick-setup). Immediately after logging in with this default user, modify your details and change your password.\n\nThen, create some **SSL Certificates**, and following this [tutorial](https://youtu.be/qlcVx-k-02E), create one to access to our local home lab using **HTTPS**.\n\n![SSL Certificates](img/15.png)\n\nCreate the necessary **Proxy Hosts** to their `destination`.\n\n![Proxy Hosts](img/16.png)\n\nChange the **default site** to `404 page`.\n\n![Default Site](img/17.png)\n\nTo solve errors in **NextCloud**, copy and paste this in the **advanced settings** of the host.\n\n```js\nlocation /.well-known/carddav {\n return 301 $scheme://$host/remote.php/dav;}\nlocation /.well-known/caldav {\n return 301 $scheme://$host/remote.php/dav; }\nlocation /.well-known/webdav {\n return 301 $scheme://$host/remote.php/dav; }\n```\n\n## Vaultwarden\n\nFirst, start the service and configure the **Reverse Proxy** to use `HTTPS`:\n\n```bash\n$ root@server:/home/administrator/server/vaultwarden# dcup\n```\n\nTo [enable the admin page](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page), generate an `Argon2id PHC` and paste the output in the `.env` file:\n\n```bash\n$ docker exec -it Vaultwarden /vaultwarden hash --preset owasp\n```\n\nOnce we have the `ADMIN_TOKEN`, recreate the container:\n\n```bash\n$ root@server:/home/administrator/server/vaultwarden# dcup\n```\n\nCreate a new account before edit the **Admin settings**. Navigate to the admin page and configure the **SMTP** settings:\n\n![Mail Settings](img/11.png)\n\nThen, [disable registration of new users](https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users) in the general settings:\n\n![General Settings](img/12.png)\n\nFinally, enable the [email 2FA settings](https://bitwarden.com/help/setup-two-step-login-email/) and log in to your account and verify your **email**.\n\n![Email 2FA settings](img/13.png)\n\n## Duplicati\n\nFirst, edit the file to mount the **volumes**. Then, log in, set a **secure password** and create a new task or import other `configurations`.\n\n## Wireguard\n\nTo make sure the **VPN** works always, put the `URL` of [DuckDNS](#duckdns) in the `docker-compose.yml`. Then, add the **peers** you need and start the service.\n\n## Jellyfin\n\n- Change qbittorrent theme ui\n- Change default password of qbittorrent\n- Change default password of filebrowser\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraulsanchezzt%2Fserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fraulsanchezzt%2Fserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraulsanchezzt%2Fserver/lists"}