{"id":42859003,"url":"https://github.com/zorgch/zorg-docker","last_synced_at":"2026-01-30T12:29:59.000Z","repository":{"id":101010284,"uuid":"561474934","full_name":"zorgch/zorg-docker","owner":"zorgch","description":"Docker setup to run the zorg.ch Website and its related services in an isolated, server-independent environment.","archived":false,"fork":false,"pushed_at":"2025-12-26T18:33:51.000Z","size":572,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"live","last_synced_at":"2025-12-28T07:57:25.443Z","etag":null,"topics":["docker","docker-compose","server","zorg"],"latest_commit_sha":null,"homepage":"https://zorg.ch","language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zorgch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-11-03T19:17:13.000Z","updated_at":"2025-12-26T18:33:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"6685849b-4ecb-4861-b82b-2ea7d5f42265","html_url":"https://github.com/zorgch/zorg-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zorgch/zorg-docker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zorgch%2Fzorg-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zorgch%2Fzorg-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zorgch%2Fzorg-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zorgch%2Fzorg-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zorgch","download_url":"https://codeload.github.com/zorgch/zorg-docker/tar.gz/refs/heads/live","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zorgch%2Fzorg-docker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28912910,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T12:13:43.263Z","status":"ssl_error","status_checked_at":"2026-01-30T12:13:22.389Z","response_time":66,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-compose","server","zorg"],"created_at":"2026-01-30T12:29:58.740Z","updated_at":"2026-01-30T12:29:58.990Z","avatar_url":"https://github.com/zorgch.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"zorg on Docker\n===\n\n\u003e *Portable, Server independent, Docker-based code to get the zorg Websites and Services up, running, and hosted.*\n\n---\n\n**Table of Contents**\n\u003c!-- TOC maker: https://github.com/derlin/bitdowntoc --\u003e\n\n[πŸ”– Pre-requisites](#-pre-requisites)\n- [git installation](#git-installation)\n- [Docker installation](#docker-installation)\n - [🌐 DNS-records and Hosts](#-dns-records-and-hosts)\n- [πŸ“‚ Folder structure setup](#-folder-structure-setup)\n- [πŸ’Ύ Docker images](#-docker-images)\n- [🧬 Docker networking](#-docker-networks)\n\n[🏁 Getting started](#-getting-started)\n- [Initial setup (one time only)](#initial-setup-one-time-only)\n- [⏩ Update the cloned `zorg-docker` git repository](#-update-the-local-cloned-zorg-docker-git-repository)\n\n[πŸ“¦ Docker services](#-docker-services)\n- [Manage general services](#manage-general-services)\n - [Single Β«KeePass SFTPΒ» service](#run-the-keepass-sftp-service-separately)\n - [Single Β«Quake 3 Arena ServerΒ»](#run-the-quake-3-arena-server-separately)\n - [Single Β«phpDocumentorΒ» service](#run-the-phpdocumentor-service-separately)\n- [🏷️ Docker services -\u003e profiles mapping](#%EF%B8%8F-docker-services---profiles-mapping)\n- [🩺 Resource usage \u0026 services health](#docker-resource-usage---services-health)\n- [πŸ†™ Update all Docker images](#-update-all-docker-images)\n\n[πŸ‘¨β€πŸ« Explanations](#%E2%80%8D-explanations)\n- [πŸ§ͺ Debugging Docker Services](#-debugging-docker-services)\n- [πŸ”₯ Firewall ports configuration](#-firewall-ports-configuration)\n- [πŸ“„ The `/zorg-docker/resources`-directory \u0026 files](#-the-zorg-dockerresources-directory--files)\n- [πŸ” logrotate handling](#-logrotate-must-be-done-on-the-host)\n- [πŸ’Ώ Import/export SQL-dumps with MariaDB](#-importexport-sql-dumps-with-mariadb)\n\n\u003cbr\u003e\n\n---\n\n\u003cbr\u003e\n\n## πŸ”– Pre-requisites\n### git installation\nInstall **git** [for your OS](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git).\n\n\u003cbr\u003e\n\n### Docker installation\nFollowing the [official installation instructions](https://docs.docker.com/engine/install/) for **Docker**.\n\n\u003e [!TIP]\n\u003e On Ubuntu it's advised *against installing via snap*, as this may cause compatibility issues!\n\n\u003cbr\u003e\n\n#### 🌐 DNS-records and Hosts\n\nFor all Hosts (subdomains) on the main Domain, the correspoinding DNS A-records with IP must be set up.\n\n\u003cdetails\u003e\n\u003csummary\u003eExample A-records\u003c/summary\u003e\n\n```bash\nmail.domain.ch.\t 600\tIN\tMX\t178.nn.nn.nn\n*.domain.ch.\t 600\tIN\tA\t 178.nn.nn.nn\nwww.domain.ch.\t 600\tIN\tA\t 178.nn.nn.nn\ndockerstatus.domain.ch.\t600\tIN\tA\t 178.nn.nn.nn\n```\n\u003c/details\u003e\n\n\u003cbr\u003e\n\n##### πŸ‘¨β€πŸ’» Working locally (development)? Add `hosts`!\n\nOn production a proper setup with pointing DNS for the root domain to the server's IP-address, this should not be necessary. But **locally** with a dummy domain, the domain \u0026 hostnames must be added to the `/etc/hosts`-file:\n\n\u003cdetails\u003e\n\u003csummary\u003eExample `hosts`-entries\u003c/summary\u003e\n\n(adjust as per your `.env` settings)\n\n```bash\n127.0.0.1\tzdocker.dev\n127.0.0.1\tstatus.zdocker.dev\n127.0.0.1\twww.zdocker.dev\n127.0.0.1\tdb.zdocker.dev\n127.0.0.1\tftp.zdocker.dev\n127.0.0.1\tirc.zdocker.dev\n127.0.0.1\tpw.zdocker.dev\n127.0.0.1\tsmtp.zdocker.dev\n127.0.0.1\tquake.zdocker.dev\n```\n\u003c/details\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n## 🏁 Getting started\nIn general make sure to work from the project root directory:\n\n`cd /srv/\u003cmy-website\u003e/\u003chost\u003e`\n\n\u003cbr\u003e\n\n### πŸ“‚ Folder structure setup\nCreat the a folder structure on your host machine that reflects the following:\n\n\u003e [!IMPORTANT]\n\u003e This is just a proposal, folder structures \u0026 names can be different!\n\n```\n└── www \u003c-- (Your project root directory)\n β”‚\n β”œβ”€β”€ zorg-docker/ \u003c-- Pulled Git repository (repo)\n β”‚\n β”œβ”€β”€ .env \u003c-- Copy \u0026 adjust \".env.example\" from repo\n β”œβ”€β”€ docker-compose.yml \u003c-- Symbolic-linked ./zorg-docker/docker-compose.yml\n β”œβ”€β”€ docker-update.sh \u003c-- Symbolic-linked ./zorg-docker/docker-update.sh\n β”‚\n β”œβ”€β”€ reverseproxy/ \u003c-- (Optional) To further customize OWASP WAF rules or IP-Whitelist. Ref in .env\n β”‚Β Β  └── owasp-coraza-waf.yaml\n |\n β”œβ”€β”€ website/ \u003c-- zorg Website configs \u0026 data\n β”‚ β”œβ”€β”€ .env \u003c-- .env file for Website\n β”‚ β”œβ”€β”€ apache.conf \u003c-- Copy \u0026 adjust \"website/apache/example.conf\" from repo\n β”‚ β”‚ └── data/ \u003c-- Website /data/ folder \u0026 files\n β”‚ β”‚Β Β  β”œβ”€β”€ files/ (user generated content for zorg website)\n β”‚ β”‚Β Β  β”œβ”€β”€ gallery/\n β”‚ β”‚Β Β  β”œβ”€β”€ tauschboerse/\n β”‚ β”‚ └── ...\n β”‚ β”œβ”€β”€ cronjobs/\n β”‚ β”‚Β Β  └── cronjobs.crontab \u003c-- Copy \u0026 adjust \"website/php/example.crontab\" from repo\n β”‚ └── sendmail/\n β”‚ Β  Β  └── msmtprc \u003c-- Copy \u0026 adjust \"website/sendmail/example-msmtprc\" from repo\n β”‚\n β”œβ”€β”€ mailserver/ \u003c-- (Optional) To further customize Postfix SMTP. Reference in .env\n β”‚Β Β  └── postfix-main.cf\n |\n β”œβ”€β”€ irc/\n β”‚Β Β  β”œβ”€β”€ anope-configs/ \u003c-- Copy \u0026 adjust \"irc/anope-example-sensitive-includes\" from repo\n β”‚ β”‚Β Β  β”œβ”€β”€ sensitive-channels.conf\n β”‚ β”‚Β Β  β”œβ”€β”€ sensitive-mail.conf\n β”‚ β”‚Β Β  β”œβ”€β”€ sensitive-networkinfo.conf\n β”‚ β”‚Β Β  β”œβ”€β”€ sensitive-nicknames.conf\n β”‚ β”‚Β Β  β”œβ”€β”€ sensitive-operators.conf\n β”‚ β”‚Β Β  β”œβ”€β”€ sensitive-serverinfo.conf\n β”‚ β”‚Β Β  β”œβ”€β”€ sensitive-uplink.conf\n β”‚ β”‚Β Β  └── services.motd\n β”‚Β Β  └── ircd-configs/ \u003c-- Copy \u0026 adjust \"irc/unrealircd-example-sensitive-includes\" from repo\n β”‚ β”œβ”€β”€ ircd.motd\n β”‚ β”œβ”€β”€ sensitive-admin.conf\n β”‚ β”œβ”€β”€ sensitive-history.conf\n β”‚ β”œβ”€β”€ sensitive-me.conf\n β”‚ β”œβ”€β”€ sensitive-network.conf\n β”‚ β”œβ”€β”€ sensitive-operators.conf\n β”‚ β”œβ”€β”€ sensitive-server.conf\n β”‚ β”œβ”€β”€ sensitive-servicelink.conf\n β”‚ └── ssl/\n β”‚\n β”œβ”€β”€ code-docu/\n β”‚Β Β  β”œβ”€β”€ code/ \u003c-- (Optional) Git clone of github.com/zorgch/zorg-code.git. Reference in .env\n β”‚Β Β  β”œβ”€β”€ docu/ \u003c-- (Optional) Reference in .env\n β”‚Β Β  └── phpdoc.xml \u003c-- (Optional)\n β”‚\n β”œβ”€β”€ keepass/ \u003c-- Reference in .env Only AFTER sftp started: put kdbx file here.\n β”‚\n β”œβ”€β”€ quake3-baseq3/ \u003c-- Reference in .env\n β”‚Β  β”œβ”€β”€ q3config_server.cfg \u003c-- Copy \u0026 adjust \"quake3/example-server.cfg\" from repo\n β”‚Β Β  β”œβ”€β”€ pak0.pk3 \u003c-- From a local licensed Quake3 installation\n β”‚Β Β  └── pak1-8.pk3 \u003c-- Can be obtained at: https://ioquake3.org/extras/patch-data/\n β”‚\n └── logs/ \u003c-- Reference in .env\n β”œβ”€β”€ website/ \u003c-- Sub-directories MUST also be created manually!\n β”‚ β”œβ”€β”€ apache/\n β”‚ β”œβ”€β”€ php/\n β”‚ β”œβ”€β”€ sendmail/\n β”‚ └── website/\n β”œβ”€β”€ reverseproxy-owasp/\n β”œβ”€β”€ mariadb/\n β”œβ”€β”€ mailserver-smtp/\n β”œβ”€β”€ irc-server/ \u003c-- ⚠️ Requires: sudo chown -R 1000:1000\n β”œβ”€β”€ sftp/\n └── quake3-server/\n```\n\n\u003cbr\u003e\n\n### πŸ’Ύ Docker images\nHere's an overview of the underlaying Docker images used for the Docker Services, in order to provide quick access to their documentation \u0026 configuration how-to's.\n\n\u003cdetails\u003e\n\u003csummary\u003eClick to show list\u003c/summary\u003e\n\n| Service | Docker image | Link |\n| ------------------ | ------------------------- | ------------------ |\n| `sslcerts` | `alpine/mkcert` | [GitHub](https://github.com/alpine-docker/multi-arch-docker-images/tree/master/mkcert) |\n| `dashboard` | `portainer/portainer-ce` | [Docs](https://docs.portainer.io/start/install-ce/server/docker) |\n| `reverseproxy`\u003cbr\u003e+ `owasp-coraza-waf@file` | `traefik`\u003cbr\u003e`coraza-http-wasm-traefik` | [Docs](https://doc.traefik.io/traefik/)\u003cbr\u003e[GitHub](https://github.com/jcchavezs/coraza-http-wasm-traefik) |\n| `website` | `php` | [Docker Hub](https://hub.docker.com/_/php) |\n| `db` | `mariadb` | [Docs](https://mariadb.com/kb/en/mariadb-server-docker-official-image-environment-variables/) |\n| `db-manager` | `adminer` | [Docs](https://hub.docker.com/_/adminer/#how-to-use-this-image) |\n| `postfix-smtp` | `mailserver/docker-mailserver` | [Docs](https://docker-mailserver.github.io/docker-mailserver/) |\n| `irc` | `c0dy/unrealircd-anope` | [Docker Hub](https://hub.docker.com/r/c0dy/unrealircd-anope) |\n| `irc-quizbot` | `python:3.12-slim` | [GitHub](https://github.com/zorgch/irc-quizbot) |\n| `irc-telegram-bridge` | `bhavin192/teleirc` | [Docker Hub](https://hub.docker.com/r/bhavin192/teleirc) |\n| `stockticker` | `python:3.12-slim` | [GitHub](https://github.com/zorgch/zorg-docker/tree/dev/resources/python/stockticker) |\n| `servicealerts` | `lorcas/docker-telegram-notifier` | [GitHub](https://github.com/luc-ass/docker-telegram-notifier) |\n| `sftp` | `atmoz/sftp` | [Docker Hub](https://hub.docker.com/r/atmoz/sftp/) |\n| `quake3` | `jberrenberg/quake3` | [GitHub](https://github.com/jberrenberg/docker-quake3/tree/master/quake3) |\n| `phpdoc` | `phpdoc/phpdoc` | [Docs](https://docs.phpdoc.org/guide/guides/running-phpdocumentor.html#running-phpdocumentor) |\n\n\u003c/details\u003e\n\n\u003cbr\u003e\n\n### 🧬 Docker Networks\n\nIn order to not block Ports for other networking services on the server / in other Docker stacks, this Docker stack has support for [HTTP, TCP (dedicated), and UDP shared networks](#add-external-docker-networks) (aka External Docker Networks).\n\nThese are optional, but highly recommended to use - in order to prevent future port conflicts. Here's a schematic overview of the networking capabilities added:\n\n```mermaid\ngraph TD\n %% Externe Netzwerke\n subgraph External Networks\n lb_http[\"loadbalance-http\u003cbr\u003e[external/shared]\"]\n lb_tcp[\"loadbalance-tcp\u003cbr\u003e[external/shared]\"]\n lb_udp[\"loadbalance-udp\u003cbr\u003e[external/shared]\"]\n end\n\n %% zorg Main\n subgraph zorg Live\n zorg[zorg services]\n grid[\"the-grid\u003cbr\u003eβ†’ loadbalance-http\"]\n superhighway[\"information-superhighway\u003cbr\u003eβ†’ loadbalance-tcp\"]\n slipgate[\"slipgate-teleporter\u003cbr\u003eβ†’ loadbalance-udp\"]\n zion[\"zion-mainframe\u003cbr\u003e[internal only]\"]\n end\n\n %% zorg Construct\n subgraph zorg Construct\n stack1[construct services]\n stack1_http[\"β†’ loadbalance-http\"]\n stack1_tcp[\"β†’ loadbalance-tcp\"]\n stack1_udp[\"β†’ loadbalance-udp\"]\n internalnet[\"custom-net\u003cbr\u003e[internal only]\"]\n end\n\n %% Weitere Stacks\n subgraph other-stack-2\n stack2[stack 2 services]\n stack2_http[\"β†’ loadbalance-http\"]\n stack2_internalnet[\"stack2_default\u003cbr\u003e[internal only]\"]\n end\n\n subgraph other-stack-3\n stack3[stack 3 services]\n stack3_tcp[\"β†’ loadbalance-tcp\"]\n stack3_udp[\"β†’ loadbalance-udp\"]\n end\n\n %% Verbindungen zorg\n zorg --\u003e grid --\u003e lb_http\n zorg --\u003e superhighway --\u003e lb_tcp\n zorg --\u003e slipgate --\u003e lb_udp\n zorg --\u003e zion\n\n %% Verbindungen andere Stacks\n stack1 --\u003e stack1_http --\u003e lb_http\n stack1 --\u003e stack1_tcp --\u003e lb_tcp\n stack1 --\u003e stack1_udp --\u003e lb_udp\n stack1 --\u003e internalnet\n\n stack2 --\u003e stack2_http --\u003e lb_http\n stack2 --\u003e stack2_internalnet\n\n stack3 --\u003e stack3_tcp --\u003e lb_tcp\n stack3 --\u003e stack3_udp --\u003e lb_udp\n```\n\n\u003cbr\u003e\u003cbr\u003e\n\n### Initial setup (one time only)\n#### Git clone the `zorg-docker` repository\n\n```bash\ngit clone -b \u003cbranch-name\u003e --depth 1 https://github.com/zorgch/zorg-docker.git ./zorg-docker\n```\n\n\u003e [!NOTE]\n\u003e See below section for how to UPDATE the cloned git repository to get its latest changes.\n\n##### Edit a copy of the `.env`-file\n\n```bash\ncp ./zorg-docker/.env.example ./.env\n```\n\n\u003e [!IMPORTANT]\n\u003e Using your text editor of choice, adjust the `.env`-file to the setup of your host machine.\n\n##### Create a symbolic link to `docker-compose.yml`\n\n```bash\nln -s ./zorg-docker/docker-compose.yml ./docker-compose.yml\n```\n\n#### Add external Docker networks\n\nThese networks allow OTHER Docker Stacks and Services to connect to the same network.\n\n```bash\ndocker network create loadbalance-http\ndocker network create loadbalance-tcp\ndocker network create loadbalance-udp\n```\n\n\u003e [!NOTE]\n\u003e Why is this important?\n\u003e A: Access to Docker Services in the Stack from other Docker Stacks and Services.\n\u003e B: This is particularly important to use **1 central Reverse-Proxy** to route traffic to the services in the correct Stack.\n\u003e C: Conclusion of A \u0026 B means: *no Port blockings of common Ports* (e.g. `80` or `443`) by 1 single Docker Stack!\n\n#### Validate the Docker services configurations\n\n```bash\ndocker compose build\n```\n\n\u003cbr\u003e\n\n#### πŸ” TLS/SSL: generate self-signed certificates\nSome services require self-signed certificates, this does not interfere with (also) using Let's Encrypt certificates!\n\nAdd these first using the `sslcerts` service:\n\n```bash\ndocker compose --profile setup up\n```\n\n\u003cbr\u003e\n\n#### πŸ“§ Mailserver (SMTP) configuration\n\n\u003e [!NOTE]\n\u003e This requires the mailserver service to be running!\n\n##### Add postfix accounts \u0026 email forwarding\n\n\u003e [!TIP]\n\u003e This is required when emails to a local user (alias) should be forwarded to an external email address corresponding to that alias.\n\n```\ndocker exec -ti PROJECTNAME-mailserver setup email add info@DOMAINNAME \u003cNEW_PASSWORD\u003e\ndocker exec -ti PROJECTNAME-mailserver setup alias add \u003cEMAILADDRESS\u003e \u003cRECIPIENT\u003e\n```\n\n##### General mailserver setup help\n\nThe docker-mailserver setup is required for various configurations, including for example [DKIM](https://docker-mailserver.github.io/docker-mailserver/v11.0/config/best-practices/dkim/).\n\n```\ndocker exec -ti PROJECTNAME-mailserver setup\ndocker exec -ti PROJECTNAME-mailserver setup config dkim help\n```\n\n\u003cbr\u003e\n\n### ⏩ Update the local cloned `zorg-docker` git repository\ncd into the directory containing the locally cloned git files, and run a git pull:\n\n```bash\ncd /srv/\u003cmy-website\u003e/\u003chost\u003e/zorg-docker\ngit pull --rebase\n```\n\n\u003e [!IMPORTANT]\n\u003e Check the updated Files and apply necessary changes to outdated manual copies of the same!\n\n- Example:\n\n```bash\nFast-forward\n .env.example | 17 +++++--------\n docker-compose.yml | 75 ++++++++++++++++++++++++++++++++++++-------------------\n resources/irc/unrealircd/unrealircd.conf | 12 ++++-----\n resources/mailserver/postfix-main.cf | 4 +--\n resources/reverseproxy/middlewares-http.yaml | 166 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------\n resources/reverseproxy/selfsigned-certs.yaml | 23 ++++++++---------\n 6 files changed, 207 insertions(+), 90 deletions(-)\n```\n\n\u003cbr\u003e\u003cbr\u003e\n\n## πŸ“¦ Docker services\n### Manage general services\n\n**PRODUCTION mode** – run in \"detached mode\" (background), *without* interative logging to the shell by adding the `-d` flag.\n\n\u003cdetails open\u003e\n\u003csummary\u003eStart/stop all services \u003csup\u003e*\u003c/sup\u003e\u003c/summary\u003e\n\n```bash\ndocker compose --profile all up -d\n```\n\n* Applicable services: `servicealerts`, `dashboard`, `reverseproxy`, `website`, `db`, `postfix-smtp`, `irc`, `irc-quizbot`, `irc-telegram-bridge`, `stockticker`, `sftp`, `quake3`\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eExample: only the Webserver services\u003c/summary\u003e\n\n```bash\ndocker compose --profile webserver up -d\n```\n* Applicable services: `servicealerts`, `dashboard`, `reverseproxy`, `website`, `db`, `postfix-smtp`\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eExample 2: only the IRC services\u003c/summary\u003e\n\n```bash\ndocker compose --profile irc up -d\n```\n* Applicable services: `servicealerts`, `dashboard`, `irc`, `irc-quizbot`, `irc-telegram-bridge`\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eExample 2: only the Mailserver services\u003c/summary\u003e\n\n```bash\ndocker compose --profile mailserver up -d\n```\n* Applicable services: `servicealerts`, `dashboard`, `reverseproxy`, `postfix-smtp`\n\u003c/details\u003e\n\n\u003e [!CAUTION]\n\u003e Do not take an individual service *down* using `--profile`, target it specifically instead!\u003cbr\u003e`docker compose down stockticker`\n\n\u003cbr\u003e\n\n#### Run the KeePass SFTP-service (separately)\n\u003csup\u003e*\u003c/sup\u003e As provisioning a KeePass KDBX via SFTP is not required for the general website hosting, the SFTP service (`keepass`) is separated from the overall services.\n\n```bash\ndocker compose --profile keepass up -d\ndocker compose down sftp\n```\n\n\u003cbr\u003e\n\n#### Run the Quake 3 Arena Server (separately)\n\u003csup\u003e*\u003c/sup\u003e Due to a potential high load on the server, the Β«Quake 3 ArenaΒ» Server (`quake3`) is separated from the general services.\n\n```bash\ndocker compose up -d quake3\ndocker compose down quake3\n```\n\n\u003cbr\u003e\n\n#### Run the phpDocumentor service (separately)\n\u003csup\u003e*\u003c/sup\u003e As the code generation is only run occassionally, the phpDoc service (`phpdoc`) is separated from the general services.\n\n```bash\ndocker compose --profile docu up\n# exits automatically\n```\n\n### 🏷️ Docker services -\u003e profiles mapping\nThe `docker-compose.yml` file uses Docker Service-profiles to group services into logical groups.\n\n* This allows to only start / stop a certain group of services at once.\n* Yet individual docker services can still be targeted individually by referencing their service name.\n\nSome single services have their own profile, in order to prevent them from starting/stopping when using `docker compose` without any `--profile`.\n\n\u003e [!TIP]\n\u003e Multiple profiles can be combined: `docker compose --profile webserver --profile irc up -d`\n\n| Profile | Applicablae Docker Services | Example Usage |\n| -------------- | ------------------------------------ | -------------------------------|\n| `all` | All general services | `--profile all` |\n| `setup` | `sslcerts` `postfix-smtp` | `--profile setup` |\n| `status` | `servicealerts` `dashboard` `reverseproxy` | `--profile status` |\n| `webserver` | `servicealerts` `dashboard` `reverseproxy` `website` `db` `db-manager` `postfix-smtp` | `--profile webserver` |\n| `mailserver` | `servicealerts` `dashboard` `reverseproxy` `postfix-smtp` | `--profile mailserver` |\n| `irc` | `servicealerts` `dashboard` `irc` `irc-quizbot` `irc-telegram-bridge` | `--profile irc` |\n| `keepass` | `servicealerts` `dashboard` `sftp` | `--profile keepass` |\n| `quake` | `servicealerts` `dashboard` `quake3` | `--profile quake` |\n| `docu` | `phpdoc` | `--profile docu` |\n| Single service | e.g. `stockticker` | `docker compose up -d stockticker` |\n\n\u003cbr\u003e\n\n\u003cbr\u003e\n\n## 🩺 Docker resource usage \u0026 services health\n\n### Quick resource analysis using the CLI\n\nThis is particularly helpful to fine-tune the CPU \u0026 memory limits for the Docker services, which can be adjusted in the `.env`-file.\n\n```bash\ndocker stats\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eExample docker status output\u003c/summary\u003e\n\n```bash\ndocker stats --format \"table {{.Name}}\\t{{.CPUPerc}}\\t{{.MemUsage}}\\t{{.MemPerc}}\"\n\nNAME CPU % MEM USAGE / LIMIT MEM %\nzorg-reverseproxy 0.00% 69.01MiB / 1GiB 6.74%\nzorg-stockticker 0.03% 70.19MiB / 1GiB 6.85%\nzorg-mariadb 0.01% 133.8MiB / 4GiB 3.27%\nzorg-website 0.01% 8.855MiB / 4GiB 0.22%\nzorg-dashboard 0.00% 27.06MiB / 1GiB 2.64%\nzorg-mailserver 0.11% 39.41MiB / 256MiB 15.39%\n```\n\u003c/details\u003e\n\n\n### The Docker Status-Dashboard\n\nThe full-fledged Docker Management Dashboard (Portainer) can be accessed at:\n\n* `https://dockerstatus.DOMAINNAME`\u003cbr\u003e\u003csub\u003e*Host can be adjusted in the `.env`*\u003c/sub\u003e\n\n\u003cbr\u003e\n\n## πŸ†™ Update all Docker images\ncd into the directory containing the `docker-compose.yml` (symlink), and run this shell command:\n\n\u003e [!TIP]\n\u003e The images can be scoped to update only services within a specific [Docker services profile](#-docker-services---profiles-mapping)\n\n```bash\ncd /srv/\u003cmy-website\u003e/\u003chost\u003e/\nfor image in $(docker compose --profile all config | awk '/image:/ { print $2 }'); do docker pull \"$image\"; done;\n```\n\nAlternatively, use the `docker-update.sh` script (can also be run via Host's cron):\n\n```bash\ncd /srv/\u003cmy-website\u003e/\u003chost\u003e/\n./docker-update.sh\n```\n\n\n\u003e [!CAUTION]\n\u003e Updating Docker images will NOT renew running services - they have to be [rebuilt](#manage-general-services)!\n\n\n\u003cbr\u003e\u003cbr\u003e\n\n## πŸ‘¨β€πŸ« Explanations\n### πŸ§ͺ Debugging Docker Services\nFor **DEBUGGING mode** – with an *interactive log output* to the active shell - omit the `-d` flag when starting services:\n\n`docker compose --file ./website/docker-compose.yml up` \u003c-- no `-d` flag\n\n\u003cbr\u003e\n\n#### πŸ”₯ Firewall ports configuration\n\n\u003e [!TIP]\n\u003e Docker **circumvents** the Host machine's firewall – so usually NO need (or not possible) to configure the Host machine's firewall!\n\nEnsure the Host machine's firewall is configured to expose \u0026 allow access through the required ports for different Docker Services:\n\n\u003cdetails\u003e\n\u003csummary\u003eAllow a port - or port range\u003c/summary\u003e\n\nA non-conclusive, depends on what `ports:` are set in the `.env` file.\n\n\u003e [!IMPORTANT]\n\u003e Do NOT expose the default Database port `3306` to the world-wide-web!\n\n```bash\nsudo ufw allow 80 # webserver/reverseproxy http\nsudo ufw allow 443 # webserver/reverseproxy https\nsudo ufw allow 9443/tcp # Docker dashboard (secure)\nsudo ufw allow 6667/tcp # irc-Server\nsudo ufw allow 6697/tcp # irc-Server (secure)\nsudo ufw allow 2222/tcp # ftp-Server | NOTE: 22 reserved for ssh\nsudo ufw allow 27960/udp # quake3-Server\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eInspect all rules - i.e. allowed ports\u003c/summary\u003e\n\n```bash\n% sudo ufw status\n\nStatus: active\n\nTo Action From\n-- ------ ----\n80 ALLOW Anywhere\n443 ALLOW Anywhere\n587 ALLOW Anywhere\n6667/tcp ALLOW Anywhere\n6697/tcp ALLOW Anywhere\n2222/tcp ALLOW Anywhere\n27960/udp ALLOW Anywhere\n80 (v6) ALLOW Anywhere (v6)\n443 (v6) ALLOW Anywhere (v6)\n587 (v6) ALLOW Anywhere (v6)\n6667/tcp (v6) ALLOW Anywhere (v6)\n6697/tcp (v6) ALLOW Anywhere (v6)\n2222/tcp (v6) ALLOW Anywhere (v6)\n27960/udp (v6) ALLOW Anywhere (v6)\n```\n\u003c/details\u003e\n\n\n\u003cbr\u003e\n\n### πŸ“„ The `/zorg-docker/resources`-directory \u0026 files\nContains site specific resources that are actively mapped from the Host to some of the Docker Services. But it also contains some *example* files that can be used to configure the services.\n\n\u003cdetails\u003e\n\u003csummary\u003eExamples of example files\u003c/summary\u003e\n\n* `irc/anope-example-*` \u0026 `irc/unrealircd-example-*` --\u003e MUST be adapted\n* `website/apache/example.conf` --\u003e use as `apache.conf`\n* `website/php/example.crontab` --\u003e use as `crontab`\n* `website/sendmail/example-msmtprc` --\u003e use as `msmtprc`\n* `quake3/example-autoexec.cfg` --\u003e use as `autoexec.cfg`\n\u003c/details\u003e\n\n\u003cbr\u003e\n\n### πŸ” `logrotate` must be done on the Host\nThe Docker services are just writing logs to the mapped `/logs`-directory, but `logrotate` must be configured on the Host machine.\n\n\u003cbr\u003e\n\n### πŸ’Ώ Import/export SQL-dumps with MariaDB\nA third-party SQL Manager (e.g. on macOS use [SequelAce](https://sequel-ace.com)) or CLI application is required to connect to the MariaDB service under the specified host and port.\n\n#### Import an SQL dump\n```bash\nmysql -h \u003cdb.host.domain\u003e -P 3306 -u MYSQL_USER -p MYSQL_DATABASE \u003c /path/to/import-dump.sql\n```\n\n#### Export an SQL dump via CLI\n```bash\nmysqldump -h \u003cdb.host.domain\u003e -P 3306 -u MYSQL_USER -p MYSQL_DATABASE \u003e /path/to/save-dump.sql\n```\n\n\u003cbr\u003e\u003cbr\u003e\n\n---\n\n\u003cbr\u003e\n\n## βš–οΈ License\n\n\u003e Copyright (C) 2024-2025 zorg Verein \u003chttps://github.com/zorgch\u003e\n\u003e\n\u003e This program is free software: you can redistribute it and/or modify\n\u003e it under the terms of the GNU General Public License as published by\n\u003e the Free Software Foundation, either version 3 of the License, or\n\u003e (at your option) any later version.\n\u003e\n\u003e This program is distributed in the hope that it will be useful,\n\u003e but WITHOUT ANY WARRANTY; without even the implied warranty of\n\u003e MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n\u003e GNU General Public License for more details.\n\u003e\n\u003e You should have received a copy of the GNU General Public License\n\u003e along with this program. If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n\u003e\n\u003e This program comes with ABSOLUTELY NO WARRANTY; for details read the README.\n\u003e This is free software, and you are welcome to redistribute it\n\u003e under certain conditions; see the LICENSE.\n\n\u003cbr\u003e\u003cbr\u003e\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzorgch%2Fzorg-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzorgch%2Fzorg-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzorgch%2Fzorg-docker/lists"}