base docker config

2026-03-19 00:48:42 +01:00
parent 7ad51dae13
commit a073d75f16
11 changed files with 393 additions and 1 deletions
@@ -0,0 +1,5 @@
 # ignore ALL .log files
 *.log
 # ignore all the files in any directoy
 data/
@@ -1,3 +1,39 @@
 # immich-simple-server-config
-This is the simplest way to host immich on a old computer. 
+This is the simplest way to host immich on a old computer. 
 1. Install proxmox on your computer. Make sure it is installed on the proper drive. Usally it is installed on an SSD or NVME drive
 2. After the installation, make sure it is properly connected to your network. Ideally use wired connection. Configure the network accordingly on proxmox (correct host, correct bridge). Your configuration in ```/etc/network/interfaces``` should look like the following, where the brige should match the output of ```ip -a```
 ```
 Hello
 ```
 3. Once proxmox is configured it correctly, you should be able to access the web console on the ip defined in the terminal. 
 4. Verify on your node that all the drives that will be used are properly recognized. It is common practice to host the VM on your SSD/NVME drive and the data on a HDD drive.
 5. Download an ISO. I recommend the latest version of Debian. 
 6. Create a VM using the downloaded ISO. I would recommend using 128GB of space if you have that much to start with. The space can always be expanded, but it is harder to reduce. So it is better to start small, and increase it as the needs arise. Only the basic installation is needed. You do not need a DE!
 7. Make sure your user is part of the sudoers. Otherwise install sudo as root and your user to the the list:
 ```
 su
 apt install sudo
 adduser <username> sudo
 ```
 7. Install docker and docker compose following the [documentation](https://docs.docker.com/engine/install/debian/)
 8. Clone this repository: ```git clone https://gitea.crescentec.ch/chriswin/immich-simple-server-config.git```  This repository consists of a docker compose stack of the following softwares:
 - Pangolin (reverse proxy, vpn, ...)
 - PostgreSQL (database)
 - Redis (Caching)
 - pgAdmin (database explorer)
 - Databasus (database backup)
 - Immich (image library)
 9. Mount the HDD drive which will contain your data
 10. Configure Postgres...
 - Create a new user for Immich (memorize the password)
 - Create a new table linked to this user (memorize the table name)
 11. Configure Pangolin...
 12. Configure Immich...
 13. Configure Databasus... (optional but highly recommended)
 14. Configure Proxmox backup of VM... (optional but highly recommended)
@@ -0,0 +1,9 @@
 # Timezone
 TZ=Europe/Zurich
 # User and group docker will executed
 PUID=1000
 PGID=1000
 TEMPLATES_PATH=$[PWD]/docker-compose.templates.yml
 INCLUDE_PATH=${PWD}/docker
@@ -0,0 +1,41 @@
 # To see all available options, please visit the docs:
 # https://docs.pangolin.net/
 gerbil:
    start_port: 51820
    base_endpoint: "pangolin.example.com" # REPLACE WITH YOUR DOMAIN
    # Optional network settings (defaults shown):
    # subnet_group: "100.89.137.0/20"
    # block_size: 24
    # site_block_size: 30
 app:
    dashboard_url: "https://pangolin.example.com" # REPLACE WITH YOUR DOMAIN
    log_level: "info"
    telemetry:
        anonymous_usage: true
 domains:
    domain1:
        base_domain: "example.com" # REPLACE WITH YOUR DOMAIN
        cert_resolver: "letsencrypt"
 server:
    secret: "your-strong-secret" # REPLACE
    cors:
        origins: ["https://pangolin.example.com"] # REPLACE WITH YOUR DOMAIN
        methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
        allowed_headers: ["X-CSRF-Token", "Content-Type"]
        credentials: false
 # Optional organization network settings (defaults shown):
 # orgs:
 #     block_size: 24
 #     subnet_group: "100.90.128.0/20"
 #     utility_subnet_group: "100.96.128.0/20"
 flags:
    require_email_verification: false
    disable_signup_without_invite: true
    disable_user_create_org: false
    allow_raw_resources: true
@@ -0,0 +1,73 @@
 http:
  middlewares:
    badger:
      plugin:
        badger:
          disableForwardAuth: true
    redirect-to-https:
      redirectScheme:
        scheme: https
  routers:
    # HTTP to HTTPS redirect router
    main-app-router-redirect:
      rule: "Host(`pangolin.example.com`)" # REPLACE WITH YOUR DOMAIN
      service: next-service
      entryPoints:
        - web
      middlewares:
        - redirect-to-https
        - badger
    # Next.js router (handles everything except API and WebSocket paths)
    next-router:
      rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" # REPLACE WITH YOUR DOMAIN
      service: next-service
      entryPoints:
        - websecure
      middlewares:
        - badger
      tls:
        certResolver: letsencrypt
    # API router (handles /api/v1 paths)
    api-router:
      rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" # REPLACE WITH YOUR DOMAIN
      service: api-service
      entryPoints:
        - websecure
      middlewares:
        - badger
      tls:
        certResolver: letsencrypt
    # WebSocket router
    ws-router:
      rule: "Host(`pangolin.example.com`)" # REPLACE WITH YOUR DOMAIN
      service: api-service
      entryPoints:
        - websecure
      middlewares:
        - badger
      tls:
        certResolver: letsencrypt
  services:
    next-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3002"  # Next.js server
    api-service:
      loadBalancer:
        servers:
          - url: "http://pangolin:3000"  # API/WebSocket server
 tcp:
  serversTransports:
    pp-transport-v1:
      proxyProtocol:
        version: 1
    pp-transport-v2:
      proxyProtocol:
        version: 2
@@ -0,0 +1,54 @@
 api:
  insecure: true
  dashboard: true
 providers:
  http:
    endpoint: "http://pangolin:3001/api/v1/traefik-config"
    pollInterval: "5s"
  file:
    filename: "/etc/traefik/dynamic_config.yml"
 experimental:
  plugins:
    badger:
      moduleName: "github.com/fosrl/badger"
      version: "v1.3.1"
 log:
  level: "INFO"
  format: "common"
  maxSize: 100
  maxBackups: 3
  maxAge: 3
  compress: true
 certificatesResolvers:
  letsencrypt:
    acme:
      httpChallenge:
        entryPoint: web
      email: "admin@example.com" # REPLACE WITH YOUR EMAIL
      storage: "/letsencrypt/acme.json"
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
 entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
    transport:
      respondingTimeouts:
        readTimeout: "30m"
    http:
      tls:
        certResolver: "letsencrypt"
      encodedCharacters:
        allowEncodedSlash: true
        allowEncodedQuestionMark: true
 serversTransport:
  insecureSkipVerify: true
 ping:
  entryPoint: "web"
@@ -0,0 +1,44 @@
 services:
  postgres-with-pg-vector:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: postgres-with-pg-vector
    image: tensorchord/pgvecto-rs:pg16-v0.3.0
    ports:
      - 5433:5432
    networks:
      - ip4net
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 
      # PGDATA: /var/lib/postgresql/data
      # see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
      PUID: 5050
      PGID: 5050
    volumes:
      - ${INCLUDE_PATH}/data/postgres:/var/lib/postgresql/data
  redis:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: redis
    image: redis:8.6.1
    networks:
      - ip4net
    volumes:
      - ${INCLUDE_PATH}/data/redis:/data
  databasus:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: databasus/databasus:v3.22.0
    container_name: databasus
    ports:
      - 8086:4005
    networks:
      - ip4net
    volumes:
      - ${INCLUDE_PATH}/data/databasus:/databasus-data
@@ -0,0 +1,17 @@
 # While this file is not meant to be deployed directly it is used for "inheritance" of your sevices. 
 # Below you can see a service that I've called "default" which is used as a base definition for other services.
 # It defines only the most common properties that I need. It does not have the 'image' for example as each extending service will have its own 'image'.
 # Of course you can have more templates here or even 'extend' them from each other.
 services:
  default:
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true
    environment:
      TZ: ${TZ}
      PUID: ${PUID}
      PGID: ${PGID}
    logging:
      options:
        max-size: "5m"
        max-file: "3"
@@ -0,0 +1,20 @@
 # center docker-compose file
 # see https://github.com/labmonkey/docker-compose-project-example for more info
 # Here I will include all "child" docker compose files that I need.
 # The paths can relative to this file or absolue. I've used INCLUDE_PATH variable to make it more cofigurable.
 # Whenever I need to remove some service then I can comment out the lines here.
 include:
  - path:
      - ${INCLUDE_PATH}/media.yml
      - ${INCLUDE_PATH}/infrastructure.yml
      - ${INCLUDE_PATH}/database.yml
    env_file: ${INCLUDE_PATH}/.env
 networks:
  ip4net:
    driver: bridge
    name: ip4net
    ipam:
      config:
        - subnet: 10.6.0.0/16
@@ -0,0 +1,60 @@
 services:
  pangolin:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: docker.io/fosrl/pangolin:v1.16.2
    container_name: pangolin
    volumes:
      - ./config/pangolin:/app/config
    network:
      - ip4net
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
      interval: "10s"
      timeout: "10s"
      retries: 15
  # gerbil:
  #   extends:
  #     file: ${TEMPLATES_PATH}
  #     service: default
  #   image: docker.io/fosrl/gerbil:latest # https://github.com/fosrl/gerbil/releases
  #   container_name: gerbil
  #   depends_on:
  #     pangolin:
  #       condition: service_healthy
  #   command:
  #     - --reachableAt=http://gerbil:3004
  #     - --generateAndSaveKeyTo=/var/config/key
  #     - --remoteConfig=http://pangolin:3001/api/v1/
  #   volumes:
  #     - ./config/pangolin:/var/config
  #   cap_add:
  #     - NET_ADMIN
  #     - SYS_MODULE
  #   ports:
  #     - 51820:51820/udp
  #     - 21820:21820/udp
  #     - 443:443
  #     - 80:80
  traefik:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: docker.io/traefik:v3.6
    container_name: traefik
    network:
      - ip4net
    depends_on:
      pangolin:
        condition: service_healthy
    command:
      - --configFile=/etc/traefik/traefik_config.yml
    volumes:
      - ./config/pangolin/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
      - ./config/pangolin/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/pangolin/traefik/logs:/var/log/traefik # Volume to store Traefik logs
@@ -0,0 +1,33 @@
 services:
  immich-server:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:v2.5.6
    environment:
      DB_PASSWORD: ${IMMICH_DB_PASSWORD}
      DB_HOSTNAME: postgres-with-pg-vector
      DB_USERNAME: immich
      DB_DATABASE_NAME: immich
      REDIS_HOSTNAME: redis
    volumes:
      - ${IMMICH_EXTERNAL_PATH}:/usr/src/app/external:ro
      - ${MEDIA_PATH}/immich/data/library:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 2283:3001
    networks:
      - ip4net
  immich-machine-learning:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:v2.5.6
    ports:
      - 3003:3003
    volumes:
      - ${INCLUDE_PATH}/data/immich/model-cache:/cache