Sign in Subscribe
Docker

Docker Consolidation Project, Part Five

David Buhlman

3 min read
Docker Consolidation Project, Part Five
Photo by Justin Wilkens / Unsplash

Migrate Authentik Security

Migrate Authentik Security's Data

Well my testing this morning was successful with Authentik and Bookstack so the data transfer was successful. I can move on to decommissioning.

Decommission AUTHENTIK-01

Steps performed on AUTHENTIK-01

  • sudo shutdown now

Steps performed on HV-03 via Windows Admin Center

  • Navigate to Virtual Machines
  • I select AUTHENTIK-01
  • I click on Manage and then Delete
  • I choose the option Delete all virtual disks

Steps performed on DC-02 via Windows Admin Center

  • I go to DNS
  • I click on domain.local
  • I select AUTHENTIK.domain.local and click Edit
  • I change the IP Address to DOCKER-01's IP address

Steps taken from desktop

  • I delete the AUTHENTIK-01 SSH key files
  • I remove AUTHENTIK-01 from Windows Terminal's JSON file

Migrate TubeArchivist

Moving on to TubeArchivist. I've only downloaded about a dozen videos at this point so instead of worrying about migrating the data over, I'm just going to build a clean install and then queue up those videos again.

Steps performed on DOCKER-01

  • sudo mkdir /apps/TubeArchivist
  • sudo mkdir /mnt/TubeArchivist
  • mkdir /home/david/.win
  • nano /home/david/.win/TubeArchivist-Credential
username=_service_tubearchive
password=
domain=domain.local
  • I save the file TubeArchivist-Credential
  • sudo nano /etc/fstab
# Mount for TubeArchivist
//10.10.10.XXX/Data/Media/Youtube /mnt/TubeArchivist cifs credentials=/home/david/.win/TubeArchivist-Credential,uid=1000,gid=1000,iocharset=utf8,vers=2.0 0 0
  • I save fstab
  • sudo apt install cifs-utils
  • sudo reboot

I verified the mount point is functioning correctly.

  • sudo nano /apps/TubeArchivist/docker-compose.yml
version: '3.3'

services:
  TubeArchivist:
    container_name: TubeArchivist
    restart: unless-stopped
    image: bbilly1/tubearchivist
    ports:
      - 8027:8000
    volumes:
      - /mnt/TubeArchivist:/youtube
      - /apps/TubeArchivist:/cache
    environment:
      - ES_URL=http://archivist-es:9200     # needs protocol e.g. http and port
      - REDIS_HOST=archivist-redis          # don't add protocol
      - HOST_UID=1000
      - HOST_GID=1000
      - TA_HOST=http://tubearchivist.domain.local         # set your host name
      - TA_USERNAME=david           # your initial TA credentials
      - TA_PASSWORD=XXXXXXXXXXXX              # your initial TA credentials
      - ELASTIC_PASSWORD=XXXXXXXXXXXX         # set password for Elasticsearch
      - TZ=America/New_York                 # set your time zone
    depends_on:
      - archivist-es
      - archivist-redis
  archivist-redis:
    image: redis/redis-stack-server
    container_name: archivist
    restart: unless-stopped
    expose:
      - "6379"
    volumes:
      - redis:/data
    depends_on:
      - archivist-es
  archivist-es:
    image: bbilly1/tubearchivist-es         # only for amd64, or use official es 8.9.0
    container_name: archivist-es
    restart: unless-stopped
    environment:
      - "ELASTIC_PASSWORD=XXXXXXXXXXXXX       # matching Elasticsearch password
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "xpack.security.enabled=true"
      - "discovery.type=single-node"
      - "path.repo=/usr/share/elasticsearch/data/snapshot"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - es:/usr/share/elasticsearch/data    # check for permission error when using bind mount, see readme
    expose:
      - "9200"

volumes:
  media:
  cache:
  redis:
  es:
  • I saved the docker-compose.yml file
  • sudo docker-compose pull
  • sudo docker-compose up -d

That's it! The page loads up as I expect, and I queue up my videos again and set them to download while I work on decommissioning TUBEARCHIVIST-01

Decommission TUBEARCHIVIST-01

Steps performed on TUBEARCHIVIST-01

  • sudo shutdown now

Steps performed on HV-03 via Windows Admin Center

  • I navigate to Virtual Machine
  • I select TUBEARCHIVIST-01
  • I click on Manage and then Delete
  • I choose the option Delete all virtual disks

Steps taken on DC-02 via Windows Admin Center

  • I go to DNS
  • I click on domain.local
  • I select TUBE.domain.local and click Edit
  • I change the IP Address to DOCKER-01's IP address

Steps taken on desktop

  • I delete the TUBEARCHIVIST-01 SSH key files
  • I remove TUBEARCHIVIST-01 from Windows Terminal's JSON file

What's left?

Well I should probably install Fail2Ban as well as UFW, then I'll need to work on updating my NGINX reverse proxy.

Steps taken on DOCKER-01

  • sudo apt install fail2ban
  • sudo nano /etc/fail2ban.local
[DEFAULT]
bantime = 600m
findtime = 10m
maxretry = 5
ignoreip = 10.10.10.XXX

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
  • I save fail2ban.local
  • sudo apt install ufw
  • sudo ufw allow ssh
  • sudo ufw allow 5006
  • sudo ufw allow 9000
  • sudo ufw allow 3100
  • sudo ufw allow 8017
  • sudo ufw allow 8027
  • sudo ufw enable

Steps taken on NGINX-01

I log in to NGINX-01 and double check my NGINX configuration file and made sure that I had put the FQDN for each service instead of an IP address. Which thankfully I did. Since I already changed the local DNS I'll be good to go here.