Docker installation
Beschreibung:
Installation
Pakete installieren
apt install docker.io docker-compose apparmor apparmor-utils curl opensslVerzeichnisse anlegen
mkdir -p /root/documenso/certs
mkdir -p /root/documenso/data-dbWenn gewünscht Caddy anlege, sonst überspringen
mkdir -p /root/documenso/caddy_data
mkdir -p /root/documenso/caddy_confignano /root/documenso/CaddyfileInhalt, wenn man es erst testen möchte mit Staging einfach den Kommentar entfernen.
example.com {
reverse_proxy http://documenso:3000
tls <deine_emailadresse> {
#ca https://acme-staging-v02.api.letsencrypt.org/directory
}
}.env Datei anlegen und ausfüllen
Für NEXTAUTH_SECRET und NEXTAUTH_PRIVATE_ENCRYPTION_KEY und NEXTAUTH_PRIVATE_ENCRYPTION_SECONDARY_KEY
erstellen wir mit folgendem Befehl die Secrets. Für jede Variable einen neuen secret.
openssl rand -base64 32Inhalt
POSTGRES_USER=docuuser
POSTGRES_PASSWORD=docupass
POSTGRES_DB=documenso
PORT=3000
NEXTAUTH_URL=http://localhost
#wird mit dem Befehl: openssl rand -base64 32 erstellt
NEXTAUTH_SECRET=your-secret-key
#wird mit dem Befehl: openssl rand -base64 32 erstellt
NEXT_PRIVATE_ENCRYPTION_KEY=your-encryption-key
#wird mit dem Befehl: openssl rand -base64 32 erstellt
NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=your-secondary-encryption-key
#wenn sich läute mit google mail anmelden sollen
#NEXT_PRIVATE_GOOGLE_CLIENT_ID=your-google-client-id
#NEXT_PRIVATE_GOOGLE_CLIENT_SECRET=your-google-client-secret
#die URL die von Außen erreichbar ist
NEXT_PUBLIC_WEBAPP_URL=http://localhost
#DIe URL fürs interne Netz, die bleibt so
NEXT_PRIVATE_INTERNAL_WEBAPP_URL=http://localhost:3000
#Die URL für eine Shop seite oder Dokemnetion.
NEXT_PUBLIC_MARKETING_URL=https://documenso.com
NEXT_PRIVATE_DATABASE_URL=postgres://docuuser:docupass@database:5432/documenso
NEXT_PRIVATE_DIRECT_DATABASE_URL=postgres://docuuser:docupass@database:5432/documenso
NEXT_PUBLIC_UPLOAD_TRANSPORT=database
NEXT_PRIVATE_SMTP_TRANSPORT=smtp
NEXT_PRIVATE_SMTP_HOST=smtp.example.com
NEXT_PRIVATE_SMTP_PORT=587
NEXT_PRIVATE_SMTP_USERNAME=smtp-user
NEXT_PRIVATE_SMTP_PASSWORD=smtp-password
NEXT_PRIVATE_SMTP_FROM_NAME=Documenso Support
NEXT_PRIVATE_SMTP_FROM_ADDRESS=support@documenso.com
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=/opt/documenso/cert.p12
#die passphrase vom certificate
NEXT_PRIVATE_SIGNING_PASSPHRASE=signing-passphrase
Docker compose Datei anlegen
ohne caddy
nano /root/documenso/docker-compose.ymlInhalt
version: '3.8'
services:
database:
image: postgres:15
environment:
- POSTGRES_USER=${POSTGRES_USER:?err}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?err}
- POSTGRES_DB=${POSTGRES_DB:?err}
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER}']
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./database-data:/var/lib/postgresql/data # Speichert Daten außerhalb des Containers
restart: always
documenso:
image: documenso/documenso:latest
depends_on:
database:
condition: service_healthy
environment:
- PORT=${PORT:-3000}
- NEXTAUTH_URL=${NEXTAUTH_URL:-${NEXT_PUBLIC_WEBAPP_URL}}
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET:?err}
- NEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY:?err}
- NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY:?err}
#wir wollen kein google
#- NEXT_PRIVATE_GOOGLE_CLIENT_ID=${NEXT_PRIVATE_GOOGLE_CLIENT_ID}
#- NEXT_PRIVATE_GOOGLE_CLIENT_SECRET=${NEXT_PRIVATE_GOOGLE_CLIENT_SECRET}
- NEXT_PUBLIC_WEBAPP_URL=${NEXT_PUBLIC_WEBAPP_URL:?err}
- NEXT_PRIVATE_INTERNAL_WEBAPP_URL=${NEXT_PRIVATE_INTERNAL_WEBAPP_URL:-http://localhost:$PORT}
- NEXT_PUBLIC_MARKETING_URL=${NEXT_PUBLIC_MARKETING_URL:-https://documenso.com}
- NEXT_PRIVATE_DATABASE_URL=${NEXT_PRIVATE_DATABASE_URL:?err}
- NEXT_PRIVATE_DIRECT_DATABASE_URL=${NEXT_PRIVATE_DIRECT_DATABASE_URL:-${NEXT_PRIVATE_DATABASE_URL}}
- NEXT_PUBLIC_UPLOAD_TRANSPORT=${NEXT_PUBLIC_UPLOAD_TRANSPORT:-database}
#Diese Variablen werden nur benötigt wenn die Daten nicht in einer Datenbank sondern in einem S3
#Bucket gespeichert werden sollen
#- NEXT_PRIVATE_UPLOAD_ENDPOINT=${NEXT_PRIVATE_UPLOAD_ENDPOINT}
#- NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE=${NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE}
#- NEXT_PRIVATE_UPLOAD_REGION=${NEXT_PRIVATE_UPLOAD_REGION}
#- NEXT_PRIVATE_UPLOAD_BUCKET=${NEXT_PRIVATE_UPLOAD_BUCKET}
#- NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID=${NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID}
#- NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY=${NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY}
- NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT:?err}
- NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST}
- NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT}
- NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME}
- NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD}
- NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:?err}
- NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:?err}
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12}
- NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE}
ports:
- ${PORT:-3000}:${PORT:-3000}
volumes:
- ./certs/cert.p12:/opt/documenso/cert.p12 # Zertifikate lokal speichern
restart: always
Docker compose file mit caddy
version: '3.8'
services:
database:
image: postgres:15
environment:
- POSTGRES_USER=${POSTGRES_USER:?err}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?err}
- POSTGRES_DB=${POSTGRES_DB:?err}
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER}']
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./database-data:/var/lib/postgresql/data # Speichert Daten außerhalb des Containers
restart: always
documenso:
image: documenso/documenso:latest
depends_on:
database:
condition: service_healthy
environment:
- PORT=${PORT:-3000}
- NEXTAUTH_URL=${NEXTAUTH_URL:-${NEXT_PUBLIC_WEBAPP_URL}}
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET:?err}
- NEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY:?err}
- NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY:?err}
#wir wollen kein google.de
#- NEXT_PRIVATE_GOOGLE_CLIENT_ID=${NEXT_PRIVATE_GOOGLE_CLIENT_ID}
#- NEXT_PRIVATE_GOOGLE_CLIENT_SECRET=${NEXT_PRIVATE_GOOGLE_CLIENT_SECRET}
- NEXT_PUBLIC_WEBAPP_URL=${NEXT_PUBLIC_WEBAPP_URL:?err}
- NEXT_PRIVATE_INTERNAL_WEBAPP_URL=${NEXT_PRIVATE_INTERNAL_WEBAPP_URL:-http://localhost:$PORT}
- NEXT_PUBLIC_MARKETING_URL=${NEXT_PUBLIC_MARKETING_URL:-https://documenso.com}
- NEXT_PRIVATE_DATABASE_URL=${NEXT_PRIVATE_DATABASE_URL:?err}
- NEXT_PRIVATE_DIRECT_DATABASE_URL=${NEXT_PRIVATE_DIRECT_DATABASE_URL:-${NEXT_PRIVATE_DATABASE_URL}}
- NEXT_PUBLIC_UPLOAD_TRANSPORT=${NEXT_PUBLIC_UPLOAD_TRANSPORT:-database}
#Diese Variablen werden nur benötigt wenn die Daten nicht in einer Datenbank sondern in einem S3
#Bucket gespeichert werden sollen
#- NEXT_PRIVATE_UPLOAD_ENDPOINT=${NEXT_PRIVATE_UPLOAD_ENDPOINT}
#- NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE=${NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE}
#- NEXT_PRIVATE_UPLOAD_REGION=${NEXT_PRIVATE_UPLOAD_REGION}
#- NEXT_PRIVATE_UPLOAD_BUCKET=${NEXT_PRIVATE_UPLOAD_BUCKET}
#- NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID=${NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID}
#- NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY=${NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY}
- NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT:?err}
- NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST}
- NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT}
- NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME}
- NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD}
- NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:?err}
- NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:?err}
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12}
- NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE}
ports:
- ${PORT:-3000}:${PORT:-3000}
volumes:
- ./certs/cert.p12:/opt/documenso/cert.p12 # Zertifikate lokal speichern
restart: always
caddy:
image: caddy:latest
container_name: caddy-reverse-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./caddy_data:/data
- ./caddy_config:/config
restart: always
Zertifikat anlegen
Privaten 2048-Bit-RSA-Schlüssel erstellen
openssl genrsa -out /root/documenso/cert.key 2048Erstelle eine Zertifikatsignierungsanforderung (CSR)
openssl req -new -key /root/documenso/cert.key -out /root/documenso/cert.csrBeantworte die Fragen (du kannst auch Platzhalter verwenden):
- Country Name: Zwei-Buchstaben-Ländercode (z. B.
DE) - State or Province: Bundesland oder Region
- Locality: Stadt
- Organization Name: Dein Unternehmens- oder Projektname
- Organizational Unit Name: Abteilung (falls nicht zutreffend, leer lassen)
- Common Name: Die Domain oder der Name (z. B.
localhostoderexample.com) - Email Address: Deine E-Mail-Adresse
- A chellenge Passwort: Enter (leer lassen, keins setzten)
- An aoptional company name : Enter (leer lassen, keins setzten)
Erstelle ein selbstsigniertes Zertifikat mit 100 Jahren Gültigkeit
openssl x509 -req -days 36500 -in /root/documenso/cert.csr -signkey /root/documenso/cert.key -out /root/documenso/cert.crtKonvertiere das Zertifikat in ein PKCS#12-Format, setzte deinen Namen, hier heißt es Documenso Certificat
openssl pkcs12 -export -out /root/documenso/cert.p12 -inkey /root/documenso/cert.key -in /root/documenso/cert.crt -name "Documenso Certificate"Du wirst aufgefordert, ein Passwort für die .p12-Datei festzulegen. Dieses Passwort musst du in der .env-Variable NEXT_PRIVATE_SIGNING_PASSPHRASE hinterlegen.
Nun das Zertifikat überprüfen
openssl x509 -in /root/documenso/cert.crt -text -nooutDas Zertifikat in certs kopieren
cp /root/documenso/cert.p12 /root/documenso/certs/cert.p12die Conatiner starten
cd /root/documenso/
docker-compose up -d Website aufrufen:
jednachdem http oder https :
http(s)://example.com oder ip:3000