163 lines
4.3 KiB
Markdown
163 lines
4.3 KiB
Markdown
# 🚀 Deploy LemonSec Now
|
|
|
|
This is the **fast path** to get LemonSec running on your Proxmox VM with Portainer.
|
|
|
|
## Prerequisites
|
|
|
|
- [ ] Proxmox VM with Docker and Portainer installed
|
|
- [ ] TrueNAS Scale VM with Nextcloud app installed
|
|
- [ ] Cloudflare account managing `lemonlink.eu`
|
|
- [ ] Ports 80/443 forwarded to Proxmox VM
|
|
- [ ] Git repository at `https://git.lemonlink.eu/impulsivefps/LemonSec`
|
|
|
|
## Step 1: Prepare (2 minutes)
|
|
|
|
### Get your info:
|
|
```bash
|
|
# Proxmox VM IP (where Portainer runs)
|
|
ip addr show | grep "inet " | head -2
|
|
# e.g., 192.168.1.50
|
|
|
|
# TrueNAS IP
|
|
cat /etc/motd # or check TrueNAS UI
|
|
# e.g., 192.168.1.100
|
|
|
|
# Nextcloud Port (TrueNAS → Apps → Nextcloud)
|
|
# e.g., 9001
|
|
|
|
# Cloudflare API Key
|
|
# https://dash.cloudflare.com/profile/api-tokens → Global API Key
|
|
```
|
|
|
|
### Generate Secrets:
|
|
```bash
|
|
# Run this 3 times, save each output:
|
|
openssl rand -hex 32
|
|
```
|
|
|
|
## Step 2: Push to Git (1 minute)
|
|
|
|
```bash
|
|
cd LemonSec
|
|
git remote add origin https://git.lemonlink.eu/impulsivefps/LemonSec.git
|
|
git add .
|
|
git commit -m "Initial LemonSec deployment"
|
|
git push -u origin main
|
|
```
|
|
|
|
## Step 3: Deploy in Portainer (3 minutes)
|
|
|
|
### 3.1 Create Stack
|
|
1. Open Portainer: `http://your-proxmox-vm:9000`
|
|
2. **Stacks** → **Add Stack**
|
|
3. Select **Repository**
|
|
4. Fill in:
|
|
- **Name**: `lemonsec`
|
|
- **Repository URL**: `https://git.lemonlink.eu/impulsivefps/LemonSec`
|
|
- **Compose path**: `docker-compose.yml`
|
|
|
|
### 3.2 Add Environment Variables
|
|
|
|
Copy/paste from `stack.env` and fill in your values:
|
|
|
|
```
|
|
CF_API_EMAIL=your-email@example.com
|
|
CF_API_KEY=your-cloudflare-global-api-key
|
|
TRUENAS_IP=192.168.1.100
|
|
TRUENAS_NEXTCLOUD_PORT=9001
|
|
AUTHELIA_JWT_SECRET=aaaa... (64 hex chars)
|
|
AUTHELIA_SESSION_SECRET=bbbb... (64 hex chars)
|
|
AUTHELIA_STORAGE_KEY=cccc... (64 hex chars)
|
|
TZ=Europe/Stockholm
|
|
```
|
|
|
|
### 3.3 Deploy
|
|
Click **Deploy the stack**
|
|
|
|
Wait for containers to start (about 30 seconds).
|
|
|
|
## Step 4: Configure CrowdSec (2 minutes)
|
|
|
|
After deployment, get the API key:
|
|
|
|
```bash
|
|
# SSH to Proxmox VM or use Portainer Console
|
|
docker exec crowdsec cscli bouncers add traefik-bouncer
|
|
|
|
# Copy the key
|
|
```
|
|
|
|
Back in Portainer:
|
|
1. **Stacks** → **lemonsec** → **Editor**
|
|
2. Add environment variable: `CROWDSEC_API_KEY=the-key-you-copied`
|
|
3. Click **Update the stack**
|
|
|
|
## Step 5: Configure TrueNAS (2 minutes)
|
|
|
|
In TrueNAS Scale UI:
|
|
1. **Apps** → **Installed** → **Nextcloud** → **Edit**
|
|
2. Add Environment Variables:
|
|
```
|
|
NEXTCLOUD_TRUSTED_DOMAINS=cloud.lemonlink.eu
|
|
OVERWRITEPROTOCOL=https
|
|
OVERWRITEHOST=cloud.lemonlink.eu
|
|
OVERWRITECLIURL=https://cloud.lemonlink.eu
|
|
TRUSTED_PROXIES=192.168.1.50 # Your Proxmox VM IP
|
|
```
|
|
3. **Save**
|
|
|
|
## Step 6: Cloudflare DNS (1 minute)
|
|
|
|
1. Login to [Cloudflare Dashboard](https://dash.cloudflare.com)
|
|
2. **DNS** → Add records:
|
|
|
|
| Type | Name | Target | Proxy |
|
|
|------|------|--------|-------|
|
|
| A | cloud | YOUR_PUBLIC_IP | 🟠 Orange |
|
|
| A | auth | YOUR_PUBLIC_IP | 🟠 Orange |
|
|
|
|
3. **SSL/TLS** → Set to **Full (strict)**
|
|
|
|
## Step 7: Test (30 seconds)
|
|
|
|
Open in browser:
|
|
```
|
|
https://cloud.lemonlink.eu
|
|
```
|
|
|
|
You should see the Nextcloud login page! 🎉
|
|
|
|
## What You Got
|
|
|
|
| Service | URL | Purpose |
|
|
|---------|-----|---------|
|
|
| Nextcloud | `https://cloud.lemonlink.eu` | Family file sharing |
|
|
| Authelia | `https://auth.lemonlink.eu` | SSO login portal |
|
|
| Traefik | `https://traefik.local.lemonlink.eu` | Reverse proxy dashboard |
|
|
|
|
## Next Steps
|
|
|
|
1. **Add family to Authelia**: Edit `authelia/users_database.yml` → push → "Pull and redeploy"
|
|
2. **Add more services**: Edit `docker-compose.yml` → add routers → push → redeploy
|
|
3. **Enable monitoring**: Uncomment monitoring profile in compose
|
|
|
|
## Troubleshooting
|
|
|
|
| Problem | Fix |
|
|
|---------|-----|
|
|
| "CF_API_EMAIL not set" | Check environment variables in Portainer |
|
|
| "502 Bad Gateway" | Verify TRUENAS_IP and PORT are correct |
|
|
| "Untrusted domain" | Check TrueNAS Nextcloud env vars |
|
|
| No SSL certificate | Check Cloudflare API key and DNS records |
|
|
|
|
## Full Documentation
|
|
|
|
- **[PORTAINER-DEPLOY.md](PORTAINER-DEPLOY.md)** - Detailed Portainer guide
|
|
- **[SETUP-TRUENAS-NEXTCLOUD.md](SETUP-TRUENAS-NEXTCLOUD.md)** - TrueNAS specifics
|
|
- **[GIT-REPO-SETUP.md](GIT-REPO-SETUP.md)** - Git workflow
|
|
- **[MIGRATE-FROM-NPM.md](MIGRATE-FROM-NPM.md)** - If migrating from NPM
|
|
|
|
---
|
|
|
|
**You're done!** Family can now access Nextcloud at `https://cloud.lemonlink.eu`
|