111 lines
3.1 KiB
Markdown
111 lines
3.1 KiB
Markdown
# LemonSec - Quick Reference
|
|
|
|
## 🎯 Your Setup
|
|
- **Proxmox VM**: Docker/Portainer + LemonSec stack
|
|
- **TrueNAS Scale VM**: Nextcloud app
|
|
- **Goal**: Secure family access to Nextcloud via `cloud.lemonlink.eu`
|
|
- **Deploy Method**: Portainer Git Repository
|
|
|
|
## 🚀 Deploy via Portainer (5 min)
|
|
|
|
### 1. Push to Git
|
|
```bash
|
|
cd LemonSec
|
|
git remote add origin https://git.lemonlink.eu/impulsivefps/LemonSec.git
|
|
git add .
|
|
git commit -m "Initial deployment"
|
|
git push -u origin main
|
|
```
|
|
|
|
### 2. Portainer UI
|
|
- **Stacks** → **Add Stack** → **Repository**
|
|
- **URL**: `https://git.lemonlink.eu/impulsivefps/LemonSec`
|
|
- **Compose Path**: `docker-compose.yml`
|
|
|
|
### 3. Environment Variables
|
|
Copy from `stack.env` and fill in:
|
|
|
|
| Variable | Value |
|
|
|----------|-------|
|
|
| `CF_API_EMAIL` | your@email.com |
|
|
| `CF_API_KEY` | Cloudflare API key |
|
|
| `TRUENAS_IP` | 192.168.1.100 |
|
|
| `TRUENAS_NEXTCLOUD_PORT` | 9001 |
|
|
| `AUTHELIA_JWT_SECRET` | `openssl rand -hex 32` |
|
|
| `AUTHELIA_SESSION_SECRET` | `openssl rand -hex 32` |
|
|
| `AUTHELIA_STORAGE_KEY` | `openssl rand -hex 32` |
|
|
|
|
### 4. Deploy
|
|
Click **Deploy the stack**
|
|
|
|
### 5. Setup CrowdSec
|
|
```bash
|
|
docker exec crowdsec cscli bouncers add traefik-bouncer
|
|
# Copy key, add to Portainer env vars, redeploy
|
|
```
|
|
|
|
### 6. TrueNAS Config
|
|
TrueNAS → Apps → Nextcloud → Edit, add env:
|
|
```
|
|
NEXTCLOUD_TRUSTED_DOMAINS=cloud.lemonlink.eu
|
|
OVERWRITEPROTOCOL=https
|
|
TRUSTED_PROXIES=192.168.1.50 # Proxmox VM IP
|
|
```
|
|
|
|
### 7. Cloudflare DNS
|
|
- A record: `cloud` → YOUR_PUBLIC_IP (orange cloud)
|
|
|
|
### Done!
|
|
Visit: `https://cloud.lemonlink.eu` ✅
|
|
|
|
**Full guide**: [PORTAINER-DEPLOY.md](PORTAINER-DEPLOY.md)
|
|
|
|
---
|
|
|
|
## 📁 Repository Structure
|
|
|
|
| Path | Purpose |
|
|
|------|---------|
|
|
| `docker-compose.yml` | Main stack - Traefik, Authelia, CrowdSec, Nextcloud router |
|
|
| `stack.env` | Environment variable template for Portainer |
|
|
| `traefik/` | Traefik configuration files |
|
|
| `authelia/` | Authelia config and user database |
|
|
| `crowdsec/` | CrowdSec acquisition config |
|
|
|
|
## 🔧 Customization
|
|
|
|
### Add Family to Authelia
|
|
Edit `authelia/users_database.yml` → push → Portainer "Pull and redeploy"
|
|
|
|
### Add More Services
|
|
Edit `docker-compose.yml` → add router container → push → redeploy
|
|
|
|
### Update Stack
|
|
1. Edit files locally
|
|
2. `git commit -am "Update" && git push`
|
|
3. Portainer → Stacks → lemonsec → "Pull and redeploy"
|
|
|
|
## 📚 Documentation
|
|
|
|
- **[PORTAINER-DEPLOY.md](PORTAINER-DEPLOY.md)** - Detailed Portainer deployment
|
|
- **[SETUP-TRUENAS-NEXTCLOUD.md](SETUP-TRUENAS-NEXTCLOUD.md)** - TrueNAS specific setup
|
|
- **[MIGRATE-FROM-NPM.md](MIGRATE-FROM-NPM.md)** - NPM migration guide
|
|
- **[docs/CLOUDFLARE.md](docs/CLOUDFLARE.md)** - DNS/SSL configuration
|
|
|
|
## 🆘 Troubleshooting
|
|
|
|
| Issue | Solution |
|
|
|-------|----------|
|
|
| "CF_API_EMAIL not set" | Check env vars in Portainer UI |
|
|
| "502 Bad Gateway" | Verify TRUENAS_IP and PORT |
|
|
| "Untrusted domain" | Add domain to TrueNAS Nextcloud env |
|
|
| SSL errors | Check Cloudflare API credentials |
|
|
|
|
## ✅ Success Checklist
|
|
|
|
- [ ] `https://cloud.lemonlink.eu` loads Nextcloud
|
|
- [ ] Family can login with Nextcloud accounts
|
|
- [ ] Mobile apps work
|
|
- [ ] SSL certificate valid
|
|
- [ ] CrowdSec shows decisions
|