3.1 KiB
3.1 KiB
LemonSec - Quick Reference
🎯 Your Setup
- Proxmox VM: Docker/Portainer + LemonSec stack
- TrueNAS Scale VM: Nextcloud app
- Goal: Secure family access to Nextcloud via
cloud.lemonlink.eu - Deploy Method: Portainer Git Repository
🚀 Deploy via Portainer (5 min)
1. Push to Git
cd LemonSec
git remote add origin https://git.lemonlink.eu/impulsivefps/LemonSec.git
git add .
git commit -m "Initial deployment"
git push -u origin main
2. Portainer UI
- Stacks → Add Stack → Repository
- URL:
https://git.lemonlink.eu/impulsivefps/LemonSec - Compose Path:
docker-compose.yml
3. Environment Variables
Copy from stack.env and fill in:
| Variable | Value |
|---|---|
CF_API_EMAIL |
your@email.com |
CF_API_KEY |
Cloudflare API key |
TRUENAS_IP |
192.168.1.100 |
TRUENAS_NEXTCLOUD_PORT |
9001 |
AUTHELIA_JWT_SECRET |
openssl rand -hex 32 |
AUTHELIA_SESSION_SECRET |
openssl rand -hex 32 |
AUTHELIA_STORAGE_KEY |
openssl rand -hex 32 |
4. Deploy
Click Deploy the stack
5. Setup CrowdSec
docker exec crowdsec cscli bouncers add traefik-bouncer
# Copy key, add to Portainer env vars, redeploy
6. TrueNAS Config
TrueNAS → Apps → Nextcloud → Edit, add env:
NEXTCLOUD_TRUSTED_DOMAINS=cloud.lemonlink.eu
OVERWRITEPROTOCOL=https
TRUSTED_PROXIES=192.168.1.50 # Proxmox VM IP
7. Cloudflare DNS
- A record:
cloud→ YOUR_PUBLIC_IP (orange cloud)
Done!
Visit: https://cloud.lemonlink.eu ✅
Full guide: PORTAINER-DEPLOY.md
📁 Repository Structure
| Path | Purpose |
|---|---|
docker-compose.yml |
Main stack - Traefik, Authelia, CrowdSec, Nextcloud router |
stack.env |
Environment variable template for Portainer |
traefik/ |
Traefik configuration files |
authelia/ |
Authelia config and user database |
crowdsec/ |
CrowdSec acquisition config |
🔧 Customization
Add Family to Authelia
Edit authelia/users_database.yml → push → Portainer "Pull and redeploy"
Add More Services
Edit docker-compose.yml → add router container → push → redeploy
Update Stack
- Edit files locally
git commit -am "Update" && git push- Portainer → Stacks → lemonsec → "Pull and redeploy"
📚 Documentation
- PORTAINER-DEPLOY.md - Detailed Portainer deployment
- SETUP-TRUENAS-NEXTCLOUD.md - TrueNAS specific setup
- MIGRATE-FROM-NPM.md - NPM migration guide
- docs/CLOUDFLARE.md - DNS/SSL configuration
🆘 Troubleshooting
| Issue | Solution |
|---|---|
| "CF_API_EMAIL not set" | Check env vars in Portainer UI |
| "502 Bad Gateway" | Verify TRUENAS_IP and PORT |
| "Untrusted domain" | Add domain to TrueNAS Nextcloud env |
| SSL errors | Check Cloudflare API credentials |
✅ Success Checklist
https://cloud.lemonlink.euloads Nextcloud- Family can login with Nextcloud accounts
- Mobile apps work
- SSL certificate valid
- CrowdSec shows decisions