4.3 KiB
4.3 KiB
🚀 Deploy LemonSec Now
This is the fast path to get LemonSec running on your Proxmox VM with Portainer.
Prerequisites
- Proxmox VM with Docker and Portainer installed
- TrueNAS Scale VM with Nextcloud app installed
- Cloudflare account managing
lemonlink.eu - Ports 80/443 forwarded to Proxmox VM
- Git repository at
https://git.lemonlink.eu/impulsivefps/LemonSec
Step 1: Prepare (2 minutes)
Get your info:
# Proxmox VM IP (where Portainer runs)
ip addr show | grep "inet " | head -2
# e.g., 192.168.1.50
# TrueNAS IP
cat /etc/motd # or check TrueNAS UI
# e.g., 192.168.1.100
# Nextcloud Port (TrueNAS → Apps → Nextcloud)
# e.g., 9001
# Cloudflare API Key
# https://dash.cloudflare.com/profile/api-tokens → Global API Key
Generate Secrets:
# Run this 3 times, save each output:
openssl rand -hex 32
Step 2: Push to Git (1 minute)
cd LemonSec
git remote add origin https://git.lemonlink.eu/impulsivefps/LemonSec.git
git add .
git commit -m "Initial LemonSec deployment"
git push -u origin main
Step 3: Deploy in Portainer (3 minutes)
3.1 Create Stack
- Open Portainer:
http://your-proxmox-vm:9000 - Stacks → Add Stack
- Select Repository
- Fill in:
- Name:
lemonsec - Repository URL:
https://git.lemonlink.eu/impulsivefps/LemonSec - Compose path:
docker-compose.yml
- Name:
3.2 Add Environment Variables
Copy/paste from stack.env and fill in your values:
CF_API_EMAIL=your-email@example.com
CF_API_KEY=your-cloudflare-global-api-key
TRUENAS_IP=192.168.1.100
TRUENAS_NEXTCLOUD_PORT=9001
AUTHELIA_JWT_SECRET=aaaa... (64 hex chars)
AUTHELIA_SESSION_SECRET=bbbb... (64 hex chars)
AUTHELIA_STORAGE_KEY=cccc... (64 hex chars)
TZ=Europe/Stockholm
3.3 Deploy
Click Deploy the stack
Wait for containers to start (about 30 seconds).
Step 4: Configure CrowdSec (2 minutes)
After deployment, get the API key:
# SSH to Proxmox VM or use Portainer Console
docker exec crowdsec cscli bouncers add traefik-bouncer
# Copy the key
Back in Portainer:
- Stacks → lemonsec → Editor
- Add environment variable:
CROWDSEC_API_KEY=the-key-you-copied - Click Update the stack
Step 5: Configure TrueNAS (2 minutes)
In TrueNAS Scale UI:
- Apps → Installed → Nextcloud → Edit
- Add Environment Variables:
NEXTCLOUD_TRUSTED_DOMAINS=cloud.lemonlink.eu OVERWRITEPROTOCOL=https OVERWRITEHOST=cloud.lemonlink.eu OVERWRITECLIURL=https://cloud.lemonlink.eu TRUSTED_PROXIES=192.168.1.50 # Your Proxmox VM IP - Save
Step 6: Cloudflare DNS (1 minute)
- Login to Cloudflare Dashboard
- DNS → Add records:
| Type | Name | Target | Proxy |
|---|---|---|---|
| A | cloud | YOUR_PUBLIC_IP | 🟠 Orange |
| A | auth | YOUR_PUBLIC_IP | 🟠 Orange |
- SSL/TLS → Set to Full (strict)
Step 7: Test (30 seconds)
Open in browser:
https://cloud.lemonlink.eu
You should see the Nextcloud login page! 🎉
What You Got
| Service | URL | Purpose |
|---|---|---|
| Nextcloud | https://cloud.lemonlink.eu |
Family file sharing |
| Authelia | https://auth.lemonlink.eu |
SSO login portal |
| Traefik | https://traefik.local.lemonlink.eu |
Reverse proxy dashboard |
Next Steps
- Add family to Authelia: Edit
authelia/users_database.yml→ push → "Pull and redeploy" - Add more services: Edit
docker-compose.yml→ add routers → push → redeploy - Enable monitoring: Uncomment monitoring profile in compose
Troubleshooting
| Problem | Fix |
|---|---|
| "CF_API_EMAIL not set" | Check environment variables in Portainer |
| "502 Bad Gateway" | Verify TRUENAS_IP and PORT are correct |
| "Untrusted domain" | Check TrueNAS Nextcloud env vars |
| No SSL certificate | Check Cloudflare API key and DNS records |
Full Documentation
- PORTAINER-DEPLOY.md - Detailed Portainer guide
- SETUP-TRUENAS-NEXTCLOUD.md - TrueNAS specifics
- GIT-REPO-SETUP.md - Git workflow
- MIGRATE-FROM-NPM.md - If migrating from NPM
You're done! Family can now access Nextcloud at https://cloud.lemonlink.eu