Add blog posts

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
2025-09-13 14:54:19 +01:00
parent 6ae61556db
commit 72f48d7e1f
55 changed files with 2240 additions and 1 deletions

View File

@@ -0,0 +1,171 @@
+++
title = "Building the Ultimate Linux Home Server - Part 2: Docker, Automatic Updates, and File Sharing"
date = 2021-07-25T21:09:00Z
draft = false
summary = "Installing and configuring Docker, Portainer, Watchtower, and Samba on a home server."
tags = ['Guide', 'Self-Hosting', 'Linux']
aliases = ['/ultimate-home-server-part-2']
[hero]
src = "hero.jpg"
caption = 'Photo by <a href="https://unsplash.com/@carrier_lost">Ian Taylor</a> via <a href="https://unsplash.com">Unsplash</a>'
+++
> [!important] Disclaimer
> This guide was written in 2021 and reflects my setup and recommendations at the time. Some tools, software versions, and best practices may have changed since then. Consider checking more recent resources alongside this post.
In [Part 1]({{% ref "/posts/ultimate-home-server-part-1" %}}) we started building a Linux Home Server using a combination of Arch Linux, MergerFS, and SnapRAID. In this part, we are going to be continuing our journey by installing Docker, Portainer, and Watchtower for easy container management, as well as run our first service.
## What is Docker and why should I use it?
[Docker](https://www.docker.com/) is an OS-level virtualization project that allows users to install and run applications inside so-called containers, isolated from the operating system and each other. This means that when running a docker container, one does not have to worry about conflicting dependencies, networking, or junk files left behind when removing a service.
Why should we use Docker instead of another virtualization solution like VMWare, VirtualBox, or KVM? The main reason is performance improvements. While each VM has to simulate its own hardware and run a separate guest operating system, Docker containers instead run as a process in userspace, therefore sharing the host OS' kernel and resources.
![https://www.docker.com/resources/what-container](docker.png)
Because of this, containers can boot in seconds, have near bare-metal performance, use way fewer resources than VMs, and are more portable because of their smaller size.
### Installation
Installing Docker on Arch Linux is incredibly simple:
```bash
$ pacman -S docker docker-compose
$ gpasswd -a nick docker
$ systemctl start docker.service
$ systemctl enable docker.service
$ reboot
```
After installing it, you can run a test by using the official `hello-world` image. If everything went well, you should see the following output:
```bash
$ docker run --rm hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
...
```
If you want to familiarise yourself with Docker you can experiment by running containers found in the [Docker Hub](https://hub.docker.com/), reading the [docs](https://docs.docker.com/), or taking a look at the [cheat sheet](https://raw.githubusercontent.com/sangam14/dockercheatsheets/master/dockercheatsheet8.png).
## Portainer
We could stop here and manage all our applications using the command line, but sometimes using a Web UI is more convenient. This is where [Portainer](https://www.portainer.io/) comes in: It's a web app that makes it easy to manage Docker containers, networks, compose stacks, volumes, and more, all through a user-friendly UI.
To install it we are going to run the following commands:
```bash
$ docker volume create portainer_data
$ docker run -d --name=portainer \
-e PGID=1000 \
-e PUID=1000 \
-p 8000:8000 \
-p 9000:9000 \
--restart=unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
-v /mnt/storage/configs:/configs \
portainer/portainer-ce
```
Here's a brief walkthrough of what each option does:
- `-d`: Run container in the background (detached)
- `--name=portainer`: The name of the container
- `-e PGID=1000 and -e PUID=1000`: Set environmental variables PGID and PUID to 1000 (your user id, run id to check it)
- `-p 8000:8000`: Expose port 8000 on the host and bind it to port 8000 in the container
- `-p 9000:9000`: Same as above
- `--restart=unless-stopped`: Automatically restart the container if it crashes or when the server boots
- `-v a:b`: Bind directory a on the host to directory b in the container
- `-v /var/run/docker.sock:/var/run/docker.sock`: Give Portainer access to the host's Docker socket
After running the command, you can access the web UI using a browser at `[local_server_ip]:9000`. In my case, that would be `192.168.1.254:9000`.
![](portainer.png)
We're going to come back to Portainer in the next post, where we will be setting up a routing stack to handle our networking.
## Watchtower
We can now start and manage already existing containers easily, but what about updating them? One could manually stop, remove, and recreate containers every time they need an update, but that gets tiresome, especially when dealing with a large number of them. That's why we will use [Watchtower](https://github.com/containrrr/watchtower) to automatically update all containers once every week.
Installation is once again simple:
```bash
$ docker run -d --name=watchtower \
-e PGID=1000 \
-e PUID=1000 \
--restart=unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower \
--schedule "0 0 4 * * *" \
--cleanup
```
The two new arguments we use are specific to this image, that's why they are placed after its name:
- `--schedule "0 0 4 * * *"`: Update containers every day at 4 A.M.
- `--cleanup`: Remove old images
If all goes well, Watchtower should monitor and automatically check for container updates every day. If you want to stop a container from auto-updating, run it with the label `--label=com.centurylinklabs.watchtower.enable=false`.
## Samba
Now that we have finished setting up Docker, we can start deploying some actually useful services. The first of these is going to be [Samba](https://github.com/dperson/samba), a tool that allows server volumes to be accessed by other devices on the network.
Before we begin, we need to create our folder structure and set permissions.
```bash
$ cd /mnt/storage
# Create folders and set their owner
$ mkdir configs private public
# Set default permissions for private and config folders
$ sudo chmod -R 770 configs private
$ sudo setfacl -R -d -m g::rwx configs private
$ sudo setfacl -R -d -m o::- configs private
# Set default permissions for public folder
$ sudo chmod -R 777 public
$ sudo setfacl -R -d -m g::rwx public
$ sudo setfacl -R -d -m o::rwx public
```
Next, open Portainer, go to the *stacks* tab, and add a new stack named `samba`. In the `docker-compose` field, paste the following, and modify it to your liking:
```yaml
version: '3.9'
services:stacks*
samba:
image: dperson/samba
container_name: samba
restart: unless-stopped
environment:
- 'TZ=Europe/Athens'
- 'USERID=1000'
- 'GROUPID=1000'
- 'USER1=user1;password1'
- 'USER2=user2;password2'
- 'SHARE1=public;/mount/public;yes;no;yes;all'
- 'SHARE2=user1;/mount/private/user1;yes;no;no;user1'
- 'SHARE3=user2;/mount/private/user2;yes;no;no;user2'
volumes:
- '/mnt/storage:/mount'
ports:
- "139:139/tcp"
- "445:445/tcp"
network_mode: bridge
stdin_open: true
tty: true
```
For more information on what each option does, you can check the project's [repository](https://github.com/dperson/samba#configuration). After you are satisfied with your settings, click *deploy the stack*, wait a couple of seconds, and try accessing your new file share from a different computer.
## Final Thoughts
By now, you should have installed and configured Docker, Portainer, and Watchtower for container management, along with Samba for all your network storage needs. In the next part, we are going to start exposing our server to the internet using OpenVPN, Cloudflare, and Nginx Proxy Manager.