tonis2/server.sh

## server.sh
#!/bin/bash


# Install dependencies
apt update -y
apt install docker.io -y
apt install docker-compose -y
systemctl start docker
systemctl enable docker

# Give rights to docker
sudo groupadd docker
sudo usermod -aG docker $USERNAME
newgrp docker

# Disable root SSH login with password
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g'
systemctl enable ssh
systemctl start ssh

# Disable all incoming network ports with ufw and then allow ssh login and some few others
ufw default deny incoming
ufw default allow outgoing
ufw allow OpenSSH
ufw allow 22


ufw --force enable

# Pull default docker images
docker pull caddy:latest
docker pull portainer/portainer-ce:latest


mkdir /srv/web /srv/caddy

# This file will contain Caddy proxy config
touch /srv/caddy/Caddyfile


# Give read write access to /srv on all users
chmod ugo+rwx /srv /srv/web /srv/caddy

# Create default volumes
# Default web volume is accessible from host machine at /srv
docker volume create --driver local --opt type=none --opt device=/srv --opt o=bind web
docker volume create portainer_data
docker network create --driver=bridge --subnet=10.20.20.0/16 web

# Start default docker containers
docker run -d --ip=10.20.0.9 --privileged -e AGENT_SECRET=secret --network web --name portainer --restart=always  -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

docker run -d -p 80:80 -p 443:443 --network web --name=caddy --restart=always -v web:/data -v web:/config -v web:/srv caddy:latest caddy run --config /srv/caddy/Caddyfile --adapter caddyfile

# Caddyfile is located at /srv/caddy/Caddyfile, when first creating server Caddyfile has to be added manually and caddy container restarted
	#!/bin/bash


	# Install dependencies
	apt update -y
	apt install docker.io -y
	apt install docker-compose -y
	systemctl start docker
	systemctl enable docker

	# Give rights to docker
	sudo groupadd docker
	sudo usermod -aG docker $USERNAME
	newgrp docker

	# Disable root SSH login with password
	sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g'
	systemctl enable ssh
	systemctl start ssh

	# Disable all incoming network ports with ufw and then allow ssh login and some few others
	ufw default deny incoming
	ufw default allow outgoing
	ufw allow OpenSSH
	ufw allow 22


	ufw --force enable

	# Pull default docker images
	docker pull caddy:latest
	docker pull portainer/portainer-ce:latest


	mkdir /srv/web /srv/caddy

	# This file will contain Caddy proxy config
	touch /srv/caddy/Caddyfile


	# Give read write access to /srv on all users
	chmod ugo+rwx /srv /srv/web /srv/caddy

	# Create default volumes
	# Default web volume is accessible from host machine at /srv
	docker volume create --driver local --opt type=none --opt device=/srv --opt o=bind web
	docker volume create portainer_data
	docker network create --driver=bridge --subnet=10.20.20.0/16 web

	# Start default docker containers
	docker run -d --ip=10.20.0.9 --privileged -e AGENT_SECRET=secret --network web --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

	docker run -d -p 80:80 -p 443:443 --network web --name=caddy --restart=always -v web:/data -v web:/config -v web:/srv caddy:latest caddy run --config /srv/caddy/Caddyfile --adapter caddyfile

	# Caddyfile is located at /srv/caddy/Caddyfile, when first creating server Caddyfile has to be added manually and caddy container restarted