├── .env ├── README.md ├── docker-compose.yml ├── php.ini └── traefik.toml /.env: -------------------------------------------------------------------------------- 1 | # Docker Compose can read environment variables from this file. 2 | # See https://docs.docker.com/compose/env-file/ 3 | 4 | # Put admin areas behind a login prompt, with username and password 5 | # specified here. Run `htpasswd -n admin` to create a password hash 6 | # for user "admin". Paste the output here. SSL strongly recommended. 7 | BASIC_AUTH= 8 | 9 | # Let's Encrypt needs an email address for registration. 10 | ACME_EMAIL= 11 | 12 | # The Traefik dashboard will be available at these domains. 13 | # The URL is http://example.com/traefik/ 14 | TRAEFIK_DOMAINS= 15 | 16 | # Your Hugin site will be available at these domains. If all domains 17 | # have DNS records pointing to your server, they'll get SSL certs. 18 | HUGINN_DOMAINS= 19 | 20 | # Huginn needs a email address to send from. Make sure your server 21 | # is authorised to send from this address if the domain has SPF records. 22 | HUGINN_EMAIL= 23 | 24 | # To create other users without logging in, you need to specify 25 | # the "Invitation Code" below on sign-up. 26 | HUGINN_INVITATION_CODE= 27 | 28 | # Set a secure password for the MySQL root user. Remember this so 29 | # you can login to phpMyAdmin (as username "root"). 30 | HUGINN_DB_ROOT_PASSWORD= 31 | 32 | # Run 'rake time:zones:all' to get a list of other options. 33 | HUGINN_TIMEZONE=London 34 | 35 | # Set the MySQL database name, user and password for Huginn. 36 | HUGINN_DB_NAME=huginn 37 | HUGINN_DB_USER=huginn 38 | HUGINN_DB_PASSWORD= 39 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Configuration files for our [Huginn on Docker 2 | guide](https://docs.bytemark.co.uk/). 3 | 4 | The guide gets a Huginn instance up and running in minutes. It comes with 5 | support for: 6 | 7 | * Let's Encrypt SSL certificates (via Traefik) 8 | * Outgoing email (via [Bytemark's SMTP 9 | image](https://hub.docker.com/r/bytemark/smtp/)) 10 | * Automatic updates 11 | 12 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | # See https://docs.docker.com/compose/overview/ for more information. 3 | 4 | # If you make changes to this file or any related files, apply them by 5 | # navigating to the directory that holds this file and run this as root: 6 | # docker-compose down; docker-compose up -d 7 | 8 | # Create two networks: one for front-end containers that we'll make 9 | # publicly accessible to the internet, and one for private back-end. 10 | networks: 11 | frontend: 12 | backend: 13 | 14 | # Create persistent Docker volumes to preserve important data. 15 | # We don't want our data to be lost when restarting containers. 16 | volumes: 17 | vol-huginn-db: 18 | 19 | # Create our containers. 20 | services: 21 | # Traefik is a reverse proxy. It handles SSL and passes traffic to 22 | # Docker containers via rules you define in docker-compose labels. 23 | # Its dashboard is at http://example.com/traefik/ (behind a login). 24 | traefik: 25 | # https://hub.docker.com/_/traefik/ 26 | image: traefik:latest 27 | command: --api --docker --acme.email="${ACME_EMAIL}" 28 | restart: always 29 | networks: 30 | - backend 31 | - frontend 32 | volumes: 33 | - /var/run/docker.sock:/var/run/docker.sock # Access to Docker 34 | - ./traefik.toml:/traefik.toml # Traefik configuration 35 | - ./acme.json:/acme.json # SSL certificates 36 | ports: 37 | # Map port 80 and 443 on the host to this container. 38 | - "80:80" 39 | - "443:443" 40 | labels: 41 | - "traefik.docker.network=frontend" 42 | - "traefik.enable=true" 43 | - "traefik.frontend.rule=Host:${TRAEFIK_DOMAINS}; PathPrefixStrip:/traefik" 44 | - "traefik.port=8080" 45 | - "traefik.protocol=http" 46 | # Remove next line to disable login prompt for the dashboard. 47 | - "traefik.frontend.auth.basic=${BASIC_AUTH}" 48 | 49 | # Watchtower detects if any linked containers have an new image 50 | # available, automatically updating & restarting them if needed. 51 | watchtower: 52 | # https://hub.docker.com/r/centurylink/watchtower/ 53 | image: v2tec/watchtower:latest 54 | # https://github.com/v2tec/watchtower#options 55 | # This schedule applies updates (if available) at midnight. 56 | command: --cleanup --schedule "0 0 0 * * *" 57 | restart: always 58 | volumes: 59 | - /var/run/docker.sock:/var/run/docker.sock 60 | 61 | huginn-db: 62 | # https://hub.docker.com/_/mariadb/ 63 | # Specify 10.3 as we only want watchtower to apply minor updates 64 | # (eg, 10.3.1) and not major updates (eg, 10.4). 65 | image: mariadb:10.3 66 | restart: always 67 | networks: 68 | - backend 69 | volumes: 70 | # Ensure the database persists between restarts. 71 | - vol-huginn-db:/var/lib/mysql 72 | environment: 73 | MYSQL_ROOT_PASSWORD: ${HUGINN_DB_ROOT_PASSWORD} 74 | MYSQL_DATABASE: ${HUGINN_DB_NAME} 75 | MYSQL_USER: ${HUGINN_DB_USER} 76 | MYSQL_PASSWORD: ${HUGINN_DB_PASSWORD} 77 | 78 | # The main application, visble through Traefik. 79 | huginn: 80 | # https://hub.docker.com/hugin/hugin/ 81 | image: huginn/huginn 82 | depends_on: 83 | - huginn-db 84 | restart: always 85 | networks: 86 | - frontend 87 | - backend 88 | environment: 89 | # Don't create the default "admin" user with password "password". 90 | DO_NOT_SEED: "true" 91 | # Database configuration 92 | MYSQL_PORT_3306_TCP_ADDR: huginn-db 93 | MYSQL_ROOT_PASSWORD: ${HUGINN_DB_ROOT_PASSWORD} 94 | HUGINN_DATABASE_NAME: ${HUGINN_DB_NAME} 95 | HUGINN_DATABASE_USERNAME: ${HUGINN_DB_USER} 96 | HUGINN_DATABASE_PASSWORD: ${HUGINN_DB_PASSWORD} 97 | DATABASE_ENCODING: "utf8mb4" 98 | # General Configuration 99 | INVITATION_CODE: ${HUGINN_INVITATION_CODE} 100 | TIMEZONE: ${HUGINN_TIMEZONE} 101 | # Email Configuration 102 | SMTP_DOMAIN: ${TRAEFIK_DOMAINS} 103 | EMAIL_FROM_ADDRESS: ${HUGINN_EMAIL} 104 | SMTP_USER_NAME: "none" 105 | SMTP_PASSWORD: "none" 106 | SMTP_SERVER: "mail" 107 | SMTP_PORT: "25" 108 | SMTP_AUTHENTICATION: "none" 109 | SMTP_ENABLE_STARTTLS_AUTO: "true" 110 | labels: 111 | - "traefik.docker.network=frontend" 112 | - "traefik.enable=true" 113 | - "traefik.frontend.rule=Host:${HUGINN_DOMAINS}" 114 | - "traefik.port=3000" 115 | - "traefik.protocol=http" 116 | # Uncomment the next line to enable HSTS header. 117 | #- "traefik.frontend.headers.STSSeconds=15768000" 118 | 119 | # Navigate to http://example.com/phpmyadmin/ to manage your MySQL 120 | # databases. (Don't forget the last forward slash.) Like the Traefik 121 | # dashboard, this is behind a login prompt to help you stay secure. 122 | phpmyadmin: 123 | # https://hub.docker.com/r/phpmyadmin/phpmyadmin/ 124 | image: phpmyadmin/phpmyadmin:latest 125 | depends_on: 126 | - huginn-db 127 | restart: always 128 | networks: 129 | - frontend 130 | - backend 131 | volumes: 132 | # Install our own php.ini, which can be customized. 133 | - ./php.ini:/usr/local/etc/php/php.ini 134 | environment: 135 | PMA_HOST: huginn-db 136 | PMA_ABSOLUTE_URI: /phpmyadmin/ 137 | MYSQL_ROOT_PASSWORD: ${HUGINN_DB_ROOT_PASSWORD} 138 | labels: 139 | - "traefik.docker.network=frontend" 140 | - "traefik.enable=true" 141 | - "traefik.frontend.rule=Host:${HUGINN_DOMAINS}; PathPrefixStrip:/phpmyadmin/" 142 | - "traefik.port=80" 143 | - "traefik.protocol=http" 144 | # Remove the next line if you don't want a browser login prompt. 145 | - "traefik.frontend.auth.basic=${BASIC_AUTH}" 146 | 147 | # This allows Huginn to send email straight out of the box without 148 | # having to rely on an external provider like SendGrid or MailGun. 149 | # It makes an SMTP host available at the hostname "mail". 150 | mail: 151 | image: bytemark/smtp 152 | restart: always 153 | networks: 154 | - frontend 155 | 156 | -------------------------------------------------------------------------------- /php.ini: -------------------------------------------------------------------------------- 1 | # Feel free to add and change any settings you want in here. 2 | upload_max_filesize = 128M 3 | post_max_size = 128M 4 | max_execution_time = 200 5 | memory_limit = 256M 6 | -------------------------------------------------------------------------------- /traefik.toml: -------------------------------------------------------------------------------- 1 | # Traefik will listen for traffic on both HTTP and HTTPS. 2 | defaultEntryPoints = ["http", "https"] 3 | 4 | # Network traffic will be entering our Docker network on the usual web ports 5 | # (ie, 80 and 443), where Traefik will be listening. 6 | [entryPoints] 7 | [entryPoints.http] 8 | address = ":80" 9 | # Uncomment the following two lines to redirect HTTP to HTTPS. 10 | # [entryPoints.http.redirect] 11 | # entryPoint = "https" 12 | [entryPoints.https] 13 | address = ":443" 14 | [entryPoints.https.tls] 15 | 16 | # These options are for Traefik's integration with Docker. 17 | [docker] 18 | endpoint = "unix:///var/run/docker.sock" 19 | domain = "docker.localhost" 20 | watch = true 21 | exposedByDefault = false 22 | 23 | # These options are for Traefik's integration with Let's Encrypt. 24 | # Your certificates are stored inside /acme.json inside the container, 25 | # which is /root/compose/acme.json on your server. 26 | [acme] 27 | storage = "acme.json" 28 | onHostRule = true 29 | entryPoint = "https" 30 | [acme.httpChallenge] 31 | entryPoint = "http" 32 | 33 | # https://docs.traefik.io/configuration/logs/ 34 | # Comment out the next line to enable Traefik's access logs. 35 | #[accessLog] 36 | --------------------------------------------------------------------------------