There's no engineering like over-engineering!

2022-06-25

Its been a while since I set up a server of my own. I had one 2 years ago and had some experience from apprenticeship, but I wanted to do everything right on this one!

When I got this server my first instinct was to set it up similarly to the old one with a combination of docker-compose and the Traefik reverse proxy. Since then there has been a major update to Traefik, requiring me to re-learn a bunch of things, and docker-compose has since been integrated into the docker cli.

Initial setup

So first thing I did was making the setup similar to the old one, making a compose file with this website in a docker container and Traefik proxying into the website container. Plus I'm letting Traefik handle the https certificates via Let's Encrypt.

This worked without any issues, and thanks to using docker contexts I didn't even need to open a shell on the server to execute all the commands.

Next up I wanted to add a dashboard with some bookmarks and an overview of what applications I have running on the server. I decided to use Flame for this. Flame lets you store the password for the dashboard inside a docker secret or inside the compose file. And since I don't want to store the password plain in my compose file, I wanted to use a secret.

Using a docker secret from a file locally was easy, but when deploying the compose file remotely I can't use a local file. So I tried to make a secret on the server with docker secret create but that's when I found out you need to be running in swarm mode to use secrets.

It's swarmin' time

So I looked into how swarm mode works and it sounded good and I initialized the swarm on the server.

First thing I did was making Traefik work with the website in swarm mode using the docker stack deploy command. It didn't work at first and I needed to investigate how it's different.

First thing I needed to change is the docker labels. With docker compose only I put the labels on the service directly, but with stack I need to put them under the deploy section of the service. Plus Traefik needs you to specify what port your containers are using when running in swarm mode, while with plain compose it can detect it automatically.

Additionally I split up the compose file into multiple files for to split up each individual service. So now there are 3 different compose files for Traefik, our website and Flame. Making it easier to update individual ones.

Conclusion

So now with the swarm deployed and the secrets working with Flame, I got a nice, maybe a bit over-engineered, setup. I can technically scale it to different servers, but that's nothing I'm gonna need in the near future likely. In the meantime I added a few more services like a feed reader and a git repo!

It's a bit more than what I technically need but it's a nice thing to have experience in in case you ever need it. If it weren't for my love for the compose file format I probably would have tried Kubernetes as I used it before in apprenticeship and it was nice to use once figured out.

Either way, it works and is easy to maintain, I hope you enjoyed reading about my experience setting up docker swarm on this server!