Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

--- nostovo:setup [2022/01/17 10:40] – pridana sekce Jenkins / Instalace java 11 nost23
+++ nostovo:setup [2025/09/24 23:10] (aktuální) – [HandBrake] added ...KEEP_SOURCE and ...OUTPUT_SUBDIR options nost23
@@ Řádek 1: / Řádek 1: @@
 <hidden For Admin only>
 ====== Nostovo ======
-===== Nexus =====
+====== LDAP server ======
+<WRAP alert>
+FIXME Synology Docker GUI can't start containers with option to propagate host's hostname inside docker network
+<code bash>--add-host=host.docker.internal:host-gateway</code>
+workaround is to add host's IP manually [ must be run from inside of container ]
+<code bash>
+# echo "172.17.0.1      nostovo.arnostdudek.cz" >> /etc/hosts
+</code>
+</WRAP>
+  - login do DSM UI
+  - //Centrum balicku// -> nainstalovat //LDAP server//
+  - v nastaveni LDAP serveru zvolime jako //Provider//
+    * FQDN je domenove jmeno [ je nutne platne kvuli platnosti certifikatu ]
+    * v //Nastaveni pripojeni// zakazeme anonymniho uzivatele a vynutime sifrovani [ nutne kvuli bezpecnosti, hesla jsou prenasena nesifrovane ]
+  - pridame pozadovane uzivatele
+<WRAP tip>
+pro testovani nainstalujeme klienta pro prikazovou radku
+<code bash>
+$ sudo dnf install openldap-clients
+</code>
+a zkusime vypsat obsah adresare
+<code bash>
+$ ldapsearch -x -LLL -H "ldaps://nostovo.arnostdudek.cz" -D "uid=root,cn=users,dc=nostovo,dc=arnostdudek,dc=cz" -W -b"cn=users,dc=nostovo,dc=arnostdudek,dc=cz"
+</code>
+^param^description^
+|-x|simple authentication|
+|-LLL|extended format|
+|-H|LDAP URI|
+|-D|bind DN|
+|-W|ask for password|
+|-b|query|
+</WRAP>
+====== Nexus ======
 Volume: ///volumes1/docker/volume-nexus///
-http://nostovo.arnostdudek.cz:32778
+https://nostovo.arnostdudek.cz:8081
-Docker URL: http://nostovo.arnostdudek.cz:32779/repository/nostovo/
+http://nostovo.arnostdudek.cz:7981
-==== Docker client setup ====
+Docker URL: https://nostovo.arnostdudek.cz:32769/repository/nostovo/
-<code shell>
-$ docker login -u <user> -p <pass> <URL>
+===== Docker client setup =====
-$ docker login -u admin -p <pass> https://nostovo.arnostdudek.cz:32779/repository/nostovo/
+  - upravime / vytvorime ///etc/docker/daemon.json//<file json daemon.json>
+{
+    "insecure-registries": ["nostovo.arnostdudek.cz:32769"]
+}
+</file>
+  - otocime docker<code>
+$ systemctl restart docker
+</code>
+  - a prihlasime se<code shell>
+$ docker login [-u <user>] [-p <pass>] <URL>
+$ docker login -u admin -p <pass> nostovo.arnostdudek.cz:32769
 </code>
-==== Jenkins ====
+===== HTTPS reverzni proxy =====
-http://nostovo.arnostdudek.cz:49165
+z https://www.synoforum.com/resources/synology-reverse-proxy-under-the-hood.135/
+  - login do DSM UI
+  - //Ovladaci panely// -> //Prihlasovaci portal// -> tab //Rozsirena nastaveni// -> //Reverzni server proxy//
+  - //Pridat// a vyplnime<WRAP alert>Prekladane porty nesmi byt stejne jako porty vystavene dockerem! Zde vzdy <port v kontejneru>-100 zpet na <port v kontejneru> ale jiz HTTPS.</WRAP>{{:nostovo:dsm7-reverse-proxy.png?400|}}
+  - a prihlasime se<code shell>
+$ docker login [-u <user>] [-p <pass>] <URL>
+$ docker login -u admin -p <pass> nostovo.arnostdudek.cz:32769
+</code>
+===== LDAP prihlasovani =====
+  - login do nexusu
+  - //Settings// -> //LDAP// -> Create new
+  - //LDAP server address:// je ve tvaru <code>ldaps://<FQDN>:636</code>
+  - //Search base DN// zkopirujeme //Base DN// z nastaveni LDAP serveru v DSM
+  - //Authentication method// zvolime //Simple authentication//
+  - //Username or DN// zkopirujeme //Bind DN// z nastaveni LDAP serveru v DSM
+  - //Password// opet z nastaveni LDAP serveru v DSM
+  - overime spojeni
+  - zvolime //Configuration template// //Posix with Dynamic Groups//
+  - //User relative DN// zvolime "//cn=users//" jinak nemusime menit
+  - overime nacteni uzivatelu a skupin a take moznost jejich prihlaseni
+  - presuneme se do //Roles// -> //Create Role//
+  - vybereme //External role mapping//, nasledne //LDAP//
+  - //Mapped Role// nastavime podle detekovanych
+^Name^Mapped role^Contained roles^Description^
+|LDAP operators|Directory Operators|ng-admin|allows access for LDAP AD operators|
+|LDAP users|users|ng-authorized|allows access for LDAP users|
+{{:nostovo:nexus-ldap-connection.png?600|}}
+{{:nostovo:nexus-ldap-users.png?600|}}
+====== Jenkins ======
+https://nostovo.arnostdudek.cz:8080
+http://nostovo.arnostdudek.cz:7980
 Volume: ///volumes1/docker/volume-jenkins-home///
@@ Řádek 23: / Řádek 105: @@
 </code>
-=== Instalace Java 11 ===
+===== Perzistence dat =====
+"Svazek" -> "Pridat slozku" -> vybrat volume a potvrdit -> "Cesta pro navazani" = "/var/jenkins_home"
+=== WiP: Docker-in-Docker - DIND ===
+<code bash>
+$ sudo ln -s /var/run/docker.sock /volume1/docker/docker.sock
+</code>
+<wrap fixme> "Svazek" -> "Pridat soubor" -> cil symlinku -> "Cesta pro navazani" = "/var/run/docker.sock"
+===== Instalace Java 11 =====
   - "Manage Jenkins" > "Global Tool Configuration" > "Add JDK"
   - Label: openjdk-11
@@ Řádek 37: / Řádek 129: @@
 </code>
 </WRAP>
+====== uptime-kuma ======
+https://nostovo.arnostdudek.cz:8082
+http://nostovo.arnostdudek.cz:7982
+https://github.com/louislam/uptime-kuma
+Volume: ///volumes1/docker/volume-uptime-kuma///
+====== HandBrake ======
+Volume: ///volume1/docker/volume-handbrake/config//
+http://192.168.1.2:7984/
+https://hub.docker.com/r/jlesage/handbrake
+https://github.com/jlesage/docker-handbrake
+<WRAP note>
+<code bash>
+docker run -d \
+    --name=handbrake \
+    -p 5800:5800 \
+    -v /docker/appdata/handbrake:/config:rw \ # Stores the application's configuration, state, logs, and any files requiring persistency.
+    -v /home/user:/storage:ro \ # Contains files from the host that need to be accessible to the application.
+    -v /home/user/HandBrake/watch:/watch:rw \ # The location for videos to be automatically converted.
+    -v /home/user/HandBrake/output:/output:rw \ # The destination for converted video files.
+    jlesage/handbrake
+</code>
+</WRAP>
+  - Vytvorime slozku pro //docker-compose.yml//
+  - Vytvorime slozku pro vlastni konfiguraci nastoroje - slozka ///config//
+  - Pokud nemame, vytvorime slozky pro //vstup//, //sledovani// a //vystup//
+  - Container manager -> Projekty -> Novy
+<code yaml>
+version: "3"
+services:
+  # from https://www.youtube.com/watch?v=g25uQxDr7fQ
+  handbrake:
+    image: jlesage/handbrake
+    container_name: handbrake
+    environment:
+      - TZ=Europe/Prague
+      - USER_ID=1026 # Synology Container creator is using this instead of PUID. This is the same as the user id of the user in the container.
+      - GROUP_ID=100 # Synology Container creator is using this instead of PGID. This is the same as the group id of the user in the container.
+      # Handbrake GUI settings
+      - AUTOMATED_CONVERSION_PRESET=nost/qsv h265 icq25 1080p
+      - AUTOMATED_CONVERSION_FORMAT=mkv
+      - AUTOMATED_CONVERSION_KEEP_SOURCE=0
+      - AUTOMATED_CONVERSION_OUTPUT_SUBDIR=SAME_AS_SRC
+    ports:
+      - 7984:5800
+    volumes:
+      # NAS path | Container path
+      - /volume1/docker/volume-handbrake/config:/config
+      - /volume1/homes/nost23/nvidia_geforce:/storage
+      - /volume1/homes/nost23/nvidia_geforce/prekodovat:/watch
+      - /volume1/homes/nost23/nvidia_geforce/prekodovano:/output
+    devices:
+      - /dev/dri:/dev/dri # Binds the Intel Quicksync decoder to Plex HW Transcode
+    group_add:
+      - "937"  # Synology "videodriver" group
+</code>
+  - Povolime webovy portal handbrake -> HTTPS na port 8084. Host localhost.
 </hidden>