Skip to content

Setting up Gordon’s Backend

Jump to bottom
Brice Amen edited this page Sep 3, 2024 · 13 revisions

Setting up Gordon’s Backend

⚠️ This is the first draft of the wiki with the bare minimum to get you started with Gordon

Setting up Traefik

Create a network

The first step is to create a persistent network that will remain available even if Traefik goes down.

In this example, I'm using Podman, but the commands are the same for Docker.

podman network create traefik

To confirm creation, use the podman network ps command:

podman network ps
# You should see something like:
NETWORK ID    NAME            VERSION     PLUGINS
XXXXXXX  podman          0.4.0       bridge,portmap,firewall,tuning
XXXXXXX  traefik         0.4.0       bridge,portmap,firewall,tuning,dnsname

Now, let's proceed with Traefik's installation and configuration.

podman pull traefik:latest

Create a docker-compose.yml

Below is a basic configuration for Traefik:

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock 
      - ./acme.json:/acme.json 
      - ./traefik.yml:/etc/traefik/traefik.yml
    networks:
      - traefik

networks:
  traefik:
    external: true

If you're using Docker your host container engine's socket is most likely /var/run/docker.sock . For Podman in rootless mode, you'll need to locate your user ID with id -u.

Configuration Files

Traefik uses traefik.yml for configuration, and acme.json to store SSL/TLS certificates for subdomains.

traefik.yml

api:
  dashboard: false

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  myresolver:
    acme:
      email: [email protected]
      storage: acme.json
      httpChallenge:
        entryPoint: web

⚠️ The endpoint is docker.sock, which we've mapped to Podman in docker-compose.yml.

acme.json

Create this file and set its permissions to read/write for your user only:

touch acme.json
chmod 600 acme.json

Start Traefik

podman-compose up -d

Setting up Gordon

Gordon is by design very close to the Traefik configuration.

Create a docker-compose.yml

services:
  gordon:
    container_name: gordon
    image: ghcr.io/bnema/gordon:latest
    environment:
      PROXY_URL: "https://gordon-proxy.bamen.dev"
      SESSION_SECRET: "define a secret for your session"
    volumes:
      - ./data:/data
      - ./config.yml:/config.yml
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock
    restart: unless-stopped
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gordon.rule=Host(`gordon.foobar.com`)"
      - "traefik.http.routers.gordon.entrypoints=websecure"
      - "traefik.http.routers.gordon.tls.certresolver=letsencrypt"
      - "traefik.http.services.gordon.loadbalancer.server.port=80"

networks:
  traefik:
    external: true

⚠️ Same as Traefik, Gordon must be able to interact with host container engine's socket.

💡 The data/ directory will store your SQLite database and temporary container images.

Configuration Files

Your config.yml should be in the same directory as your docker-compose.yml.

General:
    storageDir: ./data
Http:
    domain: # <- Your domain.tld (e.g: foobar.com)
    subDomain: # <- (e.g: gordon)
Admin:
    path: /admin # <- Your webui access (slash required)
ContainerEngine:
    dockersock: /var/run/docker.sock 
    network: taefik
Traefik:
    entryPoint: web # <- http entrypoint 
    secureEntryPoint: websecure # <- https entrypoint
    resolver: myresolver # <- your tls resolver

⚠️ Same as Traefik. The endpoint is docker.sock, which we've mapped to Podman in docker-compose.yml.

For instance:

  • domain: foobar.com
  • subDomain: gordon
  • path: /admin

The final URL to access Gordon's backend will be https://gordon.foobar.com/admin.

Proceed to create your data/ directory, which should initially be empty. Gordon will generate the necessary database files there upon first launch.

Ensure the configuration file and directory are secure:

chmod 600 config.yml
chmod 700 data/

First start

Once everything is setup, its time to start the container

podman-compose up

⚠️ The -d flag is omitted here to allow viewing the container's standard output directly.

You should see output similar to:

[gordon] | Login with the new token: 048c11ca0fae4e28e3bb8c10c19a2dff
[gordon] | Configuration saved to /config.yml
2023/11/09 10:00:13 Starting server on port 80

💡 Gordon will generate a new token at every startup until a user is authenticated and saved in the database.

First-Time Authentication

Use the provided token and the URL from the example above for the initial login.

For instance:

Token: 48c11ca0fae4e28e3bb8c10c19a2dff

URL: https://gordon.foobar.com/admin

For the first login attempt, append the token to the URL as a query parameter:

https://gordon.foobar.com/admin?token=48c11ca0fae4e28e3bb8c10c19a2dff

💡 This step is only necessary for the initial authentication.

Complete the GitHub OAuth process, and if successful, you will be redirected to the manager view.

⚠️ If the manager's content appears empty, it likely indicates that Gordon cannot access the container engine socket. Double-check your docker-compose.yml and config.yml files.

Finally, restart your container

 podman-compose down && podman-compose up -d

By following these steps, you should have Gordon and Traefik properly configured and operational. ✌️

Clone this wiki locally