There could be a need for step-by-step full walk-throughs for a specific operating system, database, and web server.

farmOS.org already does a great job of documenting use cases with docker and setting up a development environment. I see more of need to cover the multitude of different ways to configure a production environment.

Great example:

• https://farmer-eds-shed.com/farmos-version-2-raspberry-pi-install/

Existing farmos.org docs:

• Configuring a Local Https Reverse Proxy - farmOS.org (only on v1 site documentation)
• Getting started | farmOS
• Installing farmOS | farmOS

Ideas for the future:

• apache as web server
• different databases
• with and without docker

Other documentation formatting inspiration:
drop-down menu to select operating system How To Install the Apache Web Server on Ubuntu 20.04 | DigitalOcean
user contributed notes at the bottom of php docs PHP: Installation and Configuration - Manual

I am in the process of setting up farmOS 2.x with apache and currently stuck at configuring SSL. Can the person who mentioned it in the call please share their configuration for nginx? I appreciate it, thank you!

My current setup is farmos in a docker container and apache and postgres not in a docker container. Once I get that figured out, I will be sure to write my own blog and share it here.

This is great @natebass !

This might help with SSL: Local HTTPS | farmOS

It’s specifically for a local deployment with self-signed certificates, but it’s the same basic process with real certificates.

The farmOS container is actually Apache. Typically what I do is run an Nginx container for SSL, which reverse-proxies to the farmOS container (Apache), which connects to the PostgreSQL container.

I believe this was Jan, @SirSundays.

Also, I love all these ideas! I’m finally getting around to following up from Wed’s call, and will post some steps to move forward with these.

Hi @natebass

Yeah it was me

So here is my farmOS docker-compose.yml:

version: '3'
services:
  www:
    image: farmos/farmos:2.0.0-beta1
    volumes:
      - './sites:/opt/drupal/web/sites'
    ports:
      - '8090:80'
    restart: always
  db:
    image: postgres:12
    volumes:
      - './db:/var/lib/postgresql/data'
    environment:
      POSTGRES_USER: someuser
      POSTGRES_PASSWORD: somepassword
      POSTGRES_DB: somedatabase

So very basic stuff. The database is only connected to farmOS and can not be accessed from the internet directly. I redirected farmOS to 8090 because I run multiple services on this server, for example, a GeoServer (@jgaehring This could be content for the tutorial segment).

In the Nginx configuration located in /etc/nginx/sites-available/your.url I created this server besides the standard (route everything from HTTP to https):

server {
    server_name farmos.your.url;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/your.url/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your.url/privkey.pem;
    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffer_size 128k;
      proxy_buffers 4 256k;
      proxy_busy_buffers_size 256k;
      proxy_pass http://localhost:8090;
    }
}

This was what I took from the farmOS.org-page.

For SSL I´m using certbot, which is pretty easy to install:

I use certbot to get one wildcard for all my subdomains. So there is one cert for everything.
This is like the stuff I wrote done in my notes (I expect certbot and nginx are installed fresh):

Difiie-Hellman Key (something for SSL):
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Create some NGINX configuration files:
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default

Add these DNS Settings to your Domain:
A-Record * IP
A-Record @ IP
C-NAME www @

Get your SSL Cert:
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly

The above command will at some point prompt you to deploy a DNS TXT Record. Copy the value and make a TXT-Record for _acme-challenge.example.com with the value you just copied!

Create your base configuration:
sudo nano /etc/nginx/sites-available/example.com

This should be still up to date. The problem is you have to manually update your certs if you are doing it this way. But there are plugins for many url-providers so that the whole renew a certificate process can be renewed. For my personal server for example I use this one: GitHub - helgeerbe/certbot-dns-ionos: A certbot plugin for enabling DNS authentication with IONOS

If you are lucky. Someone may already have created one for your provider. What these are basically doing is, calling the API of your provider and changing the _acme-challenge.example.com DNS-Record automatically so you do not have to do it.
If you need more information about nginx and standard configuration just reply. Not sure how deep I should go

I don´t know what you got so for and where I can help but I´m happy if I can help

I’m using LetsEncrypt for SSL certs as they are a free service.
I’m Using Home Assistant as the server for everything IOT related on the farm, it has a LetsEncrypt Addon available to keep SSL certificates renewed (DuckDNS Addon also renews LetsEncrypt Certificates). So for anyone using Home Assistant and farmOS with the same domain name, simply point Nginx to Home Assistants SSL Directory for SSL Cert files.

I’m sure similar can be done if you have any other webservers already configured for SSL too.

For anyone else struggling with SSL I found this resource very straightforward and easy to deploy .

Here is another walkthrough on setting up farmOS on a Linode server with ssl. This is a first time for me running a server like this of any kind so their may be mistakes, but I tried my best to document the process for others.

Hello, I got docker working on my computer and got two containers running (farmos-ww1 and farmos-db1). Then I went to my localhost in my browser and began the install. Unfortunately, the install stopped at 9% for like 20 minutes when it was doing the modules. So I decided the stop the install and try again. I deleted the containers from docker and then deleted all the files and tried to start over.

Got the two containers running against, but now when I go to localhost to start the install it says:

Forbidden

You don’t have permission to access this resource.Server unable to read htaccess file, denying access to be safe

So now I am kind of stuck because I’m not sure what changed from the very first install that I interrupted.

Thank you so much for everything you do!

-Alex

Hi @keylum88 welcome to the farmOS forum!

Did you delete the db and www directories after you destroyed the containers?

What is your host operating system? Linux? Mac? Windows?

Hello, I did delete the directories. I am using Windows 10.

I am going to try to uninstall docker and reinstall it and then see if I can truly start from scratch again.

So, I reinstalled docker and ran these three commands in git bash after cd to my local directory:

mkdir farmOS && cd farmOS
curl https://raw.githubusercontent.com/farmOS/farmOS/2.x/docker/docker-compose.development.yml -o docker-compose.yml
docker-compose up -d

Now when I go to localhost I get a slightly different error message:

Forbidden

You don’t have permission to access this resource.

I’ve never tried this on Windows myself, so I can’t speak from experience - you might want to search the forum for others who have worked with Docker WSL2 on Windows. I think some have gotten it to work, but it sounds like there are some “gotchas”.

One thing worth trying: use the farmos/farmos:2.0.0-beta3 image instead of the farmos/farmos:2.x-dev image (which is default in the docker-compose.development.yml config).