• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

[Guide] Docker paid version with nmtan/chevereto:installer and real ip fix (reverse proxy).

zaywalker

Chevereto Member
It's a bit tricky to use nmtan/chevereto:installer with the docker hub instruction. Because when docker container down and up, the html data is gone.

So, you need to mount "/var/www/html" not "/var/www/html/images".

first of all, my server runs with debian buster and chevereto docker compose directory tree is like this.

/docker
----/chevereto
--------/.chevereto-dockerized
------------.env
------------docker-compose.yaml
------------/data
----------------/conf
--------------------/apache2
------------------------remoteip.load
--------------------/mysql
------------------------my.cnf
--------/html
------------/images


html and images directory is chowned www-data:www-data and permission octal is 42755

docker compose like this

[CODE lang="yaml" title="docker-compose.yaml"]version: '2.1'
services:

mysql-chevereto:
container_name: chevereto-mysql
image: mariadb:10.2
restart: always
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- mysql-vol-1:/var/lib/mysql/
- ./data/conf/mysql/:/etc/mysql/conf.d/:ro
environment:
- TZ=${TZ}
- MYSQL_ROOT_PASSWORD=${DBROOT}
- MYSQL_DATABASE=${DBNAME}
- MYSQL_USER=${DBUSER}
- MYSQL_PASSWORD=${DBPASS}
networks:
chevereto-network:
ipv4_address: ${IPV4_NETWORK:-172.23.1}.20
aliases:
- mysql

web-chevereto:
container_name: chevereto-web
image: nmtan/chevereto:installer
restart: always
depends_on:
- mysql-chevereto
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- ./data/conf/apache2/remoteip.load:/etc/apache2/mods-enabled/remoteip.load
- /docker/chevereto/html:/var/www/html
- /docker/chevereto/html/images:/var/www/html/images
environment:
- TZ=${TZ}
- CHEVERETO_DB_HOST=mysql-chevereto
- CHEVERETO_DB_NAME=${DBNAME}
- CHEVERETO_DB_USERNAME=${DBUSER}
- CHEVERETO_DB_PASSWORD=${DBPASS}
- CHEVERETO_DB_PREFIX=chv_
networks:
chevereto-network:
ipv4_address: ${IPV4_NETWORK:-172.23.1}.10
aliases:
- web

volumes:
mysql-vol-1:

networks:
chevereto-network:
driver: bridge
ipam:
driver: default
config:
- subnet: ${IPV4_NETWORK:-172.23.1}.0/24[/CODE]

and .env at same directory with docker-compose.yaml

[CODE title=".env or chevereto.conf and sym-link to .env"]# ------------------------------
# SQL database configuration
# ------------------------------
DBNAME=chevereto
DBUSER=chevereto

# Please use long, random alphanumeric strings (A-Za-z0-9)
DBPASS=your chevereto db password
DBROOT=your mysql root password

# Your timezone
TZ=Asia/Seoul

# Fixed project name
COMPOSE_PROJECT_NAME=chevereto

# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)
IPV4_NETWORK=172.23.1[/CODE]

and you need to create remoteip.load in order to get the real-ip at /docker/chevereto/.chevereto-dockerized/data/conf/apache2

[CODE title="remoteip.load"]LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so

RemoteIPHeader X-FORWARDED-FOR[/CODE]

and create my.cnf at /docker/chevereto/.chevereto-dockerized/data/conf/mysql. it's optional.

[CODE title="my.cnf"][mysqld]
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
innodb_file_per_table = TRUE
innodb_file_format = barracuda
innodb_large_prefix = TRUE
#sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
max_allowed_packet=192M
max-connections=1500
innodb-strict-mode=0
skip-host-cache
skip-name-resolve
log-warnings=0
event_scheduler=1

# Enable listening from outbound
bind-address = 0.0.0.0

[client]
default-character-set = utf8mb4

[mysql]
default-character-set = utf8mb4[/CODE]

time to launch docker-compose!

root@my-NAS:/docker/chevereto/.chevereto-dockerized#docker-compose up -d

connect chevereto with your reverse proxy. If you try to access chevereto, there will be 403 error. because there is no index.php.

So, you need to get installer.

root@my-NAS:/docker/chevereto/html#curl https://chevereto.com/download/file/installer >>index.php

And make sure chown with www-data:www-data.

root@my-NAS:/docker/chevereto/html#chown www-data:www-data index.php

Now, you can access your chevereto web. just follow install procedure. use your license key.

When ask database information, enter these

host : mysql-chevereto

port : 3306

name : chevereto

user : chevereto

user password : your chevereto db password which is in .env file.

And setup with your admin account and no-reply mail etc and proceed install.

Probably you will get yellow error message. I'm not sure why it comes up. but all you need to do is set the db again.

just refresh setup web page, and connect to the database page comes up. the value is same as above and prefix is chv_

Database table prefix : chv_

then admin and mail setup again. these are same as above.

Now you get working chevereto web paid version.

It's not finished yet. You need to fix real-ip. Even apache2 remoteip module is enabled, the real-ip is not working.

A little modification will bring realip function. Find settings.php at /docker/chevereto/html/app

root@my-NAS:/docker/chevereto/html/app#nano settings.php

add follow codes end of settings.php.

[CODE title="additional codes for settings.php"]// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );

$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}[/CODE]

Done.


PS.

If you need to upload large image, add follow codes end of /docker/chevereto/html/.htaccess

[CODE title="additional codes to extend max upload cap .htaccess"]php_value upload_max_filesize 10G
php_value post_max_size 10G
php_value memory_limit 1G
php_value max_execution_time 300
php_value max_input_time 300[/CODE]

Thanks for spending the time to read this :)
 
Awesome, thanks for sharing!

Keep in mind that is unsafe to base the IP detection on the value of $_SERVER['HTTP_X_FORWARDED_FOR as it can be easily injected on the client request. That makes unsafe the IP flood detection and the login bruteforce protection. You should look forward to achieve the functionality using the server layer.
 
hi zaywalker, thanks for putting together this Docker container. I'm having a tough time mounting my CIFS network images folder into the container. I can add the share by adding an additional volume line as below and those files are visible from the container itself but access to files is failing within the chevereto web browser for some reason.

Code:
            -v /var/lib/chevereto-data:/var/www/html \
            -v /mnt/images:/var/www/html/images \


I can see the files being added (and deleted) from the CIFS share itself, but when Chevereto tries to load them to display in the browsers I'm seeing 500 errors.

Code:
root@f789cd643739:/var/www/html# ls -l images/2020/11/29/*
-rw-rw-r-- 1 www-data www-data  9816 Nov 29 07:40 images/2020/11/29/image.png
-rw-rw-r-- 1 www-data www-data 14819 Nov 29 07:40 images/2020/11/29/image.th.png
-rw-rw-r-- 1 www-data www-data 11169 Nov 29 22:37 images/2020/11/29/image0483aa226e591fc9.png
-rw-rw-r-- 1 www-data www-data 24104 Nov 29 22:37 images/2020/11/29/image0483aa226e591fc9.th.png
-rw-rw-r-- 1 www-data www-data  8579 Nov 29 20:42 images/2020/11/29/image5cf10f570c520798.png
-rw-rw-r-- 1 www-data www-data 13794 Nov 29 20:42 images/2020/11/29/image5cf10f570c520798.th.png

I cant make anything out form the logs that is helping at this stage so any pointers where to look would be super appreciated.[/CODE]

EDITS:
If I use the default 'image' folder Chevereto works as expected.
 

Attachments

  • chevereto error.png
    chevereto error.png
    502.7 KB · Views: 5
Last edited:
Appreciate the heads up Rodolfo, I've looked at the linuxserver one and it doesnt support the installer script (or all east as far as I can tell) so free version only.
The nmtan dockerfile has the same issue as the fork in this thread and Ive raised an issue on the github page, hopefully the author can help troubleshoot. I *think* this is an Apache issue but I'm far from experienced with Apache so may try and build a nginx version which I'm more familiar with. I'll update here if I find any solutions.
EDIT: Of course this will be all be moot once v4 is ready ;)
 
Last edited:
hi zaywalker, thanks for putting together this Docker container. I'm having a tough time mounting my CIFS network images folder into the container. I can add the share by adding an additional volume line as below and those files are visible from the container itself but access to files is failing within the chevereto web browser for some reason.

Code:
            -v /var/lib/chevereto-data:/var/www/html \
            -v /mnt/images:/var/www/html/images \


I can see the files being added (and deleted) from the CIFS share itself, but when Chevereto tries to load them to display in the browsers I'm seeing 500 errors.

Code:
root@f789cd643739:/var/www/html# ls -l images/2020/11/29/*
-rw-rw-r-- 1 www-data www-data  9816 Nov 29 07:40 images/2020/11/29/image.png
-rw-rw-r-- 1 www-data www-data 14819 Nov 29 07:40 images/2020/11/29/image.th.png
-rw-rw-r-- 1 www-data www-data 11169 Nov 29 22:37 images/2020/11/29/image0483aa226e591fc9.png
-rw-rw-r-- 1 www-data www-data 24104 Nov 29 22:37 images/2020/11/29/image0483aa226e591fc9.th.png
-rw-rw-r-- 1 www-data www-data  8579 Nov 29 20:42 images/2020/11/29/image5cf10f570c520798.png
-rw-rw-r-- 1 www-data www-data 13794 Nov 29 20:42 images/2020/11/29/image5cf10f570c520798.th.png

I cant make anything out form the logs that is helping at this stage so any pointers where to look would be super appreciated.[/CODE]

EDITS:
If I use the default 'image' folder Chevereto works as expected.
Hello a9ef9a!

Sorry for the late reply. Unfortunatly, I'm not a docker expert, but someone said, there are some security measure to prevent for share mounts like cifs.
If you want to mount cifs, you need some flags.
This link can help you i guess. linux - Mount SMB/CIFS share within a Docker container - Stack Overflow
 
Thanks,for,your response, I don’t believe that’s the issue as the files are written and read from the CIFS stores (200 responses) however chevereto still stalls. I posted more comprehensive details on the GitHub linked above.
ill find time over the holidays to debug.
 
I reviewed those documents and it doesnt look like this applies to this use case. The CIFS/SMB shares are mounted into the docker host and exposed to the container with the docker run -v parameter as opposed to mounting the folder directly in the container itself which as you point out, has security implications.
 
Even linuxserver images (which are the best available right now) aren't optimized for the software because the software wasn't made for containers. Unless you know Docker really well I recommended you to go with root installing.

Fortunately, V4 is being made for containers so you will be able to run, tweak and scale the application with plenty more peace of mind. I also hope to make V3 more container friendly as it is a mature solution already, and it will be great to optimize for this type of environment.
 
Back
Top