• Purchasing a license grants permission to use the software and to get Tech Support. A license purchase doesn't grant customization support.

[Guide] Docker paid version with nmtan/chevereto:installer and real ip fix (reverse proxy).

zaywalker

Core license
License owner
It's a bit tricky to use nmtan/chevereto:installer with the docker hub instruction. Because when docker container down and up, the html data is gone.

So, you need to mount "/var/www/html" not "/var/www/html/images".

first of all, my server runs with debian buster and chevereto docker compose directory tree is like this.

/docker
----/chevereto
--------/.chevereto-dockerized
------------.env
------------docker-compose.yaml
------------/data
----------------/conf
--------------------/apache2
------------------------remoteip.load
--------------------/mysql
------------------------my.cnf
--------/html
------------/images


html and images directory is chowned www-data:www-data and permission octal is 42755

docker compose like this

docker-compose.yaml:
version: '2.1'
services:

    mysql-chevereto:
      container_name: chevereto-mysql
      image: mariadb:10.2
      restart: always
      labels:
        - com.centurylinklabs.watchtower.enable=true
      volumes:
        - mysql-vol-1:/var/lib/mysql/
        - ./data/conf/mysql/:/etc/mysql/conf.d/:ro
      environment:
        - TZ=${TZ}
        - MYSQL_ROOT_PASSWORD=${DBROOT}
        - MYSQL_DATABASE=${DBNAME}
        - MYSQL_USER=${DBUSER}
        - MYSQL_PASSWORD=${DBPASS}
      networks:
        chevereto-network:
          ipv4_address: ${IPV4_NETWORK:-172.23.1}.20
          aliases:
            - mysql

    web-chevereto:
      container_name: chevereto-web
      image: nmtan/chevereto:installer
      restart: always
      depends_on:
        - mysql-chevereto
      labels:
        - com.centurylinklabs.watchtower.enable=true
      volumes:
        - ./data/conf/apache2/remoteip.load:/etc/apache2/mods-enabled/remoteip.load
        - /docker/chevereto/html:/var/www/html
        - /docker/chevereto/html/images:/var/www/html/images
      environment:
        - TZ=${TZ}
        - CHEVERETO_DB_HOST=mysql-chevereto
        - CHEVERETO_DB_NAME=${DBNAME}
        - CHEVERETO_DB_USERNAME=${DBUSER}
        - CHEVERETO_DB_PASSWORD=${DBPASS}
        - CHEVERETO_DB_PREFIX=chv_
      networks:
        chevereto-network:
          ipv4_address: ${IPV4_NETWORK:-172.23.1}.10
          aliases:
            - web

volumes:
  mysql-vol-1:

networks:
  chevereto-network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: ${IPV4_NETWORK:-172.23.1}.0/24

and .env at same directory with docker-compose.yaml

.env or chevereto.conf and sym-link to .env:
# ------------------------------
# SQL database configuration
# ------------------------------
DBNAME=chevereto
DBUSER=chevereto

# Please use long, random alphanumeric strings (A-Za-z0-9)
DBPASS=your chevereto db password
DBROOT=your mysql root password

# Your timezone
TZ=Asia/Seoul

# Fixed project name
COMPOSE_PROJECT_NAME=chevereto

# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)
IPV4_NETWORK=172.23.1

and you need to create remoteip.load in order to get the real-ip at /docker/chevereto/.chevereto-dockerized/data/conf/apache2

remoteip.load:
LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so

RemoteIPHeader X-FORWARDED-FOR

and create my.cnf at /docker/chevereto/.chevereto-dockerized/data/conf/mysql. it's optional.

my.cnf:
[mysqld]
character-set-client-handshake = FALSE
character-set-server           = utf8mb4
collation-server               = utf8mb4_unicode_ci
innodb_file_per_table          = TRUE
innodb_file_format             = barracuda
innodb_large_prefix            = TRUE
#sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
max_allowed_packet=192M
max-connections=1500
innodb-strict-mode=0
skip-host-cache
skip-name-resolve
log-warnings=0
event_scheduler=1

# Enable listening from outbound
bind-address            = 0.0.0.0

[client]
default-character-set = utf8mb4

[mysql]
default-character-set = utf8mb4

time to launch docker-compose!

root@my-NAS:/docker/chevereto/.chevereto-dockerized#docker-compose up -d

connect chevereto with your reverse proxy. If you try to access chevereto, there will be 403 error. because there is no index.php.

So, you need to get installer.

root@my-NAS:/docker/chevereto/html#curl https://chevereto.com/download/file/installer >>index.php

And make sure chown with www-data:www-data.

root@my-NAS:/docker/chevereto/html#chown www-data:www-data index.php

Now, you can access your chevereto web. just follow install procedure. use your license key.

When ask database information, enter these

host : mysql-chevereto

port : 3306

name : chevereto

user : chevereto

user password : your chevereto db password which is in .env file.

And setup with your admin account and no-reply mail etc and proceed install.

Probably you will get yellow error message. I'm not sure why it comes up. but all you need to do is set the db again.

just refresh setup web page, and connect to the database page comes up. the value is same as above and prefix is chv_

Database table prefix : chv_

then admin and mail setup again. these are same as above.

Now you get working chevereto web paid version.

It's not finished yet. You need to fix real-ip. Even apache2 remoteip module is enabled, the real-ip is not working.

A little modification will bring realip function. Find settings.php at /docker/chevereto/html/app

root@my-NAS:/docker/chevereto/html/app#nano settings.php

add follow codes end of settings.php.

additional codes for settings.php:
// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
        $http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );

        $_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}

Done.


PS.

If you need to upload large image, add follow codes end of /docker/chevereto/html/.htaccess

additional codes to extend max upload cap .htaccess:
php_value upload_max_filesize 10G
php_value post_max_size 10G
php_value memory_limit 1G
php_value max_execution_time 300
php_value max_input_time 300

Thanks for spending the time to read this :)
 

Rodolfo

Chevereto creator
Chevereto Staff
Awesome, thanks for sharing!

Keep in mind that is unsafe to base the IP detection on the value of $_SERVER['HTTP_X_FORWARDED_FOR as it can be easily injected on the client request. That makes unsafe the IP flood detection and the login bruteforce protection. You should look forward to achieve the functionality using the server layer.
 
Top