mirror of
https://github.com/jbowdre/runtimeterror.git
synced 2024-12-25 04:02:19 +00:00
update draft
This commit is contained in:
parent
fb20c34ebe
commit
2f33595326
1 changed files with 17 additions and 1 deletions
|
@ -26,7 +26,7 @@ In that post, I shared a brief overview of how I set up SilverBullet:
|
|||
|
||||
This post will go into a bit more detail about that configuration.
|
||||
|
||||
### Setup
|
||||
### Preparation
|
||||
I chose to deploy SilverBullet on an Ubuntu 22.04 VM in my [homelab](/homelab/) which was already set up for serving Docker workloads so I'm not going to cover the Docker [installation process](https://docs.docker.com/engine/install/ubuntu/) here. I tend to run my Docker workloads out of `/opt/` so I start this journey by creating a place to hold the SilverBullet setup:
|
||||
|
||||
```shell
|
||||
|
@ -40,6 +40,7 @@ sudo chown john:docker /opt/silverbullet # [tl! .cmd:1]
|
|||
cd /opt/silverbullet
|
||||
```
|
||||
|
||||
### SilverBullet
|
||||
The documentation offers easy-to-follow guidance on [installing SilverBullet with Docker Compose](https://silverbullet.md/Install/Docker), and that makes for a pretty good starting point. The only change I make here is setting the `SB_USER` variable from an environment variable instead of directly in the YAML:
|
||||
|
||||
```yaml
|
||||
|
@ -69,6 +70,7 @@ I used a password manager to generate a random password *and username*, and I st
|
|||
SB_CREDS='alldiaryriver:XCTpmddGc3Ga4DkUr7DnPBYzt1b'
|
||||
```
|
||||
|
||||
### Tailscale
|
||||
That's all that's really needed for running SilverBullet locally, but I also want to be able to access the application from any device connected to my Tailscale tailnet. So I add in a [Tailscale sidecar](/tailscale-serve-docker-compose-sidecar/#compose-configuration), and update the `silverbullet` service to share Tailscale's network:
|
||||
|
||||
```yaml
|
||||
|
@ -138,6 +140,7 @@ And I need to create a `serve-config.json` file to configure [Tailscale Serve](/
|
|||
}
|
||||
```
|
||||
|
||||
### Cloudflare Tunnel
|
||||
But what if I want to consult my notes from outside of my tailnet? Sure, I *could* use [Tailscale Funnel](/tailscale-ssh-serve-funnel/#tailscale-funnel) to publish the SilverBullet service on the internet, but (1) funnel would require me to use a URL like `https://silverbullet.tailnet-name.ts.net` instead of simply `https://silverbullet.example.com` and (2) I'm still a little wary of putting a login page on the public web.
|
||||
|
||||
[Cloudflare Tunnel](/publish-services-cloudflare-tunnel/) is able to address those concerns without a lot of extra work. I can set up a tunnel at `silverbullet.example.com` and use [Cloudflare Access](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/) to put an additional challenge in front of the login page.
|
||||
|
@ -213,3 +216,16 @@ docker compose up -d # [tl! .cmd .nocopy:1,5]
|
|||
✔ Container silverbullet-cloudflared Started
|
||||
```
|
||||
|
||||
### Cloudflare Access
|
||||
The finishing touch will be configuring a bit of extra protection in front of the public-facing login page, and Cloudflare Access makes that very easy. I'll just used the wizard to [add a new web application](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/) through the Cloudflare Zero Trust dashboard.
|
||||
|
||||
The first part of that workflow asks "What type of application do you want to add?". I select **Self-hosted**.
|
||||
|
||||
The next part asks for a name (**SilverBullet**), Session Duration (**24 hours**), and domain (`silverbullet.example.com`). I leave the defaults for the rest of the Configuration Application step and move on to the next one.
|
||||
|
||||
I'm then asked to Add Policies, and I have to start by giving a name for my policy. I opt to name it **Email OTP** because I'm going to set up email-based one-time passcodes. In the Configure Rules section, I choose **Emails** as the selector and enter my own email address as the single valid value.
|
||||
|
||||
And then I just click through the rest of the defaults.
|
||||
|
||||
### Recap
|
||||
So now I have deployed SilverBullet in Docker Compose on a server in my homelab. I can access it from any device on my tailnet at `https://silverbullet.tailnet-name.ts.net` (thanks to the magic of Tailscale Serve). And I can visit it on external devices at `https://silverbullet.example.com` (thanks to Cloudflare Tunnel),
|
Loading…
Reference in a new issue