dev::corusm/home//contact/

alt text

Host Sharelatex in Docker (HTTPS)

2/5/2020 2:35:19 PM

Host Sharelatex Docker Container with Encrypted Connection via Traefik

This guide is about setting up Sharelatex in a Docker container with https connection.

Install Docker

Here two examples of installing the Docker deamon. The required Packages are docker and docker-compose.

Arch Linux

yay -S docker docker-compose

Debian / Ubuntu

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

Enable Service

To enable the service as background task simply run

sudo systemctl enable docker
sudo systemctl start docker

Setup Sharelatex

  1. Create Virtual Docker Network

  2. Configure Docker-Compose File

In the Docker-Compose File you must change several values to your custom needs.

The specific lines to change are commented:

version: "3.7"
networks:
  main:
    external: true
services:
  proxy:
    image: "traefik:v2.2"
    container_name: reverse-proxy
    restart: always
    command:
      - --api=true
      - --api.insecure=true
      - --ping
      - --providers.docker=true
      - --providers.docker.network=main
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443
      - --certificatesresolvers.myhttpchallenge.acme.httpchallenge=true
      - --certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.myhttpchallenge.acme.email=postmaster@test.com # Enter E-Mail Adress
      - --certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json
      - --entrypoints.mongo.address=:27017
    ports:
      - "80:80"
      - "443:443"
      # - "27017:27017" # Attention!: just open Port if needed!
    networks:
      - "main"
    volumes:
      - ./letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config.toml:/etc/traefik/traefik.config.toml:ro
      - ./certs:/etc/certs:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.proxy-https.rule=Host(`proxy.example.com`)" # change example.com with your domain
      - "traefik.http.routers.proxy-https.entrypoints=web-secure"
      - "traefik.http.routers.proxy-https.tls=true"
      - "traefik.http.routers.proxy-https.service=api@internal"
      - "traefik.http.routers.proxy-https.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$.LOx3R4y$$/OjdUK3pSGiT/flYY42uS1" # enter new generated Hash
      # echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g
      - "traefik.http.routers.proxy-http.rule=Host(`proxy.example.com`)" # change exmample.com with your domain
      - "traefik.http.routers.proxy-http.entrypoints=web"
      - "traefik.http.routers.proxy-http.middlewares=https_redirect"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"

  sharelatex:
    restart: always
    # Server Pro users:
    # image: quay.io/sharelatex/sharelatex-pro
    image: sharelatex/sharelatex
    container_name: sharelatex
    depends_on:
      mongo:
        condition: service_healthy
      redis:
        condition: service_started
    links:
      - mongo
      - redis
    ports:
      - 4555:80
    networks:
      - "main"
    expose:
      - 80
    volumes:
      - ~/sharelatex_data:/var/lib/sharelatex
      - ~/sharelatex_packages:/usr/local/texlive
      ########################################################################
      ####  Server Pro: Un-comment the following line to mount the docker ####
      ####             socket, required for Sibling Containers to work    ####
      ########################################################################
      # - /var/run/docker.sock:/var/run/docker.sock
    environment:
      SHARELATEX_APP_NAME: Overleaf Workspace # change to custom name

      SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex

      # Same property, unfortunately with different names in
      # different locations
      SHARELATEX_REDIS_HOST: redis
      REDIS_HOST: redis

      ENABLED_LINKED_FILE_TYPES: "url,project_file"

      # Enables Thumbnail generation using ImageMagick
      ENABLE_CONVERSIONS: "true"

      # Disables email confirmation requirement
      EMAIL_CONFIRMATION_DISABLED: "true"

      # temporary fix for LuaLaTex compiles
      # see https://github.com/overleaf/overleaf/issues/695
      TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var

      SHARELATEX_EMAIL_FROM_ADDRESS: "postmaster@test.com" # change email

    labels:
      - traefik.enable=true
      - traefik.http.routers.tex.rule=Host(`tex.example.com`)
      - traefik.http.routers.tex.entrypoints=web
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.routers.tex.middlewares=redirect-to-https@docker
      - traefik.http.routers.tex-secured.rule=Host(`tex.example.com`)
      - traefik.http.routers.tex-secured.tls=true
      - traefik.http.routers.tex-secured.tls.certresolver=myhttpchallenge
      - traefik.http.routers.tex-secured.entrypoints=web-secure

  mongo:
    restart: always
    image: mongo
    container_name: mongo
    expose:
      - 27017
    networks:
      - "main"
    volumes:
      - ~/mongo_data:/data/db
    healthcheck:
      test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
      interval: 10s
      timeout: 10s
      retries: 5
    labels:
      - "traefik.enable=true"
      - "traefik.tcp.routers.mongodb.rule=HostSNI(`*`)"
      - "traefik.tcp.services.mongodb.loadbalancer.server.port=27017"
      - "traefik.tcp.routers.mongodb.tls=true"
      - "traefik.tcp.routers.mongodb.entrypoints=mongo"

  redis:
    restart: always
    image: redis:5
    container_name: redis
    networks:
      - "main"
    expose:
      - 6379
    volumes:
      - ~/redis_data:/data

  1. Set Password for Proxy page

You need to pase the output in line 43 of the Docker-Compose file.

echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g

Example:

- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$.LOxTF4y$$/OjdUK3pSGiT/flYY42uS1"

Install Latex Packages

First of all, the package manager must be installed including all Latex Packages. The package manager of Latex is called tlmgr.

Start Docker-Container:

sudo docker-compose up -d

Create User:

Enter your own E-Mail address to this command

docker exec sharelatex /bin/bash -c "cd /var/www/sharelatex; grunt user:create-admin --email=max@test.com"

Install Packages:

If the Sharelatex Container is running enter following commands

sudo docker exec sharelatex wget http://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz
    sudo docker exec sharelatex tar xvfz install-tl-unx.tar.gz

Then open the Bash Console of the container with the command:

sudo docker exec -ti sharelatex /bin/bash

  1. Change directory: cd install-tl-XXX

  2. Change rights: chmod u+x install-tl

  3. Run ./install-tl

  4. Wait until everything is installed

  5. exit the Bash Shell of the container

Update Packages:

Now check the tlmgr (Latex Package Manager) for updates

sudo docker exec sharelatex tlmgr update

Important Docker Commands:

Start Container:

sudo docker-compose up -d

Run without -d if you want to see the console output.

Stop Container:

sudo docker-compose down

Reload Docker-Compose File:

When Container Stopped

sudo dokcer-compose up --force-recreate -d

You're done!