dev::corusm/home//contact/

Host Sharelatex in Docker (HTTPS)

05. February 2020

This guide is about setting up Sharelatex in a Docker container with https connection.

Install Docker

Here two examples of installing the Docker deamon. The required Packages are docker and docker-compose.

Arch Linux

yay -S docker docker-compose

Debian / Ubuntu

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

Enable Service

To enable the service as background task simply run

sudo systemctl enable docker
sudo systemctl start docker

Setup Sharelatex

1. Create Virtual Docker Network

sudo docker network create main

2. Configure Docker-Compose File

In the Docker-Compose File you must change several values to your custom needs.

The specific lines to change are commented:

version: '3.7'
networks:
    main:
       external: true
services:
    proxy:
      image: "traefik:v2.2"
      container_name: reverse-proxy
      restart: always
      command:
        - --api=true
        - --api.insecure=true
        - --ping
        - --providers.docker=true
        - --providers.docker.network=main
        - --providers.docker.exposedbydefault=false
        - --entrypoints.web.address=:80
        - --entrypoints.web-secure.address=:443
        - --certificatesresolvers.myhttpchallenge.acme.httpchallenge=true
        - --certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web
        - --certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
        - --certificatesresolvers.myhttpchallenge.acme.email=postmaster@test.com # Enter E-Mail Adress
        - --certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json
        - --entrypoints.mongo.address=:27017
      ports:
        - "80:80"
        - "443:443"
        # - "27017:27017" # Attention!: just open Port if needed!
      networks:
        - "main"
      volumes:
        - ./letsencrypt:/letsencrypt
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./config.toml:/etc/traefik/traefik.config.toml:ro
        - ./certs:/etc/certs:ro
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.proxy-https.rule=Host(`proxy.example.com`)" # change example.com with your domain
        - "traefik.http.routers.proxy-https.entrypoints=web-secure"
        - "traefik.http.routers.proxy-https.tls=true"
        - "traefik.http.routers.proxy-https.service=api@internal"
        - "traefik.http.routers.proxy-https.middlewares=traefik-auth"
        - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$.LOx3R4y$$/OjdUK3pSGiT/flYY42uS1" # enter new generated Hash
        # echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g
        - "traefik.http.routers.proxy-http.rule=Host(`proxy.example.com`)" # change exmample.com with your domain
        - "traefik.http.routers.proxy-http.entrypoints=web"
        - "traefik.http.routers.proxy-http.middlewares=https_redirect"
        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
         
    sharelatex:
        restart: always
        # Server Pro users:
        # image: quay.io/sharelatex/sharelatex-pro
        image: sharelatex/sharelatex
        container_name: sharelatex
        depends_on:
            mongo:
                condition: service_healthy
            redis:
                condition: service_started
        links:
            - mongo
            - redis
        ports:
            - 4555:80
        networks:
            - "main"
        expose: 
            - 80
        volumes:
            - ~/sharelatex_data:/var/lib/sharelatex
            - ~/sharelatex_packages:/usr/local/texlive
            ########################################################################
            ####  Server Pro: Un-comment the following line to mount the docker ####
            ####             socket, required for Sibling Containers to work    ####
            ########################################################################
            # - /var/run/docker.sock:/var/run/docker.sock
        environment:
            SHARELATEX_APP_NAME: Overleaf Workspace # change to custom name

            SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex

            # Same property, unfortunately with different names in
            # different locations
            SHARELATEX_REDIS_HOST: redis
            REDIS_HOST: redis

            ENABLED_LINKED_FILE_TYPES: 'url,project_file'

            # Enables Thumbnail generation using ImageMagick
            ENABLE_CONVERSIONS: 'true'

            # Disables email confirmation requirement
            EMAIL_CONFIRMATION_DISABLED: 'true'

            # temporary fix for LuaLaTex compiles
            # see https://github.com/overleaf/overleaf/issues/695
            TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var

            SHARELATEX_EMAIL_FROM_ADDRESS: "postmaster@test.com" # change email

        labels:
          - traefik.enable=true
          - traefik.http.routers.tex.rule=Host(`tex.example.com`)
          - traefik.http.routers.tex.entrypoints=web
          - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
          - traefik.http.routers.tex.middlewares=redirect-to-https@docker
          - traefik.http.routers.tex-secured.rule=Host(`tex.example.com`)
          - traefik.http.routers.tex-secured.tls=true
          - traefik.http.routers.tex-secured.tls.certresolver=myhttpchallenge
          - traefik.http.routers.tex-secured.entrypoints=web-secure
    
    mongo:
        restart: always
        image: mongo
        container_name: mongo
        expose:
            - 27017
        networks:
            - "main"
        volumes:
            - ~/mongo_data:/data/db
        healthcheck:
            test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
            interval: 10s
            timeout: 10s
            retries: 5
        labels:
          - "traefik.enable=true"
          - "traefik.tcp.routers.mongodb.rule=HostSNI(`*`)"
          - "traefik.tcp.services.mongodb.loadbalancer.server.port=27017"
          - "traefik.tcp.routers.mongodb.tls=true"
          - "traefik.tcp.routers.mongodb.entrypoints=mongo" 

    redis:
        restart: always
        image: redis:5
        container_name: redis
        networks: 
            - "main"
        expose:
            - 6379
        volumes:
            - ~/redis_data:/data
        

3. Set Password for Proxy page

You need to pase the output in line 43 of the Docker-Compose file.

echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g

Example:

- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$.LOxTF4y$$/OjdUK3pSGiT/flYY42uS1"

Install Latex Packages

First of all, the package manager must be installed including all Latex Packages. The package manager of Latex is called tlmgr.

Start Docker-Container:

sudo docker-compose up -d

Create User:

Enter your own E-Mail address to this command

docker exec sharelatex /bin/bash -c "cd /var/www/sharelatex; grunt user:create-admin --email=max@test.com"

Install Packages:

If the Sharelatex Container is running enter following commands

sudo docker exec sharelatex wget http://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz
    sudo docker exec sharelatex tar xvfz install-tl-unx.tar.gz

Then open the Bash Console of the container with the command:

sudo docker exec -ti sharelatex /bin/bash
  1. Change directory: `cd install-tl-XXX`
  2. Change rights: `chmod u+x install-tl`
  3. Run `./install-tl`
  4. Wait until everything is installed
  5. `exit` the Bash Shell of the container

Update Packages:

Now check the tlmgr (Latex Package Manager) for updates

sudo docker exec sharelatex tlmgr update

Important Docker Commands:

Start Container:

sudo docker-compose up -d

Run without `-d` if you want to see the console output.

Stop Container:

sudo docker-compose down

Reload Docker-Compose File:

When Container Stopped

sudo dokcer-compose up --force-recreate -d

You're done!❤️