unboundedpress/README.md

# Unboundedpress

Self-hosted web infrastructure using Docker Compose.

## Overview

- **portfolio**: ⚠️ **MOST IMPORTANT** - Main Nuxt 3 website containing a majority of my life's work (replaced old Express.js portfolio)
- **Nextcloud**: File storage and document editing
- **Forgejo**: Code repository (migrated from Gitea)
- **Collabora**: Online document editor (integrated with Nextcloud)
- **nginx-proxy**: Reverse proxy with automatic HTTPS (Let's Encrypt)
- **Redis**: Caching for Nextcloud

## Prerequisites

- Docker & Docker Compose installed
- Ports 80 and 443 available
- Domain DNS pointing to server

## Quick Start

```bash
# 1. Clone repository
git clone <repo-url>
cd unboundedpress_dev

# 2. Create .env file
cp .env_template .env
# Edit .env with your values

# 3. Start services
docker compose up -d

# 4. Verify
docker compose ps
```

## Environment Variables (.env)

| Variable | Description | Example |
|----------|-------------|---------|
| DOMAIN | Your domain | unboundedpress.org |
| USER | Admin username | mwinter |
| PASSWORD | Admin password | ************ |
| EMAIL | Email for SSL certificates | admin@example.com |

## Services

| Service | URL | Description |
|---------|-----|-------------|
| portfolio | https://{domain}/ | Main website |
| Nextcloud | https://{domain}/cloud/ | File storage & documents |
| Forgejo | https://{domain}/code/ | Git repositories |
| Collabora | https://{domain}/collab/ | Document editing (integrated with Nextcloud) |

## Production Deployment

### Step 1: Update Environment

Edit `.env`:
```bash
DOMAIN=unboundedpress.org
# Comment out or remove: HTTPS_METHOD=noredirect
```

### Step 2: Update Nextcloud Collabora URL

```bash
docker exec nextcloud occ config:app:set richdocuments public_wopi_url --value="https://unboundedpress.org/collab"
```

### Step 3: Restart Services

```bash
docker compose restart
```

### Step 4: Verify SSL

SSL certificates are automatically issued by acme-companion. Check status:
```bash
docker logs nginx-proxy-acme
```

## Local Development

### HTTPS Setup (mkcert)

For local development with HTTPS, use mkcert to create locally-trusted certificates:

```bash
# Install mkcert (Arch Linux)
sudo pacman -S mkcert

# Install local CA
mkcert -install

# Create certificates
cd nginx/certs
mkcert -key-file key.pem -cert-file cert.pem "localdev.unboundedpress.org" "*.localdev.unboundedpress.org"

# Rename to default certificate
mv cert.pem default.crt
mv key.pem default.key

# Restart proxy
docker compose restart nginx-proxy
```

### Access Local Services

After setup, access at:
- Main site: https://localdev.unboundedpress.org/
- Nextcloud: https://localdev.unboundedpress.org/cloud/
- Forgejo: https://localdev.unboundedpress.org/code/

## Maintenance

### Bot Blocker Updates

The nginx-ultimate-bad-bot-blocker updates automatically via cron (monthly on the 1st at 3 AM).

Manual update:
```bash
docker exec nginx-proxy update-ngxblocker
```

### Backup Nextcloud

```bash
# Database backup
docker exec mysql-nextcloud mysqldump -u root -p${PASSWORD} nextcloud > backup_nextcloud_db_$(date +%Y%m%d).sql

# Files backup (run on host)
tar -czf nextcloud_backup_$(date +%Y%m%d).tar.gz nextcloud/html/data/
```

### Backup Forgejo

```bash
# Database backup
docker exec mysql-forgejo mysqldump -u root -p${PASSWORD} forgejo > backup_forgejo_db_$(date +%Y%m%d).sql

# Files backup (run on host)
tar -czf forgejo_backup_$(date +%Y%m%d).tar.gz forgejo/
```

### Update Images

```bash
# Pull latest images
docker compose pull

# Restart services with new images
docker compose up -d
```

### View Logs

```bash
# All services
docker compose logs -f

# Specific service
docker compose logs -f nginx-proxy
docker compose logs -f nextcloud
docker compose logs -f forgejo
```

## Directory Structure

⚠️ **Important**: The `portfolio/` directory contains the majority of my life's work. Ensure backups are current before making any changes.

```
.
.
├── docker-compose.yml          # Main compose file
├── .env                        # Environment variables (not in repo)
├── .env_template               # Template for .env
├── nginx/
│   ├── Dockerfile              # nginx-proxy build with bot blocker
│   ├── certs/                 # SSL certificates
│   ├── conf.d/                # nginx configuration
│   ├── vhost.d/               # Virtual host configs
│   ├── bots.d/                # Bot blocker rules
│   └── crontab               # Cron for bot blocker updates
├── portfolio/
│   ├── Dockerfile             # Multi-stage production build
│   └── ...
├── nextcloud/
│   ├── html/                  # Nextcloud data
│   └── mysql/                 # Nextcloud database
├── forgejo/
│   └── ...                    # Forgejo data
└── redis/
    └── ...                    # Redis data
```

## Troubleshooting

### Nextcloud Login Issues

If login redirects back to login page:
1. Clear browser cookies
2. Check trusted_domains in config
3. Ensure HTTPS is properly configured

```bash
# Check trusted domains
docker exec nextcloud occ config:system:get trusted_domains

# Add domain if needed
docker exec nextcloud occ config:system:set trusted_domains 4 --value="unboundedpress.org"
```

### Collabora Not Opening Documents

1. Verify public_wopi_url is set correctly:
```bash
docker exec nextcloud occ config:app:get richdocuments public_wopi_url
```

2. Check nginx config for /collab/ routing:
```bash
docker exec nginx-proxy cat /etc/nginx/vhost.d/unboundedpress.org | grep -A 5 "location /collab"
```

3. Check Collabora logs:
```bash
docker logs collabora
```

### SSL Certificate Issues

1. Check acme-companion logs:
```bash
docker logs nginx-proxy-acme
```

2. Verify ports 80/443 are open:
```bash
sudo ufw status
# or
sudo iptables -L -n
```

3. Check certificate files exist:
```bash
ls -la nginx/certs/
```

### Container Won't Start

1. Check logs for errors:
```bash
docker compose logs [service-name]
```

2. Verify .env file exists and has correct values

3. Check port conflicts:
```bash
sudo netstat -tlnp | grep ':80\|:443'
```

## Architecture

```
Internet
   │
   ▼
nginx-proxy (port 80/443)
   │
   ├── portfolio ─────► :5000
   │
   ├── nextcloud ──────────► :80 → /cloud/
   │   ├── mysql-nextcloud
   │   └── redis
   │
   ├── forgejo ────────────► :4000 → /code/
   │   └── mysql-forgejo
   │
   └── collabora ──────────► :9980 → /collab/
```

## Credits

- [nginx-proxy](https://github.com/nginx-proxy/nginx-proxy)
- [acme-companion](https://github.com/nginx-proxy/acme-companion)
- [nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker)
- [Collabora](https://www.collaboraoffice.com/)
- [Forgejo](https://forgejo.org/)
- [Nextcloud](https://nextcloud.com/)
- [Redis](https://redis.io/)
Deployment-ready: All services configured 2026-02-23 20:24:09 +01:00			`# Unboundedpress`

			`Self-hosted web infrastructure using Docker Compose.`

			`## Overview`

			`- portfolio: ⚠️ MOST IMPORTANT - Main Nuxt 3 website containing a majority of my life's work (replaced old Express.js portfolio)`
			`- Nextcloud: File storage and document editing`
			`- Forgejo: Code repository (migrated from Gitea)`
			`- Collabora: Online document editor (integrated with Nextcloud)`
			`- nginx-proxy: Reverse proxy with automatic HTTPS (Let's Encrypt)`
			`- Redis: Caching for Nextcloud`

			`## Prerequisites`

			`- Docker & Docker Compose installed`
			`- Ports 80 and 443 available`
			`- Domain DNS pointing to server`

			`## Quick Start`

			```bash
			`# 1. Clone repository`
			`git clone <repo-url>`
			`cd unboundedpress_dev`

			`# 2. Create .env file`
			`cp .env_template .env`
			`# Edit .env with your values`

			`# 3. Start services`
			`docker compose up -d`

			`# 4. Verify`
			`docker compose ps`
			```

			`## Environment Variables (.env)`

			`\| Variable \| Description \| Example \|`
			`\|----------\|-------------\|---------\|`
			`\| DOMAIN \| Your domain \| unboundedpress.org \|`
			`\| USER \| Admin username \| mwinter \|`
			`\| PASSWORD \| Admin password \| ************ \|`
			`\| EMAIL \| Email for SSL certificates \| admin@example.com \|`

			`## Services`

			`\| Service \| URL \| Description \|`
			`\|---------\|-----\|-------------\|`
			`\| portfolio \| https://{domain}/ \| Main website \|`
			`\| Nextcloud \| https://{domain}/cloud/ \| File storage & documents \|`
			`\| Forgejo \| https://{domain}/code/ \| Git repositories \|`
			`\| Collabora \| https://{domain}/collab/ \| Document editing (integrated with Nextcloud) \|`

			`## Production Deployment`

			`### Step 1: Update Environment`

			Edit `.env`:
			```bash
			`DOMAIN=unboundedpress.org`
			`# Comment out or remove: HTTPS_METHOD=noredirect`
			```

			`### Step 2: Update Nextcloud Collabora URL`

			```bash
			`docker exec nextcloud occ config:app:set richdocuments public_wopi_url --value="https://unboundedpress.org/collab"`
			```

			`### Step 3: Restart Services`

			```bash
			`docker compose restart`
			```

			`### Step 4: Verify SSL`

			`SSL certificates are automatically issued by acme-companion. Check status:`
			```bash
			`docker logs nginx-proxy-acme`
			```

			`## Local Development`

			`### HTTPS Setup (mkcert)`

			`For local development with HTTPS, use mkcert to create locally-trusted certificates:`

			```bash
			`# Install mkcert (Arch Linux)`
			`sudo pacman -S mkcert`

			`# Install local CA`
			`mkcert -install`

			`# Create certificates`
			`cd nginx/certs`
			`mkcert -key-file key.pem -cert-file cert.pem "localdev.unboundedpress.org" "*.localdev.unboundedpress.org"`

			`# Rename to default certificate`
			`mv cert.pem default.crt`
			`mv key.pem default.key`

			`# Restart proxy`
			`docker compose restart nginx-proxy`
			```

			`### Access Local Services`

			`After setup, access at:`
			`- Main site: https://localdev.unboundedpress.org/`
			`- Nextcloud: https://localdev.unboundedpress.org/cloud/`
			`- Forgejo: https://localdev.unboundedpress.org/code/`

			`## Maintenance`

			`### Bot Blocker Updates`

			`The nginx-ultimate-bad-bot-blocker updates automatically via cron (monthly on the 1st at 3 AM).`

			`Manual update:`
			```bash
			`docker exec nginx-proxy update-ngxblocker`
			```

			`### Backup Nextcloud`

			```bash
			`# Database backup`
			`docker exec mysql-nextcloud mysqldump -u root -p${PASSWORD} nextcloud > backup_nextcloud_db_$(date +%Y%m%d).sql`

			`# Files backup (run on host)`
			`tar -czf nextcloud_backup_$(date +%Y%m%d).tar.gz nextcloud/html/data/`
			```

			`### Backup Forgejo`

			```bash
			`# Database backup`
			`docker exec mysql-forgejo mysqldump -u root -p${PASSWORD} forgejo > backup_forgejo_db_$(date +%Y%m%d).sql`

			`# Files backup (run on host)`
			`tar -czf forgejo_backup_$(date +%Y%m%d).tar.gz forgejo/`
			```

			`### Update Images`

			```bash
			`# Pull latest images`
			`docker compose pull`

			`# Restart services with new images`
			`docker compose up -d`
			```

			`### View Logs`

			```bash
			`# All services`
			`docker compose logs -f`

			`# Specific service`
			`docker compose logs -f nginx-proxy`
			`docker compose logs -f nextcloud`
			`docker compose logs -f forgejo`
			```

			`## Directory Structure`

			⚠️ Important: The `portfolio/` directory contains the majority of my life's work. Ensure backups are current before making any changes.

			```
			`.`
			`.`
			`├── docker-compose.yml # Main compose file`
			`├── .env # Environment variables (not in repo)`
			`├── .env_template # Template for .env`
			`├── nginx/`
			`│ ├── Dockerfile # nginx-proxy build with bot blocker`
			`│ ├── certs/ # SSL certificates`
			`│ ├── conf.d/ # nginx configuration`
			`│ ├── vhost.d/ # Virtual host configs`
			`│ ├── bots.d/ # Bot blocker rules`
			`│ └── crontab # Cron for bot blocker updates`
			`├── portfolio/`
			`│ ├── Dockerfile # Multi-stage production build`
			`│ └── ...`
			`├── nextcloud/`
			`│ ├── html/ # Nextcloud data`
			`│ └── mysql/ # Nextcloud database`
			`├── forgejo/`
			`│ └── ... # Forgejo data`
			`└── redis/`
			`└── ... # Redis data`
			```

			`## Troubleshooting`

			`### Nextcloud Login Issues`

			`If login redirects back to login page:`
			`1. Clear browser cookies`
			`2. Check trusted_domains in config`
			`3. Ensure HTTPS is properly configured`

			```bash
			`# Check trusted domains`
			`docker exec nextcloud occ config:system:get trusted_domains`

			`# Add domain if needed`
			`docker exec nextcloud occ config:system:set trusted_domains 4 --value="unboundedpress.org"`
			```

			`### Collabora Not Opening Documents`

			`1. Verify public_wopi_url is set correctly:`
			```bash
			`docker exec nextcloud occ config:app:get richdocuments public_wopi_url`
			```

			`2. Check nginx config for /collab/ routing:`
			```bash
			`docker exec nginx-proxy cat /etc/nginx/vhost.d/unboundedpress.org \| grep -A 5 "location /collab"`
			```

			`3. Check Collabora logs:`
			```bash
			`docker logs collabora`
			```

			`### SSL Certificate Issues`

			`1. Check acme-companion logs:`
			```bash
			`docker logs nginx-proxy-acme`
			```

			`2. Verify ports 80/443 are open:`
			```bash
			`sudo ufw status`
			`# or`
			`sudo iptables -L -n`
			```

			`3. Check certificate files exist:`
			```bash
			`ls -la nginx/certs/`
			```

			`### Container Won't Start`

			`1. Check logs for errors:`
			```bash
			`docker compose logs [service-name]`
			```

			`2. Verify .env file exists and has correct values`

			`3. Check port conflicts:`
			```bash
			`sudo netstat -tlnp \| grep ':80\\|:443'`
			```

			`## Architecture`

			```
			`Internet`
			`│`
			`▼`
			`nginx-proxy (port 80/443)`
			`│`
			`├── portfolio ─────► :5000`
			`│`
			`├── nextcloud ──────────► :80 → /cloud/`
			`│ ├── mysql-nextcloud`
			`│ └── redis`
			`│`
			`├── forgejo ────────────► :4000 → /code/`
			`│ └── mysql-forgejo`
			`│`
			`└── collabora ──────────► :9980 → /collab/`
			```

			`## Credits`

			`- [nginx-proxy](https://github.com/nginx-proxy/nginx-proxy)`
			`- [acme-companion](https://github.com/nginx-proxy/acme-companion)`
			`- [nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker)`
			`- [Collabora](https://www.collaboraoffice.com/)`
			`- [Forgejo](https://forgejo.org/)`
			`- [Nextcloud](https://nextcloud.com/)`
			`- [Redis](https://redis.io/)`