# Unboundedpress

Self-hosted web infrastructure using Docker Compose.

## Overview

- **portfolio**: ⚠️ **MOST IMPORTANT** - Main Nuxt 3 website containing a majority of my life's work (replaced old Express.js portfolio)
- **Nextcloud**: File storage and document editing
- **Forgejo**: Code repository (migrated from Gitea)
- **Collabora**: Online document editor (integrated with Nextcloud)
- **nginx-proxy**: Reverse proxy with automatic HTTPS (Let's Encrypt)
- **Redis**: Caching for Nextcloud

## Prerequisites

- Docker & Docker Compose installed
- Ports 80 and 443 available
- Domain DNS pointing to server

## Quick Start

```bash
# 1. Clone repository
git clone <repo-url>
cd unboundedpress_dev

# 2. Create .env file
cp .env_template .env
# Edit .env with your values

# 3. Start services
docker compose up -d

# 4. Verify
docker compose ps
```

## Environment Variables (.env)

| Variable | Description | Example |
|----------|-------------|---------|
| DOMAIN | Your domain | unboundedpress.org |
| USER | Admin username | mwinter |
| PASSWORD | Admin password | ************ |
| EMAIL | Email for SSL certificates | admin@example.com |

## Services

| Service | URL | Description |
|---------|-----|-------------|
| portfolio | https://{domain}/ | Main website |
| Nextcloud | https://{domain}/cloud/ | File storage & documents |
| Forgejo | https://{domain}/code/ | Git repositories |
| Collabora | https://{domain}/collab/ | Document editing (integrated with Nextcloud) |

## Production Deployment

### Step 1: Update Environment

Edit `.env`:
```bash
DOMAIN=unboundedpress.org
# Comment out or remove: HTTPS_METHOD=noredirect
```

### Step 2: Update Nextcloud Collabora URLs

```bash
# Internal URL (Nextcloud uses to talk to Collabora)
docker exec nextcloud php occ config:app:set richdocuments wopi_url --value="http://collabora:9980"

# External URL (browser uses to open Collabora)
docker exec nextcloud php occ config:app:set richdocuments public_wopi_url --value="https://unboundedpress.org/collab"

# Callback URL (Collabora uses to connect back to Nextcloud)
docker exec nextcloud php occ config:app:set richdocuments wopi_callback_url --value="https://unboundedpress.org/cloud"
```

### Step 3: Restart Services

```bash
docker compose restart
```

### Step 4: Verify SSL

SSL certificates are automatically issued by acme-companion. Check status:
```bash
docker logs nginx-proxy-acme
```

## Local Development

### HTTPS Setup (mkcert)

For local development with HTTPS, use mkcert to create locally-trusted certificates:

```bash
# Install mkcert (Arch Linux)
sudo pacman -S mkcert

# Install local CA
mkcert -install

# Create certificates
cd nginx/certs
mkcert -key-file key.pem -cert-file cert.pem "localdev.unboundedpress.org" "*.localdev.unboundedpress.org"

# Rename to default certificate
mv cert.pem default.crt
mv key.pem default.key

# Restart proxy
docker compose restart nginx-proxy
```

### Access Local Services

After setup, access at:
- Main site: https://localdev.unboundedpress.org/
- Nextcloud: https://localdev.unboundedpress.org/cloud/
- Forgejo: https://localdev.unboundedpress.org/code/

## Maintenance

### Bot Blocker Updates

The nginx-ultimate-bad-bot-blocker updates automatically via cron (monthly on the 1st at 3 AM).

Manual update:
```bash
docker exec nginx-proxy update-ngxblocker
```

### Backup Nextcloud

```bash
# Database backup
docker exec mysql-nextcloud mysqldump -u root -p${PASSWORD} nextcloud > backup_nextcloud_db_$(date +%Y%m%d).sql

# Files backup (run on host)
tar -czf nextcloud_backup_$(date +%Y%m%d).tar.gz nextcloud/html/data/
```

### Backup Forgejo

```bash
# Database backup
docker exec mysql-forgejo mysqldump -u root -p${PASSWORD} forgejo > backup_forgejo_db_$(date +%Y%m%d).sql

# Files backup (run on host)
tar -czf forgejo_backup_$(date +%Y%m%d).tar.gz forgejo/
```

### Update Images

```bash
# Pull latest images
docker compose pull

# Restart services with new images
docker compose up -d
```

### View Logs

```bash
# All services
docker compose logs -f

# Specific service
docker compose logs -f nginx-proxy
docker compose logs -f nextcloud
docker compose logs -f forgejo
```

## Directory Structure

⚠️ **Important**: The `portfolio/` directory contains the majority of my life's work. Ensure backups are current before making any changes.

```
.
.
├── docker-compose.yml          # Main compose file
├── .env                        # Environment variables (not in repo)
├── .env_template               # Template for .env
├── nginx/
│   ├── Dockerfile              # nginx-proxy build with bot blocker
│   ├── certs/                 # SSL certificates
│   ├── conf.d/                # nginx configuration
│   ├── vhost.d/               # Virtual host configs
│   ├── bots.d/                # Bot blocker rules
│   └── crontab               # Cron for bot blocker updates
├── portfolio/
│   ├── Dockerfile             # Multi-stage production build
│   └── ...
├── nextcloud/
│   ├── html/                  # Nextcloud data
│   └── mysql/                 # Nextcloud database
├── forgejo/
│   └── ...                    # Forgejo data
└── redis/
    └── ...                    # Redis data
```

## Troubleshooting

### Nextcloud Login Issues

If login redirects back to login page:
1. Clear browser cookies
2. Check trusted_domains in config
3. Ensure HTTPS is properly configured

```bash
# Check trusted domains
docker exec nextcloud occ config:system:get trusted_domains

# Add domain if needed
docker exec nextcloud occ config:system:set trusted_domains 4 --value="unboundedpress.org"
```

### Collabora Not Opening Documents

1. Verify public_wopi_url is set correctly:
```bash
docker exec nextcloud occ config:app:get richdocuments public_wopi_url
```

2. Check nginx config for /collab/ routing:
```bash
docker exec nginx-proxy cat /etc/nginx/vhost.d/unboundedpress.org | grep -A 5 "location /collab"
```

3. Check Collabora logs:
```bash
docker logs collabora
```

### SSL Certificate Issues

1. Check acme-companion logs:
```bash
docker logs nginx-proxy-acme
```

2. Verify ports 80/443 are open:
```bash
sudo ufw status
# or
sudo iptables -L -n
```

3. Check certificate files exist:
```bash
ls -la nginx/certs/
```

### Container Won't Start

1. Check logs for errors:
```bash
docker compose logs [service-name]
```

2. Verify .env file exists and has correct values

3. Check port conflicts:
```bash
sudo netstat -tlnp | grep ':80\|:443'
```

## Architecture

```
Internet
   │
   ▼
nginx-proxy (port 80/443)
   │
   ├── portfolio ─────► :5000
   │
   ├── nextcloud ──────────► :80 → /cloud/
   │   ├── mysql-nextcloud
   │   └── redis
   │
   ├── forgejo ────────────► :4000 → /code/
   │   └── mysql-forgejo
   │
   └── collabora ──────────► :9980 → /collab/
```

## Credits

- [nginx-proxy](https://github.com/nginx-proxy/nginx-proxy)
- [acme-companion](https://github.com/nginx-proxy/acme-companion)
- [nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker)
- [Collabora](https://www.collaboraoffice.com/)
- [Forgejo](https://forgejo.org/)
- [Nextcloud](https://nextcloud.com/)
- [Redis](https://redis.io/)