Xibo for Docker on Ubuntu 16.04

This is a guide to install Xibo with Docker on Ubuntu 16.04, working through the Xibo for Docker on Linux instructions

For the purpose of this walkthrough I am starting with a standard 16.04 Server x64 machine, with at least 1GB of RAM, and 2GB of swap, logged in as the “root” user.

Install Docker

Install Docker CE stable following the instructions at: https://docs.docker.com/engine/installation/linux/ubuntu/

The following commands are what I ran, but they may change as Docker develops, so please refer to the guide above.

apt-get install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get install docker-ce

Install Docker Compose

Now that Docker is installed, we need to install Docker Compose. The latest stable is at: https://github.com/docker/compose/releases/latest

curl -L https://github.com/docker/compose/releases/download/1.11.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

That’s all the dependencies for Xibo installed.

Install the Xibo CMS

Lets now install the CMS:

mkdir /opt/xibo
cd /opt/xibo
wget https://github.com/xibosignage/xibo-cms/releases/download/1.8.9/xibo-docker.tar.gz
tar --strip 1 -zxvf xibo-docker.tar.gz

We now have the docker-compose files extracted in to /opt/xibo

Create config.env file

We need to create a config.env file per the install guide. Lets do that, ensuring we set a MYSQL_PASSWORD value. This must be alpha-numeric only. ie made up of A-Z a-z 0-9. No spaces, punctuation or other special characters. For example, something like BTvjCyqQEZ8kGPrb would work. Clearly, do not use that password!

A link to a random password generator is provided in the comments and is the best thing to use!

cp config.env.template config.env
nano config.env

Save your changes and quit.

Now bring the CMS up

docker-compose up -d

Please note: It is normal for you to experience a delay whilst the CMS finishes setting up, please be patient.

The CMS will be downloaded and run, and you should be able to log in at the IP address of your server. I have a DNS name pointed to my server (‘xibo.alexharrington.co.uk’) so I can simply enter that name:

First thing to do is to change our xibo_admin account password:

Once that’s changed, we’re ready to use the CMS over HTTP only. Work through the CMS Post Installation Guide for setup information.

You should consider setting up a firewall. As a bare minimum, the following will set you up the ufw firewall with the right ports open for HTTP, SSH and XMR:

ufw allow ssh
ufw allow 80/tcp
ufw allow 9505/tcp
ufw enable

Adding SSL Support

There are several ways you could add SSL support to this configuration.

The simplest is to install Apache on the host Ubuntu server, and have it proxy the SSL requests into our container.

First, we need to stop the running CMS since we’ll need port 80 for our Apache server.

cd /opt/xibo
docker-compose down

Now move Xibo on to a different port number.

We’ll be following the instructions to install Xibo for Docker on Linux from the “Using different ports” heading.

cp cms_custom-ports.yml.template cms_custom-ports.yml
nano cms_custom-ports.yml

Edit the “ports” section of the cms-xmr and cms-web services so they read as follows:

version: "2.1"
 
services:
    cms-db:
        image: mysql:5.6
        volumes:
            - "./shared/db:/var/lib/mysql"
        restart: always
        environment:
            - MYSQL_DATABASE=cms
            - MYSQL_USER=cms
            - MYSQL_RANDOM_ROOT_PASSWORD=yes
        mem_limit: 1g
        env_file: config.env
    cms-xmr:
        image: xibosignage/xibo-xmr:release-0.7
        ports:
            - "9505:9505"
        restart: always
        mem_limit: 256m
        env_file: config.env
    cms-web:
        image: xibosignage/xibo-cms:release-1.8.9
        volumes:
            - "./shared/cms/custom:/var/www/cms/custom"
            - "./shared/backup:/var/www/backup"
            - "./shared/cms/web/theme/custom:/var/www/cms/web/theme/custom"
            - "./shared/cms/library:/var/www/cms/library"
            - "./shared/cms/web/userscripts:/var/www/cms/web/userscripts"
        restart: always
        links:
            - cms-db:mysql
            - cms-xmr:50001
        environment:
            - XMR_HOST=cms-xmr
        env_file: config.env
        ports:
            - "127.0.0.1:8080:80"
        mem_limit: 1g

So specifically, we changed the line:

            ports:
                 - "65500:9505"

to

            ports:
                 - "9505:9505"

and

            ports:
                 - "65501:80"

to

            ports:
                 - "127.0.0.1:8080:80"

Save your changes. That will ensure that XMR runs on port 9505 as before, and the web service runs on port 8080 only on the loopback interface.

Bring the containers back up with those changes:

docker-compose -f cms_custom-ports.yml up -d

Now protect that Container with an Apache server and a LetsEncrypt SSL certificate:

apt-get install apache2
a2enmod proxy
a2enmod proxy_http

Edit the default apache config file to create a reverse proxy to our container:

nano /etc/apache2/sites-available/000-default.conf

It should contain

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPreserveHost On

        ProxyPass / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/

</VirtualHost>

Save your changes, and then restart Apache

service apache2 restart

Our CMS should now be available back on port 80.

If you’re using ufw, lets put a rule in for https traffic now

ufw allow 443/tcp

Then install letsencrypt

add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache

And then generate a certificate

certbot --apache -d xibo.alexharrington.co.uk

If you selected the option to force all traffic to HTTPS, then refreshing your CMS webpage will automatically redirect you to the HTTPS version.

Upgrading

Upgrading is simple. The steps below show the steps to take to Upgrade from 1.8.9 to 1.8.10 as an example:

# Stop the running container
cd /opt/xibo
docker-compose stop

# Backup the existing container data
cd /opt
cp -rp xibo xibo-1.8.9-backup

# Download the new docker-compose files
cd /opt/xibo
wget https://github.com/xibosignage/xibo-cms/releases/download/1.8.10/xibo-docker.tar.gz
tar --strip 1 -zxvf xibo-docker.tar.gz

If you didn’t enable SSL, then

docker-compose up -d

If you did enable SSL, then you’ll need to:

cp cms_custom-ports.yml cms_custom-ports.yml.1.8.9
cp cms_custom-ports.yml.template cms_custom-ports.yml
nano cms_custom-ports.yml

Make the same edits to this file as in the install guide above, to specify the correct ports to use, and then run

docker-compose -f cms_custom-ports.yml up -d

Changes to LetsEncrypt

If you followed this guide previously to enable SSL via LetsEncrypt, they have changed the way that certificates are issues in response to a security report received in January 2018.

Please do the following to allow your certificates to be renewed:

add-apt-repository ppa:certbot/certbot
apt-get update
apt-get dist-upgrade
apt-get install python-certbot-apache

Edit /etc/crontab and remove the line you added:

30 2 * * 1 root /usr/bin/letsencrypt renew >> /var/log/le-renew.log

Run certbot to check that your renewal will be processed:

certbot renew