This is a repository for a dockerized Xen Orchestra. Build using Alpine as a base.
Built for Raspberry Pi 64bit.
You can get this immediately using this docker-compose file. This brings up the service on port 80. For SSL, read on.
version: '3'
services:
xen-orchestra:
restart: unless-stopped
image: dustyarmstrong/alpine-xoa:latest
container_name: xoa
stop_grace_period: 1m
ports:
- "80:80"
#- "443:443"
environment:
- HTTP_PORT=80
#- HTTPS_PORT=443
#redirect takes effect only if HTTPS_PORT is defined
#- REDIRECT_TO_HTTPS=true
#if HTTPS_PORT is defined and CERT/KEY paths are empty, a self-signed certificate will be generated
#- CERT_PATH='/cert.pem'
#- KEY_PATH='/cert.key'
# capabilities are needed for NFS mount
cap_add:
- SYS_ADMIN
# additional setting required for apparmor enabled systems. also needed for NFS mount
security_opt:
- apparmor:unconfined
volumes:
- xo-data:/var/lib/xo-server
- redis-data:/var/lib/redis
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# to preserve xo-server config on host dir after generated by container
#- /path/to/config:/etc/xo-server
# mount certificate files to container if HTTPS is set with cert/key paths
#- /path/to/cert.pem:/cert.pem
#- /path/to/cert.key:/cert.key
# mount your custom CA to container if host certificates are issued by it and you want XO to trust it
#- /path/to/ca.pem:/host-ca.pem
# logging
logging: &default_logging
driver: "json-file"
options:
max-size: "1M"
max-file: "2"
# these are needed for file restore. allows one backup to be mounted at once which will be umounted after some minutes if not used (prevents other backups to be mounted during that)
# add loop devices (loop1, loop2 etc) if multiple simultaneous mounts needed.
#devices:
# - "/dev/fuse:/dev/fuse"
# - "/dev/loop-control:/dev/loop-control"
# - "/dev/loop0:/dev/loop0"
volumes:
xo-data:
redis-data:
:latest - Arm 64bit
:armhf - Arm 32bit - a very old version of XO
I'm personally running this with an Nginx container, but the image should support native SSL if preferred. A shared container network is required. The docker-compose file for Nginx is as follows:
version: '3'
services:
nginx:
image: nginx:latest
container_name: nginx
volumes:
- ./ngconf:/etc/nginx/conf.d
- ./ngcerts:/etc/nginx/certs
ports:
- 80:80
- 443:443
networks:
default:
external:
name: containershare
Place your signed certificates in /etc/nginx/certs. Refer to them under /etc/nginx/conf.d/default.conf, as below. You will need to add IP DNS aliases your DNS server to accomodate. Create the nginx volume folders before starting the container, ideally create the default.conf to some extent (or copy the below). This configuration assumes the certificates have been created and you have a 404 file present under /ngconf or /etc/nginx/conf.d/default.conf/ or it will not work.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
server_name _;
ssl_certificate /etc/nginx/certs/raspiserver/raspiserver.crt;
ssl_certificate_key /etc/nginx/certs/raspiserver/raspiserverkey.key;
error_page 404 /better404.html;
location = /better404.html {
root /etc/nginx/conf.d;
internal;
}
}
server {
listen 443 ssl;
server_name xo.your.domain;
ssl_certificate /etc/nginx/certs/xo/xo.crt;
ssl_certificate_key /etc/nginx/certs/xo/xo.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass "http://xoa:80/";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
You can modify your docker-compose file for XO to exclude ports, as mapped host ports aren't required under this configuration.
Project now contains aspects of Ronivay's image and fork from Andrei Telteu's Debian-based image which has modifications to support ARM.