also the reason why i am careful about this, if you mess around with the jailmaker dataset acls, you will mess things up.
that is why i’m being cautious because i don’t know how jailmaker interacts with the other dataset acls, or how to use the docker residing within the jail whether you cr8 via the docker jail shell, or do it through truenas user creation.
why?
that location only contains the docker compose.yaml files.
but i checked my /docker/stacks, this is where dockge creates you docker compose yamls.
i basically copied the compose, added it in the dockge ui, deployed from there.
so not sure why there is a url link to compose/openspeedtest
how is that happening i wonder
if you click on the service port 3000
it opens the url in a new tab and it works fine
http://192.168.0.24:3000/
the question though is why selecting the openspeedtest container in the list to the left, changes the url for dockge to that i wonder. weird
anyhow, stacks works as i thought it would. when you input compose into dockge, and deploy from the UI, it saves that docker compose as a docker-compose.yaml and it’s accompanying .env file in that stacks folder under a sub folder of the same name that you deployed.
this is great. Because it makes deploying it again easy since you have a saved docker compose yaml for that container.
i use the /docker/compose for that exact purpose, but /docker/stacks is specifically used/created by dockge, while the compose is more for doing it manually. i rather keep them separate for now.
If you are wondering how da heck am i recovering all my previous docker container docker compose to deploy them.
well the majority were saved as custom templates within portainer. and i also sometimes backed them up as a separate docker-compose.yaml file separately.
so it’s located in the portainer data folder under custom templates. problem is, it’s in numbers and not the name of the container. so it’s gonna be a pain checking them one by one before i find the one i want to deploy. But i at least have it so i shouldn’t complain too much.
This is why… the dockge way of saving stacks of your docker compose is WAY better… you can find your compose files much easier than this.
another thing i noticed
the docker user i created earlier with 1000:999
if i set this in docker compose, and try to deploy with that, it won’t work. some sort of permission issue.
so i had to hash it out and put 0:0 which is root basically
environment:
- NODE_ENV=production
# - UID=1000
# - GID=999
- UID=0
- GID=0
This worked. Gonna have to figure out if i can deploy containers as non root users for jailmaker docker or not.
Was trying to setup dashy but it couldn’t successfully.
after some digging noticed they did major changes that broke it
Important
This release includes breaking changes.
The port within the container has changed from
80to8080, and the location of your config and other assets has changed from/app/publictoapp/user-data. You will need to update your Docker compose/run command after upgrading to this version.
easily rectified. made those changes including the permanent config storage location which is different from my previous NAS setup.
after doing that redeploying a few times, now it works.
My point here is, yes recovery is possible, and if it doesn’t work, usually it’s due to the docker container changes that breaks things. This happens from time to time, so when the time comes, you go to the devs github check the changelog for any such breaking changes.
This is why sometimes people rather not automate container updates just in case such things happen. Might be ok for non critical apps, but important ones like traefik and authentik, you may want to add an exclusion for auto updating those containers and instead do them manually. This is what i do using watchtower, i am able to exclude specific containers from auto update while not for the rest.
anyway i think that’s enough docker containers to be deployed for now.
the only one i will be working on next is traefik. only if this works will i be comfortable with doing for the rest. if this doesn’t work then there’s not much point and i had better go back to portainer once a stable release comes out.
need to figure out how to setup the networks without portainer x-x;
Happy with the jailmaker then 
yeah jailmaker works but
i don’t think i have acls down right just yet.
example.
i wanted to copy my old nas containerstation/docker configs to another location so i can delete them in the /data/ so it has a clean slate for the new deployments, while still having access to the old stuff for reference.
but when i tried to copy from say
/mnt/xxx/docker/data/
to /mnt/xxxxx/docker/oldfiles
it wouldn’t work
so i left the folders/files as it is, and handling them 1 by 1 as needed 
bit tedious but i haven’t figured that out other than know it’s some sort of acl/permission issue.
root is owner of everything most part.
logged in truenas via root.
smb via desktop to share through a user i created
created a docker user 1000:999 which didn’t work when using that for the user creation for docker compose environment yaml so went with the root user 0:0 just to get that to work.
so i had to make some concessions to proceed until i figure some of those other stuff out later
testing traefik
i think traefik works but, i dont know how to add the makecert into truenas. it asks for a passphrase. i only have a public and private key only
as such, i cannot test whether traefik dashboard works or not.
hm got the nginxproxymanager to load
will try that angle since i couldn’t get traefik ui to load.
another reason to go for nginxproxymanager, it supports using letsencrypt to get a valid cert renewable and still works for a lan setting. whereas traefik with makecert can’t do that.
Ok, got nginxproxymanager to work after hammering at the problem.
first issue was wrong docker compose setup. i was rewritting it until i got a working configuration and deployed that.
Next was the cert issue. I had issue trying to get the cert.
I later noticed duckdns ip was incorrect, so i updated that, refresh to check that it stuck, then repeated the lets encrypt cert generation and it finally worked.
then i added the host within nginxproxymanager, and tested it working
so what does this do.
Gives me a domain name (i use a free one, but you can purchase if you want to), get a green lock sign for a https cert that is validated, so you will stop getting bombarded with warning signs about invalid certs.
was unfortunate i could not get traefik to work. though tbh, even if i did, i’d have a worse situation compared to just using nginxproxymanager. because i could setup fine on npm but not traefik for the lets encrypt cert (i sus it will work but i haven’t succeeded with that before).
Also it’s just easier to setup.
If you are wondering, this setups is safe. it doesn’t open you up for attack. it’s local dns lan only using the domain name.
