sinny's nginx unprivileged setup
- any sh-compatible shell (sh, bash, zsh, fish, etc.)
- git 📦
- podman 📦 or docker (rootless supported for both)
- make 📦 (also available as a docker image)
- docker compose 📦
- access control lists (ACL) 📦
- a DNS provider capable of DNS-01 challenge (from this list)
📦 - likely available as a package for your system
- run
git clone --depth=1 https://github.com/SinnySupernova/snus.git && cd snusto clone the repository and cd into it - run
make configto copy the example config to theconfig.tomlfile - open the
config.tomlfile and adjust the settings - run
make initto perform the initial setup - run
make upto launch everything (will take more time on the first launch)
- cd into the project directory
- run
git fetchto check for updates, skip the following steps if no update is found - run
make downto bring the stack down - run
git pullto download the updates - run
make initto reconfigure everything - run
make upto bring everything up again
Warning
order matters, you must to bring the stack down with old parameters before the reconfiguration to avoid broken state issues
runs the setup scripts (update the repos and creates configs for all the tools used)
deploys the containers
Note
first run takes longer because container images are built locally
stops the containers
restarts the containers
Note
do not use this after updating the repositories because docker compsoe will restart from the old state, use make up instead
destroys the containers
destroys the containers and the volumes
Caution
DESTRUCTIVE OPERATION - always backup before using this
pulls updates from the nginx git repo (configurable, this one by default)
this runs automatically during make init
pulls updates from the acmed git repo (configurable, this one by default)
this runs automatically during make init
pulls updates from the acme.sh git repo (configurable, this one by default)
this runs automatically during make init
pulls updates from the docker-gen git repo (configurable, this one by default)
this runs automatically during make init
Q: the following cryptic thing shows up during make init:
WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available
WARN[0000] For using systemd, you may need to log in using a user session
WARN[0000] Alternatively, you can enable lingering with: `loginctl enable-linger USER_ID_HERE` (possibly as root)
WARN[0000] Falling back to --cgroup-manager=cgroupfs
A: firstly, do enable lingering sessions for your user
if that alone doesn't help, run systemctl --user start dbus as well
Q: the following error happens during updating docker sock gid stage: Error: Podman socket does not exist
A: if you're running rootless podman you need to make sure that Podman socket service is enabled for your user;
on systems with systemd this can be done by running systemctl --user enable --now podman.socket
on systems without systemd you'll need to run:
PODMAN_SOCK_PATH=$(podman info --format "{{.Host.RemoteSocket.Path}}")
mkdir -p $(dirname "$PODMAN_SOCK_PATH")
podman system service -t 0 unix://"$PODMAN_SOCK_PATH"and make sure that podman socket has 660 permissions chmod 660 $PODMAN_SOCK_PATH
or create a user service that performs the equivalent
Q: error like this appears during any operation Error: Could not find pattern xxx.yyy
A: new entries got added to the default config, please execute:
- run
mv config.toml config.toml.bakto backup your currentconfig.toml - run
make configto regenerate the default config - apply the required changes to the newly generated
config.toml(sorry, there is no automated way to do that)
Copyright 2025 Sinny Supernova
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.