Deployment Overview of Mumble on Server¶
Prerequisites and Basic Requirements¶
- Operating System: Ubuntu
- Privileges: Root access is required for installation and configuration.
- Ports:
- TCP and UDP port
64738(configurable viamumble_host_port) must be open for Mumble traffic. - Port
80and443are required for the Nginx proxy and SSL certificate management. - Docker: The Docker engine must be installed and running on the server.
File and Directory Structure¶
The deployment utilizes the following directory structure for data storage and configuration: - /root/nginx: Contains the Nginx proxy configuration and Docker Compose files. - /data/nginx/user_conf.d: Stores custom Nginx configuration files for specific host keys. - /data/nginx/nginx-certbot.env: Environment file for Nginx and Certbot settings. - /etc/letsencrypt: Mount point for SSL certificates managed by the Nginx container. - {{ mumble_data_dir }}: The designated directory for Mumble application data (default path depends on variable configuration).
Application Installation Process¶
The Mumble application is deployed using a Docker container. The installation involves pulling the specific image and starting the container with persistent storage. - Image: The container uses the image defined by the variable mumble_image. - Container Name: The running instance is identified by the variable mumble_container_name. - Data Persistence: The application data is stored in the host directory {{ mumble_data_dir }} and mounted to /data inside the container.
Docker Containers and Their Deployment¶
The system utilizes two primary Docker components: the Mumble application container and the Nginx proxy container.
Mumble Container¶
The Mumble container is managed directly via Docker commands with the following specifications: - Restart Policy: Set to always to ensure the service restarts automatically after a reboot or crash. - Port Mapping: - Host port {{ mumble_host_port }} maps to container port 64738 (TCP). - Host port {{ mumble_host_port }} maps to container port 64738 (UDP). - Volume Mounts: - {{ mumble_data_dir }}:/data
Nginx Proxy Container¶
The Nginx proxy is deployed using Docker Compose located at /root/nginx/compose.yml. - Image: jonasal/nginx-certbot:latest - Restart Policy: unless-stopped - Network Mode: host - Environment Variables: - CERTBOT_EMAIL is set to [email protected]. - Additional settings are loaded from /data/nginx/nginx-certbot.env. - Volume Mounts: - nginx_secrets (external volume) mounted to /etc/letsencrypt. - /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.
Proxy Servers¶
The Nginx proxy handles SSL termination and routing for the application. - SSL Management: Certbot is integrated within the Nginx container to manage Let's Encrypt certificates. - Configuration: Custom routing rules are defined in files located under /data/nginx/user_conf.d. - Proxy Pass: The Nginx configuration includes a rule to forward traffic to the Mumble service:
{{ prefix }}{{ server_id }}.hostkey.in.conf). Permission Settings¶
File and directory permissions are set as follows to ensure proper operation: - /root/nginx: Owned by root:root with mode 0755. - /root/nginx/compose.yml: Owned by root:root with mode 0644. - {{ mumble_data_dir }}: Owned by root:root with mode 0755. - Nginx configuration files in /data/nginx/user_conf.d: Permissions are managed to allow the Nginx container to read the configuration.
Starting, Stopping, and Updating¶
Mumble Service¶
The Mumble container is managed using standard Docker commands. - Start/Restart:
- Stop: - Update Image:Nginx Proxy Service¶
The Nginx proxy is managed via Docker Compose in the /root/nginx directory. - Start/Restart: