 and welcome to week three of understanding containers. I'm joined here by the inimitable Taylor Jaden, and he's gonna plow through another compelling week of content around containers and understanding them. I think, Taylor, and correct me if I'm wrong, what we'll be looking at in this episode is setting up a load balancer, enabling yourself to assign a IP address to that load balancer, which will in tail allow you to map a domain. And then finally, reason why load balancer is so popular is then you can get your handy dandy SSL cert, which is often difficult with Docker containers in any other fashion. So does that give you a kind of good roundup of what we're about to tackle here in this episode? Yep, yeah, that's exactly, that's our objectives is we're gonna get that SSL working and we're gonna map a custom domain. We are gonna take things kind of step by step so I can kind of show how these things interact. One of the things that most of the stuff we're gonna be doing today is not in text files, unlike last time or at the terminal, some of it will be, but much less of it. And because of that, a lot of the stuff is a little bit, I think, weirdly more procedural, the order in which you do things can matter, what you click on, stuff like that. So I'm gonna make sure I'm going to be going at a pace where everything makes sense as best I can. But this is one of the things that, and we'll do more complicated stuff even next week, but one of the things I kind of like about Docker Compose is last time we took our command and formed it into a file and that's hopefully what you have right now running for NextCloud. But you can look at that file and describe what's happening. And there's a lot of power in that because you can compare that against somebody else's setup, right? Well, something like this, because we're doing moving pieces with a separate container in Reclaim Cloud or a separate node, I should say, and custom domain, what we're gonna need to get into C-Panel to map a custom domain. So some of this stuff is a little bit, I wouldn't say trickier, but it's a little bit more, you need to, I think, kind of know what's happening and why you're doing it. So yeah, so we'll dig right into it. And for me, I always think it's practical because I always, once I figure out in my stumbling way how to get a Docker container up, I feel like it's not finished until it has a domain that I can point to and the HTTPS cert to make it official. So I like it because this is, for me, always the finishing up of an environment and making sure that it's live and ready to go. So for me, while a little bit more procedural, it's really kind of like practical in getting that thing up and running. I put so much importance on a domain, maybe too much. You? You care about that? I do, too much. Yeah, no, I do too. And I would totally agree. I think the custom domain or a subdomain even is the cherry on top, right? Like it's not done until you've done that. It's your coat of paint. So, all right, so before we dig into it, I'm gonna mention again that the glossary is a resource that you should be paying attention to. And it- I love the glossary. I'm fully leaning into the unhinged glossary that this is not even a glossary anymore. This is just slides. But as I've been going, I've been writing our weekly posts. I just like having a ever-expanding continuous resource. And so that's been helpful for me for planning. And I hope it works for you because I don't like the idea of someone trying to find something in here or in our course and having to go, was that week two or week three? No, it's all in the glossary. So I did wanna mention that we have some examples of Docker Run and Docker Compose and breaking down by color coding what's happening in there. This is related to the stuff we did last time. And I've been updating some terminology, things like that. And I also have the handy commands. So these are going to be slides that show commands that I've used in the session that you should have available to you. A few notes here, because this is slides on the web, you can actually, let me back this out a little bit, if you're, cause it's just a webpage, keep in mind you can copypaste this. This isn't some PowerPoint. This has web technology, all right? So you can copy paste these. That's very much on purpose. Command references are no good if you can't copy this. Yeah, yeah. So, and just short descriptions. The other thing I wanted to mention here is these blue titles are links. I never mentioned that and it's not obvious, but these link out to documentation I find useful that's less concise than what we're using, but if you're looking for more, you might wanna check it out. Particularly for Docker and Docker Compose, I'm linking to this thing that I love called cheat.sh. If you've ever done stuff at the terminal and you've used man pages, it's kinda like that, but the cool thing is they're basically, it's just a website, you go cheat.sh, and then after the slash, you can add whatever is the name of your command. And it will just give you a few examples that people like. So these are community-maintained and I love these. They're just super fast and handy to get to. So I'm linking to those. And we have some things in Docker Compose as well. Some of them which we'll use this time actually. So I kinda have been adding to it as needed as I've been prepping for these. So sometimes there's gonna be stuff in here that you won't have used yet and that's fine. All right, so that's what's new in Glossaryland. We'll get started right away with getting domain mapping and stuff happening. So if you've left off where I did last- I would magnify that a bit. A little bit more. I would, yeah, you can. Yeah, we can do that. Let's go here. Yeah. All right, so if you left off you should have a NextCloud instance running in Docker. I'm gonna go into my config manager here in the file manager and click on root to get into the root folder and click on NextCloud because that's where we had done all our stuff, made our Compose file. And I'm gonna open up the Compose file and it should look something like this. This is the very simple Compose file I created that we are using. Before I make any changes in here or do anything, if you click on your environment name, you probably still have everything loading over port 8080, which is important because that means you have to type colon 8080 to get to anything. But it is working, HTTPS is not set up, no custom domain. The first thing we need to do is fix our port situation. We shouldn't be loading over 8080 anymore. We wanna load over port 80. So that's pretty easy because I've opened my Docker Compose file up that I made. I can just change that to 80 and hit save. And then all I need to do is restart the application to tell it, hey, you should run on this port. One thing that you can do that I should mention right away here, and I'm actually gonna undo my change here. I forgot about this, is one thing that's super handy anytime you're making changes to stuff in Reclaim Cloud and you're wanting to test something or maybe just not sure about what you're doing yet, is the clone environment tool. This is my favorite thing possibly about Reclaim Cloud. If you go in the environment section, this button right here is the clone environment button. And it'll give it its own little name or I can, let's call it Next Cloud Backup. It will clone what I'm doing. So it will basically make an entirely duplicate environment and it will carry over all the files, everything. All of that stuff will be preserved. So this is great to make backups of things as you're trying out new stuff or maybe you're gonna test an upgrade of something just invaluable in my opinion. So while that's running here though, we're gonna keep going on editing this. So I'm gonna change my port in my compose file to 80. Let's save. And I can't open a terminal right now because it's cloning the environment. I guess I didn't really think that through. But what we'll do is we're going to, once the clone is done, we're going to use Docker compose to take the whole stack down and bring it back up. And again, this is in the handy containers. Do you want me to run some comic relief here? Because that's pretty much all I'm good for. Sure, sure. I don't have anything funny to say. You mean the classic, just be funny. Like that doesn't, yeah. Just come on, be funny. So in our handy command reference, we have, this is how we take down a, well this is how we stop the containers in Docker compose. So we'll use that. And then we'll use up-d to bring them back up. And this will take a little bit here. My clone is already done. So that's awesome. Okay, so I'll leave that one be for later. Actually, we probably won't use it today. But maybe I need to restore back or something like that. So now that my clone is done, I can open a terminal. And it is important when you are cloning to make sure you're opening a terminal or your config panel in the right place, right? I want this one, not my backup. All right, if I ls, I can and then cd into my next cloud directory where I made my compose file. There it is, okay? So I'm gonna stop everything. And the reason I had to do that, right? Move into that next cloud directory is Docker compose commands require you to be in the same folder as that.yml file. That's really important. If I try to do this and I'm not in my next cloud folder, it's gonna say, I don't know what you're talking about. Couldn't find a suitable configuration file. All right, so I'm in my right folder down, okay? And we'll do Docker compose up dash D. And now if I click on this, it's working. Now we are getting a little error here about an untrusted domain. You may or may not be getting that now. I'll go into more detail on how we fix that. That's a specific next cloud thing. But we're gonna kind of focus on getting things working over HTTPS and stuff like that first before we worry about this error. So, but like I said, that's a next cloud thing. So you're not gonna run into that with every single application. All right, so the first thing, now that we have this loading on port 80, which is awesome, we need to see if we can get it loading over HTTPS. So before you map a domain or maybe you're running something that you don't really care to map a domain ever, like you're just using the reclaimed cloud environment URL and that's fine for you. There is something you can use called auto SSL. So that's an option to you, but it only works if you're not mapping a custom domain. The first thing we're gonna do though, because we are gonna eventually map a custom domain is we're gonna add a load balancer. So if I go into this balancing section of the config manager here or the topology manager and then go down to engine X and then 1.22.0, that's just the newest one. Just pick whatever is the newest one. You will have a load balancer. One thing that's really important to note in here is whatever block in the topology section in reclaimed cloud has a white square around it or a white border on it. That's the one that you're looking at here. So note that our Docker engine CE, this one has a IPv4 address. And if I click on our load balancer, this one does not. That's going to be a problem for us or not a problem so much as we're kind of wasting an IP address. And the reason is the load balancer is gonna handle all of the traffic going in that you're gonna be using. Basically when you visit this website in a browser, the load balancer is sort of the middleman between Docker and NextCloud and your browser. So because of that, the load balancer is the thing that we're going to need to give to an IP address to so that we can map a custom domain later. And because that's getting an IP address, we don't need Docker to have one anymore. So we're also going to remove, if you click on this Docker engine CE, we're gonna remove the IP address from that. And then we'll give the IP address for engine X. You'll note that when you do that, it's actually gonna turn off access via shared load balancer. That's fine. And we'll hit apply. And so this will take a second because it's gonna have to make the load balancer and it's going to remove the IP from Docker and it's going to create an IP for the load balancers. It's doing all of that so it takes a little bit. You can see now I've got a second node in my environment here. One of the things that I've been kind of trying to come up with forever, a more perfect analogy for is sort of why we even need to do this load balancing stuff or do any of that in Reclaim Cloud. And I think the closest thing that makes sense to folks who've worked with shared hosting or domain of one's own is the analogy of Apache, which is the web server in those cases. So in a LAMP stack or shared hosting environment, every application that that's running is meant to work with Apache as the web server. And so in that instance, Apache can handle all of the traffic where it goes, where the web requests go, what programs should run them. So if you've got a WordPress site running, Apache gets that request from your browser and then hands it off kind of to WordPress and says, here, what do you make of this? WordPress does its magic, comes back and says, here Apache, give the person this file. In this case, the load balancer is doing very much the same thing. It's sort of giving that traffic in, giving it to whatever is happening in our Docker engine container, in this case, NextCloud, and then being sort of the middleman in that setup. And the reason we need that is when we give a HTTPS cert, we're gonna need something that Jelastic knows about that can manage the certs and all that stuff. So that's where the load balancer comes in is the cert will go on the load balancer because it's sort of a known quantity. Okay, so the changes I made are done. If I click on this node ID dropdown, you'll note that there's an IP address here now. So that's cool. And the IP address that was on our engine node is now gone. So I'm gonna actually copy this IP address. And if I spit this into my address bar, it should load, great. So that works now. And then finally, I have to map a domain to this. So I'm gonna go in my C panel. You can use your own C panel or you can use pretty much anything that can manage D and as if you have domains registered someplace else. And if you really have no place that you have to do this, just message me in Discord and I can help you come up with something or we can even map something from my domain to your test environment. You know, I'm glad you're using C panel for this because in my demonstration on a certain app I was working for, I think it was like ghost. I use Cloud Flare. And I was upgraded by Stephen Downs. You got down. So I'm using, I got downed. So thank you for saving us. Yeah, well, I like Cloud Flare a lot but I still use C panel for pretty much all my DNS because I'm more familiar with it, I guess is really the only reason. So yeah, all right. So I've got a couple of different domains. I'm going to map nextcloud.jdin.me. That's what I would like. So I'm gonna make an A record here and I will type in nextcloud.jdin.me and then I'm gonna paste that IP address that I had from last time in and add an A record. Now, if you've done anything with DNS you know that there's a magic to the time frames with which this stuff works. There isn't literally a magic but it might as well be in my opinion. So if you happen to have visited this URL before there's a chance that you just set up because you're testing it or something there's a chance that it'll be cached and you'll need to wait a couple hours probably for it to show up for you. I don't think I've ever tried to visit nextcloud.jdin.me before so this should work right away. Yep, so it's working. So my custom domain is here and it's loading but I just wanted to note that like if you are doing some testing, it's possible that it'll be cached you'll need to wait a little bit. If you run into that, let me know in the Discord and I can kind of help you work through that you have things set up even before the caching is done. There's a number of ways to handle that and we can help with that. So I don't wanna go into it in this video but that would be a perfect thing for Discord. All right, so I've got my custom domain nextcloud.jdin.me but it's still not loading over HTTPS. That's because I have to do the last step and that's to add a cert to the site. Now if I go into add-ons here and this needs to be in the load balancer section, there's a few things in here but one of them is let's encrypt free SSL. And if I hit install, I just need to type in the domain that I've mapped nextcloud.jdin.me, hit install and this will take a minute or two. But it's worth the wait. Yeah, the cool thing about this is, let's encrypt, I should really know more about let's encrypt as an organization because I remember when it was new and it was like HTTPS is the future, man. Well, it's not the future but it's going to be the future of everything. It's long overdue is what they were saying. Yeah, and everyone's like, so get set up and everyone's like, okay, but certs costs so much money. And then let's encrypt comes around and go, nope, it's free if you use this with some, I think there's restrictions on who can use it for what purpose, is that accurate? Or how many you can use? Yes, yeah. It's just like you can't just, let's encrypt thousands of websites. They put a rate limit on it. Okay. And, but then it's free and the real kicker that maybe I, like I haven't really appreciated as much as is the fact that they have their own tools and APIs to help you manage them longterm. That as a user, if you're using something like Cpanel or Jelastic here, you don't really have to think about. You just say, I want to cert please and it does its thing. And if there's some kind of problem, it'll email you but that's because they have all this scripting and programs that will automatically go check if the cert's up to date and needs renewal and it does all that in the background. That is amazing. As someone who used to work in IT at a university and had to do some manual cert stuff, that is not how certs normally work. And you think about, let's encrypt, it was a nonprofit initiative that worked on donations and they basically made sure that I think, I don't know what the rate is but it's significant number of websites now. I would say upwards of 80% of all websites load over HTTPS. And this is a matter of like when we started reclaim hosting is when it came out. So like eight, nine years maybe that they had like basically 80 to 90% of all websites are loading, that's a gigantic shift. Yeah, it's huge. A gigantic culture. When you think about it, there's a story to be told about how they did that because it's amazing. Yeah, I would say. People disagreed with the logic of it and whether everything should load over HTTPS. I know there's some standouts for HTTP but still the way they did it and how they did it is remarkable. Yeah, there are some things on that. I remember, you don't hear as much of that anymore because I think that battle's kind of lost honestly. Like if it's not loading over HTTPS at this point, you're gonna get like weird things in your browser and all kinds of stuff. But I do hear that. Like I remember hearing a lot about like, especially folks that have poor access to internet that do caching and stuff that that was a big bottleneck. But it's one of those things where on the other hand, like it's sort of the problem that HTTPS was designed to prevent was that your traffic wasn't being handled by anybody else. There are actually other ways to do that now is the kind of unfortunate thing. But yeah, it's a big thing. I remember, I feel like when I was in college, that's where it changed. Like going into college, my email loaded over HTTPS. And I think maybe my bank and that was kind of it. And at the end, it was like, if you're loading, if you're visiting a popular website that's not on HTTPS, what are you doing? Like. Yeah. And it was a learning curve, I think. And we were a small company still to start. And it was a learning curve cause Tim was playing with like the Let's Encrypt surf bot and all that programming was still pretty rudimentary. But we were able to integrate it with C-Panel and we were able to automatically initial, automatically, basically give out search to everybody so it didn't have to be a manual process, which I think changed the game. Oh yeah. The first time I used Reclaim. The first time I used, this would have been on shared hosting in like 2016 or 2017. And having come from self-hosting, like I would go spin up like a digital ocean droplet and install stuff. Someone was like, oh, you should, that seems really expensive. You should use this Reclaim Hosting thing. And I was like, cool. And I started this, I made a WordPress site and I was like, that was easy. And then I visited it and it was already on HTTPS. And I was like, what happened? Like I was shocked. That was magic. We were lucky cause Tim was mindful of that as soon as it came out. And he was like, this is something we're gonna have to do. And it's gonna represent some issues but we're gonna have to do it. And we were lucky for it because, you know, and then C-Panel caught on and they got their own auto SSL, which is somewhat free. But like, Let's Encrypt really started that. And they made your kudos for the work they did and how they did it. I'd love to listen and hear that story, frankly. Yeah, yeah, totally. All right, so Let's Encrypt cool stuff, good tangent. So now if I go to my next cloud.jdnm me and I type in HTTPS colon slash slash in front of it, bam, it works, it's loading over HTTPS. Now, the only thing, we got two remaining things here. Unfortunately, we still have this access through untrusted domain thing. So we're gonna take care of that first. Now, further information, how to configure this can be found in the documentation. If I click on that, and I did of course some reading on this earlier, but basically what happens is if you set up next cloud on a certain domain name and then move it, it's going to say, I don't know what this domain is and for security reasons, it's gonna refuse to load unless you add this new domain to a config file. And so it says it's in config.php. So we actually need to go into the files of our container because this is in next cloud's own settings. This is not in our Docker engine CE, it's main file system. It's actually in the Docker container where we're running file system. Now we can get to them through Docker engine CE, but so we're gonna actually have to edit a file in a Docker volume, right? Docker volume, keep in mind our glossary, this is one way to store data and persistently. The other one is bind mounts. We're using volumes for this particular thing because that's what their documentation had. And you'll notice I added a new bullet point. It says data is stored in varlib Docker volumes. Okay, so let's go in there. So we're gonna go into the configs for our Docker engine CE and I don't need to mess with the compose file right now. So I'm gonna go back to root here, actually. And I can actually do that by just clicking this little folder right in the corner here. So we need to go to varlib Docker. And in there is a volumes folder. And this is where our volumes live. So you'll notice that there's a next cloud DB that was from the demoing I was doing of the more complicated compose file. And then there's next cloud, next cloud. That's just the way it named it, but next cloud is the name of our volume. So that's our volume folder right here. And then in there is a data folder. And here we go. This is all of our files and stuff that makes up that next cloud is reading, essentially. So in the config folder is our config.php file that the documentation over here mentioned. So I'm going to, whoops, sorry. So I'm actually gonna take this. A little chain.me plug there. Yeah, well, we'll get there. We gotta look at the blog for the next thing we're gonna do. I've got links queued up all over the place, so. So in the documentation it says, hey, there's a spot in this file that says trusted domains and then there's section where it lists them. Okay, so if I go over here in config.php, I'll double click on it and it'll open it up. Give myself a little bit more room here. We could search through this whole thing and here we go, trusted domains, array and it says next cloud Taylor wc.reclaim.cloud colon 8080. Okay, so that's where it thinks it should be loading from and that's why we're having this problem. We could just change this to be our new domain. That's what I'm gonna do. And in their documentation, they have listed out several acceptable places for it to load from. I'm just gonna change it. I'm not gonna be using this URL anymore. So I'm just gonna make it be nextcloud.jadon.me and I'll save this and let's refresh our page here to see if this works. There we go, I got a login page. So now if I log in, see if I remember my password and it's not loading over HTTPS. But it is if I type it in manually. So we'll have to look at that. I think I know there's a trick. Yeah, so the final thing, nextcloud for whatever reason doesn't automatically redirect you to HTTPS. In a lot of cases, we want that to happen. We want when you visit something or to just automatically go right to the HTTPS version and that's not what's happening right now. Even though the cert is there and it's working if you manually go there. So what we're gonna do is we're gonna check out a blog post I made this week. And because we have that Nginx load balancer, this is actually really easy to fix. We just need to add a new file into the file manager in that Nginx load balancer and copy and paste this code in. So I'm going to while I'm here and I'll link to the blog post for you all so you can copy this code as well. I'm just gonna copy this and if I go back into Reclaim Cloud, I can actually close this. I'm not gonna need this file anymore. Close all this stuff right now. And I need to now make a, get into the load balancer files, not the Docker engines files. If I open that up in the Favorites area, I can hit conf.d and then click this little gear and make a new file. Call it redirect.conf. I think technically you can name that whatever you want, but as long as it ends in .conf, but I usually do redirect.conf. And then we'll paste that in and hit save. And then the final thing is we're gonna have to restart our load balancer so that it will read these files for us. So if I restart this here, take it to 10, 20 seconds. Okay, that's done. Let me open up a new tab, see if it works. Bam. Now we are logged in, or sorry, now we are on the login page and it's automatically redirecting to HTTPS. So that's it, we're working, we're golden. Yeah, the blog for the win again. Yeah. And I don't remember the username and password I set, so I would probably have to reset my password. But that's not gonna make compelling video educational content, so I'm not gonna do it right now. But it's loading, so that's good enough. So that's a lot. And basically breaking down what we just did, we put a load balancer on the environment and the load balancer will later on allow us to assign a cert. We gave that load balancer an IP address so that we could map a custom domain and we removed the IP address from our Docker engine CE container because we won't need it anymore because of load balancer. Then we mapped the domain using IUC panel, you can use whatever domain management you have available to you. And if you have questions on that part or don't have something available to you, let me know, we can set you up with something for the purposes, like, even if it's just a sub domain or something, we can make it work for you. Then we loaded it over that mapped domain and it worked. We used the Let's Encrypt add-on and Jelastic to issue a cert. And then we fixed NextCloud's little bug by, well, it's not bug, but their little security thing by telling it, hey, this is the new domain that you're supposed to load from based on their documentation. And then finally, we forced it to load over HTTPS, which I have instructions for in a blog post I just made. So I'll link that, of course. Yeah, so I think pretty successful endeavor. We now have a secure NextCloud instance running on our own custom domain. Yeah, any questions? And very well done in terms of pacing and giving people an overview and our little divergence into the history of Let's Encrypt, which now we're gonna have to research. Compelling, I think where this is as good as it gets at ReclaimEdTech. Yeah, so we'll look out for the blog post on ReclaimEd.Tech. I'm gonna have you do basically everything I just did in terms of mapping a domain, getting HTTPS working and making sure NextCloud will actually load on this new URL and the redirect. So we're gonna have you do all of that stuff and I'll have all the links and resources you need to do it. Of course, there's also this video. So if you have any questions on any of that, let me know. I will say before we sign off that there are other ways to do HTTPS depending on your environment setup, depending on what type of application you're using. Sometimes there are applications you'll run on ReclaimCloud that do their own HTTPS. You just need to tell them what domain that they should be getting a cert for. So there's that. What I wanted to cover here, this is a use case that is sort of a pretty universal way. And that's kind of one of the cool things about ReclaimCloud is because of that load balancer and the Let's Encrypt add-on, that is a method that will work with almost any application. And so we just did it in probably the most universal way you possibly can. And that's one of the reasons we did this with NextCloud is because NextCloud doesn't actually come with any fancy way to do it itself. So that's one thing to look out. I'm sure we'll get questions on is how can we didn't do it this way? There are other ways and we can talk about that stuff in the Discord. I more than welcome that conversation because it's good to know what's all possible. But the way we just did it here is kind of the way I almost always do it and the way that will work with almost any application out there. Cool. Yeah. It was a good session. Thank you all for joining us back in the EdTech Void. And we'll see you in Discord. And on Friday for the Q&A. See ya.