Xibo CMS with Docker on Ubuntu 22.04

This is a guide to install Xibo with Docker on Ubuntu 22.04, working through the Xibo for Docker on Linux instructions

For the purpose of this walkthrough I am starting with a standard Ubuntu 22.04 Server x64 machine, with at least 2GB of RAM, and 2GB of swap, logged in as the “root” user.

Install Docker

apt install docker.io docker-compose

That’s all the dependencies for Xibo installed.

Install the Xibo CMS

Lets now install the CMS:

mkdir /opt/xibo
cd /opt/xibo
wget -O xibo-docker.tar.gz https://xibosignage.com/api/downloads/cms
tar --strip-components=1 -zxvf xibo-docker.tar.gz

We now have the docker-compose files extracted in to /opt/xibo

Create config.env file

We need to create a config.env file per the install guide. Lets do that, ensuring we set a MYSQL_PASSWORD value. This must be alpha-numeric only. ie made up of A-Z a-z 0-9. No spaces, punctuation or other special characters. For example, something like BTvjCyqQEZ8kGPrb would work. Clearly, do not use that password!

A link to a random password generator is provided in the comments and is the best thing to use!

cp config.env.template config.env
nano config.env

Save your changes and quit.

Now bring the CMS up

docker-compose up -d

Please note: It is normal for you to experience a delay whilst the CMS finishes setting up, please be patient.

The CMS will be downloaded and run, and you should be able to log in at the IP address of your server. I have a DNS name pointed to my server (xibo.alexharrington.co.uk) so I can simply enter that name:

First thing to do is to change our xibo_admin account password:

Once that’s changed, we’re ready to use the CMS over HTTP only. Work through the CMS Post Installation Guide for setup information.

You should consider setting up a firewall. As a bare minimum, the following will set you up the ufw firewall with the right ports open for HTTP, SSH and XMR:

ufw allow ssh
ufw allow 80/tcp
ufw allow 9505/tcp
ufw enable

Adding SSL Support

There are several ways you could add SSL support to this configuration.

The simplest is to install Apache on the host Ubuntu server, and have it proxy the SSL requests into our container.

First, we need to stop the running CMS since we’ll need port 80 for our Apache server.

cd /opt/xibo
docker-compose down

Now move Xibo on to a different port number.

We’ll be following the instructions to install Xibo for Docker on Linux from the “Using different ports” heading.

cp cms_custom-ports.yml.template cms_custom-ports.yml
rm docker-compose.yml
nano cms_custom-ports.yml

Edit the “ports” section of the cms-xmr and cms-web services so they read as follows:

version: "2.1"

services:
    cms-db:
        image: mysql:5.7
        volumes:
            - "./shared/db:/var/lib/mysql:Z"
        restart: always
        environment:
            - MYSQL_DATABASE=cms
            - MYSQL_USER=cms
            - MYSQL_RANDOM_ROOT_PASSWORD=yes
        mem_limit: 1g
        env_file: config.env
    cms-xmr:
        image: ghcr.io/xibosignage/xibo-xmr:0.9
        ports:
            - "9505:9505"
        restart: always
        mem_limit: 256m
        env_file: config.env
    cms-web:
        image: ghcr.io/xibosignage/xibo-cms:release-3.3.5
        volumes:
            - "./shared/cms/custom:/var/www/cms/custom:Z"
            - "./shared/backup:/var/www/backup:Z"
            - "./shared/cms/web/theme/custom:/var/www/cms/web/theme/custom:Z"
            - "./shared/cms/library:/var/www/cms/library:Z"
            - "./shared/cms/web/userscripts:/var/www/cms/web/userscripts:Z"
            - "./shared/cms/ca-certs:/var/www/cms/ca-certs:Z"
        restart: always
        links:
            - cms-db:mysql
            - cms-xmr:50001
        environment:
            - XMR_HOST=cms-xmr
            - CMS_USE_MEMCACHED=true
            - MEMCACHED_HOST=cms-memcached
        env_file: config.env
        ports:
            - "127.0.0.1:8080:80"
        mem_limit: 1g
    cms-memcached:
        image: memcached:alpine
        command: memcached -m 15
        restart: always
        mem_limit: 100M
    cms-quickchart:
      image: ianw/quickchart
      restart: always

So specifically, we changed the line:

            ports:
                 - "65500:9505"

to

            ports:
                 - "9505:9505"

and

            ports:
                 - "65501:80"

to

            ports:
                 - "127.0.0.1:8080:80"

Save your changes. That will ensure that XMR runs on port 9505 as before, and the web service runs on port 8080 only on the loopback interface.

Bring the containers back up with those changes:

docker-compose -f cms_custom-ports.yml up -d

Now protect that Container with an Apache server and a LetsEncrypt SSL certificate:

apt install apache2
a2enmod proxy
a2enmod proxy_http
a2enmod headers

Edit the default apache config file to create a reverse proxy to our container:

nano /etc/apache2/sites-available/000-default.conf

It should contain

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPreserveHost On
        RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}

        ProxyPass / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/

</VirtualHost>

Save your changes, and then restart Apache

service apache2 restart

Our CMS should now be available back on port 80.

If you’re using ufw, lets put a rule in for https traffic now

ufw allow 443/tcp

Then install letsencrypt (from Certbot Instructions | Certbot)

snap install core
snap refresh core
apt-get remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

And then generate a certificate (replacing xibo.alexharrington.co.uk with the DNS name for your server.

certbot --apache -d xibo.alexharrington.co.uk

Do not select the option to automatically redirect requests to https connections. Once the certificate has been issued, try accessing the CMS over https. If it works as expected, log in to the CMS and in the Settings → Network tab, tick the option to “Force HTTPS” connections.

Upgrading

Upgrading is simple. The steps below show the steps to take to upgrade taking a full backup before hand. Run these as the root user.

# Stop the running container
cd /opt/xibo

# With SSL
docker-compose -f cms_custom-ports.yml stop

# Without SSL
docker-compose stop

# Backup the existing container data
cd /opt
# Delete any old backup version
rm -r xibo-backup
cp -rp xibo xibo-backup

# Download the new docker-compose files
cd /opt/xibo
wget -O xibo-docker.tar.gz https://xibosignage.com/api/downloads/cms
tar --strip-components=1 -zxvf xibo-docker.tar.gz

NOTE: If you are upgrading then remove the old xibo-docker.tar.gz file to avoid creating duplicate files:
cd /opt/xibo
rm xibo-docker.tar.gz
wget -O xibo-docker.tar.gz https://xibosignage.com/api/downloads/cms


If you didn't enable SSL, then

    docker-compose pull
    docker-compose up -d

If you did enable SSL, then you'll need to:

    rm docker-compose.yml
    cp cms_custom-ports.yml cms_custom-ports.yml.old
    cp cms_custom-ports.yml.template cms_custom-ports.yml
    nano cms_custom-ports.yml

Make the same edits to this file as in the install guide above, to specify the correct ports to use, and then run

    docker-compose -f cms_custom-ports.yml pull
    docker-compose -f cms_custom-ports.yml up -d

It can take several minutes for the upgrade to complete and the webserver to start - particularly when going between major or minor CMS versions.

    docker-compose [-f cms_custom-ports.yml] logs -f cms-web

will give you diagnostic information as to what is happening. It is normal to see an error like

    mysqldump: Error: 'Access denied; you need (at least one of) the PROCESS privilege(s) for this operation' when trying to dump tablespaces

or 

    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.19.0.4. Set the 'ServerName' directive globally to suppress this message

and these can safely be ignored.
6 Likes