Integrate funkwhale as a subdomain of a VPS running different services

lateclaescape

I want to run a Funkwhale instance on a VPS server that I own. I found the official document to do this:

https://docs.funkwhale.audio/administrator/installation/docker.html#set-up-funkwhale

Currently, I have my server set up to serve multiple contents through subdomains:

www.mydomain.com
blog.mydomain.com
shop.mydomain.com

I use a Docker container as a proxy for HTTP and HTTPS connections, which handles connections to ports 80 and 443, and another container that renews Let's Encrypt certificates.

docker run --detach --name nginx-proxy -p 80:80 -p 443:443 -v /home/user/www/certs:/etc/nginx/certs -v /home/user/www/vhost.d:/etc/nginx/vhost.d -v /var/run/docker.sock:/tmp/docker.sock:ro -v /usr/share/nginx/html jwilder/nginx-proxy
docker run --detach --name nginx-proxy-letsencrypt --volumes-from nginx-proxy --volume /var/run/docker.sock:/var/run/docker.sock:ro --env DEFAULT_EMAIL=mydomain@gmail.com jrcs/letsencrypt-nginx-proxy-companion

Each subdomain runs in a simple Nginx container:

docker run -d -ti --name www -e VIRTUAL_HOST=www.mydomain.com -e LETSENCRYPT_HOST=www.mydomain.com -p 443 -p 80 -v /home/user/www/sites/web/:/usr/share/nginx/html nginx:alpine
docker run -d -ti --name blog -e VIRTUAL_HOST=blog.mydomain.com -e LETSENCRYPT_HOST=blog.mydomain.com -p 443 -p 80 -v /home/user/www/sites/blog/:/usr/share/nginx/html nginx:alpine
docker run -d -ti --name shop -e VIRTUAL_HOST=shop.mydomain.com -e LETSENCRYPT_HOST=shop.mydomain.com -p 443 -p 80 -v /home/user/www/sites/shop/:/usr/share/nginx/html nginx:alpine

This setup has been very convenient for hosting multiple subdomains, so my proposal is to make the necessary changes and document it properly so any user can adapt it to their work environment.

Now I want to integrate Funkwhale as an additional subdomain into this infrastructure:

funkwhale.mydomain.com

So I can start the container simply by doing this:

docker run -d -ti --name funkwhale -e VIRTUAL_HOST=funkwhale.mydomain.com -e LETSENCRYPT_HOST=funkwhale.mydomain.com -p 443 -p 80 -v /home/user/www/sites/funkwhale/:/usr/share/nginx/html nginx:alpine

I've tried following the steps in your tutorial, making some modifications to adapt it to my needs, but I can't get it to work correctly.

Here are the various problems I've encountered:

Step 0:

export FUNKWHALE_VERSION=1.4.0

Step 1:

Not needed.

Step 2:

mkdir /home/user/www/sites/funkwhale/
cd /home/user/www/sites/funkwhale/
curl -L -o /home/user/www/sites/funkwhale/docker-compose.yml "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/${FUNKWHALE_VERSION}/deploy/docker-compose.yml"

Step 3:

curl -L -o /home/user/www/sites/funkwhale/.env "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/${FUNKWHALE_VERSION}/deploy/env.prod.sample"
sed -i "s/FUNKWHALE_VERSION=latest/FUNKWHALE_VERSION=$FUNKWHALE_VERSION/" .env
chmod 600 .env
openssl rand -base64 45
Paste the secret key in the DJANGO_SECRET_KEY field.
FUNKWHALE_HOSTNAME=funkwhale.mydomain.com

Step 4:

docker compose pull
docker compose up -d postgres
docker compose run --rm api funkwhale-manage migrate
docker compose run --rm api funkwhale-manage fw users create --superuser
docker compose up -d

Everything has worked fine so far. I have all the containers running:

$ docker ps
CONTAINER ID   IMAGE                                    COMMAND                  CREATED          STATUS         PORTS                                                                                NAMES
52212dbc2dee   funkwhale/front:1.4.0                    "/docker-entrypoint.…"   7 minutes ago    Up 7 minutes   127.0.0.1:5000->80/tcp                                                               funkwhale-front-1
1acf9b288c43   funkwhale/api:1.4.0                      "celery --app=funkwh…"   7 minutes ago    Up 7 minutes                                                                                        funkwhale-celeryworker-1
01c5f53c6275   funkwhale/api:1.4.0                      "celery --app=funkwh…"   7 minutes ago    Up 7 minutes                                                                                        funkwhale-celerybeat-1
0fe1b7731101   funkwhale/api:1.4.0                      "./docker/server.sh"     7 minutes ago    Up 7 minutes                                                                                        funkwhale-api-1
ba88e768d4b2   redis:7-alpine                           "docker-entrypoint.s…"   11 minutes ago   Up 8 minutes   6379/tcp                                                                             funkwhale-redis-1
dd447dd3fe11   postgres:15-alpine                       "docker-entrypoint.s…"   12 minutes ago   Up 8 minutes   5432/tcp                                                                             funkwhale-postgres-1
3fe521799e2b   jrcs/letsencrypt-nginx-proxy-companion   "/bin/bash /app/entr…"   8 days ago       Up 8 days                                                                                           nginx-proxy-letsencrypt
d92998f646db   jwilder/nginx-proxy                      "/app/docker-entrypo…"   8 days ago       Up 6 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp             nginx-proxy

The problem comes at Step 5 (Set up your reverse proxy).

I already have my reverse proxy installed through the nginx-proxy container. It works fine. I've tried doing the same as I do with my other subdomains:

But when I connect to the service:

https://funkwhale.mydomain.com

I get this error:

403 Forbidden

This is where I need support from someone familiar with Funkwhale's reverse proxy setup to help me integrate it as another service within my VPS infrastructure.

Can you help me with this? Thanks a lot in advance!

lateclaescape

I just renamed some paths inside the docker-compose.yml that must be fixed:

$ diff docker-compose-orig.yml docker-compose.yml 
44c44
<       - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
---
>       - "/home/user/www/sites/funkwhale/data/music:${MUSIC_DIRECTORY_PATH-/music}:ro"
68c68
<       - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
---
>       - "/home/user/www/sites/funkwhale/data/music:${MUSIC_DIRECTORY_PATH-/music}:ro"
89c89
<       - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
---
>       - "/home/user/www/sites/funkwhale/data/music:${MUSIC_DIRECTORY_PATH-/music}:ro"

Still doesn't work, but this paths must be renamed in order to get this working some day.

Now I am getting this new error:

503 Service Temporarily Unavailable

petitminion

I don't know how nginx:alpine container works, we use nginx-proxy-manager.

lateclaescape

The nginx:alpine image is a minimal nginx server consuming minimal resources. The container named "www" , it is serving contents under internal /usr/share/nginx/html, that is stored in the external directory /home/user/www/sites/web/. Inside this external directory you can find and index.html and all HTML files related. That's the same for the rest of nginx:alpine containers.

The connections are managed by container named "nginx-proxy ", which redirects incomming connections to the proper docker container, based on subdomain. When nginx-proxy receives a connection to URL:

https://www.mydomain.com

that connection will be redirected to container named "www", after validating ssl certificate. And the container named "www" (running nginx-alpine image) will serve the contents.

That was my purporse, try to make the same with funkwhale. I can try to adapt my setup replacing nginx-proxy by nginx-proxy-manager, but at the end, the connection will be redirected to some nginx container that will serve the content.

Hope this makes more clear my question.