Skip to content

Latest commit



887 lines (650 loc) · 25.6 KB

File metadata and controls

887 lines (650 loc) · 25.6 KB


server software install using Docker


Server software

Development environments

We can edit code in rstudio and access the same database. In cases where the tables change, let's just create new tables or add a column like production = T/F or some such within the existing datase.

And for Shiny apps, we'll just create *_dev symbolic links (ln -s) under /srv/shiny-server/.

Working Development and Production environments

  • static web site:
  • interactive shiny app:
    • filesystems:
      • production: /share/github/mhk-env_shiny-apps
      • development: /share/github/mhk-env_shiny-apps_dev
    • a single app folder: report

To make changes to the code above (eg either website or Shiny app):

  1. Log into
  2. Open the project by 2x-clicking in the Files pane: to {filesystem}/*.Rproj
  3. Create or change to the branch of interest in the Git pane
  4. Make changes, git commit (possibly mentioning the issue #) and push them.
  5. Visit the{repo}
  6. When ready to merge with production, create a new Pull Request selecting the branch. Merge pull request. Visit the production filesystem and do a git pull.


Shell into server

Secure shell (SSH), eg for Ben Best on Mac Terminal:


Setup ssh keys

See How To Set Up SSH Keys | DigitalOcean.

ssh-keygen -t rsa
# Using password in `~/private/`

Create Server on DigitalOcean

Folks at Integral already handled this, but here's how I handled this for marinebon/iea-server...

Create droplet at with (Google login):

  • Choose an image : Distributions : Marketplace :
    • Docker by DigitalOcean VERSION 18.06.1 OS Ubuntu 18.04
  • Choose a plan : Standard :
    • small:
      • $40/mo $0.060 /hour
      • 8 GB / 4 CPUs
      • 160 GB SSD disk
      • 5 TB transfer
  • Choose a datacenter region :
    • San Francisco
  • Authentication :
    • One-time password Emails a one-time root password to you (less secure)
  • How many Droplets?
    • 1 Droplet
  • Choose a hostname :
    • smallest:

Add an external disk drive, especially for downloading and consuming the MarineCadastre datasets:

  • $50/mo for 500 GB volume

Email recieved with IP and temporary password:


    Your new Droplet is all set to go! You can access it using the following credentials:

    Droplet Name: IP Address: Username: root Password: 513dbca94734429761db936640

Have to reset password upon first login.

Saved password on my Mac to a local file:

ssh root@
# enter password from above
# you will be asked to change it upon login

For instance (replace S3cr!tpw with your own password):

echo S3cr!tpw > ~/private/
cat ~/private/

Then you can login via:

sshpass -f ~/My\ Drive/private/ ssh

Install Docker

Since we used an image with docker and docker-compose already installed, we can skip this step.


sudo apt install apt-transport-https ca-certificates curl software-properties-common

# add the GPG key for the official Docker repository to your system
curl -fsSL | sudo apt-key add -

# add the Docker repository to APT sources 
sudo add-apt-repository "deb [arch=amd64] bionic stable"

# update the package database with the Docker packages from the newly added repo
sudo apt update

# install Docker
sudo apt install docker-ce


# confirm architecture
uname -a
# Linux docker-iea-ne 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

# update packages
sudo apt update

# check that it’s running
sudo systemctl status docker



# check for latest version at and update in url
sudo curl -L`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

# set the permissions
sudo chmod +x /usr/local/bin/docker-compose

# verify that the installation was successful by checking the version:
docker-compose --version
# docker-compose version 1.25.4, build 8d51620a

Build containers

Test webserver


docker run --name test-web -p 80:80 -d nginx

# confirm working
docker ps
curl http://localhost


<!DOCTYPE html>
<title>Welcome to nginx!</title>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href=""></a>.<br/>
Commercial support is available at
<a href=""></a>.</p>

<p><em>Thank you for using nginx.</em></p>

Turn off:

docker stop test-web

Setup domain

  • Bought domain for $12/yr with account

  • DNS matched to server IP to domain via Google Domains, plus the following subdomains added under Custom resource records with:

  • Type: A, Data: and Name:

    • @
    • gs
    • rstudio
    • shiny
  • Name: www, Type: CNAME,

Run docker-compose


First, you will create the environment .env file to specify password and host:

# get latest docker-compose files
git clone
cd ~/mhk-env_server-software

# set environment variables
echo "PASSWORD=S3cr!tpw" > .env
# actual password on Ben's laptop: ~/private/password_mhk-env.us_server-software
echo '' >> .env
cat .env

# launch
docker-compose up -d

# Creating network "iea-server_default" with the default driver
# Creating volume "iea-server_postgis-backups" with default driver
# Creating volume "iea-server_geoserver-data" with default driver
# Creating volume "iea-server_postgis-data" with default driver
# Creating volume "iea-server_mysql-data" with default driver
# Creating volume "iea-server_wordpress-html" with default driver
# Creating volume "iea-server_shiny-apps" with default driver
# Creating volume "iea-server_erddap-data" with default driver
# Creating volume "iea-server_erddap-config" with default driver
# Creating volume "iea-server_nginx-html" with default driver
# Pulling postgis (kartoza/postgis:11.0-2.5)...
# 11.0-2.5: Pulling from kartoza/postgis
# 68ced04f60ab: Pull complete
# ...

# OR update
git pull; docker-compose up -d

# OR build if Dockerfile updated in subfolder
git pull; docker-compose up --build -d

# git pull; docker-compose up -d --no-deps --build erddap

# OR reload
docker-compose restart

# OR stop
docker-compose stop

update docker compose images

bbest @ 2024-09-25

WARN[0100] Found orphan containers (
[geoserver_server letsencrypt_server proxy_server nginx-dev_server nginx_server]
) for this project. If you removed or renamed this service in your compose file, 
you can run this command with the 
--remove-orphans flag to clean it up. 
# caddy fmt --overwrite Caddyfile

# ----
# - [DNS]( as
#   * @         A
#   * api       A
#   * rstudio   A
#   * shiny     A
#   * www       CNAME
#   * www-dev   A
docker compose pull

# to force rebuilding all
docker compose up --force-recreate --build -d
# OR to individually rebuild
docker compose build rstudio
docker compose up --build caddy

# to remove orphan containers
docker compose up --remove-orphans -d
# to start all daemons
docker compose up -d

docker image prune -f


docker compose pull
[+] Pulling 2/7
 ✔ nginx Skipped - No image to be pulled                                                                                                 0.0s 
 ✔ nginx-dev Skipped - No image to be pulled                                                                                             0.0s 
 ⠋ letsencrypt Pulling                                                                                                                   0.1s 
 ⠋ postgis Pulling                                                                                                                       0.1s 
 ⠋ rstudio Pulling                                                                                                                       0.1s 
 ⠋ proxy Pulling                                                                                                                         0.1s 
 ⠋ postgis-backup Pulling                                                                                                                0.1s 
WARNING: Some service image(s) must be built from source by running:
    docker compose build rstudio
error getting credentials - err: exit status 1, out: `GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files`

FIX, per - docker build regression: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files · Issue #1078 · moby/buildkit

sudo apt install gnome-keyring manual post-docker install steps

TODO: fold into docker-compose.yml

Log into as admin and use the Terminal to:

sudo chown -R 777 /share
cd /share; mkdir github; cd github
git clone
git clone

On Terminal for docker server with bbest@mhk-data-ubuntu:

docker exec -it nginx bash


Haven't figured out how to RUN these commands after user admin is created in rstudio-shiny container.

  1. Add shiny to staff so has permission to install libraries into /usr/local/lib/R/site-library.
sudo usermod -aG staff shiny

shiny app symbolic links

cd /srv/shiny-server
sudo su
ln -s /share/github/mhk-env_shiny-apps/datasets datasets
ln -s /share/github/mhk-env_shiny-apps/report report0
ln -s /share/github/mhk-env_shiny-apps/report-gen report
ln -s /share/github/mhk-env_shiny-apps/search_tethys tethys

postgis add postgres superuser

psql -h localhost -p 5432 -U admin -W gis

su postgres

docker-compose up 2>> up_error.txt 1>> up_out.txt

Docker maintenance

Push docker image

Since rstudio-shiny is a custom image bdbest/rstudio-shiny:s4w, I docker-compose push to bdbest/rstudio-shiny:s4w | Docker Hub.

# login to docker hub
docker login --username=bdbest

# push updated image
docker-compose push

Develop on local host

Note setting of HOST to local vs

# get latest docker-compose files
git clone
cd ~/iea-server

# set environment variables
echo "PASSWORD=S3cr!tpw" > .env
echo "" >> .env
cat .env

# stop all
docker stop $(docker ps -q)

# rename
docker rename nginx nginx_old
docker rename nginx-dev nginx-dev_old
docker rename postgis postgis_old
docker rename postgis postgis_new
docker rename postgis_old postgis
docker rename proxy proxy_old
docker rename rstudio rstudio_old
docker rename rstudio rstudio_new
docker rename rstudio_old rstudio
docker rename letsencrypt letsencrypt_old
docker rename geoserver geoserver_old

# launch
docker-compose up -d

# see all containers
docker ps -a

Then visit http://localhost or http://rstudio.localhost.

TODO: try migrating volumes in /var/lib/docker onto local machine.

Operate on all docker containers

# stop all running containers
docker stop $(docker ps -q)

# remove all containers
docker rm $(docker ps -aq)

# remove all image
docker rmi $(docker images -q)

# remove all volumes
docker volume rm $(docker volume ls -q)

# remove all stopped containers
docker container prune

Inspect docker logs

To tail the logs from the Docker containers in realtime, run:

docker-compose logs -f

docker inspect rstudio-shiny

migrate /share to 500 GB volume

check drives

See drives numbers or id by:

sudo fdisk -l
Disk /dev/vda: 160 GiB, 171798691840 bytes, 335544320 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 02CBFCD2-7495-4A08-A11B-28E7D3872FAA

Device      Start       End   Sectors   Size Type
/dev/vda1  227328 335544286 335316959 159.9G Linux filesystem
/dev/vda14   2048     10239      8192     4M BIOS boot
/dev/vda15  10240    227327    217088   106M Microsoft basic data

Partition table entries are not in disk order.

Disk /dev/sda: 500 GiB, 536870912000 bytes, 1048576000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
sda       8:0    0   500G  0 disk /run/media/system/Volume
vda     252:0    0   160G  0 disk 
├─vda1  252:1    0 159.9G  0 part /
├─vda14 252:14   0     4M  0 part 
└─vda15 252:15   0   106M  0 part /boot/efi

make space

Since disk is full with Docker volume /share, in Terminal:

du -a /share/data/ | sort -n -r | head -n 5
145854040       /share/data/
11557992        /share/data/ Vessel Tracks 2011
8586948 /share/data/ Vessel Tracks 2015
8581012 /share/data/ Vessel Tracks 2016
8516688 /share/data/ Vessel Tracks 2013
rm -rf /share/data/\ Vessel\ Tracks\ 201*
df -H

Now in SSH terminal, we see enough space:

Filesystem      Size  Used Avail Use% Mounted on
udev            4.2G     0  4.2G   0% /dev
tmpfs           837M  824k  836M   1% /run
/dev/vda1       167G  122G   46G  73% /
tmpfs           4.2G     0  4.2G   0% /dev/shm
tmpfs           5.3M     0  5.3M   0% /run/lock
tmpfs           4.2G     0  4.2G   0% /sys/fs/cgroup
/dev/vda15      110M  3.8M  106M   4% /boot/efi
/dev/sda        533G   76M  506G   1% /mnt/volume_sfo2_01
tmpfs           837M     0  837M   0% /run/user/1000


# mount volume
sudo mount /dev/sda /share

# copy from docker volume /share to host /share
sudo docker cp rstudio-shiny:/share/. /share

# stop all docker containers
docker stop $(docker ps -q)

# rebuild docker
cd ~/mhk-env_server-software
git pull
docker-compose up --build -d

# drop old unused docker volume /share
docker volume prune
Are you sure you want to continue? [y/N] y
Deleted Volumes:

Total reclaimed space: 104.4GB

Per Setting Up Persistent Mounting - How to Mount Volumes | DigitalOcean:

sudo vi /etc/fstab
LABEL=cloudimg-rootfs   /        ext4   defaults        0 0
LABEL=UEFI      /boot/efi       vfat    defaults        0 0
/dev/sda /share ext4 defaults,nofail,discard,noatime 0 2
# check that /etc/fstab is parsable and usable
findmnt --verify --verbose


Download Cyberduck



docker exec nginx sh -c "ln -s echo /share/api_out /usr/share/nginx/html/api_out"
docker exec -it nginx bash

To get latest for pdf generation:

# If you see an error message like “tlmgr: Remote repository is newer than local (2018 < 2019)”

# If an error occurs when compiling a LaTeX to PDF,

# if get something like ! LaTeX Error: File `amsmath.sty' not found.

Remove TexLive in fafor of TinyTex:

installing - How to remove everything related to TeX Live for fresh install on Ubuntu? - TeX - LaTeX Stack Exchange

sudo apt-get purge texlive*

Add user(s)

# setup (once) staff to be shared by admin, and default permissions 775
docker exec rstudio gpasswd -a admin staff
docker exec rstudio sh -c "echo 'umask 002' >> /etc/profile"

# override RStudio's default group read only with group read & write
docker exec rstudio sh -c "echo 'Sys.umask('2')\n' >> /usr/local/lib/R/etc/"
# vs quick fix in Terminal of sudo chmod -R g+w *

docker exec -it rstudio bash

# Add shiny to staff so has permission to install libraries into `/usr/local/lib/R/site-library` and write files
usermod -aG staff shiny

# set primary group to staff
usermod -g staff shiny
#confirm primary group set to staff
id shiny
# uid=998(shiny) gid=50(staff) groups=50(staff)


# userdel $user; groupdel $user

# add user inside rstudio docker container from host
useradd -m -p $(openssl passwd -crypt $pass) $user
# echo usermod -p "$pass" $user
# usermod -p $(openssl passwd -crypt $pass) $user

# setup (every user) primary group to staff
usermod -aG staff $user
usermod -aG sudo $user
usermod -aG shiny $user
usermod -g staff $user
groups $user

# setup symbolic links in home dir
ln -s /share                /home/$user/share
ln -s /share/data           /home/$user/data
ln -s /share/github         /home/$user/github
ln -s /srv/shinyapps        /home/$user/shiny-apps
ln -s /var/log/shiny-server /home/$user/shiny-logs

# add user to host
sudo adduser $user
sudo usermod -aG sudo $user

# check in container
docker exec -it rstudio-shiny bash
cat /etc/passwd

Stop, start, restart and list services for rstudio and shiny-server

Log into terminal:


Then into docker container:

docker exec -it rstudio bash

Get list of s6 processes:

# list s6 services
ps xf -o pid,ppid,pgrp,euser,args
505     0   505 root     bash
745   505   745 root      \_ ps xf -o pid,ppid,pgrp,euser,args
  1     0     1 root     s6-svscan -t0 /var/run/s6/services
 34     1     1 root     s6-supervise s6-fdholderd
211     1     1 root     s6-supervise rstudio
213     1     1 root     s6-supervise shiny-server
214   213   214 root      \_ /opt/shiny-server/ext/node/bin/shiny-server /opt/shiny-server/lib/main.js
226   214   214 root          \_ xtail /var/log/shiny-server/
549   214   549 root          \_ su -s /bin/bash --login -p -- shiny -c cd \/srv\/shiny-server\/sample-apps\/hello && R --no-save --slave -f \/opt\/shiny-server\/R\/SockJSAdapter\.R
551   214   551 root          \_ su -s /bin/bash --login -p -- shiny -c cd \/srv\/shiny-server\/sample-apps\/rmd && R --no-save --slave -f \/opt\/shiny-server\/R\/SockJSAdapter\.R

Manage a service:

cd /var/run/s6/services
# stop
s6-svc -d rstudio
# start
s6-svc -u rstudio
# restart
s6-svc -r rstudio


Web content:

  • Rmd website served by nginx
  • infographics

Shiny apps:

  • data-uploader
