Skip to content

Instantly share code, notes, and snippets.

@Taubin

Taubin/.env

Created January 13, 2020 21:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Taubin/3fbc435c4b47420c088852b5224c076b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Taubin/3fbc435c4b47420c088852b5224c076b to your computer and use it in GitHub Desktop.
Download ZIP
Current Working Docker
Raw
.env
MY_DOMAIN=[REDACTED]
DOMAINNAME=[REDACTED]
DEFAULT_NETWORK=traefik_net
CF_API_EMAIL=[REDACTED]
CF_API_KEY=[REDACTED]
HTTP_USERNAME=[REDACTED]
HTTP_PASSWORD=[REDACTED]
Raw
docker-compose.yml
version: '3.6'
services:
traefik:
container_name: traefik
image: traefik:v1.7.2 # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # So that Traefik can listen to the Docker events
- "./acme.json:/acme.json"
- "./traefik.toml:/traefik.toml:ro"
env_file:
- .env
environment:
- "CLOUDFLARE_EMAIL=${CF_API_EMAIL}"
- "CLOUDFLARE_API_KEY=${CF_API_KEY}"
labels:
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
whoami:
container_name: whoami
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.frontend.rule=Host:whoami.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
portainer:
image: portainer/portainer
container_name: portainer
restart: unless-stopped
hostname: portainer
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/portainer/data:/data
- ${USERDIR}/shared:/shared
labels:
- "traefik.frontend.rule=Host:portainer.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
nzbget:
image: linuxserver/nzbget
container_name: nzbget
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/docker/nzbget:/config
- ${DATADIR}/Downloads:/downloads
- ${DATADIR}/Downloads/incomplete:/incomplete-downloads
- ${USERDIR}/docker/shared:/shared
restart: unless-stopped
ports:
- "6789:6789"
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- "traefik.frontend.rule=Host:nzbget.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.nzbget.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
radarr:
image: "linuxserver/radarr"
container_name: "radarr"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/radarr:/config
- ${DATADIR}/Downloads:/downloads
- ${DATADIR}/Plex/Movies:/movies
- "/etc/localtime:/etc/localtime:ro"
- ${USERDIR}/shared:/shared
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- "traefik.frontend.rule=Host:radarr.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.radarr.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
sonarr:
image: "linuxserver/sonarr"
container_name: "sonarr"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/sonarr:/config
- ${DATADIR}/Downloads/:/downloads
- ${DATADIR}/Plex/TV:/shows
- "/etc/localtime:/etc/localtime:ro"
- ${USERDIR}/shared:/shared
restart: unless-stopped
ports:
- "8989:8989"
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- "traefik.frontend.rule=Host:sonarr.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.sonarr.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
hydra:
image: "linuxserver/hydra2"
container_name: "hydra"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/hydra:/config
- ${DATADIR}/Downloads:/downloads
- ${USERDIR}/shared:/shared
restart: unless-stopped
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
- 5076:5076
labels:
- "traefik.frontend.rule=Host:hydra.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.hydra.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
mylar:
image: linuxserver/mylar
container_name: mylar
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/mylar/config:/config
- ${DATADIR}/comics:/comics
- ${DATADIR}/Downloads:/downloads
restart: unless-stopped
labels:
- "traefik.frontend.rule=Host:mylar.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.mylar.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
headphones:
image: linuxserver/headphones
container_name: headphones
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/headphones/config:/config
- ${DATADIR}/headphones/Downloads:/downloads
- ${DATADIR}/headphones/music:/music
restart: unless-stopped
labels:
- "traefik.frontend.rule=Host:headphones.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.headphones.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
lazylibrarian:
image: thraxis/lazylibrarian-calibre
container_name: lazylibrarian-calibre
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DATADIR}/lazylibrarian/config:/config
- ${DATADIR}/Downloads:/downloads
- ${DATADIR}/calibre/books/calibre:/ebooks
- ${DATADIR}/lazylibrarian/audiobooks:/audiobooks
- ${DATADIR}/lazylibrarian/magazines:/magazines
- ${DATADIR}/lazylibrarian/comics:/comics
- ${DATADIR}/calibre/books:/calibre
restart: unless-stopped
labels:
- "traefik.frontend.rule=Host:lazylibrarian.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.lazylibrarian.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
ubooquity:
image: linuxserver/ubooquity
container_name: ubooquity
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- MAXMEM=1024
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/ubooquity:/config
- ${DATADIR}/books:/books
- ${DATADIR}/comics:/comics
- ${USERDIR}/ubooquity:/files
restart: unless-stopped
labels:
- "traefik.frontend.rule=Host:ubooquity.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.ubooquity.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
calibre-web:
image: linuxserver/calibre-web
container_name: calibre-web
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- DOCKER_MODS=linuxserver/calibre-web:calibre
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/calibre/config:/config
- ${DATADIR}/calibre/books:/books
ports:
- 8083:8083
restart: unless-stopped
labels:
- "traefik.frontend.rule=Host:calibre-web.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.calibre-web.entrypoints=websecure"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
calibre:
image: linuxserver/calibre
container_name: calibre
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
# - GUAC_USER=taubin #optional
# - GUAC_PASS=0fe226a6420dce648fdb0e982c678ef4 #optional
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DATADIR}/calibre/books:/config
restart: unless-stopped
labels:
- "traefik.frontend.rule=Host:calibre.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.calibre.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
db:
image: mariadb
container_name: mariadb1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DATADIR}/mariadb/config:/config
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD: [REDACTED]
restart: always
wordpress:
container_name: wp1
image: wordpress:latest
volumes:
- ${USERDIR}/wp:/var/www/html
- ${USERDIR}/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
ports:
- "8090:80"
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_PASSWORD: [REDACTED]
restart: on-failure
labels:
- "traefik.frontend.rule=Host:wp1.${DOMAINNAME}"
- "traefik.enable=true"
- "traefik.http.routers.wp1.entrypoints=websecure"
- "traefik.frontend.auth.basic.users=[REDACTED]
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin
environment:
- PMA_ARBITRARY=1
- PMA_HOST=db
restart: always
ports:
- 8081:80
links:
- db
Raw
traefik.toml
logLevel = "INFO"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
# "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
]
[entryPoints.http.auth]
headerField = "X-WebAuth-User"
[entryPoints.http.auth.basic]
removeHeader = true
users = [
"[REDACTED]"
]
[acme]
email = "[email protected]"
storage = "acme.json"
# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[acme.dnsChallenge]
provider = "cloudflare" # DNS Provider name (cloudflare, OVH, gandi...)
delayBeforeCheck = 30
CLOUDFLARE_EMAIL="${CF_API_EMAIL}"
CLOUDFLARE_API_KEY="${CF_API_KEY}"
[[acme.domains]]
main = "[REDACTED]"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment