Last active
July 8, 2024 22:57
-
-
Save jerkovicl/dcd43dadc9eee47f0b95f8c54df3b18d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Reference: https://www.smarthomebeginner.com/traefik-reverse-proxy-tutorial-for-docker | |
| #Requirement: nano .env -> Set environmental variables: ${$USERDIR}, ${PUID}, ${PGID}, ${TZ}, ${DOMAINNAME}, ${CLOUDFLARE_EMAIL}, ${CLOUDFLARE_API_KEY}, ${HTTP_USERNAME}, ${HTTP_PASSWORD}, ${PLEX_CLAIM} etc. as explained in the reference. | |
| version: "3.7" | |
| services: | |
| ######### FRONTENDS ########## | |
| # Traefik Reverse Proxy | |
| traefik: | |
| hostname: traefik | |
| image: traefik:v1.7.21 | |
| container_name: traefik | |
| restart: always | |
| domainname: ${DOMAINNAME} | |
| networks: | |
| - default | |
| - traefik_proxy | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| # - "XXXX:8080" | |
| environment: | |
| - CF_API_EMAIL=${CLOUDFLARE_EMAIL} | |
| - CF_API_KEY=${CLOUDFLARE_API_KEY} | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=traefik" | |
| - "traefik.frontend.rule=Host:traefik.${DOMAINNAME}" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /traefik" | |
| - "traefik.port=8080" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=traefik.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| #- "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| - ${USERDIR}/docker/traefik:/etc/traefik | |
| - ${USERDIR}/docker/shared:/shared | |
| - /var/log/docker/traefik.log:/var/log/docker/traefik.log # for fail2ban - make sure to touch file before starting container | |
| # The auth gate for SSO | |
| traefik-forward-auth: | |
| # thomseddeon's image doesnt support OIDC_ISSUER yet | |
| # image: thomseddon/traefik-forward-auth | |
| image: funkypenguin/traefik-forward-auth | |
| container_name: traefik-forward-auth | |
| networks: | |
| - traefik_proxy | |
| environment: | |
| CLIENT_ID: ${AUTH_CLIENT_ID} | |
| CLIENT_SECRET: ${AUTH_CLIENT_SECRET} | |
| # This is based on using the Master realm. Create a new client, this will go into your CLIENT_ID, CLIENT_SECRET details. | |
| OIDC_ISSUER: https://keycloak.${DOMAINNAME}/auth/realms/master | |
| SECRET: ${HTTP_PASSWORD} | |
| AUTH_HOST: auth.${DOMAINNAME} | |
| COOKIE_DOMAINS: ${DOMAINNAME} | |
| #WHITELIST: ${EMAIL} | |
| COOKIE_SECURE: "true" | |
| LIFETIME: "2592000" | |
| restart: always | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.port=4181" | |
| - "traefik.frontend.rule=Host:auth.${DOMAINNAME}" | |
| - "traefik.backend=traefik-forward-auth" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| depends_on: | |
| - keycloak | |
| - traefik | |
| # Keycloak - identity and access management solution | |
| keycloak: | |
| image: jboss/keycloak | |
| container_name: keycloak | |
| domainname: ${DOMAINNAME} | |
| restart: always | |
| # ports: | |
| # - "8080:8080" | |
| networks: | |
| - traefik_proxy | |
| - keycloak | |
| volumes: | |
| # - ${USERDIR}/docker/keycloak/config.json:/config.json | |
| - /etc/timezone:/etc/timezone:ro | |
| - /etc/localtime:/etc/localtime:ro | |
| - /var/log/docker/keycloak:/opt/jboss/keycloak/standalone/log | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - KEYCLOAK_USER=${KEYCLOAK_USER} | |
| - KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD} | |
| # - KEYCLOAK_IMPORT=/config.json | |
| - DB_VENDOR=mariadb | |
| - DB_DATABASE=keycloak | |
| - DB_ADDR=mariadb | |
| - DB_USER=keycloak | |
| - DB_PASSWORD=${MYSQL_ROOT_PASSWORD} | |
| # - JBOSS_LOG_DIR=/opt/wildfly/logs | |
| # This is required to run keycloak behind traefik | |
| - PROXY_ADDRESS_FORWARDING=true | |
| - KEYCLOAK_HOSTNAME=keycloak.${DOMAINNAME} | |
| # Tell MYSQL what user/password to create | |
| - MYSQL_USER=keycloak | |
| - MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD} | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.backend=keycloak" | |
| - "traefik.frontend.rule=Host:keycloak.${DOMAINNAME}" | |
| # - "traefik.protocol: http" | |
| - "traefik.port=8080" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=keycloak.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| # depends_on: | |
| # - mariadb | |
| #Portainer - WebUI for Containers | |
| portainer: | |
| image: portainer/portainer | |
| container_name: portainer | |
| restart: always | |
| command: -H unix:///var/run/docker.sock | |
| # ports: | |
| # - "XXXX:9000" | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - ${USERDIR}/docker/portainer/data:/data | |
| - ${USERDIR}/docker/shared:/shared | |
| environment: | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=portainer" | |
| - "traefik.frontend.rule=Host:portainer.${DOMAINNAME}" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /portainer" | |
| - "traefik.port=9000" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=portainer.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Organizer - Unified HTPC/Home Server Web Interface | |
| organizr: | |
| container_name: organizr | |
| restart: always | |
| image: lsiocommunity/organizr | |
| volumes: | |
| - ${USERDIR}/docker/organizr:/config | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:80" | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=organizr" | |
| - "traefik.frontend.rule=Host:organizr.${DOMAINNAME}" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /organizr" | |
| - "traefik.port=80" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=organizr.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # phpMyAdmin - WebUI for MariaDB | |
| phpmyadmin: | |
| hostname: phpmyadmin | |
| container_name: phpmyadmin | |
| image: phpmyadmin/phpmyadmin | |
| restart: always | |
| depends_on: | |
| - mariadb | |
| # ports: | |
| # - XXXX:80 | |
| environment: | |
| - PMA_HOST=mariadb | |
| - PMA_USER=root | |
| - PMA_PASSWORD=${MYSQL_ROOT_PASSWORD} | |
| - PMA_ABSOLUTE_URI=https://pma.${DOMAINNAME} | |
| volumes: | |
| - ${USERDIR}/docker/phpmyadmin/config.user.inc.php:/etc/phpmyadmin/config.user.inc.php | |
| - ${USERDIR}/docker/phpmyadmin/php.ini:/usr/local/etc/php/conf.d/php.ini | |
| - ${USERDIR}/docker/phpmyadmin/custom/phpmyadmin/theme:/www/themes/theme/ | |
| networks: | |
| - traefik_proxy | |
| - default | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=pma" | |
| - "traefik.frontend.rule=Host:pma.${DOMAINNAME}" | |
| - "traefik.port=80" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=pma.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| ######### DOCKER RELATED ########## | |
| # Watchtower - Automatic Update of Containers/Apps | |
| watchtower: | |
| container_name: watchtower | |
| hostname: watchtower | |
| restart: always | |
| image: containrrr/watchtower #v2tec/watchtower | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| environment: | |
| - WATCHTOWER_NOTIFICATIONS=slack | |
| - WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL=${SLACK_WEBHOOK_URL} | |
| - WATCHTOWER_NOTIFICATION_SLACK_IDENTIFIER=watchtower | |
| - WATCHTOWER_NOTIFICATION_SLACK_CHANNEL=#docker | |
| command: --schedule "0 0 4 * * *" --cleanup --debug | |
| # Docker Garbage Collector | |
| dockergc: | |
| container_name: docker-gc | |
| image: clockworksoul/docker-gc-cron:latest | |
| #network_mode: "host" | |
| restart: always | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - ${USERDIR}/docker/shared/docker-gc-exclude:/etc/docker-gc-exclude | |
| environment: | |
| - CRON=0 9,21 * * * | |
| - FORCE_IMAGE_REMOVAL=1 | |
| - FORCE_CONTAINER_REMOVAL=1 | |
| - MINIMUM_IMAGES_TO_SAVE=1 | |
| - GRACE_PERIOD_SECONDS=3600 | |
| - DRY_RUN=0 | |
| - CLEAN_UP_VOLUMES=1 | |
| - TZ=${TZ} | |
| # Dozzle - realtime log viewer for docker containers | |
| dozzle: | |
| container_name: dozzle | |
| image: amir20/dozzle:latest | |
| restart: always | |
| environment: | |
| - DOZZLE_TAILSIZE=100 | |
| - DOZZLE_LEVEL=info | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - /etc/localtime:/etc/localtime:ro | |
| #ports: | |
| # - 9999:8080 | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=dozzle" | |
| - "traefik.frontend.rule=Host:dozzle.${DOMAINNAME}" | |
| - "traefik.port=8080" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=dozzle.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Cloudflare DDNS | |
| cloudddns: | |
| container_name: cloudddns | |
| restart: always | |
| image: joshava/cloudflare-ddns | |
| volumes: | |
| - ${USERDIR}/docker/shared/config.yml:/app/config.yaml | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| # Traefik Certificate Extractor | |
| #https://hub.docker.com/r/ldez/traefik-certs-dumper | |
| certsdump: | |
| container_name: certsdump | |
| image: ldez/traefik-certs-dumper | |
| command: file --source /acme.json --dest /dump/live --domain-subdir --crt-name=fullchain --key-name=privkey --crt-ext=.pem --key-ext=.pem | |
| volumes: | |
| - ${USERDIR}/docker/traefik/acme/acme.json:/acme.json:ro | |
| - ${USERDIR}/docker/shared/letsencrypt/etc:/dump | |
| restart: "no" | |
| ######### DOWNLOADERS ########## | |
| # qBittorrent without VPN – Bittorrent Downloader | |
| qbittorrent: | |
| image: "linuxserver/qbittorrent" | |
| container_name: "qbittorrent" | |
| volumes: | |
| - ${USERDIR}/docker/qbittorrent:/config | |
| - ${USERDIR}/Downloads/completed:/downloads | |
| - ${USERDIR}/docker/shared:/shared | |
| ports: | |
| - "8080:8080" | |
| - "6881:6881" | |
| - "6881:6881/udp" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - UMASK_SET=002 | |
| - WEBUI_PORT=8080 | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=qbittorrent" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /qbittorrent" | |
| - "traefik.frontend.rule=Host:qbit.${DOMAINNAME}" | |
| - "traefik.port=8080" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=qbit.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # SABnzbd – Usenet (NZB) Downloader | |
| sabnzbd: | |
| image: "linuxserver/sabnzbd" | |
| container_name: "sabnzbd" | |
| volumes: | |
| - ${USERDIR}/docker/sabnzbd:/config | |
| - ${USERDIR}/Downloads/completed:/downloads | |
| - ${USERDIR}/Downloads/incomplete:/incomplete-downloads | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:8080" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=sabnzbd" | |
| - "traefik.frontend.rule=Host:sabnzbd.${DOMAINNAME}" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /sabnzbd" | |
| - "traefik.port=8080" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=sabnzbd.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| ######### PERSONAL VIDEO RECORDERS ########## | |
| # Radarr – Movie Download and Management | |
| radarr: | |
| image: "linuxserver/radarr" | |
| container_name: "radarr" | |
| volumes: | |
| - ${USERDIR}/docker/radarr:/config | |
| - ${USERDIR}/Downloads/completed:/downloads | |
| - ${USERDIR}/media/movies:/movies | |
| - /etc/localtime:/etc/localtime:ro | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:7878" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=radarr" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /radarr" | |
| - "traefik.frontend.rule=Host:radarr.${DOMAINNAME}" | |
| - "traefik.port=7878" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=radarr.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" # set to false to show as tabs in organizr | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Sonarr – TV Show Download and Management | |
| sonarr: | |
| image: "linuxserver/sonarr" | |
| container_name: "sonarr" | |
| volumes: | |
| - ${USERDIR}/docker/sonarr:/config | |
| - ${USERDIR}/Downloads/completed:/downloads | |
| - ${USERDIR}/media/tvshows:/tv | |
| - /etc/localtime:/etc/localtime:ro | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:8989" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=sonarr" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /sonarr" | |
| - "traefik.frontend.rule=Host:sonarr.${DOMAINNAME}" | |
| - "traefik.port=8989" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=sonarr.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # LIDARR - Music Download and Management | |
| lidarr: | |
| image: "linuxserver/lidarr" | |
| hostname: lidarr | |
| container_name: "lidarr" | |
| volumes: | |
| - ${USERDIR}/docker/lidarr:/config | |
| - ${USERDIR}/Downloads/completed:/downloads | |
| - ${USERDIR}/media/music:/music | |
| - /etc/localtime:/etc/localtime:ro | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:8686" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=lidarr" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /lidarr" | |
| - "traefik.frontend.rule=Host:lidarr.${DOMAINNAME}" | |
| - "traefik.port=8686" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=lidarr.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Bazarr - Subtitles download and managment | |
| bazarr: | |
| image: linuxserver/bazarr | |
| container_name: bazarr | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - UMASK_SET=022 #optional | |
| volumes: | |
| - ${USERDIR}/docker/bazarr:/config | |
| - ${USERDIR}/media/movies:/movies | |
| - /etc/localtime:/etc/localtime:ro | |
| - ${USERDIR}/media/tvshows:/tv | |
| # ports: | |
| # - 6767:6767 | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=bazarr" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /bazarr" | |
| - "traefik.frontend.rule=Host:bazarr.${DOMAINNAME}" | |
| - "traefik.port=6767" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=bazarr.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Lazylibrarian – Ebooks and Management | |
| lazylibrarian: | |
| image: "linuxserver/lazylibrarian" | |
| container_name: "lazylibrarian" | |
| volumes: | |
| - ${USERDIR}/docker/lazylibrarian:/config | |
| - ${USERDIR}/Downloads/completed:/downloads | |
| - ${USERDIR}/media/books:/books | |
| - /etc/localtime:/etc/localtime:ro | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:5299" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - DOCKER_MODS=linuxserver/calibre-web:calibre # set the path to converter tool to /usr/bin/calibredb | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=lazylibrarian" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /lazylibrarian" | |
| - "traefik.frontend.rule=Host:lazylibrarian.${DOMAINNAME}" | |
| - "traefik.port=5299" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=lazylibrarian.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| ######### MEDIA SERVER APPS ########## | |
| # Plex Media Server | |
| plexms: | |
| container_name: plexms | |
| restart: always | |
| image: plexinc/pms-docker | |
| #devices: | |
| # - /dev/dri:/dev/dri # have a Plex Pass and an Intel processor with QuickSync for harware transcoding | |
| security_opt: | |
| - no-new-privileges:true | |
| volumes: | |
| - ${USERDIR}/docker/plexms:/config | |
| - ${USERDIR}/Downloads/plex_tmp:/transcode | |
| #- /dev/shm:/transcode # Offload transcoding to RAM if you have enough RAM | |
| - ${USERDIR}/media:/media | |
| - ${USERDIR}/docker/shared:/shared | |
| ports: | |
| - "32400:32400/tcp" | |
| - "3005:3005/tcp" # controlling Plex Home Theater via Plex Companion | |
| - "8324:8324/tcp" # controlling Plex for Roku via Plex Companion | |
| - "32469:32469/tcp" | |
| - "1900:1900/udp" # access to the Plex DLNA Server | |
| - "32410:32410/udp" # GDM network discovery | |
| - "32412:32412/udp" # GDM network discovery | |
| - "32413:32413/udp" # GDM network discovery | |
| - "32414:32414/udp" # GDM network discovery | |
| environment: | |
| - TZ=${TZ} | |
| - HOSTNAME="Docker Plex" | |
| - PLEX_CLAIM=${PLEX_CLAIM} | |
| - PLEX_UID=${PUID} | |
| - PLEX_GID=${PGID} | |
| - ADVERTISE_IP="http://SERVER-IP:32400/" # IP Address of your server, run ifconfig | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=plexms" | |
| - "traefik.frontend.rule=Host:plex.${DOMAINNAME}" | |
| - "traefik.port=32400" | |
| - "traefik.protocol=http" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=plex.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Jellyfin - Media Server | |
| jellyfin: | |
| image: linuxserver/jellyfin | |
| container_name: jellyfin | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - UMASK_SET=022 #optional | |
| volumes: | |
| - ${USERDIR}/docker/jellyfin:/config | |
| - ${USERDIR}/media/movies:/data/movies | |
| - ${USERDIR}/media/tvshows:/data/tvshows | |
| - /etc/localtime:/etc/localtime:ro | |
| # - /path for transcoding:/transcode #optional | |
| # - /opt/vc/lib:/opt/vc/lib #optional for raspberry pi | |
| # ports: | |
| # - 8096:8096 | |
| # - 8920:8920 #optional | |
| devices: | |
| - /dev/dri:/dev/dri #optional, if you want to use your Intel GPU for hardware accelerated video encoding | |
| # - /dev/vchiq:/dev/vchiq #optional for raspberry pi | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=jellyfin" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /jellyfin" | |
| - "traefik.frontend.rule=Host:jellyfin.${DOMAINNAME}" | |
| - "traefik.port=8096" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=jellyfin.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| #- "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| #- "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| #- "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Funkwhale - music streaming server | |
| funkwhale: | |
| image: funkwhale/all-in-one:latest | |
| container_name: funkwhale | |
| restart: unless-stopped | |
| networks: | |
| - traefik_proxy | |
| environment: | |
| - TZ=${TZ} | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - FUNKWHALE_HOSTNAME=funkwhale.${DOMAINNAME} | |
| - LIBRARY_ID=${LIBRARY_ID} | |
| volumes: | |
| - ${USERDIR}/docker/funkwhale:/data | |
| - ${USERDIR}/media/music:/music | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=funkwhale" | |
| - "traefik.frontend.rule=Host:funkwhale.${DOMAINNAME}" | |
| - "traefik.port=80" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=funkwhale.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # MusicBrainz Picard – Music Management | |
| picard: | |
| container_name: picard | |
| image: mikenye/picard | |
| restart: always | |
| networks: | |
| - traefik_proxy | |
| # ports: | |
| # - "5800:5800" | |
| volumes: | |
| - $USERDIR/media/music:/storage:rw | |
| - $USERDIR/docker/picard:/config:rw | |
| environment: | |
| - USER_ID=${PUID} | |
| - GROUP_ID=${PGID} | |
| - TZ=${TZ} | |
| - UMASK=002 | |
| - DISPLAY_WIDTH=1280 | |
| - DISPLAY_HEIGHT=768 | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=picard" | |
| - "traefik.frontend.rule=Host:picard.${DOMAINNAME}" | |
| - "traefik.port=5800" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=picard.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Ubooquity - home server for comics and ebooks library | |
| ubooquity: | |
| image: linuxserver/ubooquity | |
| container_name: ubooquity | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - MAXMEM=1024 | |
| volumes: | |
| - ${USERDIR}/docker/ubooquity:/config | |
| - ${USERDIR}/media/books:/books | |
| - ${USERDIR}/media/comics:/comics | |
| - ${USERDIR}/media/files:/files | |
| ports: | |
| - 2202:2202 | |
| - 2203:2203 | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=ubooquity" | |
| - "traefik.frontend.rule=Host:ubooquity.${DOMAINNAME}" | |
| - "traefik.port=2202" | |
| - "traefik.admin.frontend.rule=Host:ubooquity.${DOMAINNAME}; PathPrefix:/admin,/admin-res,/admin-api" | |
| - "traefik.admin.port=2203" | |
| - "traefik.protocol=http" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=ubooquity.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Calibre-web – Ebooks and Management | |
| calibre-web: | |
| image: "linuxserver/calibre-web" | |
| container_name: "calibre-web" | |
| volumes: | |
| - ${USERDIR}/docker/calibre_web:/config | |
| - ${USERDIR}/media/books:/books | |
| - /etc/localtime:/etc/localtime:ro | |
| # ports: | |
| # - "XXXX:8083" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| # - DOCKER_MODS=linuxserver/calibre-web:calibre # include for ebook conversion | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=calibre-web" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /calibre-web" | |
| - "traefik.frontend.rule=Host:calibre-web.${DOMAINNAME}" | |
| - "traefik.port=8083" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=calibre-web.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| calibre: | |
| image: "linuxserver/calibre" | |
| container_name: "calibre" | |
| volumes: | |
| - ${USERDIR}/Downloads/completed:/import | |
| - ${USERDIR}/media/books:/books | |
| - ${USERDIR}/docker/calibre:/config | |
| - /etc/localtime:/etc/localtime:ro | |
| # ports: | |
| # - "XXXX:8080" | |
| # - "XXXX:8081" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=calibre" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /calibre" | |
| - "traefik.frontend.rule=Host:calibre.${DOMAINNAME}" | |
| - "traefik.port=8081" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=calibre.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| ######### SEARCHERS ########## | |
| # Jackett – Torrent Proxy | |
| jackett: | |
| image: "linuxserver/jackett" | |
| container_name: "jackett" | |
| volumes: | |
| - ${USERDIR}/docker/jackett:/config | |
| - ${USERDIR}/Downloads/completed:/downloads | |
| - /etc/localtime:/etc/localtime:ro | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:9117" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=jackett" | |
| - "traefik.frontend.rule=Host:jackett.${DOMAINNAME}" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /jackett" | |
| - "traefik.port=9117" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=jackett.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| ######### UTILITIES ########## | |
| # MariaDB – Database Server for your Apps | |
| mariadb: | |
| image: "linuxserver/mariadb" | |
| container_name: "mariadb" | |
| hostname: mariadb | |
| volumes: | |
| - ${USERDIR}/docker/mariadb:/config | |
| - ${USERDIR}/docker/mysql/scripts:/docker-entrypoint-initdb.d:ro | |
| - ${USERDIR}/docker/mysql:/var/lib/mysql/data:rw | |
| ports: | |
| - target: 3306 | |
| published: 3306 | |
| protocol: tcp | |
| mode: host | |
| networks: | |
| - traefik_proxy | |
| - keycloak | |
| restart: always | |
| environment: | |
| - MYSQL_DATABASE=keycloak | |
| #- MYSQL_USER=keycloak | |
| - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| # Copy-pasted from https://github.com/docker-library/mariadb/issues/94 | |
| healthcheck: | |
| test: ["CMD", "mysqladmin", "ping", "--silent"] | |
| # mysql db backup | |
| db-backup: | |
| container_name: db-backup | |
| image: tiredofit/db-backup | |
| depends_on: | |
| - mariadb | |
| volumes: | |
| - ${USERDIR}/docker/mariadb/backups:/backup | |
| - /etc/localtime:/etc/localtime:ro | |
| environment: | |
| #- DB_SERVER=mariadb | |
| - DB_TYPE=mariadb | |
| - DB_HOST=mariadb | |
| - DB_USER=root | |
| - DB_PASS=${MYSQL_ROOT_PASSWORD} | |
| - DB_DUMP_FREQ=1440 | |
| - DB_DUMP_BEGIN=+20 | |
| #- DB_DUMP_TARGET=${USERDIR}/docker/mariadb/backups | |
| - DB_CLEANUP_TIME=8640 | |
| - COMPRESSION=XZ | |
| - SPLIT_DB=TRUE | |
| networks: | |
| - traefik_proxy | |
| restart: always | |
| # Redis - Key-value Store | |
| redis: | |
| container_name: redis | |
| image: redis | |
| restart: always | |
| entrypoint: redis-server --appendonly yes | |
| networks: | |
| - traefik_proxy | |
| # ports: | |
| # - "6379:6379" | |
| sysctls: | |
| net.core.somaxconn: '65535' | |
| volumes: | |
| - ${USERDIR}/docker/redis/data:/data | |
| - /etc/localtime:/etc/localtime:ro | |
| #- ${USERDIR}/docker/redis/redis.conf:/usr/local/etc/redis/redis.conf | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.port=6379" | |
| - "traefik.backend=redis" | |
| - "traefik.docker.network=traefik_proxy" | |
| # Redis Commander - Redis Management Tool | |
| rediscommander: | |
| container_name: rediscommander | |
| image: rediscommander/redis-commander | |
| restart: always | |
| depends_on: | |
| - redis | |
| networks: | |
| - traefik_proxy | |
| # ports: | |
| # - "8081:8081" | |
| environment: | |
| - REDIS_HOST=redis | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=rediscommander" | |
| - "traefik.frontend.rule=Host:rediscmd.${DOMAINNAME}" | |
| - "traefik.port=8081" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=rediscmd.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # CyberChef - the Cyber Swiss Army Knife web app for encryption, encoding, compression and data analysis | |
| cyberchef: | |
| container_name: cyberchef | |
| image: mpepping/cyberchef | |
| restart: always | |
| networks: | |
| - traefik_proxy | |
| # ports: | |
| # - "8000:8000" | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=cyberchef" | |
| - "traefik.frontend.rule=Host:cyberchef.${DOMAINNAME}" | |
| - "traefik.port=8000" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=cyberchef.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # NextCloud – Your Own Cloud Storage | |
| nextcloud: | |
| container_name: nextcloud | |
| restart: always | |
| image: linuxserver/nextcloud | |
| volumes: | |
| - ${USERDIR}/docker/nextcloud:/config | |
| - ${USERDIR}/shared_data:/data | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:443" | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=nextcloud" | |
| - "traefik.frontend.rule=Host:nextcloud.${DOMAINNAME}" | |
| - "traefik.port=443" | |
| - "traefik.protocol=https" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=nextcloud.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| #- "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| #- "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| #- "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Bitwarden - Password Vault | |
| bitwarden: | |
| container_name: bitwarden | |
| image: bitwardenrs/server-mysql | |
| restart: always | |
| networks: | |
| - traefik_proxy | |
| # ports: | |
| # - "8888:80" | |
| volumes: | |
| - $USERDIR/docker/bitwarden:/data | |
| - /var/log/docker:/var/log/docker | |
| - /etc/localtime:/etc/localtime:ro | |
| environment: | |
| - SIGNUPS_ALLOWED=false # Change to false after first login | |
| - INVITATIONS_ALLOWED=false | |
| - WEBSOCKET_ENABLED=false #true | |
| - LOG_FILE=/var/log/docker/bitwarden.log | |
| - SMTP_HOST=smtp.gmail.com | |
| - SMTP_FROM=${SMTP_EMAIL} | |
| - SMTP_PORT=587 | |
| - SMTP_SSL=true | |
| - SMTP_USERNAME=${SMTP_EMAIL} | |
| - SMTP_PASSWORD=${SMTP_PASSWORD} | |
| - DOMAIN=https://bitwarden.$DOMAINNAME | |
| - ADMIN_TOKEN=supersecret | |
| - DATABASE_URL=mysql://bitwarden:${MYSQL_ROOT_PASSWORD}@mariadb/bitwarden | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=bitwarden" | |
| - "traefik.frontend.rule=Host:bitwarden.${DOMAINNAME}" | |
| #- "traefik.web.frontend.rule=Host:bitwarden.${DOMAINNAME}" | |
| - "traefik.port=80" | |
| # - "traefik.web.port=80" | |
| - "traefik.hub.frontend.rule=Host:bitwarden.${DOMAINNAME};Path:/notifications/hub" | |
| - "traefik.hub.port=3012" | |
| - "traefik.hub.protocol=ws" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=bitwarden.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| #- "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| #- "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| #- "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Guacamole – Clientless remote desktop gateway | |
| guacd: | |
| container_name: guacd | |
| hostname: guacd | |
| image: guacamole/guacd | |
| networks: | |
| - traefik_proxy | |
| restart: always | |
| volumes: | |
| - ${USERDIR}/docker/guacamole/drive:/drive:rw | |
| - ${USERDIR}/docker/guacamole/record:/record:rw | |
| guacamole: | |
| container_name: guacamole | |
| depends_on: | |
| - guacd | |
| - mariadb | |
| environment: | |
| - GUACD_HOSTNAME=guacd | |
| #- GUACD_PORT=4822 | |
| - MYSQL_HOSTNAME=mariadb | |
| - MYSQL_PORT=3306 | |
| - MYSQL_DATABASE=guacamole | |
| - MYSQL_USER=guac | |
| - MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD} | |
| - GUACAMOLE_HOME=/etc/guacamole | |
| - TZ=${TZ} | |
| image: guacamole/guacamole | |
| volumes: | |
| - ${USERDIR}/docker/guacamole:/etc/guacamole:rw | |
| - /var/log/docker/guacamole:/usr/local/tomcat/logs | |
| networks: | |
| - traefik_proxy | |
| - default | |
| ports: | |
| - 8082:8080/tcp | |
| restart: always | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=guacamole" #guacamole_docker | |
| - "traefik.frontend.rule=Host:guac.${DOMAINNAME}" | |
| #- "traefik.frontend.rule=Host:guac.${DOMAINNAME}; AddPrefix: /guacamole" | |
| - "traefik.port=8080" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=guac.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Netdata - real-time performance monitoring | |
| netdata: | |
| container_name: netdata | |
| image: netdata/netdata | |
| hostname: netdata | |
| restart: always | |
| cap_add: | |
| - SYS_PTRACE | |
| security_opt: | |
| - apparmor:unconfined | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - NETDATA_PORT=19999 | |
| volumes: | |
| - /proc:/host/proc:ro | |
| - /sys:/host/sys:ro | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=netdata" | |
| - "traefik.frontend.rule=Host:netdata.${DOMAINNAME}" | |
| - "traefik.port=19999" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=netdata.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Glances - web-based top cmd | |
| glances: | |
| container_name: glances | |
| hostname: glances | |
| restart: always | |
| image: vimagick/glances | |
| #network_mode: host | |
| pid: host | |
| networks: | |
| - traefik_proxy | |
| volumes: | |
| - ${USERDIR}/docker/glances:/etc/glances | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| environment: | |
| - GLANCES_OPT=-w | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=glances" | |
| - "traefik.frontend.rule=Host:glances.${DOMAINNAME}" | |
| #- "traefik.frontend.rule=Host:glances.docker.localhost" | |
| - "traefik.port=61208" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=glances.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Heimdall - application dashboard | |
| heimdall: | |
| image: linuxserver/heimdall | |
| container_name: heimdall | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| volumes: | |
| - ${USERDIR}/docker/heimdall:/config | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=heim" | |
| - "traefik.frontend.rule=Host:${DOMAINNAME}, www.${DOMAINNAME}, heimdall.${DOMAINNAME}" | |
| - "traefik.port=80" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=heimdall.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| networks: | |
| - traefik_proxy | |
| # Cloud Commander - web file manager | |
| cloudcmd: | |
| image: coderaiser/cloudcmd | |
| container_name: cloudcmd | |
| restart: always | |
| volumes: | |
| - ${USERDIR}/docker/cloudcmd:/root | |
| - ${USERDIR}/docker:/mnt/fs | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=cloudcmd" | |
| - "traefik.frontend.rule=Host:cloudcmd.${DOMAINNAME}" | |
| - "traefik.port=8000" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=cloudcmd.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # Duplicati - Backups cloud management | |
| duplicati: | |
| image: linuxserver/duplicati | |
| container_name: duplicati | |
| volumes: | |
| - ${USERDIR}/docker/duplicati:/config | |
| - ${USERDIR}/backups:/backups | |
| - ${USERDIR}/docker:/source | |
| - /etc/localtime:/etc/localtime:ro | |
| - ${USERDIR}/docker/shared:/shared | |
| # ports: | |
| # - "XXXX:8200" | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - CLI_ARGS= #optional | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=duplicati" | |
| - "traefik.frontend.rule=Host:duplicati.${DOMAINNAME}" | |
| - "traefik.port=8200" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=duplicati.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # code-server - vscode in a browser | |
| code-server: | |
| image: linuxserver/code-server | |
| container_name: code-server | |
| restart: always | |
| environment: | |
| - PUID=${PUID} | |
| - PGID=${PGID} | |
| - TZ=${TZ} | |
| - PASSWORD=${KEYCLOAK_PASSWORD} #optional | |
| - SUDO_PASSWORD=${KEYCLOAK_PASSWORD} #optional | |
| volumes: | |
| - ${USERDIR}/docker/vscode/config:/config # For github integration, drop your ssh key in to /config/.ssh. | |
| #ports: | |
| # - 8443:8443 | |
| networks: | |
| - traefik_proxy | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=code-server" | |
| - "traefik.frontend.rule=Host:code.${DOMAINNAME}" | |
| - "traefik.port=8443" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=code.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| # fail2ban | |
| fail2ban: | |
| container_name: fail2ban | |
| image: crazymax/fail2ban:latest | |
| restart: always | |
| network_mode: "host" | |
| cap_add: | |
| - NET_ADMIN | |
| - NET_RAW | |
| volumes: | |
| - /var/log/docker:/var/log/docker | |
| - ${USERDIR}/docker/fail2ban:/data | |
| - ${USERDIR}/docker/fail2ban/fail2ban.d:/etc/fail2ban/fail2ban.d | |
| environment: | |
| - TZ=${TZ} | |
| - F2B_LOG_TARGET=/var/log/docker/fail2ban.log | |
| - F2B_LOG_LEVEL=INFO | |
| - F2B_DB_PURGE_AGE=1d | |
| #- F2B_ACTION=%(action_mw)s # %(action_mw)s or %(action_mwl)s to send mail | |
| - F2B_IPTABLES_CHAIN=DOCKER-USER | |
| - SSMTP_HOST=smtp.gmail.com | |
| - SSMTP_PORT=587 | |
| #- SSMTP_HOSTNAME=example.com | |
| - SSMTP_USER=${SMTP_EMAIL} | |
| - SSMTP_PASSWORD=${SMTP_PASSWORD} # Create an "app password" if you use 2FA | |
| - SSMTP_TLS=TLS | |
| # Paperless - Documents Storage | |
| # https://paperless.readthedocs.io/en/latest/utilities.html#the-exporter | |
| # extra env vars: https://github.com/the-paperless-project/paperless/blob/master/paperless.conf.example | |
| # to create admin account run this command: docker-compose run --rm paperless createsuperuser | |
| paperless: | |
| image: thepaperlessproject/paperless | |
| container_name: paperless | |
| restart: always | |
| networks: | |
| - traefik_proxy | |
| #ports: | |
| # - "8325:8000" | |
| healthcheck: | |
| test: ["CMD", "curl", "-f", "http://localhost:8000"] | |
| interval: 30s | |
| timeout: 10s | |
| retries: 5 | |
| volumes: | |
| - ${USERDIR}/docker/paperless/data:/usr/src/paperless/data | |
| - ${USERDIR}/docker/paperless/media:/usr/src/paperless/media | |
| - ${USERDIR}/shared_data/djlujo/files/scans/consume:/consume | |
| - ${USERDIR}/shared_data/djlujo/files/scans/export:/export | |
| environment: | |
| - PAPERLESS_OCR_LANGUAGES=eng hrv | |
| - PAPERLESS_PASSPHRASE=${PAPERLESS_PASSWORD} # document encryption | |
| - USERMAP_UID=${PUID} | |
| - USERMAP_GID=${PGID} | |
| #- PAPERLESS_USE_SSL | |
| command: ["gunicorn", "-b", "0.0.0.0:8000"] | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.backend=paperless" | |
| # - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefix: /paperless" | |
| - "traefik.frontend.rule=Host:paperless.${DOMAINNAME}" | |
| - "traefik.port=8000" | |
| - "traefik.docker.network=traefik_proxy" | |
| - "traefik.frontend.passHostHeader=true" | |
| - "traefik.frontend.headers.SSLForceHost=true" | |
| - "traefik.frontend.headers.SSLRedirect=true" | |
| - "traefik.frontend.headers.STSSeconds=315360000" | |
| - "traefik.frontend.headers.browserXSSFilter=true" | |
| - "traefik.frontend.headers.contentTypeNosniff=true" | |
| - "traefik.frontend.headers.forceSTSHeader=true" | |
| - "traefik.frontend.headers.SSLHost=paperless.${DOMAINNAME}" | |
| - "traefik.frontend.headers.STSIncludeSubdomains=true" | |
| - "traefik.frontend.headers.STSPreload=true" | |
| - "traefik.frontend.headers.frameDeny=true" | |
| - "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" | |
| - "traefik.frontend.headers.customFrameOptionsValue=allow-from https://${DOMAINNAME}" | |
| - "traefik.frontend.auth.forward.address=http://traefik-forward-auth:4181" | |
| - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" | |
| - "traefik.frontend.auth.forward.trustForwardHeader=true" | |
| paperless_consumer: | |
| image: thepaperlessproject/paperless | |
| container_name: paperless_consumer | |
| restart: always | |
| networks: | |
| - traefik_proxy | |
| depends_on: | |
| - paperless | |
| volumes: | |
| - ${USERDIR}/docker/paperless/data:/usr/src/paperless/data | |
| - ${USERDIR}/docker/paperless/media:/usr/src/paperless/media | |
| - ${USERDIR}/shared_data/djlujo/files/scans/consume:/consume | |
| - ${USERDIR}/shared_data/djlujo/files/scans/export:/export | |
| environment: | |
| - PAPERLESS_OCR_LANGUAGES=eng hrv | |
| - PAPERLESS_PASSPHRASE=${PAPERLESS_PASSWORD} # document encryption | |
| - USERMAP_UID=${PUID} | |
| - USERMAP_GID=${PGID} | |
| command: ["document_consumer"] | |
| ######### DNS ########## | |
| # create network: | |
| # docker network create --subnet 172.28.0.0/16 skynet | |
| # healthcheck dig @${PIHOLEIP} google.com | |
| # resolv.conf file: | |
| # nameserver 127.0.0.1 | |
| # nameserver 172.28.0.3 | |
| # pihole dns settings - enable listen on all interfaces | |
| ## I've added the following blocklist in addition to the standard ones under Settings>Blocklists (copy the link, paste and update) | |
| # https://dbl.oisd.nl/ | |
| ## More info here: https://www.reddit.com/r/pihole/comments/bppug1/introducing_the/ | |
| ## I've added the following whitelist entries (copy domains and paste all at once) | |
| # https://github.com/anudeepND/whitelist/blob/master/domains/whitelist.txt | |
| # https://github.com/anudeepND/whitelist/blob/master/domains/referral-sites.txt | |
| ## additional lists here: https://firebog.net/ | |
| # Pihole - A black hole for Internet advertisements | |
| pihole: | |
| container_name: pihole | |
| image: pihole/pihole:latest | |
| #domainname: ${DOMAINNAME} | |
| hostname: pihole | |
| restart: always | |
| cap_add: | |
| - NET_ADMIN | |
| - NET_RAW | |
| - NET_BIND_SERVICE | |
| environment: | |
| - TZ=${TZ} | |
| - ServerIP=192.168.5.91 | |
| - DNS1=172.28.0.3 | |
| - DNS2=no | |
| - VIRTUAL_HOST=pihole.${DOMAINNAME} | |
| - VIRTUAL_PORT=80 | |
| - PROXY_LOCATION=pihole | |
| - WEBPASSWORD=${KEYCLOAK_PASSWORD} | |
| volumes: | |
| - ${USERDIR}/docker/pihole:/etc/pihole | |
| - ${USERDIR}/docker/pihole/resolv.conf/resolv.conf:/etc/resolv.conf:ro | |
| - ${USERDIR}/docker/pihole/pihole.log:/var/log/pihole.log | |
| - ${USERDIR}/docker/pihole/dnsmasq.d:/etc/dnsmasq.d | |
| ## More info on these scripts here: https://github.com/mmotti | |
| - ${USERDIR}/docker/pihole/scripts/fetchFilterLists.sh:/usr/local/bin/fetchFilterLists.sh | |
| - ${USERDIR}/docker/pihole/scripts/gravityOptimise.sh:/usr/local/bin/gravityOptimise.sh | |
| - ${USERDIR}/docker/pihole/scripts/generateGravityWildcards.sh:/usr/local/bin/generateGravityWildcards.sh | |
| - ${USERDIR}/docker/pihole/scripts/cron.d/fetchFilterLists:/etc/cron.d/fetchFilterLists | |
| - ${USERDIR}/docker/pihole/scripts/cron.d/gravityOptimise:/etc/cron.d/gravityOptimise | |
| - ${USERDIR}/docker/pihole/scripts/cron.d/generateGravityWildcards:/etc/cron.d/generateGravityWildcards | |
| dns: | |
| - 127.0.0.1 | |
| # Sets a backup server of your choosing in case DNSMasq has problems starting | |
| - 1.1.1.1 | |
| depends_on: | |
| - stubby | |
| networks: | |
| skynet: | |
| ipv4_address: 172.28.0.2 | |
| ports: | |
| # - 53:53/tcp | |
| # - 53:53/udp | |
| # - 67:67/udp | |
| - 8053:80 | |
| # - 8183:443 | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.frontend.rule=Host:pihole.${DOMAINNAME}" | |
| - "traefik.port=80" | |
| - "traefik.protocol=http" | |
| - "traefik.docker.network=skynet" | |
| #resolution_type: GETDNS_RESOLUTION_STUB | |
| #dns_transport_list: | |
| # NOTE: force forward request over TLS connection. | |
| #- GETDNS_TRANSPORT_TLS | |
| #tls_authentication: GETDNS_AUTHENTICATION_REQUIRED | |
| #tls_query_padding_blocksize: 128 | |
| #edns_client_subnet_private : 0 | |
| #round_robin_upstreams: 1 | |
| #idle_timeout: 10000 | |
| #listen_addresses: | |
| #- 0.0.0.0 | |
| #- 0::1 | |
| #- 192.168.5.1 # router ip address | |
| #dnssec: GETDNS_EXTENSION_TRUE | |
| #appdata_dir: "/var/cache/stubby" | |
| #upstream_recursive_servers: | |
| # NOTE: adjust your needs accordingly. | |
| # https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers | |
| # https://raw.githubusercontent.com/getdnsapi/stubby/develop/stubby.yml.example | |
| #- address_data: 1.1.1.1 | |
| # tls_auth_name: "cloudflare-dns.com" #"dns.google" | |
| # Stubby - DNS Privacy stub resolver (using DNS-over-TLS) | |
| stubby: | |
| image: yegle/stubby-dns:latest | |
| container_name: stubby | |
| hostname: stubby | |
| dns: 127.0.0.1 | |
| restart: always | |
| volumes: | |
| - ${USERDIR}/docker/stubby:/usr/local/etc/stubby | |
| networks: | |
| skynet: | |
| ipv4_address: 172.28.0.3 | |
| # Corefile | |
| #tls://.:853 https://.:443 { | |
| # tls fullchain.pem privkey.pem | |
| # forward . 172.28.0.2:53 | |
| # forward . dns://172.28.0.2:53 # check this | |
| # log | |
| # any | |
| #} | |
| # CoreDNS - DNS server, used here to terminate DoT | |
| coredns: | |
| image: coredns/coredns | |
| container_name: coredns | |
| hostname: coredns | |
| command: -conf /root/Corefile | |
| restart: always | |
| environment: | |
| - GODEBUG=tls13=1 | |
| volumes: | |
| - ${USERDIR}/docker/coredns:/root:ro | |
| - ${USERDIR}/docker/coredns:/plugin.cfg:ro | |
| - ${USERDIR}/docker/shared/letsencrypt/etc/live/${DOMAINNAME}/fullchain.pem:/fullchain.pem:ro | |
| - ${USERDIR}/docker/shared/letsencrypt/etc/live/${DOMAINNAME}/privkey.pem:/privkey.pem:ro | |
| ports: | |
| - target: 853 | |
| published: 853 | |
| protocol: tcp | |
| mode: host | |
| labels: | |
| - "traefik.enable=false" | |
| # OpenVPN server | |
| # https://github.com/kylemanna/docker-openvpn/blob/master/docs/docker-compose.md | |
| # https://github.com/mr-bolle/docker-openvpn-pihole/blob/master/docker-compose.yml | |
| openvpn: | |
| image: kylemanna/openvpn | |
| container_name: openvpn | |
| restart: always | |
| cap_add: | |
| - NET_ADMIN | |
| environment: | |
| # - VIRTUAL_PORT=${VIRTUAL_PORT_OPENVPN} | |
| # - VIRTUAL_HOST=${VIRTUAL_HOST_OPENVPN} | |
| # - LETSENCRYPT_HOST=${LETSENCRYPT_HOST_VPN} | |
| # - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} | |
| # - OPENVPN_PROVIDER=${OPENVPN_PROVIDER} | |
| # - OPENVPN_USERNAME=${OPENVPN_USERNAME} | |
| # - OPENVPN_PASSWORD=${OPENVPN_PASSWORD} | |
| # - LOCAL_NETWORK=192.168.0.0/24 | |
| # - DEBUG=1 | |
| OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60 -–log-driver json-file --log-opt max-size=10m | |
| ports: | |
| - "1194:1194/udp" | |
| volumes: | |
| - /etc/localtime:/etc/localtime:ro | |
| - /etc/timezone:/etc/timezone:ro | |
| - ${USERDIR}/docker/openvpn:/etc/openvpn | |
| networks: | |
| skynet: | |
| ipv4_address: 172.28.0.5 | |
| logging: | |
| driver: "json-file" | |
| options: | |
| max-size: "10m" | |
| max-file: "3" | |
| networks: | |
| traefik_proxy: | |
| external: | |
| name: traefik_proxy | |
| keycloak: | |
| external: | |
| name: keycloak | |
| skynet: | |
| external: | |
| name: skynet | |
| ipam: | |
| config: | |
| - subnet: 172.28.0.0/16 | |
| default: | |
| driver: bridge |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ports: