├── ReadMe.md ├── cron.d └── rsync_backups ├── ddown.sh ├── dup.sh ├── pihole └── theme │ ├── AdminLTE.min.css │ └── skin-blue.min.css ├── traefik ├── acme │ └── acme.json ├── rules.toml └── traefik.toml └── ymlfiles ├── 1_rpi_fail2ban.yml ├── 1_rpi_hass.yml ├── 1_rpi_openvpn.yml ├── 1_rpi_ouroboros.yml ├── 1_rpi_pihole.yml ├── 1_rpi_unifi.yml ├── 2_pizero_portainer.yml ├── 2_pizero_resilio.yml ├── 2_pizero_syncthing.yml ├── adminer.yml ├── airsonic.yml ├── ampache.yml ├── apcupsd.yml ├── autoheal.yml ├── autoindex.yml ├── baikal.yml ├── beets.yml ├── bitwarden.yml ├── bookstack.yml ├── checkmk.yml ├── chevereto.yml ├── clarkson.yml ├── cloudcmd.yml ├── dillinger.yml ├── diskover.yml ├── dokuwiki.yml ├── dolphin.yml ├── droppy.yml ├── duplicati.yml ├── emby.yml ├── fail2ban.yml ├── filerun.yml ├── firefly.yml ├── firefox.yml ├── firefoxsync.yml ├── freshrss.yml ├── gitea.yml ├── glances.yml ├── grafana.yml ├── guacamole.yml ├── handbrake.yml ├── hass.yml ├── hddtemp.yml ├── headers.yml ├── healthchecks.yml ├── heimdall.yml ├── homedash.yml ├── influxdb.yml ├── ipmitool.yml ├── jackett.yml ├── jdownloader.yml ├── jellyfin.yml ├── jirafeau.yml ├── kanboard.yml ├── keycloak.yml ├── kodi.yml ├── krusader.yml ├── leanote.yml ├── letsencrypt.yml ├── librenms.yml ├── lms.yml ├── logarr.yml ├── lychee.yml ├── mailu.yml ├── mariadb.yml ├── mariadb_official.yml ├── matomo.yml ├── mediawiki.yml ├── minidlna.yml ├── miniflux.yml ├── mkvtoolnix.yml ├── mongo.yml ├── monica.yml ├── monitorr.yml ├── mosquitto.yml ├── mstream.yml ├── muximux.yml ├── nextcloud.yml ├── nut.yml ├── openvpn.yml ├── ouroboros.yml ├── photoprism.yml ├── photoshow.yml ├── picard.yml ├── pihole.yml ├── piwigo.yml ├── plex.yml ├── portainer.yml ├── postgres.yml ├── privatebin.yml ├── prometheus.yml ├── qbittorrent.yml ├── radarr.yml ├── radicale.yml ├── redis.yml ├── resilio.yml ├── rsync.yml ├── samba.yml ├── seagull.yml ├── sftp.yml ├── shaarli.yml ├── smokeping.yml ├── snapraid.yml ├── sonarr.yml ├── soulseek.yml ├── standardnotes.yml ├── syncthing.yml ├── taiga.yml ├── taskwarrior.yml ├── tautulli.yml ├── tinyfilemanager.yml ├── tinyrss.yml ├── traefik.yml ├── transmission.yml ├── ttrss.yml ├── twweb.yml ├── unifi.yml ├── volumio.yml ├── wallabag.yml ├── watchtower.yml ├── wekan.yml ├── wetty.yml └── wordpress.yml /ReadMe.md: -------------------------------------------------------------------------------- 1 | # *This Traefik v1 repo is archived.* 2 | 3 | ##### Traefik v2 repo: https://github.com/CVJoint/traefik2 4 | 5 | This is a collection of the various images I tried out while learning how to set up Docker and **Traefik v1**. When converting the docker-compose files for **Traefik v2**, I would copy the .yml file and change the labels applied to the container. You can see my latest configs in my traefik2 repo, but these yml files could still be converted to v2 pretty easily. 6 | 7 | --- 8 | 9 | # docker-compose 10 | 11 | My docker-compose setup is managed by two files - **dup.sh** and **ddown.sh**, which I store in my home (aka ${USERDIR}) folder. 12 | 13 | I keep my docker-compose files in a folder called **/ymlfiles/**, and reference it's location in my **dup.sh** and **ddown.sh** files. 14 | 15 | ## Normal Use: 16 | 17 | Place these files in your home directory, and in the terminal enter: 18 | 19 | `bash dup.sh ` 20 | 21 | You can start multiple containers/docker-compose scripts at the same time; for example: 22 | 23 | `bash dup.sh traefik bitwarden plex` 24 | 25 | Normally I will simply type `bash du + Tab` or `bash dd + Tab` and then the services I want to bring up or down. You could choose different file names, or enter aliases to make the command a bit simpler, but this has been working for me so far. 26 | 27 | This method allows for easy control and flexibility over which containers are running, and saves me from having to comment out several lines within a single docker-compose.yml. I like to think that it 'containerizes your containers' and allows you to work on a single file, which has been much simpler to modify. 28 | 29 | ------- 30 | 31 | # Automated Backups with Cron 32 | 33 | ------- 34 | 35 | Here is my solution to automatically backup my files/directories. I use Debian/Raspbian/Armbian systems and this works for me based on how those distros handle the cron.d folder. If you're on a distro that doesn't support the cron.d folder you can look at using the _sudo crontab -e_ file. I prefer the cron.d method because it's easy to backup and transfer between systems. 36 | 37 | I use rsync to backup my files: 38 | 39 | `sudo apt install rsync` 40 | 41 | Place the **rsync_backups** file in your **/etc/cron.d/** folder, and make sure the file is owned by root: 42 | 43 | `sudo chown root:root /etc/cron.d/rsync_backups` 44 | 45 | Edit the rsync_backups file and change the files/folders that you want to back up, and the directories that you want to back them up to. I've mounted a samba share to the storage folder on my NAS, and label the backup directories accordingly. You can choose any backup directory you'd like. 46 | 47 | After editing the file, make sure it was picked up by cron and there were no errors with: 48 | 49 | `sudo tail -f /var/log/syslog` 50 | 51 | The cron daemon will scan once per minute for any changes to the /etc/cron.d folder. Within a minute or two you should see an output like: 52 | 53 | `cron[6488]: (*system*rsync_backups) RELOAD (/etc/cron.d/rsync_backups)` 54 | 55 | If there's an error you might see something like: 56 | 57 | ``` 58 | cron[6488]: (*system*rsync_backups) RELOAD (/etc/cron.d/rsync_backups) 59 | cron[6488]: Error: bad minute; while reading /etc/cron.d/rsync_backups 60 | cron[6488]: (*system*rsync_backups) ERROR (Syntax error, this crontab file will be ignored) 61 | ``` 62 | 63 | I got that output when I tried to turn the backup time into a variable and the backup would no longer run :-( 64 | 65 | I hope you find this useful! 66 | 67 | -------------------------------------------------------------------------------- /cron.d/rsync_backups: -------------------------------------------------------------------------------- 1 | # /etc/cron.d/rsync_backups 2 | 3 | # Example of job definition: 4 | # .---------------- minute (0 - 59) 5 | # | .------------- hour (0 - 23) 6 | # | | .---------- day of month (1 - 31) 7 | # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... 8 | # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat 9 | # | | | | | 10 | # * * * * * user-name command to be executed 11 | 12 | ## Expression to change the backup time - %s// 13 | # Example: 14 | # %s/0\ 6\ \*\ \*\ 1/00\ 06\ \*\ \*\ 1 15 | 16 | ## Change !! 17 | 18 | ### Home ### 19 | 20 | HOME_DIR= 21 | 22 | 00 06 * * 1 root rsync -a /home//ddown.sh $HOME_DIR 23 | 00 06 * * 1 root rsync -a /home//dup.sh $HOME_DIR 24 | 00 06 * * 1 root rsync -a /home//Linux_Notes.ods $HOME_DIR 25 | 26 | ### Docker ### 27 | 28 | DOCKER_DIR= 29 | 30 | 00 06 * * 1 root rsync -a /home//docker/airsonic/airsonic.properties /mnt/storage/misc/backup/backup_home/docker/airsonic 31 | 00 06 * * 1 root rsync -a /home//docker/bitwarden $DOCKER_DIR 32 | 00 06 * * 1 root rsync -a /home//docker/fail2ban $DOCKER_DIR 33 | 00 06 * * 1 root rsync -a /home//docker/git $DOCKER_DIR 34 | 00 06 * * 1 root rsync -a /home//docker/heimdall $DOCKER_DIR 35 | 00 06 * * 1 root rsync -a /home//docker/jackett $DOCKER_DIR 36 | 00 06 * * 1 root rsync -a /home//docker/mariadb $DOCKER_DIR 37 | 00 06 * * 1 root rsync -a /home//docker/mongo $DOCKER_DIR 38 | 00 06 * * 1 root rsync -a /home//docker/nextcloud $DOCKER_DIR 39 | 00 06 * * 1 root rsync -a /home//docker/redis $DOCKER_DIR 40 | 00 06 * * 1 root rsync -a /home//docker/tautulli $DOCKER_DIR 41 | 00 06 * * 1 root rsync -a /home//docker/traefik $DOCKER_DIR 42 | 00 06 * * 1 root rsync -a /home//docker/ymlfiles $DOCKER_DIR 43 | 44 | ### Etc ### 45 | 46 | ETC_DIR= 47 | 48 | 00 06 * * 1 root rsync -a /etc/cron.d $ETC_DIR 49 | 00 06 * * 1 root rsync -a /etc/fail2ban $ETC_DIR 50 | 00 06 * * 1 root rsync -a /etc/samba $ETC_DIR 51 | 00 06 * * 1 root rsync -a /etc/ssh $ETC_DIR 52 | 00 06 * * 1 root rsync -a /etc/exports $ETC_DIR 53 | 00 06 * * 1 root rsync -a /etc/fstab $ETC_DIR 54 | 00 06 * * 1 root rsync -a /etc/rc.local $ETC_DIR 55 | 00 06 * * 1 root rsync -a /etc/snapraid.conf $ETC_DIR 56 | 00 06 * * 1 root rsync -a /etc/ranger $ETC_DIR 57 | 00 06 * * 1 root rsync -a /etc/rsyncd.conf $ETC_DIR 58 | 59 | ## Dotfiles ### 60 | 61 | DOT_DIR= 62 | 63 | 00 06 * * 1 root rsync -a /home//.profile $DOT_DIR 64 | 00 06 * * 1 root rsync -a /home//.tmux.conf $DOT_DIR 65 | 00 06 * * 1 root rsync -a /home//.config $DOT_DIR 66 | 00 06 * * 1 root rsync -a /home//.bashrc $DOT_DIR 67 | 00 06 * * 1 root rsync -a /home//.bash_aliases $DOT_DIR 68 | 00 06 * * 1 root rsync -a /home//.ssh $DOT_DIR 69 | 00 06 * * 1 root rsync -a /home//.vimrc $DOT_DIR 70 | 00 06 * * 1 root rsync -a /home//.vimrc /root/.vimrc 71 | 00 06 * * 1 root rsync -a /home//.vim $DOT_DIR 72 | 00 06 * * 1 root rsync -a /home//.vim /root/.vim 73 | -------------------------------------------------------------------------------- /ddown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Normal Use: 4 | # In the terminal enter: 5 | # bash ddown.sh ... etc 6 | # 7 | # Example to stop traefik container/docker-compose script: 8 | # bash ddown.sh traefik 9 | 10 | CONTAINERS="$@" 11 | for c in $CONTAINERS 12 | do 13 | echo"" 14 | echo "...$c down..." 15 | echo"" 16 | docker-compose -f "/home/$USER/docker/ymlfiles/$c.yml" -p $c down 17 | done 18 | 19 | -------------------------------------------------------------------------------- /dup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #### Make sure Traefik is running and the traefik_proxy network was created with: 4 | # docker network create traefik_proxy 5 | 6 | ## Check logs with: 7 | # docker logs -tf --tail="50" 8 | 9 | ## Normal Use: 10 | # In the terminal enter: 11 | # bash dup.sh ... etc 12 | # 13 | # Example to start traefik container/docker-compose script: 14 | # bash dup.sh traefik bitwarden plex 15 | 16 | CONTAINERS="$@" 17 | for c in $CONTAINERS 18 | do 19 | echo"" 20 | echo "...$c up..." 21 | echo"" 22 | docker-compose -f "/home/$USER/docker/ymlfiles/$c.yml" -p $c up -d 23 | done 24 | 25 | -------------------------------------------------------------------------------- /pihole/theme/skin-blue.min.css: -------------------------------------------------------------------------------- 1 | .bg-green,.bg-aqua,.bg-yellow,.bg-red{box-shadow: 0px 0.2rem 0.15rem 0px rgba(0, 0, 0, 0.4);}.skin-blue .main-header .navbar{background-color: #1e272b;}.skin-blue .main-header .navbar .nav>li>a{color:#fff}.skin-blue .main-header .navbar .nav>li>a:hover,.skin-blue .main-header .navbar .nav>li>a:active,.skin-blue .main-header .navbar .nav>li>a:focus,.skin-blue .main-header .navbar .nav .open>a,.skin-blue .main-header .navbar .nav .open>a:hover,.skin-blue .main-header .navbar .nav .open>a:focus{background:rgba(0,0,0,0.1);color:#f6f6f6}.skin-blue .main-header .navbar .sidebar-toggle{color:#fff}.skin-blue .main-header .navbar .sidebar-toggle:hover{color:#f6f6f6;background:rgba(0,0,0,0.1)}.skin-blue .main-header .navbar .sidebar-toggle{color:#fff}.skin-blue .main-header .navbar .sidebar-toggle:hover{background-color: #070808;}@media (max-width:767px){.skin-blue .main-header .navbar .dropdown-menu li.divider{background-color:rgba(255,255,255,0.1)}.skin-blue .main-header .navbar .dropdown-menu li a{color:#fff}.skin-blue .main-header .navbar .dropdown-menu li a:hover{background:#367fa9}}.skin-blue .main-header .logo{background-color: #222b2f;color:#fff;border-bottom:0 solid transparent;}.skin-blue .main-header .logo:hover{background-color: #0f1111;}.skin-blue .main-header li.user-header{background-color:#3c8dbc}.skin-blue .content-header{background:transparent}.skin-blue .wrapper,.skin-blue .main-sidebar,.skin-blue .left-side{background-color:#222d32}.skin-blue .user-panel>.info,.skin-blue .user-panel>.info>a{color:#fff}.skin-blue .sidebar-menu>li.header{color:#4b646f;background:#1a2226}.skin-blue .sidebar-menu>li>a{border-left:3px solid transparent}.skin-blue .sidebar-menu>li:hover>a,.skin-blue .sidebar-menu>li.active>a{color:#fff;background:#1e282c;border-left-color: #a50000;}.skin-blue .sidebar-menu>li>.treeview-menu{margin:0 1px;background:#2c3b41}.skin-blue .sidebar a{color:#b8c7ce}.skin-blue .sidebar a:hover{text-decoration:none}.skin-blue .treeview-menu>li>a{color:#8aa4af}.skin-blue .treeview-menu>li.active>a,.skin-blue .treeview-menu>li>a:hover{color:#fff}.skin-blue .sidebar-form{border-radius:3px;border:1px solid #374850;margin:10px 10px}.skin-blue .sidebar-form input[type="text"],.skin-blue .sidebar-form .btn{box-shadow:none;background-color:#374850;border:1px solid transparent;height:35px;-webkit-transition:all .3s ease-in-out;-o-transition:all .3s ease-in-out;transition:all .3s ease-in-out}.skin-blue .sidebar-form input[type="text"]{color:#666;border-top-left-radius:2px;border-top-right-radius:0;border-bottom-right-radius:0;border-bottom-left-radius:2px}.skin-blue .sidebar-form input[type="text"]:focus,.skin-blue .sidebar-form input[type="text"]:focus+.input-group-btn .btn{background-color:#fff;color:#666}.skin-blue .sidebar-form input[type="text"]:focus+.input-group-btn .btn{border-left-color:#fff}.skin-blue .sidebar-form .btn{color:#999;border-top-left-radius:0;border-top-right-radius:2px;border-bottom-right-radius:2px;border-bottom-left-radius:0}.skin-blue.layout-top-nav .main-header>.logo{background-color:#3c8dbc;color:#fff;border-bottom:0 solid transparent}.skin-blue.layout-top-nav .main-header>.logo:hover{background-color:#3b8ab8} 2 | -------------------------------------------------------------------------------- /traefik/acme/acme.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CVJoint/docker-compose/fd7e002acf890af96031de31bdb2c87d876a3ded/traefik/acme/acme.json -------------------------------------------------------------------------------- /traefik/rules.toml: -------------------------------------------------------------------------------- 1 | ## Connect to your pihole running on an external device (raspberry pi) 2 | 3 | [backends] 4 | [backends.pihole] 5 | [backends.pihole.servers] 6 | [backends.pihole.servers.server-pihole-ext] 7 | url = "http://192.168.1.200:80" 8 | 9 | ## Connect to your unifi controller running on an external device (raspberry pi) 10 | 11 | [backends.unifi] 12 | [backends.unifi.servers] 13 | [backends.unifi.servers.server-unifi-ext] 14 | url = "https://192.168.1.200:8443" 15 | 16 | 17 | [frontends] 18 | [frontends.pihole] 19 | backend = "pihole" 20 | passHostHeader = true 21 | # [frontends.pihole.auth.basic] 22 | # usersFile = "/shared/.htpasswd" 23 | [frontends.pihole.auth] 24 | headerField = "X-WebAuth-User" 25 | [frontends.pihole.auth.forward] 26 | address = "http://oauth:4181" 27 | trustForwardHeader = true 28 | authResponseHeaders = ["X-Forwarded-User"] 29 | [frontends.pihole.routes] 30 | [frontends.pihole.routes.route-pihole-ext] 31 | rule = "Host:pihole.domain.net;AddPrefix:/admin" 32 | [frontends.pihole.headers] 33 | SSLRedirect = true 34 | SSLHost = "pihole.domain.net" 35 | SSLForceHost = true 36 | STSSeconds = 315360000 37 | STSIncludeSubdomains = true 38 | STSPreload = true 39 | forceSTSHeader = true 40 | frameDeny = true 41 | contentTypeNosniff = true 42 | browserXSSFilter = true 43 | customResponseHeaders = "X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 44 | 45 | [frontends.unifi] 46 | backend = "unifi" 47 | passHostHeader = true 48 | # [frontends.pihole.auth.basic] 49 | # usersFile = "/shared/.htpasswd" 50 | [frontends.unifi.auth] 51 | headerField = "X-WebAuth-User" 52 | [frontends.unifi.auth.forward] 53 | address = "http://oauth:4181" 54 | trustForwardHeader = true 55 | authResponseHeaders = ["X-Forwarded-User"] 56 | [frontends.unifi.routes] 57 | [frontends.unifi.routes.route-unifi-ext] 58 | rule = "Host:unifi.domain.net" 59 | [frontends.unifi.headers] 60 | SSLRedirect = true 61 | SSLHost = "unifi.domain.net" 62 | SSLForceHost = true 63 | STSSeconds = 315360000 64 | STSIncludeSubdomains = true 65 | STSPreload = true 66 | forceSTSHeader = true 67 | frameDeny = true 68 | contentTypeNosniff = true 69 | browserXSSFilter = true 70 | customResponseHeaders = "X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 71 | -------------------------------------------------------------------------------- /traefik/traefik.toml: -------------------------------------------------------------------------------- 1 | logLevel = "INFO" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC 2 | #InsecureSkipVerify = true 3 | defaultEntryPoints = ["http", "https"] 4 | 5 | [api] 6 | entryPoint = "traefik" 7 | dashboard = true 8 | 9 | [entryPoints] 10 | [entryPoints.http] 11 | address = ":80" 12 | [entryPoints.http.redirect] 13 | entryPoint = "https" 14 | [entryPoints.https] 15 | address = ":443" 16 | [entryPoints.https.tls] 17 | [entryPoints.http.auth] 18 | headerField = "X-WebAuth-User" 19 | [entryPoints.http.auth.forward] 20 | address = "http://oauth:4181" 21 | trustForwardHeader = true 22 | authResponseHeaders = ["X-Forwarded-User"] 23 | 24 | [file] 25 | filename = "/etc/traefik/rules.toml" 26 | watch = true 27 | 28 | ## Let's Encrypt Configuration ## 29 | [acme] 30 | email = "YOUR EMAIL" 31 | storage = "/etc/traefik/acme/acme.json" 32 | entryPoint = "https" 33 | acmeLogging = true 34 | 35 | # Uncomment the line below to use Let's Encrypt's staging server, 36 | #caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" 37 | 38 | [acme.dnsChallenge] 39 | provider = "cloudflare" 40 | [[acme.domains]] 41 | main = "YOUR DOMAIN" 42 | [[acme.domains]] 43 | main = "*.YOUR DOMAIN" 44 | 45 | [docker] 46 | endpoint = "unix:///var/run/docker.sock" 47 | domain = "YOUR DOMAIN" 48 | watch = true # Enable watch docker changes. 49 | exposedbydefault = false # Containers that don't have `traefik.enable=true` will be ignored. 50 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_fail2ban.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Fail2ban - Network security against attacks 5 | # iptables -L --line-numbers 6 | # fail2ban-client set unbanip 7 | # fail2ban-regex '' 'regex' 8 | # Other commands: https://www.fail2ban.org/wiki/index.php/Commands 9 | fail2ban: 10 | container_name: fail2ban 11 | image: darathor/fail2ban 12 | restart: always 13 | network_mode: host 14 | cap_add: 15 | - NET_ADMIN 16 | - NET_RAW 17 | volumes: 18 | - ~/docker/fail2ban:/data 19 | - ~/docker/fail2ban/fail2ban.d:/etc/fail2ban/fail2ban.d 20 | environment: 21 | - TZ=$TZ 22 | - F2B_LOG_LEVEL=INFO 23 | - F2B_DB_PURGE_AGE=1d # Age at which bans should be purged from the database 24 | - F2B_MAX_RETRY=1 # Number of failures before a host get banned 25 | - F2B_IPTABLES_CHAIN=FORWARD # Specifies the iptables chain to which the Fail2Ban rules should be added 26 | - SSMTP_HOST=smtp.gmail.com 27 | - SSMTP_PORT=465 28 | - SSMTP_USER=$SMTP_EMAIL 29 | - SSMTP_PASSWORD=$SMTP_PASS 30 | - SSMTP_TLS=YES 31 | - F2B_ACTION=%(action_mw)s 32 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_hass.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Home Assistant - Home Automation Hub 5 | hass: 6 | container_name: hass 7 | image: homeassistant/raspberrypi3-homeassistant 8 | restart: always 9 | network_mode: host 10 | privileged: true 11 | devices: 12 | - /dev/ttyACM0:/dev/ttyACM0 13 | # ports: 14 | # - "8123:8123" 15 | volumes: 16 | - ~/docker/hass:/config 17 | environment: 18 | - TZ=$TZ 19 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_openvpn.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## OpenVPN - VPN Service 5 | openvpn: 6 | container_name: openvpn 7 | image: darathor/openvpn 8 | restart: always 9 | cap_add: 10 | - NET_ADMIN 11 | privileged: true 12 | networks: 13 | pi_net: 14 | ipv4_address: 172.20.200.40 15 | ports: 16 | - "1194:1194" 17 | volumes: 18 | - /etc/localtime:/etc/localtime:ro 19 | - ~/docker/openvpn:/etc/openvpn 20 | 21 | networks: 22 | pi_net: 23 | external: 24 | name: pi_net 25 | 26 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_ouroboros.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Ouroboros 5 | ouroboros: 6 | container_name: ouroboros 7 | image: pyouroboros/ouroboros 8 | restart: always 9 | networks: 10 | - pi_net 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock 13 | environment: 14 | - TZ=$TZ 15 | - CLEANUP=true 16 | - CRON="0 5 * * *" 17 | - LOG_LEVEL=info 18 | - SELF_UPDATE=true 19 | # - IGNORE=unbound 20 | 21 | networks: 22 | pi_net: 23 | external: 24 | name: pi_net 25 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_unifi.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Unifi Controller Software 5 | ## Adopt new device 6 | # ssh ubnt@$DEVICE_IP 7 | # login with ubnt/ubnt 8 | # mca-cli 9 | # set-inform http://$address:8080/inform 10 | 11 | unifi: 12 | container_name: unifi 13 | image: linuxserver/unifi-controller 14 | restart: unless-stopped 15 | networks: 16 | - pi_net 17 | ports: 18 | - "3478:3478/udp" 19 | - "10001:10001/udp" 20 | - "8080:8080" 21 | - "8081:8081" 22 | - "8443:8443" 23 | - "8843:8843" 24 | - "8880:8880" 25 | - "6789:6789" 26 | volumes: 27 | - ~/docker/unifi:/config 28 | - /etc/localtime:/etc/localtime:ro 29 | environment: 30 | - PUID=$PUID 31 | - PGID=$PGID 32 | 33 | networks: 34 | pi_net: 35 | external: 36 | name: pi_net 37 | -------------------------------------------------------------------------------- /ymlfiles/2_pizero_portainer.yml: -------------------------------------------------------------------------------- 1 | version: "2.0" 2 | services: 3 | 4 | ## Portainer - WebUI for Containers 5 | portainer: 6 | container_name: portainer 7 | image: portainer/portainer 8 | restart: always 9 | command: -H unix:///var/run/docker.sock 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "9000:9000" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | - portainer_data:/data # Change to local directory if you want to save/transfer config locally 17 | environment: 18 | - TZ=$TZ 19 | 20 | volumes: 21 | portainer_data: 22 | 23 | networks: 24 | traefik_proxy: 25 | external: 26 | name: traefik_proxy 27 | -------------------------------------------------------------------------------- /ymlfiles/2_pizero_resilio.yml: -------------------------------------------------------------------------------- 1 | version: "2.0" 2 | services: 3 | 4 | ## Resilio - Data Sync 5 | 6 | resilio: 7 | container_name: resilio 8 | image: kudaba/rpi-resilio 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "8888:8888" 14 | - "55555:55555" 15 | volumes: 16 | - ~/resilio:/drive 17 | - ~/docker/resilio:/opt/rslsync/etc 18 | - /etc/localtime:/etc/localtime:ro 19 | 20 | networks: 21 | traefik_proxy: 22 | external: 23 | name: traefik_proxy 24 | -------------------------------------------------------------------------------- /ymlfiles/2_pizero_syncthing.yml: -------------------------------------------------------------------------------- 1 | version: "2.0" 2 | services: 3 | 4 | ## Syncthing - Data Sync 5 | 6 | syncthing: 7 | container_name: syncthing 8 | image: dargmuesli/syncthing 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "8384:8384" 14 | - "22000:22000" 15 | - "21027:21027/udp" 16 | volumes: 17 | - ~/syncthing:/var/syncthing/Sync 18 | - ~/docker/syncthing:/var/syncthing/config 19 | environment: 20 | - PUID=$PUID 21 | - PGID=$PGID 22 | # - TZ=$TZ 23 | 24 | networks: 25 | traefik_proxy: 26 | external: 27 | name: traefik_proxy 28 | -------------------------------------------------------------------------------- /ymlfiles/adminer.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Adminer - Database Management 5 | adminer: 6 | container_name: adminer 7 | image: dehy/adminer 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | # environment: 14 | # - ADMINER_DEFAULT_SERVER=mariadb 15 | # - ADMINER_DESIGN= # https://github.com/vrana/adminer/tree/master/designs 16 | # - ADMINER_PLUGINS= # https://github.com/vrana/adminer/tree/master/plugins 17 | labels: 18 | - "traefik.enable=true" 19 | - "traefik.backend=adminer" 20 | - "traefik.frontend.rule=Host:adminer.$DOMAINNAME" 21 | - "traefik.port=80" 22 | - "traefik.docker.network=traefik_proxy" 23 | - "traefik.frontend.headers.SSLRedirect=true" 24 | - "traefik.frontend.headers.STSSeconds=315360000" 25 | - "traefik.frontend.headers.browserXSSFilter=true" 26 | - "traefik.frontend.headers.contentTypeNosniff=true" 27 | - "traefik.frontend.headers.forceSTSHeader=true" 28 | - "traefik.frontend.headers.SSLHost=adminer.$DOMAINNAME" 29 | - "traefik.frontend.headers.SSLForceHost=true" 30 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 31 | - "traefik.frontend.headers.STSPreload=true" 32 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 33 | - "traefik.frontend.headers.frameDeny=true" 34 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 35 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 36 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: 41 | name: traefik_proxy 42 | -------------------------------------------------------------------------------- /ymlfiles/airsonic.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Airsonic - Music Server 5 | # Login: admin / admin 6 | 7 | airsonic: 8 | container_name: airsonic 9 | image: linuxserver/airsonic 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "4040:4040" 15 | volumes: 16 | - /mnt/storage/music/music:/music:ro 17 | - $USERDIR/docker/airsonic/podcasts:/podcasts 18 | - $USERDIR/docker/airsonic/playlists:/playlists 19 | - $USERDIR/docker/airsonic/config:/config 20 | # - $USERDIR/docker/airsonic/config:/app/airsonic/config #Used to change log level for debugging 21 | - /etc/localtime:/etc/localtime:ro 22 | environment: 23 | - PUID=$PUID 24 | - PGID=$PGID 25 | - JAVA_OPTS=-Dserver.use-forward-headers=true 26 | labels: 27 | - "traefik.enable=true" 28 | - "traefik.backend=airsonic" 29 | - "traefik.frontend.rule=Host:airsonic.$DOMAINNAME" 30 | - "traefik.port=4040" 31 | - "traefik.docker.network=traefik_proxy" 32 | - "traefik.frontend.headers.SSLRedirect=true" 33 | - "traefik.frontend.headers.STSSeconds=315360000" 34 | - "traefik.frontend.headers.browserXSSFilter=true" 35 | - "traefik.frontend.headers.contentTypeNosniff=true" 36 | - "traefik.frontend.headers.forceSTSHeader=true" 37 | - "traefik.frontend.headers.SSLHost=airsonic.$DOMAINNAME" 38 | - "traefik.frontend.headers.SSLForceHost=true" 39 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 40 | - "traefik.frontend.headers.STSPreload=true" 41 | - "traefik.frontend.headers.customResponseHeaders: Feature-Policy:camera 'none'; fullscreen 'none'; geolocation 'none'; microphone 'none'; payment 'none'; speaker 'none'; usb 'none'; vibrate 'none'; vr 'none';" 42 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/ampache.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Ampache - Music Server 5 | ampache: 6 | container_name: ampache 7 | image: ampache/ampache 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8080:80" 13 | volumes: 14 | - $USERDIR/Music:/media 15 | - $USERDIR/docker/ampache/config:/var/www/config 16 | - ampache_themes:/var/www/themes 17 | labels: 18 | - "traefik.enable=true" 19 | - "traefik.backend=ampache" 20 | - "traefik.frontend.rule=Host:ampache.$DOMAINNAME" 21 | - "traefik.port=80" 22 | - "traefik.docker.network=traefik_proxy" 23 | - "traefik.frontend.headers.SSLRedirect=true" 24 | - "traefik.frontend.headers.STSSeconds=315360000" 25 | - "traefik.frontend.headers.browserXSSFilter=true" 26 | - "traefik.frontend.headers.contentTypeNosniff=true" 27 | - "traefik.frontend.headers.forceSTSHeader=true" 28 | - "traefik.frontend.headers.SSLHost=ampache.$DOMAINNAME" 29 | - "traefik.frontend.headers.SSLForceHost=true" 30 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 31 | - "traefik.frontend.headers.STSPreload=true" 32 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 33 | - "traefik.frontend.headers.frameDeny=true" 34 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 35 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 36 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 37 | 38 | volumes: 39 | ampache_themes: 40 | 41 | networks: 42 | traefik_proxy: 43 | external: 44 | name: traefik_proxy 45 | -------------------------------------------------------------------------------- /ymlfiles/apcupsd.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## APCUPSD 5 | # Check status with: docker exec -it apcupsd apcaccess 6 | apcupsd: 7 | container_name: apcupsd 8 | image: gersilex/apcupsd 9 | restart: always 10 | network_mode: host 11 | # ports: 12 | # - "3551:3551" 13 | privileged: true 14 | tty: true 15 | volumes: 16 | - /tmp/apcupsd-docker:/tmp/apcupsd-docker 17 | - ${USERDIR}/docker/apcupsd/apcupsd.conf:/etc/apcupsd/apcupsd.conf 18 | - ${USERDIR}/docker/apcupsd/doshutdown:/etc/apcupsd/doshutdown 19 | - ${USERDIR}/docker/apcupsd/apcupsd.events/var/log/apcupsd.events 20 | -------------------------------------------------------------------------------- /ymlfiles/autoheal.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Autoheal - Restart Unhealthy Containers 5 | autoheal: 6 | container_name: autoheal 7 | image: willfarrell/autoheal 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock 13 | environment: 14 | - AUTOHEAL_CONTAINER_LABEL=all 15 | - AUTOHEAL_INTERVAL=60 # Default checks every 5 seconds 16 | - AUTOHEAL_START_PERIOD=0 # wait 0 second before first health check 17 | 18 | networks: 19 | traefik_proxy: 20 | external: 21 | name: traefik_proxy 22 | -------------------------------------------------------------------------------- /ymlfiles/autoindex.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Autoindex - Simple Directory Index 5 | autoindex: 6 | container_name: autoindex 7 | image: dceoy/nginx-autoindex 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}:/var/www/html:ro # Location you want to index 15 | labels: 16 | - "traefik.enable=true" 17 | - "traefik.backend=autoindex" 18 | - "traefik.frontend.rule=Host:autoindex.${DOMAINNAME}" 19 | - "traefik.port=80" 20 | - "traefik.docker.network=traefik_proxy" 21 | - "traefik.frontend.headers.SSLRedirect=true" 22 | - "traefik.frontend.headers.STSSeconds=315360000" 23 | - "traefik.frontend.headers.browserXSSFilter=true" 24 | - "traefik.frontend.headers.contentTypeNosniff=true" 25 | - "traefik.frontend.headers.forceSTSHeader=true" 26 | - "traefik.frontend.headers.SSLHost=autoindex.${DOMAINNAME}" 27 | - "traefik.frontend.headers.SSLForceHost=true" 28 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 29 | - "traefik.frontend.headers.STSPreload=true" 30 | - "traefik.frontend.headers.frameDeny=true" 31 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 32 | 33 | networks: 34 | traefik_proxy: 35 | external: 36 | name: traefik_proxy 37 | -------------------------------------------------------------------------------- /ymlfiles/baikal.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Baikal - Cal and CardDAV Server 5 | baikal: 6 | container_name: baikal 7 | image: bambucha/baikal 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "XXXX:80" 13 | volumes: 14 | - ${USERDIR}/docker/baikal:/baikal/Specific 15 | labels: 16 | - "traefik.enable=true" 17 | - "traefik.backend=baikal" 18 | - "traefik.frontend.rule=Host:baikal.${DOMAINNAME}" 19 | - "traefik.port=80" 20 | - "traefik.docker.network=traefik_proxy" 21 | - "traefik.frontend.headers.SSLRedirect=true" 22 | - "traefik.frontend.headers.STSSeconds=315360000" 23 | - "traefik.frontend.headers.browserXSSFilter=true" 24 | - "traefik.frontend.headers.contentTypeNosniff=true" 25 | - "traefik.frontend.headers.forceSTSHeader=true" 26 | - "traefik.frontend.headers.SSLHost=baikal.${DOMAINNAME}" 27 | - "traefik.frontend.headers.SSLForceHost=true" 28 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 29 | - "traefik.frontend.headers.STSPreload=true" 30 | - "traefik.frontend.headers.frameDeny=true" 31 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 32 | 33 | networks: 34 | traefik_proxy: 35 | external: 36 | name: traefik_proxy 37 | -------------------------------------------------------------------------------- /ymlfiles/beets.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Beets – Music Management 5 | ## To import music: 6 | # docker exec -it beets bash 7 | # beet import /downloads 8 | beets: 9 | container_name: beets 10 | image: linuxserver/beets 11 | restart: always 12 | networks: 13 | - traefik_proxy 14 | # ports: 15 | # - "8337:8337" 16 | volumes: 17 | - ${USERDIR}/Music:/music 18 | - ${USERDIR}/Downloads/beets:/downloads 19 | - ${USERDIR}/docker/beets:/config 20 | environment: 21 | - PUID=${PUID} 22 | - PGID=${PGID} 23 | labels: 24 | - "traefik.enable=true" 25 | - "traefik.backend=beets" 26 | - "traefik.frontend.rule=Host:beets.${DOMAINNAME}" 27 | - "traefik.port=8337" 28 | - "traefik.docker.network=traefik_proxy" 29 | - "traefik.frontend.headers.SSLRedirect=true" 30 | - "traefik.frontend.headers.STSSeconds=315360000" 31 | - "traefik.frontend.headers.browserXSSFilter=true" 32 | - "traefik.frontend.headers.contentTypeNosniff=true" 33 | - "traefik.frontend.headers.forceSTSHeader=true" 34 | - "traefik.frontend.headers.SSLHost=beets.${DOMAINNAME}" 35 | - "traefik.frontend.headers.SSLForceHost=true" 36 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 37 | - "traefik.frontend.headers.STSPreload=true" 38 | - "traefik.frontend.headers.frameDeny=true" 39 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 40 | 41 | networks: 42 | traefik_proxy: 43 | external: 44 | name: traefik_proxy 45 | -------------------------------------------------------------------------------- /ymlfiles/bitwarden.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Bitwarden - Password Vault 5 | bitwarden: 6 | container_name: bitwarden 7 | image: bitwardenrs/server 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8888:80" 13 | volumes: 14 | - ${USERDIR}/docker/bitwarden:/data 15 | - /var/log/docker:/var/log/docker 16 | - /etc/localtime:/etc/localtime:ro 17 | environment: 18 | - SIGNUPS_ALLOWED=false # Change to false after first login 19 | - INVITATIONS_ALLOWED=false 20 | - WEBSOCKET_ENABLED=true 21 | - LOG_FILE=/var/log/docker/bitwarden.log 22 | - SMTP_HOST=smtp.gmail.com 23 | - SMTP_FROM=$SMTP_EMAIL 24 | - SMTP_PORT=587 25 | - SMTP_SSL=true 26 | - SMTP_USERNAME=$SMTP_EMAIL 27 | - SMTP_PASSWORD=$SMTP_PASS 28 | - DOMAIN=https://bitwarden.${DOMAINNAME} 29 | labels: 30 | - "traefik.enable=true" 31 | - "traefik.web.frontend.rule=Host:bitwarden.${DOMAINNAME}" 32 | - "traefik.web.port=80" 33 | - "traefik.hub.frontend.rule=Host:bitwarden.${DOMAINNAME};Path:/notifications/hub" 34 | - "traefik.hub.port=3012" 35 | - "traefik.hub.protocol=ws" 36 | - "traefik.docker.network=traefik_proxy" 37 | - "traefik.frontend.headers.SSLRedirect=true" 38 | - "traefik.frontend.headers.STSSeconds=315360000" 39 | - "traefik.frontend.headers.browserXSSFilter=true" 40 | - "traefik.frontend.headers.contentTypeNosniff=true" 41 | - "traefik.frontend.headers.forceSTSHeader=true" 42 | - "traefik.frontend.headers.SSLHost=bitwarden.${DOMAINNAME}" 43 | - "traefik.frontend.headers.SSLForceHost=true" 44 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 45 | - "traefik.frontend.headers.STSPreload=true" 46 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 47 | - "traefik.frontend.headers.frameDeny=true" 48 | 49 | networks: 50 | traefik_proxy: 51 | external: 52 | name: traefik_proxy 53 | -------------------------------------------------------------------------------- /ymlfiles/bookstack.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## BookStack -  Documentation Management Platform 5 | # Login: admin@admin.com / password 6 | # If you receive the warning "The lock file is not up to date with the latest changes in composer.json." run: 7 | # docker exec -it bookstack composer update --lock 8 | bookstack: 9 | container_name: bookstack 10 | image: solidnerd/bookstack 11 | restart: always 12 | networks: 13 | - traefik_proxy 14 | # ports: 15 | # - "80:80" 16 | volumes: 17 | - ${USERDIR}/docker/bookstack/uploads:/var/www/bookstack/public/uploads 18 | - ${USERDIR}/docker/bookstack/storage:/var/www/bookstack/public/storage 19 | environment: 20 | - DB_HOST=mariadb:3306 21 | - DB_DATABASE=bookstack 22 | - DB_USERNAME=bookstack 23 | - DB_PASSWORD=${MYSQL_PASSWORD} 24 | labels: 25 | - "traefik.enable=true" 26 | - "traefik.backend=bookstack" 27 | - "traefik.frontend.rule=Host:bookstack.${DOMAINNAME}" 28 | - "traefik.port=80" 29 | - "traefik.docker.network=traefik_proxy" 30 | - "traefik.frontend.headers.SSLRedirect=true" 31 | - "traefik.frontend.headers.STSSeconds=315360000" 32 | - "traefik.frontend.headers.browserXSSFilter=true" 33 | - "traefik.frontend.headers.contentTypeNosniff=true" 34 | - "traefik.frontend.headers.forceSTSHeader=true" 35 | - "traefik.frontend.headers.SSLHost=bookstack.${DOMAINNAME}" 36 | - "traefik.frontend.headers.SSLForceHost=true" 37 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 38 | - "traefik.frontend.headers.STSPreload=true" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/checkmk.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## CheckMK - IT Monitoring 5 | # Login: cmkadmin / omd 6 | checkmk: 7 | container_name: checkmk 8 | image: nlmacamp/check_mk 9 | restart: always 10 | privileged: "true" 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "XXXX:5000" 15 | volumes: 16 | - ${USERDIR}/docker/checkmk:/opt/omd/sites 17 | labels: 18 | - "traefik.enable=true" 19 | - "traefik.backend=checkmk" 20 | - "traefik.frontend.rule=Host:checkmk.${DOMAINNAME}" 21 | - "traefik.port=5000" 22 | - "traefik.docker.network=traefik_proxy" 23 | - "traefik.frontend.headers.SSLRedirect=true" 24 | - "traefik.frontend.headers.STSSeconds=315360000" 25 | - "traefik.frontend.headers.browserXSSFilter=true" 26 | - "traefik.frontend.headers.contentTypeNosniff=true" 27 | - "traefik.frontend.headers.forceSTSHeader=true" 28 | - "traefik.frontend.headers.SSLHost=checkmk.${DOMAINNAME}" 29 | - "traefik.frontend.headers.SSLForceHost=true" 30 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 31 | - "traefik.frontend.headers.STSPreload=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: 37 | name: traefik_proxy 38 | -------------------------------------------------------------------------------- /ymlfiles/chevereto.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Chevereto - Image Hosting 5 | # Fix permissions: 6 | # sudo chmod -R 766 ${USERDIR}/docker/chevereto 7 | chevereto: 8 | container_name: chevereto 9 | image: nmtan/chevereto 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "80:80" 15 | volumes: 16 | - ${USERDIR}/docker/chevereto:/var/www/html/images:rw 17 | environment: 18 | - CHEVERETO_DB_HOST=mariadb:3306 19 | - CHEVERETO_DB_USERNAME=chevereto 20 | - CHEVERETO_DB_PASSWORD=${MYSQL_PASSWORD} 21 | - CHEVERETO_DB_NAME=chevereto 22 | - CHEVERETO_DB_PREFIX=chv_ 23 | labels: 24 | - "traefik.enable=true" 25 | - "traefik.backend=chevereto" 26 | - "traefik.frontend.rule=Host:chevereto.${DOMAINNAME}" 27 | - "traefik.port=80" 28 | - "traefik.docker.network=traefik_proxy" 29 | - "traefik.frontend.headers.SSLRedirect=true" 30 | - "traefik.frontend.headers.STSSeconds=315360000" 31 | - "traefik.frontend.headers.browserXSSFilter=true" 32 | - "traefik.frontend.headers.contentTypeNosniff=true" 33 | - "traefik.frontend.headers.forceSTSHeader=true" 34 | - "traefik.frontend.headers.SSLHost=chevereto.${DOMAINNAME}" 35 | - "traefik.frontend.headers.SSLForceHost=true" 36 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 37 | - "traefik.frontend.headers.STSPreload=true" 38 | - "traefik.frontend.headers.frameDeny=true" 39 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 40 | 41 | networks: 42 | traefik_proxy: 43 | external: 44 | name: traefik_proxy 45 | -------------------------------------------------------------------------------- /ymlfiles/clarkson.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Clarkson – Gas Management 5 | clarkson: 6 | container_name: clarkson 7 | image: linuxserver/clarkson 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "3000:3000" 13 | environment: 14 | - PUID=${PUID} 15 | - PGID=${PGID} 16 | - TZ=${TZ} 17 | - MYSQL_HOST=mariadb 18 | - MYSQL_USERNAME=clarkson 19 | - MYSQL_PASSWORD=$MYSQL_PASSWORD 20 | - ENABLE_REGISTRATIONS=false 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=clarkson" 24 | - "traefik.frontend.rule=Host:clarkson.${DOMAINNAME}" 25 | - "traefik.port=3000" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=clarkson.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 40 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/cloudcmd.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Cloud Commander - Cloud File Manager 5 | cloudcmd: 6 | container_name: cloudcmd 7 | image: coderaiser/cloudcmd 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8000:8000" 13 | volumes: 14 | - ${USERDIR}/docker/cloudcmd:/root 15 | - ${USERDIR}/Downloads:/mnt/fs 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.backend=cloudcmd" 19 | - "traefik.frontend.rule=Host:cloudcmd.${DOMAINNAME}" 20 | - "traefik.port=8000" 21 | - "traefik.docker.network=traefik_proxy" 22 | - "traefik.frontend.headers.SSLRedirect=true" 23 | - "traefik.frontend.headers.STSSeconds=315360000" 24 | - "traefik.frontend.headers.browserXSSFilter=true" 25 | - "traefik.frontend.headers.contentTypeNosniff=true" 26 | - "traefik.frontend.headers.forceSTSHeader=true" 27 | - "traefik.frontend.headers.SSLHost=cloudcmd.${DOMAINNAME}" 28 | - "traefik.frontend.headers.SSLForceHost=true" 29 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 30 | - "traefik.frontend.headers.STSPreload=true" 31 | - "traefik.frontend.headers.frameDeny=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: 37 | name: traefik_proxy 38 | -------------------------------------------------------------------------------- /ymlfiles/dillinger.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Dillinger - Markdown Editor 5 | dillinger: 6 | container_name: dillinger 7 | image: joemccann/dillinger 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "9000:9000" 13 | environment: 14 | - "BIND_ADDRESS=0.0.0.0" 15 | - "PORT=9000" 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.backend=dillinger" 19 | - "traefik.frontend.rule=Host:dillinger.${DOMAINNAME}" 20 | - "traefik.port=9000" 21 | - "traefik.docker.network=traefik_proxy" 22 | - "traefik.frontend.headers.SSLRedirect=true" 23 | - "traefik.frontend.headers.STSSeconds=315360000" 24 | - "traefik.frontend.headers.browserXSSFilter=true" 25 | - "traefik.frontend.headers.contentTypeNosniff=true" 26 | - "traefik.frontend.headers.forceSTSHeader=true" 27 | - "traefik.frontend.headers.SSLHost=dillinger.${DOMAINNAME}" 28 | - "traefik.frontend.headers.SSLForceHost=true" 29 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 30 | - "traefik.frontend.headers.STSPreload=true" 31 | - "traefik.frontend.headers.frameDeny=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: 37 | name: traefik_proxy 38 | -------------------------------------------------------------------------------- /ymlfiles/diskover.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | services: 3 | 4 | ## Add Redis 5 | 6 | ## Diskover - Disk Space Usage Manager / Search Tool 7 | diskover: 8 | container_name: diskover 9 | image: linuxserver/diskover 10 | restart: always 11 | mem_limit: 4096m 12 | depends_on: 13 | - elasticsearch 14 | networks: 15 | - traefik_proxy 16 | # ports: 17 | # - "80:80" 18 | # - "9181:9181" 19 | # - "9999:9999" 20 | volumes: 21 | - ${USERDIR}/docker/diskover:/config 22 | - /mnt/storage:/data:ro 23 | environment: 24 | - PUID=1000 25 | - PGID=1000 26 | - TZ=${TZ} 27 | - REDIS_HOST=redis 28 | - REDIS_PORT=6379 29 | - ES_HOST=elasticsearch 30 | - ES_PORT=9200 31 | - ES_USER=elastic 32 | - ES_PASS=changeme 33 | - INDEX_NAME=diskover- 34 | - RUN_ON_START=true 35 | - USE_CRON=true 36 | labels: 37 | - "traefik.enable=true" 38 | - "traefik.backend=diskover" 39 | - "traefik.frontend.rule=Host:diskover.${DOMAINNAME}" 40 | - "traefik.port=80" 41 | - "traefik.docker.network=traefik_proxy" 42 | - "traefik.frontend.headers.SSLRedirect=true" 43 | - "traefik.frontend.headers.STSSeconds=315360000" 44 | - "traefik.frontend.headers.browserXSSFilter=true" 45 | - "traefik.frontend.headers.contentTypeNosniff=true" 46 | - "traefik.frontend.headers.forceSTSHeader=true" 47 | - "traefik.frontend.headers.SSLHost=diskover.${DOMAINNAME}" 48 | - "traefik.frontend.headers.SSLForceHost=true" 49 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 50 | - "traefik.frontend.headers.STSPreload=true" 51 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 52 | - "traefik.frontend.headers.frameDeny=true" 53 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 54 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 55 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 56 | 57 | ## Elasticsearch - Search and Analytics Engine 58 | # On linux machine you need to enter (sudo sysctl -w vm.max_map_count=262144) because the standard value of 65530 is too low (error in logs) 59 | # If you get the warning "Failed to create node environment" you need to make sure permissions are set to 1000:1000 on the data folder 60 | # sudo chown -R 1000:1000 ${USERDIR}/docker/elasticsearch/ 61 | elasticsearch: 62 | container_name: elasticsearch 63 | image: docker.elastic.co/elasticsearch/elasticsearch:5.6.9 64 | restart: always 65 | networks: 66 | - traefik_proxy 67 | # ports: 68 | # - "9200:9200" 69 | # - "9300:9300" 70 | ulimits: 71 | memlock: 72 | soft: '-1' 73 | hard: '-1' 74 | volumes: 75 | - ${USERDIR}/docker/elasticsearch:/usr/share/elasticsearch/data 76 | environment: 77 | - bootstrap.memory_lock=true 78 | - cluster.name=docker-cluster 79 | - "ES_JAVA_OPTS=-Xms2048m -Xmx2048m" 80 | 81 | networks: 82 | traefik_proxy: 83 | external: 84 | name: traefik_proxy 85 | -------------------------------------------------------------------------------- /ymlfiles/dokuwiki.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Dokuwiki - Personal Wiki 5 | dokuwiki: 6 | container_name: dokuwiki 7 | image: mprasil/dokuwiki 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "XXXX:80" 13 | volumes: 14 | - ${USERDIR}/docker/dokuwiki/data:/dokuwiki/data 15 | - ${USERDIR}/docker/dokuwiki/conf:/dokuwiki/conf 16 | - dokuwiki_plugins:/dokuwiki/lib/plugins 17 | - dokuwiki_tpl:/dokuwiki/lib/tpl 18 | - dokuwiki_logs:/var/log 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=dokuwiki" 22 | - "traefik.frontend.rule=Host:dokuwiki.${DOMAINNAME}" 23 | - "traefik.port=80" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=dokuwiki.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.frameDeny=true" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | volumes: 38 | dokuwiki_logs: 39 | dokuwiki_plugins: 40 | dokuwiki_tpl: 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/dolphin.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Dolphin - File Browser 5 | # mkdir ${USERDIR}/docker/dolphin 6 | # There are a lot of errors in the logs, but this works 7 | # Folder mounted to /mnt is available at /mnt (not the Home directory) 8 | dolphin: 9 | container_name: dolphin 10 | image: aptalca/docker-dolphin 11 | restart: always 12 | privileged: true 13 | networks: 14 | - traefik_proxy 15 | # ports: 16 | # - "3389:3389" 17 | # - "8080:8080" 18 | volumes: 19 | - ${USERDIR}/docker/dolphin:/config:rw 20 | - ${USERDIR}/Downloads:/mnt:rw 21 | environment: 22 | - USER_ID=${PUID} 23 | - GROUP_ID=${PGID} 24 | - TZ=${TZ} 25 | - WIDTH="1280" 26 | - HEIGHT="720" 27 | labels: 28 | - "traefik.enable=true" 29 | - "traefik.backend=dolphin" 30 | - "traefik.frontend.rule=Host:dolphin.${DOMAINNAME}" 31 | - "traefik.port=8080" 32 | - "traefik.docker.network=traefik_proxy" 33 | - "traefik.frontend.headers.SSLRedirect=true" 34 | - "traefik.frontend.headers.STSSeconds=315360000" 35 | - "traefik.frontend.headers.browserXSSFilter=true" 36 | - "traefik.frontend.headers.contentTypeNosniff=true" 37 | - "traefik.frontend.headers.forceSTSHeader=true" 38 | - "traefik.frontend.headers.SSLHost=dolphin.${DOMAINNAME}" 39 | - "traefik.frontend.headers.SSLForceHost=true" 40 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 41 | - "traefik.frontend.headers.STSPreload=true" 42 | # - "traefik.frontend.headers.frameDeny=true" 43 | - "traefik.frontend.passHostHeader=true" 44 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 45 | 46 | volumes: 47 | dolphin_config: 48 | 49 | networks: 50 | traefik_proxy: 51 | external: 52 | name: traefik_proxy 53 | -------------------------------------------------------------------------------- /ymlfiles/droppy.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Droppy – File Share 5 | droppy: 6 | container_name: droppy 7 | image: silverwind/droppy 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8989:8989" 13 | volumes: 14 | - ${USERDIR}/docker/droppy:/config 15 | - ${USERDIR}/dwnloads:/files 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.backend=droppy" 19 | - "traefik.frontend.rule=Host:droppy.${DOMAINNAME}" 20 | - "traefik.port=8989" 21 | - "traefik.docker.network=traefik_proxy" 22 | - "traefik.frontend.headers.SSLRedirect=true" 23 | - "traefik.frontend.headers.STSSeconds=315360000" 24 | - "traefik.frontend.headers.browserXSSFilter=true" 25 | - "traefik.frontend.headers.contentTypeNosniff=true" 26 | - "traefik.frontend.headers.forceSTSHeader=true" 27 | - "traefik.frontend.headers.SSLHost=droppy.${DOMAINNAME}" 28 | - "traefik.frontend.headers.SSLForceHost=true" 29 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 30 | - "traefik.frontend.headers.STSPreload=true" 31 | - "traefik.frontend.headers.frameDeny=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: 37 | name: traefik_proxy 38 | -------------------------------------------------------------------------------- /ymlfiles/duplicati.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Duplicati 5 | # Need to sign in through localhost:8200 and add password and domain: duplicati.${DOMAINNAME} to Setting/Hostnames 6 | duplicati: 7 | container_name: duplicati 8 | image: linuxserver/duplicati 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | ports: # Disable after login 13 | - "8200:8200" # Disable after login 14 | volumes: 15 | - ${USERDIR}/docker/duplicati/config:/config 16 | - ${USERDIR}/docker/duplicati/backups:/backups 17 | - ${USERDIR}/docker/duplicati/source:/source 18 | environment: 19 | - PUID=${PUID} 20 | - PGID=${PGID} 21 | - TZ=${TZ} 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=duplicati" 25 | - "traefik.frontend.rule=Host:duplicati.${DOMAINNAME}" 26 | - "traefik.port=8200" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=duplicati.${DOMAINNAME}" 34 | - "traefik.frontend.headers.SSLForceHost=true" 35 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 36 | - "traefik.frontend.headers.STSPreload=true" 37 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 38 | # - "traefik.frontend.passHostHeader=true" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 42 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/emby.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Emby Media Server 5 | emby: 6 | container_name: emby 7 | image: emby/embyserver:latest 8 | restart: always 9 | devices: 10 | - /dev/dri:/dev/dri 11 | networks: 12 | - traefik_proxy 13 | ports: 14 | - "8096:8096" 15 | - "8920:8920" 16 | volumes: 17 | - /mnt/storage/movies:/MOVIES:ro 18 | - /mnt/storage/tv:/TVSHOWS:ro 19 | - /mnt/storage/concerts:/CONCERTS:ro 20 | - /mnt/storage/music/music:/music:ro 21 | - ${USERDIR}/docker/emby:/config 22 | environment: 23 | - UID=${PUID} 24 | - GID=${PGID} 25 | - GIDLIST=44 26 | labels: 27 | - "traefik.enable=true" 28 | - "traefik.backend=emby" 29 | - "traefik.frontend.rule=Host:emby.${DOMAINNAME}" 30 | - "traefik.port=8096" 31 | - "traefik.docker.network=traefik_proxy" 32 | - "traefik.frontend.headers.SSLRedirect=true" 33 | - "traefik.frontend.headers.STSSeconds=315360000" 34 | - "traefik.frontend.headers.browserXSSFilter=true" 35 | - "traefik.frontend.headers.contentTypeNosniff=true" 36 | - "traefik.frontend.headers.forceSTSHeader=true" 37 | - "traefik.frontend.headers.SSLHost=emby.${DOMAINNAME}" 38 | - "traefik.frontend.headers.SSLForceHost=true" 39 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 40 | - "traefik.frontend.headers.STSPreload=true" 41 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 42 | - "traefik.frontend.headers.frameDeny=true" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/fail2ban.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Fail2ban - Network security against attacks 5 | # iptables -L --line-numbers 6 | # fail2ban-client set unbanip 7 | # fail2ban-regex '' 'regex' 8 | # Other commands: https://www.fail2ban.org/wiki/index.php/Commands 9 | fail2ban: 10 | container_name: fail2ban 11 | image: crazymax/fail2ban 12 | restart: always 13 | network_mode: host 14 | cap_add: 15 | - NET_ADMIN 16 | - NET_RAW 17 | volumes: 18 | - /var/log:/var/log 19 | - ${USERDIR}/docker/hass/home-assistant.log:/var/log/home-assistant.log:ro 20 | - ${USERDIR}/docker/fail2ban:/data 21 | - ${USERDIR}/docker/fail2ban/fail2ban.d:/etc/fail2ban/fail2ban.d 22 | environment: 23 | - TZ=${TZ} 24 | - F2B_LOG_LEVEL=INFO 25 | - F2B_DB_PURGE_AGE=1d # Age at which bans should be purged from the database 26 | - F2B_MAX_RETRY=1 # Number of failures before a host get banned 27 | - F2B_IPTABLES_CHAIN=FORWARD # Specifies the iptables chain to which the Fail2Ban rules should be added 28 | - SSMTP_HOST=smtp.gmail.com 29 | - SSMTP_PORT=465 30 | - SSMTP_USER=$SMTP_EMAIL 31 | - SSMTP_PASSWORD=$SMTP_PASS 32 | - SSMTP_TLS=YES 33 | - F2B_ACTION=%(action_mw)s 34 | -------------------------------------------------------------------------------- /ymlfiles/filerun.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## FileRun - Cloud Storage 5 | # Login: superuser / superuser 6 | filerun: 7 | container_name: filerun 8 | image: afian/filerun 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "80:80" 14 | volumes: 15 | - ${USERDIR}/docker/filerun/html:/var/www/html 16 | - ${USERDIR}/docker/filerun/user-files:/user-files 17 | environment: 18 | - FR_DB_HOST=mariadb 19 | - FR_DB_PORT=3306 20 | - FR_DB_NAME=filerun 21 | - FR_DB_USER=filerun 22 | - FR_DB_PASS=${MYSQL_PASSWORD} 23 | - APACHE_RUN_USER=www-data 24 | - APACHE_RUN_USER_ID=33 25 | - APACHE_RUN_GROUP=www-data 26 | - APACHE_RUN_GROUP_ID=33 27 | labels: 28 | - "traefik.enable=true" 29 | - "traefik.backend=filerun" 30 | - "traefik.frontend.rule=Host:filerun.${DOMAINNAME}" 31 | - "traefik.port=80" 32 | - "traefik.docker.network=traefik_proxy" 33 | - "traefik.frontend.headers.SSLRedirect=true" 34 | - "traefik.frontend.headers.STSSeconds=315360000" 35 | - "traefik.frontend.headers.browserXSSFilter=true" 36 | - "traefik.frontend.headers.contentTypeNosniff=true" 37 | - "traefik.frontend.headers.forceSTSHeader=true" 38 | - "traefik.frontend.headers.SSLHost=filerun.${DOMAINNAME}" 39 | - "traefik.frontend.headers.SSLForceHost=true" 40 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 41 | - "traefik.frontend.headers.STSPreload=true" 42 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/firefly.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Firefly - Finance Manager 5 | # Create a unique App Key which is a random 32 character string 6 | # date +%s | sha256sum | base64 | head -c 32 ; echo 7 | firefly: 8 | container_name: firefly 9 | image: jc5x/firefly-iii 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "80:80" 15 | volumes: 16 | - ${USERDIR}/docker/firefly/export:/var/www/firefly-iii/storage/export 17 | - ${USERDIR}/docker/firefly/upload:/var/www/firefly-iii/storage/upload 18 | - /etc/timezone:/etc/timezone:ro 19 | environment: 20 | - FF_DB_CONNECTION=mysql 21 | - FF_DB_HOST=mariadb 22 | - FF_DB_PORT=3306 23 | - FF_DB_NAME=firefly 24 | - FF_DB_USER=firefly 25 | - FF_DB_PASSWORD=${MYSQL_PASSWORD} 26 | - FF_APP_KEY=${APP_KEY} 27 | - FF_APP_ENV=local 28 | - APP_LOG_LEVEL=debug 29 | - APP_URL=https://firefly.${DOMAINNAME} 30 | - TRUSTED_PROXIES=** 31 | - SITE_OWNER=${MY_EMAIL} 32 | labels: 33 | - "traefik.enable=true" 34 | - "traefik.backend=firefly" 35 | - "traefik.frontend.rule=Host:firefly.${DOMAINNAME}" 36 | - "traefik.port=80" 37 | - "traefik.docker.network=traefik_proxy" 38 | - "traefik.frontend.headers.SSLRedirect=true" 39 | - "traefik.frontend.headers.STSSeconds=315360000" 40 | - "traefik.frontend.headers.browserXSSFilter=true" 41 | - "traefik.frontend.headers.contentTypeNosniff=true" 42 | - "traefik.frontend.headers.forceSTSHeader=true" 43 | - "traefik.frontend.headers.SSLHost=firefly.${DOMAINNAME}" 44 | - "traefik.frontend.headers.SSLForceHost=true" 45 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 46 | - "traefik.frontend.headers.STSPreload=true" 47 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 48 | - "traefik.frontend.passHostHeader=true" 49 | - "traefik.frontend.headers.frameDeny=true" 50 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 51 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 52 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 53 | 54 | networks: 55 | traefik_proxy: 56 | external: 57 | name: traefik_proxy 58 | -------------------------------------------------------------------------------- /ymlfiles/firefox.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Firefox 5 | firefox: 6 | container_name: firefox 7 | image: jlesage/firefox 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - ${USERDIR}/docker/firefox:/config 15 | - /dev/shm:/dev/shm 16 | # - /etc/timezone:/etc/timezone:ro 17 | environment: 18 | - USER_ID=${PUID} 19 | - GROUP_ID=${PGID} 20 | - TZ=${TZ} 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=firefox" 24 | - "traefik.frontend.rule=Host:firefox.${DOMAINNAME}" 25 | - "traefik.port=5800" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=firefox.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.frameDeny=true" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: 41 | name: traefik_proxy 42 | -------------------------------------------------------------------------------- /ymlfiles/firefoxsync.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Firefox Sync Server 5 | firefoxsync: 6 | container_name: firefoxsync 7 | image: crazymax/firefox-syncserver 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5000:5000" 13 | volumes: 14 | - ${USERDIR}/docker/firefoxsync:/data 15 | # - /etc/timezone:/etc/timezone:ro 16 | environment: 17 | - TZ=${TZ} 18 | - FF_SYNCSERVER_PUBLIC_URL=https://firefoxsync.${DOMAINNAME} 19 | - FF_SYNCSERVER_SECRET=$FF_SYNCSERVER_SECRET 20 | - FF_SYNCSERVER_ALLOW_NEW_USERS=true 21 | - FF_SYNCSERVER_FORCE_WSGI_ENVIRON=false 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=firefoxsync" 25 | - "traefik.frontend.rule=Host:firefoxsync.${DOMAINNAME}" 26 | - "traefik.port=5000" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=firefoxsync.${DOMAINNAME}" 34 | - "traefik.frontend.headers.SSLForceHost=true" 35 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 36 | - "traefik.frontend.headers.STSPreload=true" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | 39 | networks: 40 | traefik_proxy: 41 | external: 42 | name: traefik_proxy 43 | -------------------------------------------------------------------------------- /ymlfiles/freshrss.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## FreshRSS - RSS Aggregator 5 | freshrss: 6 | container_name: freshrss 7 | image: linuxserver/freshrss 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/freshrss:/config 15 | environment: 16 | - PUID=${PUID} 17 | - PGID=${PGID} 18 | labels: 19 | - "traefik.enable=true" 20 | - "traefik.backend=freshrss" 21 | - "traefik.frontend.rule=Host:freshrss.${DOMAINNAME}" 22 | - "traefik.port=80" 23 | - "traefik.docker.network=traefik_proxy" 24 | - "traefik.frontend.headers.SSLRedirect=true" 25 | - "traefik.frontend.headers.STSSeconds=315360000" 26 | - "traefik.frontend.headers.browserXSSFilter=true" 27 | - "traefik.frontend.headers.contentTypeNosniff=true" 28 | - "traefik.frontend.headers.forceSTSHeader=true" 29 | - "traefik.frontend.headers.SSLHost=freshrss.${DOMAINNAME}" 30 | - "traefik.frontend.headers.SSLForceHost=true" 31 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 32 | - "traefik.frontend.headers.STSPreload=true" 33 | - "traefik.frontend.headers.frameDeny=true" 34 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 35 | 36 | networks: 37 | traefik_proxy: 38 | external: 39 | name: traefik_proxy 40 | -------------------------------------------------------------------------------- /ymlfiles/gitea.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Gitea - Selfhosted Git Service 5 | # To generate SECRET_KEY: 6 | # docker exec -it gitea gitea generate secret SECRET_KEY 7 | gitea: 8 | container_name: gitea 9 | image: gitea/gitea 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - '3000:3000' 15 | # - '2222:22' 16 | volumes: 17 | - ${USERDIR}/docker/gitea:/data 18 | environment: 19 | - USER_UID=1000 20 | - USER_GID=1000 21 | - DB_TYPE=mysql 22 | - DB_HOST=mariadb:3306 23 | - DB_NAME=gitea 24 | - DB_USER=gitea 25 | - DB_PASSWD=${MYSQL_PASSWORD} 26 | - RUN_MODE=prod 27 | # - INSTALL_LOCK=true # Disallow access to the install page. Enable after first sign in 28 | # - SECRET_KEY=”” # Global secret key. This should be changed. If this has a value and INSTALL_LOCK is empty, INSTALL_LOCK will automatically set to true. 29 | # - DISABLE_REGISTRATION=false # Disable registration, after which only admin can create accounts for users. 30 | labels: 31 | - "traefik.enable=true" 32 | - "traefik.backend=gitea" 33 | - "traefik.frontend.rule=Host:gitea.${DOMAINNAME}" 34 | - "traefik.port=3000" 35 | - "traefik.docker.network=traefik_proxy" 36 | - "traefik.frontend.headers.SSLRedirect=true" 37 | - "traefik.frontend.headers.STSSeconds=315360000" 38 | - "traefik.frontend.headers.browserXSSFilter=true" 39 | - "traefik.frontend.headers.contentTypeNosniff=true" 40 | - "traefik.frontend.headers.forceSTSHeader=true" 41 | - "traefik.frontend.headers.SSLHost=gitea.${DOMAINNAME}" 42 | - "traefik.frontend.headers.SSLForceHost=true" 43 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 44 | - "traefik.frontend.headers.STSPreload=true" 45 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 46 | - "traefik.frontend.headers.frameDeny=true" 47 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 48 | # - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 49 | # - "traefik.frontend.auth.forward.trustForwardHeader=true" 50 | 51 | networks: 52 | traefik_proxy: 53 | external: 54 | name: traefik_proxy 55 | -------------------------------------------------------------------------------- /ymlfiles/glances.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Glances - Container and System Monitor 5 | glances: 6 | container_name: glances 7 | image: nicolargo/glances 8 | pid: host 9 | restart: unless-stopped 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "61208:61208" 14 | volumes: 15 | - glances_config:/glances/conf # Use this if you want to add a glances.conf file 16 | - /var/run/docker.sock:/var/run/docker.sock:ro 17 | environment: 18 | - GLANCES_OPT=-w 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=glances" 22 | - "traefik.frontend.rule=Host:glances.$DOMAINNAME" 23 | - "traefik.port=61208" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=glances.$DOMAINNAME" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 35 | - "traefik.frontend.headers.frameDeny=true" 36 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 37 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 38 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 39 | 40 | volumes: 41 | glances_config: 42 | 43 | networks: 44 | traefik_proxy: 45 | external: 46 | name: traefik_proxy 47 | -------------------------------------------------------------------------------- /ymlfiles/grafana.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Follow install instructions below 5 | 6 | ## Telegraf 7 | # Create config file: 8 | # mkdir ${USERDIR}/docker/telegraf 9 | # docker run --rm telegraf -sample-config > ${USERDIR}/docker/telegraf/telegraf.conf 10 | 11 | # Modify config file: 12 | # Edit the config and just enable the Docker portion (uncomment the “[[inputs.docker]]” section until the timeout) 13 | # Under [[outputs.influxdb]] uncomment and change: 14 | # urls = ["http://influxdb:8086"] 15 | # database = "telegraf" 16 | 17 | # Input Plugins: https://docs.influxdata.com/telegraf/v1.9/plugins/inputs/ 18 | # Output Plugins: https://docs.influxdata.com/telegraf/v1.9/plugins/outputs/ 19 | telegraf: 20 | container_name: telegraf 21 | image: ytzelf/telegraf # telegraf # gibletron/telegraf-ipmitool 22 | restart: always 23 | # depends_on: 24 | # - influxdb 25 | privileged: true 26 | network_mode: "container:influxdb" 27 | # network_mode: host 28 | # networks: 29 | # traefik_proxy: 30 | # ipv4_address: 192.168.50.44 31 | # ports: 32 | # - "8125:8125/udp" 33 | volumes: 34 | - /var/run/docker.sock:/var/run/docker.sock 35 | - /dev:/dev 36 | - ${USERDIR}/docker/telegraf/resolv.conf:/etc/resolv.conf:ro 37 | - ${USERDIR}/docker/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro 38 | # - /usr/bin/ipmitool:/usr/bin/ipmitool 39 | - /var/run/utmp:/var/run/utmp 40 | - /proc:/host/proc:ro 41 | - /sys:/host/sys:ro 42 | - /etc:/host/etc:ro 43 | environment: 44 | - HOST_PROC=/host/proc 45 | - HOST_SYS=/host/sys 46 | - HOST_ETC=/host/etc 47 | 48 | ## Grafana - Data Visualizer 49 | # Create file structure: 50 | # mkdir -p ${USERDIR}/docker/grafana/config 51 | # Create config files 52 | # docker run --rm --entrypoint cat grafana/grafana /etc/grafana/grafana.ini > ${USERDIR}/docker/grafana/etc/grafana.ini 53 | # Login: admin / admin 54 | grafana: 55 | container_name: grafana 56 | image: grafana/grafana 57 | restart: always 58 | networks: 59 | traefik_proxy: 60 | ipv4_address: 192.168.1.246 61 | ports: 62 | - "3000:3000" 63 | volumes: 64 | - data_grafana:/var/lib/grafana 65 | - ${USERDIR}/docker/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro 66 | - ${USERDIR}/docker/grafana/log:/var/log/grafana 67 | environment: 68 | # - PGID 69 | # - PUID 70 | # - TZ 71 | - GF_SERVER_ROOT_URL=https://grafana.${DOMAINNAME} 72 | - GF_AUTH_BASIC_ENABLED=false 73 | - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource 74 | labels: 75 | - "traefik.enable=true" 76 | - "traefik.backend=grafana" 77 | - "traefik.frontend.rule=Host:grafana.${DOMAINNAME}" 78 | - "traefik.port=3000" 79 | - "traefik.protocol=http" 80 | - "traefik.docker.network=traefik_proxy" 81 | - "traefik.frontend.headers.SSLRedirect=true" 82 | - "traefik.frontend.headers.STSSeconds=315360000" 83 | - "traefik.frontend.headers.browserXSSFilter=true" 84 | - "traefik.frontend.headers.contentTypeNosniff=true" 85 | - "traefik.frontend.headers.forceSTSHeader=true" 86 | - "traefik.frontend.headers.SSLHost=grafana.${DOMAINNAME}" 87 | - "traefik.frontend.headers.SSLForceHost=true" 88 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 89 | - "traefik.frontend.headers.STSPreload=true" 90 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 91 | - "traefik.frontend.headers.frameDeny=true" 92 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 93 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 94 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 95 | 96 | volumes: 97 | # data_influxdb: 98 | data_grafana: 99 | 100 | networks: 101 | traefik_proxy: 102 | external: 103 | name: traefik_proxy 104 | -------------------------------------------------------------------------------- /ymlfiles/guacamole.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Install instructions: 5 | # Start containers: MariaDB, Guacamole, Guacd (I think this one is optional) 6 | # Run: docker exec -it guacamole cp -R /opt/guacamole/mysql/schema /shared 7 | 8 | # Create Database: 9 | # docker exec -it mariadb mysql -uroot -p 10 | # Replace password (CHANGEME) and run the following scripts to create Database and User "guacamole" 11 | # CREATE DATABASE guacamole CHARACTER SET = utf8 COLLATE = utf8_general_ci; 12 | # CREATE USER 'guacamole' IDENTIFIED BY 'CHANGEME'; 13 | # GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'%'; 14 | # FLUSH PRIVILEGES; 15 | # exit 16 | 17 | # Populate Database: 18 | # Enter MariaDB container: docker exec -it mariadb bash 19 | # Run: cat /shared/schema/*.sql | mysql -u root -p guacamole 20 | 21 | # Navigate to localhost:8080/guacamole or guacamole.${DOMAINNAME}/guacamole 22 | # Login: guacadmin / guacadmin 23 | # Recommended to create a new user and disable/delete guacadmin 24 | 25 | ## Guacd 26 | guacd: 27 | container_name: guacd 28 | image: guacamole/guacd 29 | restart: always 30 | networks: 31 | - traefik_proxy 32 | # ports: 33 | # - "4822:4822" 34 | 35 | # environment: 36 | # - GUACD_LOG_LEVEL=warning 37 | # volumes: 38 | # - /var/lib/guacamole/drive:/drive:rw 39 | # - /var/lib/guacamole/record:/record:rw 40 | # - /etc/localtime:/etc/localtime:ro 41 | 42 | 43 | ## Guacamole 44 | guacamole: 45 | container_name: guacamole 46 | image: guacamole/guacamole 47 | restart: always 48 | networks: 49 | - traefik_proxy 50 | # ports: 51 | # - "8080:8080" 52 | volumes: 53 | - ${USERDIR}/docker/shared:/shared 54 | environment: 55 | - GUACD_HOSTNAME=guacd 56 | - GUACD_PORT=4822 57 | - MYSQL_HOSTNAME=mariadb 58 | - MYSQL_DATABASE=guacamole 59 | - MYSQL_USER=guacamole 60 | - MYSQL_PASSWORD=${MY_PASSWORD} 61 | labels: 62 | - "traefik.enable=true" 63 | - "traefik.backend=guacamole" 64 | - "traefik.frontend.rule=Host:guacamole.${DOMAINNAME};AddPrefix:/guacamole" 65 | - "traefik.port=8080" 66 | - "traefik.docker.network=traefik_proxy" 67 | - "traefik.frontend.headers.SSLRedirect=true" 68 | - "traefik.frontend.headers.STSSeconds=315360000" 69 | - "traefik.frontend.headers.browserXSSFilter=true" 70 | - "traefik.frontend.headers.contentTypeNosniff=true" 71 | - "traefik.frontend.headers.forceSTSHeader=true" 72 | - "traefik.frontend.headers.SSLHost=guacamole.${DOMAINNAME}" 73 | - "traefik.frontend.headers.SSLForceHost=true" 74 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 75 | - "traefik.frontend.headers.STSPreload=true" 76 | - "traefik.frontend.headers.frameDeny=true" 77 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 78 | 79 | networks: 80 | traefik_proxy: 81 | external: 82 | name: traefik_proxy 83 | -------------------------------------------------------------------------------- /ymlfiles/handbrake.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Handbrake - Video Converter 5 | handbrake: 6 | container_name: handbrake 7 | image: jlesage/handbrake 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "XXXX:5800" 13 | volumes: 14 | - ${USERDIR}/docker/handbrake/config:/config:rw 15 | - /mnt/storage:/storage:ro 16 | - ${USERDIR}/docker/handbrake/dwnloads:/downloads:ro 17 | - ${USERDIR}/docker/handbrake/watch:/watch:rw 18 | - ${USERDIR}/docker/handbrake/output:/output:rw 19 | environment: 20 | - USER_ID=${PUID} 21 | - GROUP_ID=${PGID} 22 | - TZ=${TZ} 23 | - UMASK=002 24 | - DISPLAY_WIDTH=1280 25 | - DISPLAY_HEIGHT=768 26 | - AUTOMATED_CONVERSION_PRESET=H.265 MKV 480p30 27 | # - AUTOMATED_CONVERSION_PRESET=H.265 MKV 1080p30 28 | - AUTOMATED_CONVERSION_FORMAT=mkv 29 | labels: 30 | - "traefik.enable=true" 31 | - "traefik.backend=handbrake" 32 | - "traefik.frontend.rule=Host:handbrake.${DOMAINNAME}" 33 | - "traefik.port=5800" 34 | - "traefik.docker.network=traefik_proxy" 35 | - "traefik.frontend.headers.SSLRedirect=true" 36 | - "traefik.frontend.headers.STSSeconds=315360000" 37 | - "traefik.frontend.headers.browserXSSFilter=true" 38 | - "traefik.frontend.headers.contentTypeNosniff=true" 39 | - "traefik.frontend.headers.forceSTSHeader=true" 40 | - "traefik.frontend.headers.SSLHost=handbrake.${DOMAINNAME}" 41 | - "traefik.frontend.headers.SSLForceHost=true" 42 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 43 | - "traefik.frontend.headers.STSPreload=true" 44 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 45 | - "traefik.frontend.headers.frameDeny=true" 46 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 47 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 48 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 49 | 50 | networks: 51 | traefik_proxy: 52 | external: 53 | name: traefik_proxy 54 | -------------------------------------------------------------------------------- /ymlfiles/hass.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Home Assistant - Home Automation Hub 5 | hass: 6 | container_name: hass 7 | image: homeassistant/home-assistant 8 | restart: always 9 | # network_mode: host 10 | privileged: true 11 | networks: 12 | traefik_proxy: 13 | ipv4_address: 192.168.1.238 14 | # ports: 15 | # - "8123:8123" 16 | volumes: 17 | - ${USERDIR}/docker/hass:/config 18 | environment: 19 | - TZ=${TZ} 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.backend=hass" 23 | - "traefik.frontend.rule=Host:hass.${DOMAINNAME}" 24 | - "traefik.port=8123" 25 | - "traefik.docker.network=traefik_proxy" 26 | - "traefik.frontend.headers.SSLRedirect=true" 27 | - "traefik.frontend.headers.STSSeconds=315360000" 28 | - "traefik.frontend.headers.browserXSSFilter=true" 29 | - "traefik.frontend.headers.contentTypeNosniff=true" 30 | - "traefik.frontend.headers.forceSTSHeader=true" 31 | - "traefik.frontend.headers.SSLHost=hass.${DOMAINNAME}" 32 | - "traefik.frontend.headers.SSLForceHost=true" 33 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 34 | - "traefik.frontend.headers.STSPreload=true" 35 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 36 | - "traefik.frontend.headers.frameDeny=true" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: 41 | name: traefik_proxy 42 | -------------------------------------------------------------------------------- /ymlfiles/hddtemp.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Hddtemp 5 | hddtemp: 6 | container_name: hddtemp 7 | image: emilgil/hddtemp 8 | restart: always 9 | privileged: true 10 | networks: 11 | traefik_proxy: 12 | ipv4_address: 192.168.1.245 13 | # ports: 14 | # - "7634:7634" 15 | volumes: 16 | - /dev:/dev 17 | environment: 18 | - TZ=${TZ} 19 | # - HDDTEMP_ARGS="-q -d -F /dev/sd*" 20 | - DRIVES=sd* # [abcdefghijk] 21 | 22 | networks: 23 | traefik_proxy: 24 | external: 25 | name: traefik_proxy 26 | -------------------------------------------------------------------------------- /ymlfiles/headers.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Headers 5 | # curl -k -X PUT -H "Arbitrary:Header" -d aaa=bbb https://headers.$DOMAINNAME/hello-world 6 | headers: 7 | container_name: headers 8 | image: mendhak/http-https-echo 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "80:80" 14 | # - "443:443" 15 | volumes: 16 | - ${USERDIR}/docker/letsencrypt/etc/letsencrypt/live/${DOMAINNAME}/cert.pem:/app/fullchain.pem 17 | - ${USERDIR}/docker/letsencrypt/etc/letsencrypt/live/${DOMAINNAME}/privkey.pem:/app/privkey.pem 18 | labels: 19 | - "traefik.enable=true" 20 | - "traefik.backend=headers" 21 | - "traefik.frontend.rule=Host:headers.${DOMAINNAME}" 22 | - "traefik.port=443" 23 | - "traefik.protocol=https" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=headers.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 35 | - "traefik.frontend.headers.frameDeny=true" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: 40 | name: traefik_proxy 41 | -------------------------------------------------------------------------------- /ymlfiles/healthchecks.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Healthchecks - Cron Monitor 5 | # Need to manually add "ALLOWED_HOSTS, SECRET_KEY, and REGISTRATION_OPEN" to bottom of local_settings file 6 | # Additional config settings here: 7 | # https://github.com/healthchecks/healthchecks 8 | healthchecks: 9 | container_name: healthchecks 10 | image: linuxserver/healthchecks 11 | restart: always 12 | networks: 13 | - traefik_proxy 14 | ports: 15 | - "8000:8000" 16 | volumes: 17 | - ${USERDIR}/docker/healthchecks:/config 18 | environment: 19 | - PUID=${PUID} 20 | - PGID=${PGID} 21 | # - TZ=${TZ} 22 | - SITE_ROOT=https://healthchecks.${DOMAINNAME} 23 | - SITE_NAME=healthchecks 24 | - DEFAULT_FROM_EMAIL=${MY_EMAIL} 25 | - EMAIL_HOST=smtp.gmail.com 26 | - EMAIL_PORT=587 27 | - EMAIL_HOST_USER=${MY_EMAIL} 28 | - EMAIL_HOST_PASSWORD=${MY_PASSWORD} 29 | - EMAIL_USE_TLS=True 30 | ## - ALLOWED_HOSTS = ["*"] # healthchecks.${DOMAINNAME},https://healthchecks.${DOMAINNAME} 31 | ## - SECRET_KEY = "${SECRET_KEY}" 32 | ## - REGISTRATION_OPEN = "True" 33 | labels: 34 | - "traefik.enable=true" 35 | - "traefik.backend=healthchecks" 36 | - "traefik.frontend.rule=Host:healthchecks.${DOMAINNAME}" 37 | - "traefik.port=8000" 38 | - "traefik.docker.network=traefik_proxy" 39 | - "traefik.frontend.headers.SSLRedirect=true" 40 | - "traefik.frontend.headers.STSSeconds=315360000" 41 | - "traefik.frontend.headers.browserXSSFilter=true" 42 | - "traefik.frontend.headers.contentTypeNosniff=true" 43 | - "traefik.frontend.headers.forceSTSHeader=true" 44 | - "traefik.frontend.headers.SSLHost=healthchecks.${DOMAINNAME}" 45 | - "traefik.frontend.headers.SSLForceHost=true" 46 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 47 | - "traefik.frontend.headers.STSPreload=true" 48 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 49 | - "traefik.frontend.headers.frameDeny=true" 50 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 51 | 52 | networks: 53 | traefik_proxy: 54 | external: 55 | name: traefik_proxy 56 | -------------------------------------------------------------------------------- /ymlfiles/heimdall.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Heimdall - Homepage 5 | heimdall: 6 | container_name: heimdall 7 | image: linuxserver/heimdall 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | # - "443:443" 14 | volumes: 15 | - ${USERDIR}/docker/heimdall:/config 16 | environment: 17 | - PUID=${PUID} 18 | - PGID=${PGID} 19 | - TZ=${TZ} 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.backend=heimdall" 23 | - "traefik.frontend.rule=Host:heimdall.${DOMAINNAME}" 24 | - "traefik.port=443" 25 | - "traefik.protocol=https" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=heimdall.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 40 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/homedash.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## HomeDash - Homepage 5 | # SALT is a random string of characters: 6 | # openssl rand -base64 48 7 | homedash: 8 | container_name: homedash 9 | image: gonzague/homedash 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "4567:4567" 15 | volumes: 16 | - /etc/localtime:/etc/localtime:ro 17 | - ${USERDIR}/docker/homedash:/data 18 | environment: 19 | - UID=${PUID} 20 | - GID=${PGID} 21 | - SALT=${SALT} 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=homedash" 25 | - "traefik.frontend.rule=Host:homedash.${DOMAINNAME}" 26 | - "traefik.port=4567" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=homedash.${DOMAINNAME}" 34 | - "traefik.frontend.headers.SSLForceHost=true" 35 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 36 | - "traefik.frontend.headers.STSPreload=true" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | 40 | networks: 41 | traefik_proxy: 42 | external: 43 | name: traefik_proxy 44 | -------------------------------------------------------------------------------- /ymlfiles/influxdb.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Follow install instructions below 5 | 6 | ## InfluxDB 7 | # Create config file: 8 | # mkdir ${USERDIR}/docker/influxdb 9 | # docker run --rm influxdb influxd config > ${USERDIR}/docker/influxdb/influxdb.conf 10 | # Consider adding a database (optional) 11 | influxdb: 12 | container_name: influxdb 13 | image: influxdb 14 | restart: always 15 | network_mode: host 16 | # networks: 17 | # traefik_proxy: 18 | # ipv4_address: 192.168.50.40 19 | # ports: 20 | # - "8086:8086" 21 | # - "8083:8083" 22 | volumes: 23 | - data_influxdb:/var/lib/influxdb 24 | - ${USERDIR}/docker/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro 25 | # environment: 26 | # - TZ 27 | # - INFLUXDB_CONFIG_PATH=/etc/influxdb/influxdb.conf 28 | # - INFLUXDB_DB=influx 29 | # - INFLUXDB_ADMIN_USER=influx 30 | # - INFLUXDB_ADMIN_PASSWORD=${MYSQL_PASSWORD} 31 | # - INFLUXDB_USER=telegraf 32 | # - INFLUXDB_USER_PASSWORD=${MYSQL_PASSWORD} 33 | 34 | volumes: 35 | data_influxdb: 36 | 37 | #networks: 38 | # traefik_proxy: 39 | # external: 40 | # name: traefik_proxy 41 | -------------------------------------------------------------------------------- /ymlfiles/ipmitool.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## IPMI Tool 5 | ipmitool: 6 | container_name: ipmitool 7 | image: kfox1111/ipmitool 8 | restart: always 9 | privileged: true 10 | networks: 11 | traefik_proxy: 12 | ipv4_address: 192.168.50.43 13 | ports: 14 | - "7634:7634" 15 | # - "443:443" 16 | # volumes: 17 | # - ${USERDIR}/docker/ipmitool/ipmitool:/usr/bin/ipmitool 18 | environment: 19 | - TZ=${TZ} 20 | 21 | networks: 22 | traefik_proxy: 23 | external: 24 | name: traefik_proxy 25 | -------------------------------------------------------------------------------- /ymlfiles/jackett.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Jackett – Torrent Proxy 5 | jackett: 6 | container_name: jackett 7 | image: linuxserver/jackett 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - "9117:9117" 13 | volumes: 14 | - ${USERDIR}/dwnloads/sonarr:/downloads 15 | - ${USERDIR}/docker/jackett:/config 16 | environment: 17 | - PUID=${PUID} 18 | - PGID=${PGID} 19 | - TZ=${TZ} 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.backend=jackett" 23 | - "traefik.frontend.rule=Host:jackett.${DOMAINNAME}" 24 | - "traefik.port=9117" 25 | - "traefik.docker.network=traefik_proxy" 26 | - "traefik.frontend.headers.SSLRedirect=true" 27 | - "traefik.frontend.headers.STSSeconds=315360000" 28 | - "traefik.frontend.headers.browserXSSFilter=true" 29 | - "traefik.frontend.headers.contentTypeNosniff=true" 30 | - "traefik.frontend.headers.forceSTSHeader=true" 31 | - "traefik.frontend.headers.SSLHost=jackett.${DOMAINNAME}" 32 | - "traefik.frontend.headers.SSLForceHost=true" 33 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 34 | - "traefik.frontend.headers.STSPreload=true" 35 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 36 | - "traefik.frontend.headers.frameDeny=true" 37 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 38 | # - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 39 | # - "traefik.frontend.auth.forward.trustForwardHeader=true" 40 | 41 | networks: 42 | traefik_proxy: 43 | external: 44 | name: traefik_proxy 45 | -------------------------------------------------------------------------------- /ymlfiles/jdownloader.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## JDownloader – Download Manager 5 | jdownloader: 6 | container_name: jdownloader 7 | image: jlesage/jdownloader-2 8 | restart: always 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.1.247 12 | # - traefik_proxy 13 | # ports: 14 | # - "XXXX:5800" 15 | # - "XXXX:5900" 16 | # - "XXXX:3129" 17 | volumes: 18 | - ${USERDIR}/dwnloads/jdown:/output 19 | - /mnt/storage/music/music:/music 20 | - ${USERDIR}/docker/jdownloader:/config 21 | environment: 22 | - USER_ID=${PUID} 23 | - GROUP_ID=${PGID} 24 | - TZ=${TZ} 25 | - UMASK_SET=002 26 | - DISPLAY_WIDTH=1280 27 | - DISPLAY_HEIGHT=768 28 | - KEEP_APP_RUNNING=1 29 | # - VNC_PASSWORD=$MY_PASSWORD 30 | labels: 31 | - "traefik.enable=true" 32 | - "traefik.backend=jdownloader" 33 | - "traefik.frontend.rule=Host:jdownloader.${DOMAINNAME}" 34 | - "traefik.port=5800" 35 | - "traefik.docker.network=traefik_proxy" 36 | - "traefik.frontend.headers.SSLRedirect=true" 37 | - "traefik.frontend.headers.STSSeconds=315360000" 38 | - "traefik.frontend.headers.browserXSSFilter=true" 39 | - "traefik.frontend.headers.contentTypeNosniff=true" 40 | - "traefik.frontend.headers.forceSTSHeader=true" 41 | - "traefik.frontend.headers.SSLHost=jdownloader.${DOMAINNAME}" 42 | - "traefik.frontend.headers.SSLForceHost=true" 43 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 44 | - "traefik.frontend.headers.STSPreload=true" 45 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 46 | - "traefik.frontend.headers.frameDeny=true" 47 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 48 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 49 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 50 | 51 | networks: 52 | traefik_proxy: 53 | external: 54 | name: traefik_proxy 55 | -------------------------------------------------------------------------------- /ymlfiles/jellyfin.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Jellyfin - Media Server 5 | jellyfin: 6 | container_name: jellyfin 7 | image: linuxserver/jellyfin 8 | restart: always 9 | devices: 10 | - /dev/dri:/dev/dri 11 | networks: 12 | - traefik_proxy 13 | ports: 14 | - "8097:8096" 15 | - "8921:8920" 16 | volumes: 17 | - /mnt/storage/movies:/MOVIES:ro 18 | - /mnt/storage/tv:/TVSHOWS:ro 19 | - /mnt/storage/concerts:/CONCERTS:ro 20 | - ${USERDIR}/docker/jellyfin:/config 21 | environment: 22 | - PUID=${PUID} 23 | - PGID=${PGID} 24 | - TZ=${TZ} 25 | - UMASK_SET=022 26 | labels: 27 | - "traefik.enable=true" 28 | - "traefik.backend=jellyfin" 29 | - "traefik.frontend.rule=Host:jellyfin.${DOMAINNAME}" 30 | - "traefik.port=8096" 31 | - "traefik.docker.network=traefik_proxy" 32 | - "traefik.frontend.headers.SSLRedirect=true" 33 | - "traefik.frontend.headers.STSSeconds=315360000" 34 | - "traefik.frontend.headers.browserXSSFilter=true" 35 | - "traefik.frontend.headers.contentTypeNosniff=true" 36 | - "traefik.frontend.headers.forceSTSHeader=true" 37 | - "traefik.frontend.headers.SSLHost=jellyfin.${DOMAINNAME}" 38 | - "traefik.frontend.headers.SSLForceHost=true" 39 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 40 | - "traefik.frontend.headers.STSPreload=true" 41 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 42 | - "traefik.frontend.headers.frameDeny=true" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/jirafeau.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Jirafeau – File Share 5 | jirafeau: 6 | container_name: jirafeau 7 | image: evanhoucke/jirafeau 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/jirafeau:/data 15 | labels: 16 | - "traefik.enable=true" 17 | - "traefik.backend=jirafeau" 18 | - "traefik.frontend.rule=Host:jirafeau.${DOMAINNAME}" 19 | - "traefik.port=80" 20 | - "traefik.docker.network=traefik_proxy" 21 | # - "traefik.frontend.headers.SSLRedirect=true" 22 | # - "traefik.frontend.headers.STSSeconds=315360000" 23 | # - "traefik.frontend.headers.browserXSSFilter=true" 24 | # - "traefik.frontend.headers.contentTypeNosniff=true" 25 | # - "traefik.frontend.headers.forceSTSHeader=true" 26 | # - "traefik.frontend.headers.SSLHost=jirafeau.${DOMAINNAME}" 27 | # - "traefik.frontend.headers.SSLForceHost=true" 28 | # - "traefik.frontend.headers.STSIncludeSubdomains=true" 29 | # - "traefik.frontend.headers.STSPreload=true" 30 | # - "traefik.frontend.headers.frameDeny=true" 31 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 32 | 33 | networks: 34 | traefik_proxy: 35 | external: 36 | name: traefik_proxy 37 | -------------------------------------------------------------------------------- /ymlfiles/kanboard.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## I changed the sqlite db to mysql. First create the database: 5 | # docker exec -it mariadb mysql -uroot -p 6 | # CREATE DATABASE kanboard CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 7 | # CREATE USER 'kanboard' IDENTIFIED BY 'CHANGEME'; 8 | # GRANT ALTER, CREATE, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, UPDATE ON kanboard.* TO 'kanboard'@'kanboard.traefik_proxy'IDENTIFIED BY 'CHANGEME'; 9 | # FLUSH PRIVILEGES; 10 | # exit 11 | 12 | ## Create custom config: 13 | # mkdir ${USERDIR}/docker/kanboard 14 | # docker run --rm --entrypoint cat kanboard/kanboard /var/www/app/config.default.php > ${USERDIR}/docker/kanboard/config.php 15 | 16 | ## Change the following parameters in the 17 | # ('DB_DRIVER', 'mysql') 18 | # ('DB_USERNAME', 'kanboard') 19 | # ('DB_PASSWORD', 'CHANGEME') 20 | # ('DB_HOSTNAME', 'mariadb') 21 | # ('DB_PORT', '3306') 22 | 23 | ## Start kanboard 24 | 25 | ## Kanboard - Project Management Software 26 | # Login: admin / admin 27 | kanboard: 28 | container_name: kanboard 29 | image: kanboard/kanboard 30 | restart: always 31 | external_links: 32 | - mariadb 33 | networks: 34 | - traefik_proxy 35 | # ports: 36 | # - "80:80" 37 | # - "443:443" 38 | volumes: 39 | - kanboard_plugins:/var/www/app/plugins 40 | - kanboard_ssl:/etc/nginx/ssl 41 | - ${USERDIR}/docker/kanboard/config.php:/var/www/app/config.php 42 | # environment: 43 | # - REVERSE_PROXY_DEFAULT_DOMAIN=http://kanboard.${DOMAINNAME} 44 | labels: 45 | - "traefik.enable=true" 46 | - "traefik.backend=kanboard" 47 | - "traefik.frontend.rule=Host:kanboard.${DOMAINNAME}" 48 | - "traefik.port=443" 49 | - "traefik.protocol=https" 50 | - "traefik.docker.network=traefik_proxy" 51 | - "traefik.frontend.headers.SSLRedirect=true" 52 | - "traefik.frontend.headers.STSSeconds=315360000" 53 | - "traefik.frontend.headers.browserXSSFilter=true" 54 | - "traefik.frontend.headers.contentTypeNosniff=true" 55 | - "traefik.frontend.headers.forceSTSHeader=true" 56 | - "traefik.frontend.headers.SSLHost=kanboard.${DOMAINNAME}" 57 | - "traefik.frontend.headers.SSLForceHost=true" 58 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 59 | - "traefik.frontend.headers.STSPreload=true" 60 | - "traefik.frontend.passHostHeader=true" 61 | - "traefik.frontend.headers.frameDeny=true" 62 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 63 | 64 | volumes: 65 | kanboard_plugins: 66 | kanboard_ssl: 67 | 68 | networks: 69 | traefik_proxy: 70 | external: 71 | name: traefik_proxy 72 | -------------------------------------------------------------------------------- /ymlfiles/keycloak.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## KeyCloak 5 | 6 | # docker exec -it mariadb mysql -uroot -p 7 | # CREATE DATABASE keycloak CHARACTER SET = utf8 COLLATE = utf8_general_ci; 8 | # GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'keycloak.traefik_proxy'IDENTIFIED BY ''; 9 | # FLUSH PRIVILEGES; 10 | # exit 11 | 12 | keycloak: 13 | container_name: keycloak 14 | image: jboss/keycloak 15 | restart: always 16 | networks: 17 | - traefik_proxy 18 | ports: 19 | - '8111:8080' 20 | environment: 21 | - DB_VENDOR=mysql 22 | - DB_ADDR=mariadb 23 | - DB_DATABASE=keycloak 24 | - DB_USER=keycloak 25 | - DB_PASSWORD=${MY_PASSWORD} 26 | # - KEYCLOAK_USER= ## Commented out after initial setup 27 | # - KEYCLOAK_PASSWORD= ## Commented out after initial setup 28 | # - PROXY_ADDRESS_FORWARDING=true 29 | # - KEYCLOAK_HOSTNAME=keycloak.${DOMAINNAME} 30 | labels: 31 | - "traefik.enable=true" 32 | - "traefik.backend=keycloak" 33 | - "traefik.frontend.rule=Host:keycloak.${DOMAINNAME}" 34 | - "traefik.port=8080" 35 | - "traefik.docker.network=traefik_proxy" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: 40 | name: traefik_proxy 41 | -------------------------------------------------------------------------------- /ymlfiles/kodi.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Kodi Headless Media Database 5 | kodi: 6 | container_name: kodi 7 | image: linuxserver/kodi-headless 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - "4321:8080" 13 | - "9090:9090" 14 | - "9777:9777/udp" 15 | volumes: 16 | # - /mnt/storage/movies:/MOVIES:ro 17 | # - /mnt/storage/tv:/TVSHOWS:ro 18 | # - /mnt/storage/concerts:/CONCERTS:ro 19 | # - /mnt/storage/music/music:/music:ro 20 | - ${USERDIR}/docker/kodi:/config/.kodi 21 | environment: 22 | - PUID=${PUID} 23 | - PGID=${PGID} 24 | - TZ=${TZ} 25 | 26 | networks: 27 | traefik_proxy: 28 | external: 29 | name: traefik_proxy 30 | -------------------------------------------------------------------------------- /ymlfiles/krusader.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Krusader - File Browser 5 | # Click vnc.html 6 | # Documents available at ${USERDIR} 7 | krusader: 8 | container_name: krusader 9 | image: binhex/arch-krusader 10 | restart: always 11 | privileged: "true" 12 | networks: 13 | - traefik_proxy 14 | # ports: 15 | # - "5900:5900" 16 | # - "6080:6080" 17 | volumes: 18 | - /etc/localtime:/etc/localtime:ro 19 | - krusader_config:/config/ 20 | - /:${USERDIR}:ro 21 | environment: 22 | - PUID=${PUID} 23 | - PGID=${PGID} 24 | - TEMP_FOLDER=/config/temp 25 | - VNC_PASSWORD=${MY_PASSWORD} 26 | - UMASK=002 27 | labels: 28 | - "traefik.enable=true" 29 | - "traefik.backend=krusader" 30 | - "traefik.frontend.rule=Host:krusader.${DOMAINNAME}" 31 | - "traefik.port=6080" 32 | - "traefik.docker.network=traefik_proxy" 33 | - "traefik.frontend.headers.SSLRedirect=true" 34 | - "traefik.frontend.headers.STSSeconds=315360000" 35 | - "traefik.frontend.headers.browserXSSFilter=true" 36 | - "traefik.frontend.headers.contentTypeNosniff=true" 37 | - "traefik.frontend.headers.forceSTSHeader=true" 38 | - "traefik.frontend.headers.SSLHost=krusader.${DOMAINNAME}" 39 | - "traefik.frontend.headers.SSLForceHost=true" 40 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 41 | - "traefik.frontend.headers.STSPreload=true" 42 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 43 | - "traefik.frontend.passHostHeader=true" 44 | - "traefik.frontend.headers.frameDeny=true" 45 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 46 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 47 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 48 | 49 | volumes: 50 | krusader_config: 51 | 52 | networks: 53 | traefik_proxy: 54 | external: 55 | name: traefik_proxy 56 | -------------------------------------------------------------------------------- /ymlfiles/leanote.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## LeaNote - Note App 5 | # https://github.com/axboy/docker-leanote/blob/master/README-EN.md 6 | ## To Install: 7 | # 1. Start LeaNote and MongoDB Containers 8 | # 2. Edit app.conf file in config folder: 9 | # sudo nano ${USERDIR}/docker/leanote/config/app.conf 10 | # Change site.url (https://leanote.${DOMAINNAME}), db.host=mongo, and change some of the values in the "app.secret", but keep the length the same. Save app.conf file. 11 | # 3. Import LeaNote data to MongoDB: 12 | # docker exec -it leanote mongorestore -h mongo -d leanote --dir /data/leanote/mongodb_backup/leanote_install_data 13 | leanote: 14 | container_name: leanote 15 | image: axboy/leanote 16 | restart: always 17 | networks: 18 | - traefik_proxy 19 | # ports: 20 | # - "9000:9000" 21 | volumes: 22 | - ${USERDIR}/docker/leanote/config/:/data/leanote/conf 23 | - ${USERDIR}/docker/leanote/files:/data/leanote/files 24 | - ${USERDIR}/docker/leanote/upload:/data/leanote/public/upload 25 | - /etc/localtime:/etc/localtime:ro 26 | labels: 27 | - "traefik.enable=true" 28 | - "traefik.backend=leanote" 29 | - "traefik.frontend.rule=Host:leanote.${DOMAINNAME}" 30 | - "traefik.port=9000" 31 | - "traefik.docker.network=traefik_proxy" 32 | - "traefik.frontend.headers.SSLRedirect=true" 33 | - "traefik.frontend.headers.STSSeconds=315360000" 34 | - "traefik.frontend.headers.browserXSSFilter=true" 35 | - "traefik.frontend.headers.contentTypeNosniff=true" 36 | - "traefik.frontend.headers.forceSTSHeader=true" 37 | - "traefik.frontend.headers.SSLHost=leanote.${DOMAINNAME}" 38 | - "traefik.frontend.headers.SSLForceHost=true" 39 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 40 | - "traefik.frontend.headers.STSPreload=true" 41 | - "traefik.frontend.headers.frameDeny=true" 42 | 43 | networks: 44 | traefik_proxy: 45 | external: 46 | name: traefik_proxy 47 | -------------------------------------------------------------------------------- /ymlfiles/letsencrypt.yml: -------------------------------------------------------------------------------- 1 | services: 2 | 3 | ## LetsEncrypt - Certificates 4 | # Generate .htpasswd files 5 | # If you wish to hide your site from search engine crawlers, you may find it useful to add this configuration line to your site config, within the server block, above the line where ssl.conf is included add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; 6 | ## docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd 7 | letsencrypt: 8 | container_name: letsencrypt 9 | image: linuxserver/letsencrypt 10 | restart: always 11 | cap_add: 12 | - NET_ADMIN 13 | networks: 14 | - traefik_proxy 15 | # ports: 16 | # - "80:80" 17 | # - "443:443" 18 | volumes: 19 | - ${USERDIR}/docker/letsencrypt:/config 20 | environment: 21 | - PUID=${PUID} 22 | - PGID=${PGID} 23 | - TZ=${TZ} 24 | - URL=${DOMAINNAME} 25 | - SUBDOMAINS=wildcard 26 | - VALIDATION=dns 27 | - DNSPLUGIN=cloudflare 28 | - EMAIL=$MY_EMAIL 29 | - DHLEVEL=2048 30 | - STAGING=false #true 31 | labels: 32 | - "traefik.enable=true" 33 | - "traefik.port=443" 34 | - "traefik.docker.network=traefik_proxy" 35 | 36 | networks: 37 | traefik_proxy: 38 | external: 39 | name: traefik_proxy 40 | -------------------------------------------------------------------------------- /ymlfiles/lms.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Logitech Media Server - Music Server 5 | # Login: admin / admin 6 | ## If you want to use a MySQL database: 7 | # Create a database: 8 | # docker exec -it mariadb mysql -uroot -p 9 | # CREATE DATABASE airsonic CHARACTER SET = utf8 COLLATE = utf8_general_ci; 10 | # GRANT ALL PRIVILEGES ON airsonic.* TO 'airsonic'@'airsonic.traefik_proxy'IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | # Create an "airsonic.properties" file in your config folder and paste the following (change password): 14 | # DatabaseMysqlMaxlength=512 15 | # DatabaseConfigType=EMBED 16 | # DatabaseConfigEmbedDriver=com.mysql.jdbc.Driver 17 | # DatabaseConfigEmbedPassword=CHANGEME 18 | # DatabaseConfigEmbedUrl=jdbc:mysql://mariadb:3306/airsonic?sessionVariables=sql_mode=ANSI_QUOTES 19 | # DatabaseConfigEmbedUsername=airsonic 20 | # DatabaseUsertableQuote= 21 | lms: 22 | container_name: lms 23 | image: snoopy86/logitechmediaserver 24 | restart: always 25 | networks: 26 | - traefik_proxy 27 | ports: 28 | - "9000:9000" 29 | - "9090:9090" 30 | - "3483:3483" 31 | - "3483:3483/udp" 32 | - "5353:5353/udp" 33 | - "9005:9005" 34 | - "38863:38863" 35 | - "46960:46960" 36 | volumes: 37 | - /mnt/storage/music/music:/music:ro 38 | - ${USERDIR}/docker/lms:/config 39 | - /var/run/dbus:/var/run/dbus:rw 40 | - /etc/timezone:/etc/timezone:ro 41 | - /etc/localtime:/etc/localtime:ro 42 | environment: 43 | - PUID=${PUID} 44 | - PGID=${PGID} 45 | - JAVA_OPTS=-Dserver.use-forward-headers=true 46 | labels: 47 | - "traefik.enable=true" 48 | - "traefik.backend=lms" 49 | - "traefik.frontend.rule=Host:lms.${DOMAINNAME}" 50 | - "traefik.port=4040" 51 | - "traefik.docker.network=traefik_proxy" 52 | - "traefik.frontend.headers.SSLRedirect=true" 53 | - "traefik.frontend.headers.STSSeconds=315360000" 54 | - "traefik.frontend.headers.browserXSSFilter=true" 55 | - "traefik.frontend.headers.contentTypeNosniff=true" 56 | - "traefik.frontend.headers.forceSTSHeader=true" 57 | - "traefik.frontend.headers.SSLHost=lms.${DOMAINNAME}" 58 | - "traefik.frontend.headers.SSLForceHost=true" 59 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 60 | - "traefik.frontend.headers.STSPreload=true" 61 | - "traefik.frontend.headers.customFrameOptionsValue=SAMEORIGIN" 62 | 63 | networks: 64 | traefik_proxy: 65 | external: 66 | name: traefik_proxy 67 | -------------------------------------------------------------------------------- /ymlfiles/logarr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Logarr - Log Consolidation Tool 5 | logarr: 6 | container_name: logarr 7 | image: monitorr/logarr-alpha 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/logarr:/config 15 | - /var/log/docker:/var/log/logarrlogs 16 | environment: 17 | - TZ=${TZ} 18 | labels: 19 | - "traefik.enable=true" 20 | - "traefik.backend=logarr" 21 | - "traefik.frontend.rule=Host:logarr.${DOMAINNAME}" 22 | - "traefik.port=80" 23 | - "traefik.docker.network=traefik_proxy" 24 | - "traefik.frontend.headers.SSLRedirect=true" 25 | - "traefik.frontend.headers.STSSeconds=315360000" 26 | - "traefik.frontend.headers.browserXSSFilter=true" 27 | - "traefik.frontend.headers.contentTypeNosniff=true" 28 | - "traefik.frontend.headers.forceSTSHeader=true" 29 | - "traefik.frontend.headers.SSLHost=logarr.${DOMAINNAME}" 30 | - "traefik.frontend.headers.SSLForceHost=true" 31 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 32 | - "traefik.frontend.headers.STSPreload=true" 33 | - "traefik.frontend.headers.frameDeny=true" 34 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 35 | 36 | networks: 37 | traefik_proxy: 38 | external: 39 | name: traefik_proxy 40 | -------------------------------------------------------------------------------- /ymlfiles/lychee.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Lychee - Photo Server 5 | lychee: 6 | container_name: lychee 7 | image: linuxserver/lychee 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/Lychee:/pictures 15 | - /etc/localtime:/etc/localtime:ro 16 | - ${USERDIR}/docker/lychee:/config 17 | environment: 18 | - PUID=${PUID} 19 | - PGID=${PGID} 20 | - TZ=${TZ} 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=lychee" 24 | - "traefik.frontend.rule=Host:lychee.${DOMAINNAME}" 25 | - "traefik.port=80" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=lychee.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.frameDeny=true" 37 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 38 | 39 | networks: 40 | traefik_proxy: 41 | external: 42 | name: traefik_proxy 43 | -------------------------------------------------------------------------------- /ymlfiles/mailu.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Mailu - Mail Server 5 | # mkdir ${USERDIR}/docker/mailu 6 | # Run setup utility: https://setup.mailu.io/ 7 | # docker run --rm --entrypoint cat tomsquest/docker-radicale /config/config > ${USERDIR}/docker/radicale/config 8 | mailu: 9 | container_name: mailu 10 | image: mailu/radicale 11 | restart: always 12 | networks: 13 | - traefik_proxy 14 | # ports: 15 | # - "5232:5232" 16 | volumes: 17 | - ${USERDIR}/docker/mailu/data:/data 18 | - ${USERDIR}/docker/mailu/config:/config/config 19 | environment: 20 | - UID=${PUID} 21 | - GID=${PGID} 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=mailu" 25 | - "traefik.frontend.rule=Host:mailu.${DOMAINNAME}" 26 | - "traefik.port=5232" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=${DOMAINNAME}" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.frameDeny=true" 37 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 38 | 39 | networks: 40 | traefik_proxy: 41 | external: 42 | name: traefik_proxy 43 | -------------------------------------------------------------------------------- /ymlfiles/mariadb.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Mariadb – Database Server 5 | 6 | ## Suggested procedure to create new databases: 7 | ## Replace 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON .* TO ''@'.traefik_proxy' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | ## Add/modify the following in your $USERDIR/mariadb/custom.cnf file to help with Nextcloud, Gitea, etc. 15 | ## https://www.reddit.com/r/mariadb/comments/9t3dku/innodb_issue_with_latest_mariadb/ 16 | ## For a complete list of available options: docker run -it --rm mariadb --verbose --help 17 | ## Also: https://github.com/wodby/mariadb 18 | # character-set-server=utf8mb4 19 | # collation-server = utf8mb4_unicode_ci 20 | # innodb_file_format = Barracuda 21 | ## Check character_set_server with: 22 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 23 | # SHOW VARIABLES LIKE 'character_set_server'; 24 | # exit 25 | 26 | ## Delete test and default databases and secure MySQL: 27 | # docker exec -it mariadb /usr/bin/mysql_secure_installation 28 | 29 | mariadb: 30 | container_name: mariadb 31 | image: linuxserver/mariadb 32 | restart: always 33 | networks: 34 | - traefik_proxy 35 | # ports: 36 | # - "3306:3306" 37 | # command: > 38 | volumes: 39 | - ${USERDIR}/docker/mariadb2:/config 40 | - /etc/localtime:/etc/localtime:ro 41 | environment: 42 | - PUID=${PUID} 43 | - PGID=${PGID} 44 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 45 | - CHARACTER_SET_SERVER=utf8mb4 46 | - COLLATION_SERVER=utf8mb4_unicode_ci 47 | - INNODB_FILE_FORMAT=Barracuda 48 | 49 | ## phpMyAdmin - WebUI for MariaDB 50 | phpmyadmin: 51 | container_name: phpmyadmin 52 | image: phpmyadmin/phpmyadmin 53 | restart: always 54 | depends_on: 55 | - mariadb 56 | networks: 57 | - traefik_proxy 58 | # ports: 59 | # - "80:80" 60 | environment: 61 | # - PMA_ARBITRARY=1 # Allows you to enter a database server hostname on login form 62 | - PMA_HOST=mariadb 63 | - PMA_USER=root 64 | - PMA_PASSWORD=${MYSQL_ROOT_PASSWORD} 65 | - PMA_ABSOLUTE_URI=https://phpmyadmin.${DOMAINNAME}/ 66 | labels: 67 | - "traefik.enable=true" 68 | - "traefik.backend=phpmyadmin" 69 | - "traefik.frontend.rule=Host:phpmyadmin.${DOMAINNAME}" 70 | - "traefik.port=80" 71 | - "traefik.docker.network=traefik_proxy" 72 | - "traefik.frontend.headers.SSLRedirect=true" 73 | - "traefik.frontend.headers.STSSeconds=315360000" 74 | - "traefik.frontend.headers.browserXSSFilter=true" 75 | - "traefik.frontend.headers.contentTypeNosniff=true" 76 | - "traefik.frontend.headers.forceSTSHeader=true" 77 | - "traefik.frontend.headers.SSLHost=phpmyadmin.${DOMAINNAME}" 78 | - "traefik.frontend.headers.SSLForceHost=true" 79 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 80 | - "traefik.frontend.headers.STSPreload=true" 81 | - "traefik.frontend.headers.frameDeny=true" 82 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 83 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 84 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 85 | - "traefik.frontend.auth.headerField=X-Forwarded-User" 86 | 87 | networks: 88 | traefik_proxy: 89 | external: 90 | name: traefik_proxy 91 | -------------------------------------------------------------------------------- /ymlfiles/mariadb_official.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Mariadb – Database Server 5 | 6 | ## Suggested procedure to create new databases: 7 | ## Replace 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON .* TO ''@'.traefik_proxy' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | ## Some resources for why these commands are chosen: 15 | ## utf8mb4 is the most universal and up to date character set allowing for emojis among other benefits 16 | ## utf8mb4_unicode_ci is the "standard" database type while general_ci is a simplified version which tried to improve speed before modern computing. I believe there is little to no benefit to use the simpler version. 17 | ## https://docs.nextcloud.com/server/16/admin_manual/configuration_database/mysql_4byte_support.html 18 | ## For a complete list of available options: docker run -it --rm mariadb --verbose --help 19 | ## Check your global database variables, for example character_set_server with: 20 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 21 | # SHOW VARIABLES LIKE 'character_set_server'; 22 | # SHOW VARIABLES LIKE '%server%'; 23 | # exit 24 | 25 | ## Delete the initial test and default databases and secure MySQL: 26 | # docker exec -it mariadb /usr/bin/mysql_secure_installation 27 | 28 | mariadb: 29 | container_name: mariadb 30 | image: mariadb:10.4 31 | restart: always 32 | networks: 33 | - traefik_proxy 34 | command: > 35 | --character-set-server=utf8mb4 36 | --collation-server=utf8mb4_unicode_ci 37 | --innodb-file-format=Barracuda 38 | --innodb-file-per-table=1 39 | # ports: 40 | # - "3306:3306" 41 | volumes: 42 | - $USERDIR/docker/mariadb:/var/lib/mysql 43 | - /etc/localtime:/etc/localtime:ro 44 | environment: 45 | - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD 46 | 47 | ## phpMyAdmin - WebUI for MariaDB 48 | 49 | phpmyadmin: 50 | container_name: phpmyadmin 51 | image: phpmyadmin/phpmyadmin 52 | restart: always 53 | depends_on: 54 | - mariadb 55 | networks: 56 | - traefik_proxy 57 | # ports: 58 | # - "80:80" 59 | environment: 60 | # - PMA_ARBITRARY=1 # Allows you to enter a database server hostname on login form 61 | - PMA_HOST=mariadb 62 | - PMA_USER=root 63 | - PMA_PASSWORD=${MYSQL_ROOT_PASSWORD} 64 | - PMA_ABSOLUTE_URI=https://phpmyadmin.${DOMAINNAME}/ 65 | labels: 66 | - "traefik.enable=true" 67 | - "traefik.backend=phpmyadmin" 68 | - "traefik.frontend.rule=Host:phpmyadmin.${DOMAINNAME}" 69 | - "traefik.port=80" 70 | - "traefik.docker.network=traefik_proxy" 71 | - "traefik.frontend.headers.SSLRedirect=true" 72 | - "traefik.frontend.headers.STSSeconds=315360000" 73 | - "traefik.frontend.headers.browserXSSFilter=true" 74 | - "traefik.frontend.headers.contentTypeNosniff=true" 75 | - "traefik.frontend.headers.forceSTSHeader=true" 76 | - "traefik.frontend.headers.SSLHost=phpmyadmin.${DOMAINNAME}" 77 | - "traefik.frontend.headers.SSLForceHost=true" 78 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 79 | - "traefik.frontend.headers.STSPreload=true" 80 | - "traefik.frontend.headers.frameDeny=true" 81 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 82 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 83 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 84 | - "traefik.frontend.auth.headerField=X-Forwarded-User" 85 | 86 | networks: 87 | traefik_proxy: 88 | external: 89 | name: traefik_proxy 90 | -------------------------------------------------------------------------------- /ymlfiles/matomo.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Matomo - Website Analytics Platform 5 | # Database is "mariadb" 6 | matomo: 7 | container_name: matomo 8 | image: matomo 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "80:80" 14 | volumes: 15 | - ${USERDIR}/docker/matomo/config:/var/www/html/config:rw 16 | - ${USERDIR}/docker/matomo/logs:/var/www/html/logs 17 | environment: 18 | - VIRTUAL_HOST=https://matomo.${DOMAINNAME} 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=matomo" 22 | - "traefik.frontend.rule=Host:matomo.${DOMAINNAME}" 23 | - "traefik.port=80" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=matomo.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.frameDeny=true" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: 40 | name: traefik_proxy 41 | -------------------------------------------------------------------------------- /ymlfiles/mediawiki.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MediaWiki - Personal Wiki 5 | # Database host: mariadb 6 | # Database table prefix: (Optional) 7 | mediawiki: 8 | container_name: mediawiki 9 | image: mediawiki 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "80:80" 15 | volumes: 16 | - ${USERDIR}/docker/mediawiki/images:/var/www/html/images 17 | # After initial setup, download LocalSettings.php to the correct directory, uncomment the following line, and restart mediawiki 18 | # - ${USERDIR}/docker/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=mediawiki" 22 | - "traefik.frontend.rule=Host:mediawiki.${DOMAINNAME}" 23 | - "traefik.port=80" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=mediawiki.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.frameDeny=true" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: 40 | name: traefik_proxy 41 | -------------------------------------------------------------------------------- /ymlfiles/minidlna.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MiniDLNA - DLNA/uPNP Media Server 5 | minidlna: 6 | container_name: minidlna 7 | image: geekduck/minidlna 8 | restart: always 9 | # network_mode: host 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "8200:8200" 14 | - "1901:1900/udp" 15 | volumes: 16 | - /mnt/storage/movies:/opt/movies:ro 17 | - /mnt/storage/tv:/opt/tv:ro 18 | - /mnt/storage/concerts:/opt/concerts:ro 19 | - /mnt/storage/pics:/opt/pics:ro 20 | - /mnt/storage/music/music:/opt/music:ro 21 | - ${USERDIR}/docker/minidlna/minidlna.conf:/etc/minidlna.conf 22 | 23 | networks: 24 | traefik_proxy: 25 | external: 26 | name: traefik_proxy 27 | -------------------------------------------------------------------------------- /ymlfiles/miniflux.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Miniflux - Minimalist Feed Reader 5 | # Run database migrations 6 | # docker exec -it miniflux /usr/local/bin/miniflux -migrate 7 | # Create the first user 8 | # docker exec -it miniflux /usr/local/bin/miniflux -create-admin 9 | miniflux: 10 | container_name: miniflux 11 | image: miniflux/miniflux 12 | restart: always 13 | networks: 14 | - traefik_proxy 15 | # ports: 16 | # - "8080:8080" 17 | environment: 18 | - DATABASE_URL=postgres://miniflux:secret@db/miniflux?sslmode=disable 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=miniflux" 22 | - "traefik.frontend.rule=Host:miniflux.${DOMAINNAME}" 23 | - "traefik.port=8080" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=miniflux.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.frameDeny=true" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | db: 38 | image: postgres:10.1 39 | networks: 40 | - traefik_proxy 41 | volumes: 42 | - miniflux-db:/var/lib/postgresql/data 43 | environment: 44 | - POSTGRES_USER=miniflux 45 | - POSTGRES_PASSWORD=secret 46 | 47 | volumes: 48 | miniflux-db: 49 | 50 | networks: 51 | traefik_proxy: 52 | external: 53 | name: traefik_proxy 54 | -------------------------------------------------------------------------------- /ymlfiles/mkvtoolnix.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## mkvtoolnix – Video Editor 5 | mkvtoolnix: 6 | container_name: mkvtoolnix 7 | image: jlesage/mkvtoolnix 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - ${USERDIR}/docker/mkvtoolnix:/config:rw 15 | - /mnt/storage:/storage:rw 16 | - /home:/home:rw 17 | - /etc/timezone:/etc/timezone:ro 18 | environment: 19 | - USER_ID=${PUID} 20 | - GROUP_ID=${PGID} 21 | - TZ=${TZ} 22 | - UMASK=002 23 | - DISPLAY_WIDTH=1280 24 | - DISPLAY_HEIGHT=768 25 | labels: 26 | - "traefik.enable=true" 27 | - "traefik.backend=mkvtoolnix" 28 | - "traefik.frontend.rule=Host:mkvtoolnix.${DOMAINNAME}" 29 | - "traefik.port=5800" 30 | - "traefik.docker.network=traefik_proxy" 31 | - "traefik.frontend.headers.SSLRedirect=true" 32 | - "traefik.frontend.headers.STSSeconds=315360000" 33 | - "traefik.frontend.headers.browserXSSFilter=true" 34 | - "traefik.frontend.headers.contentTypeNosniff=true" 35 | - "traefik.frontend.headers.forceSTSHeader=true" 36 | - "traefik.frontend.headers.SSLHost=mkvtoolnix.${DOMAINNAME}" 37 | - "traefik.frontend.headers.SSLForceHost=true" 38 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 39 | - "traefik.frontend.headers.STSPreload=true" 40 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 41 | - "traefik.frontend.headers.frameDeny=true" 42 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 43 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 44 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 45 | 46 | networks: 47 | traefik_proxy: 48 | external: 49 | name: traefik_proxy 50 | -------------------------------------------------------------------------------- /ymlfiles/mongo.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MongoDB - Database 5 | mongo: 6 | container_name: mongo 7 | image: mongo 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "27017:27017" 13 | volumes: 14 | - ${USERDIR}/docker/mongo:/data/db 15 | - /etc/timezone:/etc/timezone:ro 16 | 17 | ## Mongo-Express - Database Manager 18 | mongoexpress: 19 | container_name: mongoexpress 20 | image: mongo-express 21 | restart: always 22 | depends_on: 23 | - mongo 24 | networks: 25 | - traefik_proxy 26 | # ports: 27 | # - "8081:8081" 28 | environment: 29 | - ME_CONFIG_BASICAUTH_USERNAME=$MY_USERNAME 30 | - ME_CONFIG_BASICAUTH_PASSWORD=$MY_PASSWORD 31 | labels: 32 | - "traefik.enable=true" 33 | - "traefik.backend=mongoexpress" 34 | - "traefik.frontend.rule=Host:mongoexpress.${DOMAINNAME}" 35 | - "traefik.port=8081" 36 | - "traefik.docker.network=traefik_proxy" 37 | - "traefik.frontend.headers.SSLRedirect=true" 38 | - "traefik.frontend.headers.STSSeconds=315360000" 39 | - "traefik.frontend.headers.browserXSSFilter=true" 40 | - "traefik.frontend.headers.contentTypeNosniff=true" 41 | - "traefik.frontend.headers.forceSTSHeader=true" 42 | - "traefik.frontend.headers.SSLHost=mongoexpress.${DOMAINNAME}" 43 | - "traefik.frontend.headers.SSLForceHost=true" 44 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 45 | - "traefik.frontend.headers.STSPreload=true" 46 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 47 | - "traefik.frontend.headers.frameDeny=true" 48 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 49 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 50 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 51 | 52 | networks: 53 | traefik_proxy: 54 | external: 55 | name: traefik_proxy 56 | -------------------------------------------------------------------------------- /ymlfiles/monica.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MonicaHQ - Personal Relationship Manager 5 | ## Create Env File 6 | # curl -sS https://raw.githubusercontent.com/monicahq/monica/master/.env.example --create-dirs -o ${USERDIR}/docker/monica/monica.env 7 | # Open the monica.env file and change the following: 8 | # APP_ENV=production 9 | # APP_KEY= # Use the code below to generate this 10 | # date +%s | sha256sum | base64 | head -c 32 ; echo 11 | # HASH_SALT=ChangeMeBy20+KeyLength 12 | # I changed the above to a 20 character string HASH_SALT=20chars. Not sure if this is right or if its needed 13 | # date +%s | sha256sum | base64 | head -c 20 ; echo 14 | # HASH_LENGTH=20 15 | # APP_URL=https://monica.${DOMAINNAME} 16 | # DB_HOST=mariadb 17 | # DB_USERNAME=monica 18 | # DB_PASSWORD= 19 | # APP_DISABLE_SIGNUP=false 20 | # Change the above to true after setup 21 | # APP_TRUSTED_PROXIES=* 22 | # Run container, register, and return to home page 23 | monica: 24 | container_name: monica 25 | image: monicahq/monicahq 26 | restart: always 27 | networks: 28 | - traefik_proxy 29 | # ports: 30 | # - "80:80" 31 | volumes: 32 | - ${USERDIR}/docker/monica/storage:/var/www/monica/storage 33 | env_file: 34 | - ${USERDIR}/docker/monica/monica.env 35 | labels: 36 | - "traefik.enable=true" 37 | - "traefik.backend=monica" 38 | - "traefik.frontend.rule=Host:monica.${DOMAINNAME}" 39 | - "traefik.port=80" 40 | - "traefik.docker.network=traefik_proxy" 41 | - "traefik.frontend.headers.SSLRedirect=true" 42 | - "traefik.frontend.headers.STSSeconds=315360000" 43 | - "traefik.frontend.headers.browserXSSFilter=true" 44 | - "traefik.frontend.headers.contentTypeNosniff=true" 45 | - "traefik.frontend.headers.forceSTSHeader=true" 46 | - "traefik.frontend.headers.SSLHost=monica.${DOMAINNAME}" 47 | - "traefik.frontend.headers.SSLForceHost=true" 48 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 49 | - "traefik.frontend.headers.STSPreload=true" 50 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 51 | - "traefik.frontend.passHostHeader=true" 52 | - "traefik.frontend.headers.frameDeny=true" 53 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 54 | 55 | networks: 56 | traefik_proxy: 57 | external: 58 | name: traefik_proxy 59 | -------------------------------------------------------------------------------- /ymlfiles/monitorr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Monitorr - Webfront to display the status of any webapp or service 5 | monitorr: 6 | container_name: monitorr 7 | image: monitorr/monitorr 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/monitorr:/app 15 | environment: 16 | - PUID=${PUID} 17 | - PGID=${PGID} 18 | - TZ=${TZ} 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=monitorr" 22 | - "traefik.frontend.rule=Host:monitorr.${DOMAINNAME}" 23 | - "traefik.port=80" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=monitorr.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.customFrameOptionsValue=SAMEORIGIN" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: 40 | name: traefik_proxy 41 | -------------------------------------------------------------------------------- /ymlfiles/mosquitto.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Mosquitto – MQTT Broker 5 | mosquitto: 6 | container_name: mosquitto 7 | image: eclipse-mosquitto 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - "1883:1883" 13 | - "9001:9001" 14 | volumes: 15 | - ${USERDIR}/docker/mosquitto/config/mosquitto.conf:/mosquitto/config/mosquitto.conf 16 | - ${USERDIR}/docker/mosquitto/data:/mosquitto/data 17 | # - ${USERDIR}/docker/mosquitto/log:/mosquitto/log 18 | labels: 19 | - "traefik.enable=true" 20 | - "traefik.backend=mqtt" 21 | - "traefik.frontend.rule=Host:mqtt.${DOMAINNAME}" 22 | - "traefik.port=9001" 23 | - "traefik.protocol=ws" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=mqtt.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 35 | - "traefik.frontend.headers.frameDeny=true" 36 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 37 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 38 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 39 | 40 | networks: 41 | traefik_proxy: 42 | external: 43 | name: traefik_proxy 44 | -------------------------------------------------------------------------------- /ymlfiles/mstream.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## mStream - Music Server 5 | mstream: 6 | container_name: mstream 7 | image: rdfriedl/mstream 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/Music:/music 15 | - /etc/timezone:/etc/timezone:ro 16 | environment: 17 | - USER=$MY_USERNAME 18 | - PASSWORD=$MY_PASSWORD 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=mstream" 22 | - "traefik.frontend.rule=Host:mstream.${DOMAINNAME}" 23 | - "traefik.port=80" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=mstream.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.customFrameOptionsValue=SAMEORIGIN" 35 | 36 | networks: 37 | traefik_proxy: 38 | external: 39 | name: traefik_proxy 40 | -------------------------------------------------------------------------------- /ymlfiles/muximux.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Muximux - Homepage 5 | # To get this to work you need to open ports on other containers and link to http://localhost, or remove some of the traefik headers on the other containers 6 | muximux: 7 | container_name: muximux 8 | image: linuxserver/muximux 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "80:80" 14 | volumes: 15 | - ${USERDIR}/docker/muximux:/config 16 | environment: 17 | - PUID=${PUID} 18 | - PGID=${PGID} 19 | - TZ=${TZ} 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.backend=muximux" 23 | - "traefik.frontend.rule=Host:muximux.${DOMAINNAME}" 24 | - "traefik.port=80" 25 | - "traefik.docker.network=traefik_proxy" 26 | - "traefik.frontend.headers.SSLRedirect=true" 27 | - "traefik.frontend.headers.STSSeconds=315360000" 28 | - "traefik.frontend.headers.browserXSSFilter=true" 29 | - "traefik.frontend.headers.contentTypeNosniff=true" 30 | - "traefik.frontend.headers.forceSTSHeader=true" 31 | - "traefik.frontend.headers.SSLHost=muximux.${DOMAINNAME}" 32 | - "traefik.frontend.headers.SSLForceHost=true" 33 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 34 | - "traefik.frontend.headers.STSPreload=true" 35 | - "traefik.frontend.headers.frameDeny=true" 36 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: 41 | name: traefik_proxy 42 | -------------------------------------------------------------------------------- /ymlfiles/nut.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Network UPS Tool 5 | nut: 6 | container_name: nut 7 | image: kmlucy/docker-nut 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - "3493:3493" 13 | # volumes: 14 | # - ${USERDIR}/docker/nut:/etc/nut 15 | 16 | networks: 17 | traefik_proxy: 18 | external: 19 | name: traefik_proxy 20 | -------------------------------------------------------------------------------- /ymlfiles/openvpn.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## OpenVPN - VPN Service 5 | 6 | ## Create config file: 7 | ## I'm using the following cipher with my iphone: AES-256-CBC-SHA256 8 | ## This is considered OVPN Hardening and is optional. I've added it to the example below as reference. More info here: 9 | # https://github.com/kylemanna/docker-openvpn/blob/master/docs/paranoid.md 10 | # https://community.openvpn.net/openvpn/wiki/Hardening 11 | # docker-compose -f run --rm openvpn ovpn_genconfig -u udp:// 12 | # Example: 13 | # docker-compose -f ~/docker/ymlfiles/openvpn.yml run --rm openvpn ovpn_genconfig -u udp:// -C 'AES-256-CBC' -a 'SHA256' 14 | # Find your server/WAN IP here: https://whatismyipaddress.com/ 15 | 16 | ## Change these in openvpn.conf: 17 | ## Comment out or delete these lines: 18 | # route 192.168.254.0 255.255.255.0 19 | # push "dhcp-option DNS 8.8.8.8" 20 | # push "dhcp-option DNS 8.8.4.4" 21 | ## Add these lines under the Push Configurations: 22 | # push "route 172.20.200.0 255.255.255.0" 23 | # push "dhcp-option DNS 172.20.200.101" 24 | 25 | ## Change the same values in ovpn_env.sh so that they look like the following: 26 | # OVPN_DNS_SERVERS=([0]="172.20.200.101") 27 | # OVPN_ROUTES=([0]="172.20.200.0/24") 28 | 29 | ## Create Certificates: 30 | # docker-compose -f ~/docker/ymlfiles/openvpn.yml run --rm openvpn ovpn_initpki 31 | 32 | ## Fix ownership 33 | # sudo chown -R ${USER}:docker ~/docker/openvpn 34 | 35 | ## Start OpenVPN container 36 | 37 | ## Create client certificate (change client name if you want e.g. to iphone) 38 | # docker exec -it openvpn easyrsa build-client-full iphone 39 | 40 | ## Export client ovpn file (use same client name as above): 41 | # docker exec -it openvpn ovpn_getclient iphone > iphone.ovpn 42 | 43 | ## Transfer client.ovpn to your client (e.g. your phone) and open with OpenVPN Connect 44 | 45 | ## To revoke client certificate: 46 | # docker exec -it openvpn ovpn_revokeclient iphone remove 47 | 48 | openvpn: 49 | container_name: openvpn 50 | image: kylemanna/openvpn 51 | restart: always 52 | cap_add: 53 | - NET_ADMIN 54 | networks: 55 | traefik_proxy: 56 | ipv4_address: 192.168.50.200 57 | ports: 58 | # - "943:943" 59 | # - "9443:9443" 60 | - "1194:1194/udp" 61 | volumes: 62 | - /etc/timezone:/etc/timezone:ro 63 | - ${USERDIR}/docker/openvpn:/etc/openvpn 64 | # environment: 65 | # OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60 -–log-driver json-file --log-opt max-size=10m 66 | 67 | networks: 68 | traefik_proxy: 69 | external: 70 | name: traefik_proxy 71 | -------------------------------------------------------------------------------- /ymlfiles/ouroboros.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Ouroboros 5 | # https://hub.docker.com/r/pyouroboros/ouroboros/ 6 | # https://github.com/pyouroboros/ouroboros/wiki 7 | ouroboros: 8 | container_name: ouroboros 9 | image: pyouroboros/ouroboros 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | volumes: 14 | - /var/run/docker.sock:/var/run/docker.sock 15 | environment: 16 | - TZ=${TZ} 17 | - CLEANUP=true 18 | # - INTERVAL=3600 19 | - CRON="0 4 * * *" 20 | - LOG_LEVEL=info 21 | - SELF_UPDATE=true 22 | - IGNORE=mongo influxdb postgres mariadb 23 | - NOTIFIERS=$DISCORD_NOTIFY # Discord Webhook URL 24 | 25 | networks: 26 | traefik_proxy: 27 | external: 28 | name: traefik_proxy 29 | -------------------------------------------------------------------------------- /ymlfiles/photoprism.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Photoprism 5 | # Import photos: 6 | # docker exec -it photoprism photoprism import 7 | photoprism: 8 | container_name: photoprism 9 | image: photoprism/photoprism 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "80:80" 15 | volumes: 16 | - ${USERDIR}/Photoprism:/srv/photoprism/photos 17 | - photoprism_cache:/srv/photoprism/cache 18 | - ${USERDIR}/docker/photoprism/database:/srv/photoprism/database 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=photoprism" 22 | - "traefik.frontend.rule=Host:photoprism.${DOMAINNAME}" 23 | - "traefik.port=80" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=photoprism.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.frameDeny=true" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | volumes: 38 | photoprism_cache: 39 | 40 | networks: 41 | traefik_proxy: 42 | external: 43 | name: traefik_proxy 44 | -------------------------------------------------------------------------------- /ymlfiles/photoshow.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Photoshow - Photo Gallery Software 5 | photoshow: 6 | container_name: photoshow 7 | image: linuxserver/photoshow 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/photoshow/config:/config 15 | - ${USERDIR}/Pictures:/Pictures:ro 16 | - photoshow_thumbs:/Thumbs 17 | environment: 18 | - PUID=${PUID} 19 | - PGID=${PGID} 20 | - TZ=${TZ} 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=photoshow" 24 | - "traefik.frontend.rule=Host:photoshow.${DOMAINNAME}" 25 | - "traefik.port=80" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=photoshow.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.frameDeny=true" 37 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 38 | 39 | volumes: 40 | photoshow_thumbs: 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/picard.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Picard – Music Management 5 | picard: 6 | container_name: picard 7 | image: mikenye/picard 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - /mnt/storage/music:/storage:rw 15 | - ${USERDIR}/docker/picard:/config:rw 16 | environment: 17 | - USER_ID=${PUID} 18 | - GROUP_ID=${PGID} 19 | - TZ=${TZ} 20 | - UMASK=002 21 | - DISPLAY_WIDTH=1280 22 | - DISPLAY_HEIGHT=768 23 | labels: 24 | - "traefik.enable=true" 25 | - "traefik.backend=picard" 26 | - "traefik.frontend.rule=Host:picard.${DOMAINNAME}" 27 | - "traefik.port=5800" 28 | - "traefik.docker.network=traefik_proxy" 29 | - "traefik.frontend.headers.SSLRedirect=true" 30 | - "traefik.frontend.headers.STSSeconds=315360000" 31 | - "traefik.frontend.headers.browserXSSFilter=true" 32 | - "traefik.frontend.headers.contentTypeNosniff=true" 33 | - "traefik.frontend.headers.forceSTSHeader=true" 34 | - "traefik.frontend.headers.SSLHost=picard.${DOMAINNAME}" 35 | - "traefik.frontend.headers.SSLForceHost=true" 36 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 37 | - "traefik.frontend.headers.STSPreload=true" 38 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 42 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/piwigo.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Piwigo - Photo Gallery Server 5 | # Database Host: http://mariadb:3306 6 | piwigo: 7 | container_name: piwigo 8 | image: linuxserver/piwigo 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "80:80" 14 | volumes: 15 | - ${USERDIR}/docker/piwigo:/config 16 | - ${USERDIR}/Lychee:/pics 17 | environment: 18 | - PUID=${PUID} 19 | - PGID=${PGID} 20 | - TZ=${TZ} 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=piwigo" 24 | - "traefik.frontend.rule=Host:piwigo.${DOMAINNAME}" 25 | - "traefik.port=80" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=piwigo.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 40 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/plex.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Plex Media Server 5 | #Navigate to (127.0.0.1:32400/web) to reset your server 6 | plex: 7 | container_name: plex 8 | image: linuxserver/plex 9 | restart: always 10 | devices: 11 | - /dev/dri:/dev/dri 12 | privileged: true 13 | networks: 14 | traefik_proxy: 15 | ipv4_address: 192.168.50.200 # Set a static IP for tautulli to connect to 16 | ports: 17 | - "32400:32400" 18 | - "32400:32400/udp" 19 | - "32469:32469" 20 | - "32469:32469/udp" 21 | - "5353:5353/udp" 22 | - "1900:1900/udp" 23 | volumes: 24 | - /mnt/storage/movies:/MOVIES:ro 25 | - /mnt/storage/tv:/TV:ro 26 | - /mnt/storage/concerts:/CONCERTS:ro 27 | - ${USERDIR}/docker/plex:/config 28 | environment: 29 | - PUID=${PUID} 30 | - PGID=${PGID} 31 | - TZ=${TZ} 32 | - VERSION=docker 33 | labels: 34 | - "traefik.enable=true" 35 | - "traefik.backend=plexms" 36 | - "traefik.frontend.rule=Host:plex.${DOMAINNAME}" 37 | - "traefik.port=32400" 38 | - "traefik.docker.network=traefik_proxy" 39 | - "traefik.frontend.headers.SSLRedirect=true" 40 | - "traefik.frontend.headers.STSSeconds=315360000" 41 | - "traefik.frontend.headers.browserXSSFilter=true" 42 | - "traefik.frontend.headers.contentTypeNosniff=true" 43 | - "traefik.frontend.headers.forceSTSHeader=true" 44 | - "traefik.frontend.headers.SSLHost=plex.${DOMAINNAME}" 45 | # - "traefik.frontend.headers.SSLForceHost=true" 46 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 47 | - "traefik.frontend.headers.STSPreload=true" 48 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 49 | - "traefik.frontend.headers.frameDeny=true" 50 | 51 | networks: 52 | traefik_proxy: 53 | external: 54 | name: traefik_proxy 55 | -------------------------------------------------------------------------------- /ymlfiles/portainer.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Portainer - WebUI for Containers 5 | portainer: 6 | container_name: portainer 7 | image: portainer/portainer 8 | restart: always 9 | command: -H unix:///var/run/docker.sock 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "9000:9000" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | - portainer_data:/data # Change to local directory if you want to save/transfer config locally 17 | environment: 18 | - TZ=${TZ} 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=portainer" 22 | - "traefik.frontend.rule=Host:portainer.${DOMAINNAME}" 23 | - "traefik.port=9000" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=portainer.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 35 | - "traefik.frontend.headers.frameDeny=true" 36 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 37 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 38 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 39 | 40 | volumes: 41 | portainer_data: 42 | 43 | networks: 44 | traefik_proxy: 45 | external: 46 | name: traefik_proxy 47 | -------------------------------------------------------------------------------- /ymlfiles/postgres.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Postgres - Database 5 | postgres: 6 | container_name: postgres 7 | image: postgres 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5432:5432" 13 | volumes: 14 | - ${USERDIR}/docker/postgres:/var/lib/postgresql/data 15 | - /etc/timezone:/etc/timezone:ro 16 | environment: 17 | - POSTGRES_PASSWORD=${MYSQL_ROOT_PASSWORD} 18 | 19 | ## PGAdmin - Postgres Admin Tool 20 | pgadmin: 21 | container_name: pgadmin 22 | image: dpage/pgadmin4 23 | restart: always 24 | depends_on: 25 | - postgres 26 | networks: 27 | - traefik_proxy 28 | # ports: 29 | # - "80:80" 30 | # - "443:443" 31 | # volumes: 32 | # - pgadmin_data:/var/lib/pgadmin 33 | # - pgadmin_config:/pgadmin4/config_local.py 34 | # - pgadmin_servers:/pgadmin4/servers.json 35 | environment: 36 | - PGADMIN_DEFAULT_EMAIL=${MY_EMAIL} 37 | - PGADMIN_DEFAULT_PASSWORD=${MY_PASSWORD} 38 | # - PGADMIN_ENABLE_TLS= # Can configure with certs 39 | - PGADMIN_LISTEN_PORT=80 # Can configure with certs 40 | labels: 41 | - "traefik.enable=true" 42 | - "traefik.backend=pgadmin" 43 | - "traefik.frontend.rule=Host:pgadmin.${DOMAINNAME}" 44 | - "traefik.port=80" 45 | - "traefik.docker.network=traefik_proxy" 46 | - "traefik.frontend.headers.SSLRedirect=true" 47 | - "traefik.frontend.headers.STSSeconds=315360000" 48 | - "traefik.frontend.headers.browserXSSFilter=true" 49 | - "traefik.frontend.headers.contentTypeNosniff=true" 50 | - "traefik.frontend.headers.forceSTSHeader=true" 51 | - "traefik.frontend.headers.SSLHost=pgadmin.${DOMAINNAME}" 52 | - "traefik.frontend.headers.SSLForceHost=true" 53 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 54 | - "traefik.frontend.headers.STSPreload=true" 55 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 56 | - "traefik.frontend.headers.frameDeny=true" 57 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 58 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 59 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 60 | 61 | volumes: 62 | pgadmin_data: 63 | pgadmin_config: 64 | pgadmin_servers: 65 | 66 | networks: 67 | traefik_proxy: 68 | external: 69 | name: traefik_proxy 70 | -------------------------------------------------------------------------------- /ymlfiles/privatebin.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## PrivateBin - Private Pastebin 5 | privatebin: 6 | container_name: privatebin 7 | image: jgeusebroek/privatebin 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/privatebin/data:/privatebin/data 15 | - ${USERDIR}/docker/privatebin/cfg:/privatebin/cfg 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.backend=privatebin" 19 | - "traefik.frontend.rule=Host:privatebin.${DOMAINNAME}" 20 | - "traefik.port=80" 21 | - "traefik.docker.network=traefik_proxy" 22 | - "traefik.frontend.headers.SSLRedirect=true" 23 | - "traefik.frontend.headers.STSSeconds=315360000" 24 | - "traefik.frontend.headers.browserXSSFilter=true" 25 | - "traefik.frontend.headers.contentTypeNosniff=true" 26 | - "traefik.frontend.headers.forceSTSHeader=true" 27 | - "traefik.frontend.headers.SSLHost=privatebin.${DOMAINNAME}" 28 | - "traefik.frontend.headers.SSLForceHost=true" 29 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 30 | - "traefik.frontend.headers.STSPreload=true" 31 | - "traefik.frontend.headers.frameDeny=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: 37 | name: traefik_proxy 38 | -------------------------------------------------------------------------------- /ymlfiles/prometheus.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Prometheus - Systems and Service Monitoring 5 | # docker run --rm --entrypoint cat prom/prometheus /etc/prometheus/prometheus.yml > ${USERDIR}/docker/prometheus/prometheus.yml 6 | prometheus: 7 | container_name: prometheus 8 | image: prom/prometheus 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "9090:9090" 14 | volumes: 15 | - ${USERDIR}/docker/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.backend=prometheus" 19 | - "traefik.frontend.rule=Host:prometheus.${DOMAINNAME}" 20 | - "traefik.port=9090" 21 | - "traefik.docker.network=traefik_proxy" 22 | - "traefik.frontend.headers.SSLRedirect=true" 23 | - "traefik.frontend.headers.STSSeconds=315360000" 24 | - "traefik.frontend.headers.browserXSSFilter=true" 25 | - "traefik.frontend.headers.contentTypeNosniff=true" 26 | - "traefik.frontend.headers.forceSTSHeader=true" 27 | - "traefik.frontend.headers.SSLHost=prometheus.${DOMAINNAME}" 28 | - "traefik.frontend.headers.SSLForceHost=true" 29 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 30 | - "traefik.frontend.headers.STSPreload=true" 31 | - "traefik.frontend.headers.frameDeny=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | volumes: 35 | prometheus_config: 36 | prometheus_data: 37 | 38 | networks: 39 | traefik_proxy: 40 | external: 41 | name: traefik_proxy 42 | -------------------------------------------------------------------------------- /ymlfiles/qbittorrent.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## qBittorrent with VPN – Bittorrent Downloader 5 | # mkdir ${USERDIR}/docker/qbittorrent 6 | # mkdir ${USERDIR}/docker/qbittorrent/openvpn 7 | # Place ovpn file in ${USERDIR}/docker/qbittorrent/openvpn 8 | # If you can't see text in the WebUI go to your qbittorrent.conf file and add "en" to the Locale setting so it looks like this: General\Locale=en 9 | qbittorrent: 10 | container_name: qbittorrent 11 | image: markusmcnugen/qbittorrentvpn 12 | restart: always 13 | networks: 14 | - traefik_proxy 15 | cap_add: 16 | - NET_ADMIN 17 | devices: 18 | - /dev/net/tun 19 | # ports: 20 | # - "8022:8080" 21 | # - "8999:8999" 22 | # - "8999:8999/udp" 23 | volumes: 24 | - ${USERDIR}/dwnloads:/downloads 25 | - /mnt/storage:/mnt/storage 26 | - ${USERDIR}/docker/qbittorrent:/config 27 | environment: 28 | - PUID=${PUID} 29 | - PGID=${PGID} 30 | - VPN_ENABLED=yes 31 | - VPN_USERNAME=${PIA_USER} 32 | - VPN_PASSWORD=${PIA_PASS} 33 | - LAN_NETWORK=192.168.1.0/24 34 | - NAME_SERVERS=1.1.1.1,1.0.0.1 35 | - UMASK=002 36 | ## Add these to your .ovpn file: 37 | # - VPN_OPTIONS=--inactive 3600 --ping 10 --ping-exit 60 --auth-nocache 38 | labels: 39 | - "traefik.enable=true" 40 | - "traefik.backend=qbittorrent" 41 | - "traefik.frontend.rule=Host:qbittorrent.${DOMAINNAME}" 42 | - "traefik.port=8080" 43 | - "traefik.docker.network=traefik_proxy" 44 | - "traefik.frontend.headers.SSLRedirect=true" 45 | - "traefik.frontend.headers.STSSeconds=315360000" 46 | - "traefik.frontend.headers.browserXSSFilter=true" 47 | - "traefik.frontend.headers.contentTypeNosniff=true" 48 | - "traefik.frontend.headers.forceSTSHeader=true" 49 | - "traefik.frontend.headers.SSLHost=qbittorrent.${DOMAINNAME}" 50 | - "traefik.frontend.headers.SSLForceHost=true" 51 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 52 | - "traefik.frontend.headers.STSPreload=true" 53 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 54 | - "traefik.frontend.headers.frameDeny=true" 55 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 56 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 57 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 58 | 59 | networks: 60 | traefik_proxy: 61 | external: 62 | name: traefik_proxy 63 | -------------------------------------------------------------------------------- /ymlfiles/radarr.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | services: 3 | 4 | ## Radarr – Movie Download and Management 5 | radarr: 6 | container_name: radarr 7 | image: linuxserver/radarr 8 | restart: always 9 | networks: 10 | pub_net: 11 | ipv4_address: 192.168.1.7 12 | # - traefik_proxy 13 | # ports: 14 | # - "7878:7878" 15 | volumes: 16 | - ${USERDIR}/dwnloads/completed:/downloads 17 | - /mnt/storage/movies:/movies 18 | - ${USERDIR}/docker/radarr:/config 19 | environment: 20 | - PUID=${PUID} 21 | - PGID=${PGID} 22 | - TZ=${TZ} 23 | labels: 24 | - "traefik.enable=true" 25 | - "traefik.backend=radarr" 26 | - "traefik.frontend.rule=Host:radarr.${DOMAINNAME}" 27 | - "traefik.port=7878" 28 | - "traefik.docker.network=traefik_proxy" 29 | - "traefik.frontend.headers.SSLRedirect=true" 30 | - "traefik.frontend.headers.STSSeconds=315360000" 31 | - "traefik.frontend.headers.browserXSSFilter=true" 32 | - "traefik.frontend.headers.contentTypeNosniff=true" 33 | - "traefik.frontend.headers.forceSTSHeader=true" 34 | - "traefik.frontend.headers.SSLHost=radarr.${DOMAINNAME}" 35 | - "traefik.frontend.headers.SSLForceHost=true" 36 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 37 | - "traefik.frontend.headers.STSPreload=true" 38 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 42 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/radicale.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Radicale - Calendar and Contact Server 5 | # docker run --rm --entrypoint cat tomsquest/docker-radicale /config/config > ${USERDIR}/docker/radicale/config 6 | radicale: 7 | container_name: radicale 8 | image: tomsquest/docker-radicale 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "5232:5232" 14 | volumes: 15 | - ${USERDIR}/docker/radicale/data:/data 16 | - ${USERDIR}/docker/radicale/config:/config/config 17 | environment: 18 | - UID=${PUID} 19 | - GID=${PGID} 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.backend=radicale" 23 | - "traefik.frontend.rule=Host:radicale.${DOMAINNAME}" 24 | - "traefik.port=5232" 25 | - "traefik.docker.network=traefik_proxy" 26 | - "traefik.frontend.headers.SSLRedirect=true" 27 | - "traefik.frontend.headers.STSSeconds=315360000" 28 | - "traefik.frontend.headers.browserXSSFilter=true" 29 | - "traefik.frontend.headers.contentTypeNosniff=true" 30 | - "traefik.frontend.headers.forceSTSHeader=true" 31 | - "traefik.frontend.headers.SSLHost=radicale.${DOMAINNAME}" 32 | - "traefik.frontend.headers.SSLForceHost=true" 33 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 34 | - "traefik.frontend.headers.STSPreload=true" 35 | - "traefik.frontend.headers.frameDeny=true" 36 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: 41 | name: traefik_proxy 42 | -------------------------------------------------------------------------------- /ymlfiles/redis.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Redis - Key-value Store 5 | ##Create config 6 | # mkdir ${USERDIR}/docker/redis 7 | # docker run --rm --entrypoint cat redis /usr/local/etc/redis/redis.conf > ${USERDIR}/docker/redis/redis.conf 8 | 9 | ## Fix THP issues: 10 | # sudo -i 11 | # echo never > /sys/kernel/mm/transparent_hugepage/enabled 12 | # exit 13 | # sudo sysctl vm.overcommit_memory=1 14 | 15 | # Add this to rc.local file to persist changes after reboot: 16 | # Ubuntu 18.04 doesn't contain rc.local file so we need to create it: 17 | # sudo nano /etc/rc.local 18 | # Paste the following: 19 | 20 | # #!/bin/sh -e 21 | # # 22 | # # rc.local 23 | # # 24 | # # This script is executed at the end of each multiuser runlevel. 25 | # # Make sure that the script will "exit 0" on success or any other 26 | # # value on error. 27 | # # 28 | # # In order to enable or disable this script just change the execution 29 | # # bits. 30 | # # 31 | # # By default this script does nothing. 32 | # 33 | # echo never > /sys/kernel/mm/transparent_hugepage/enabled 34 | # sysctl vm.overcommit_memory=1 35 | # 36 | # exit 0 37 | 38 | # Save and exit 39 | # Now make the file executable: 40 | # sudo chmod +x /etc/rc.local 41 | 42 | redis: 43 | container_name: redis 44 | image: redis 45 | restart: always 46 | entrypoint: redis-server --appendonly yes 47 | networks: 48 | - traefik_proxy 49 | # ports: 50 | # - "6379:6379" 51 | sysctls: 52 | net.core.somaxconn: '65535' 53 | volumes: 54 | - ${USERDIR}/docker/redis/data:/data 55 | - /etc/timezone:/etc/timezone:ro 56 | # - ${USERDIR}/docker/redis/redis.conf:/usr/local/etc/redis/redis.conf 57 | 58 | ## Redis Commander - Redis Management Tool 59 | rediscommander: 60 | container_name: rediscommander 61 | image: rediscommander/redis-commander:latest 62 | restart: always 63 | depends_on: 64 | - redis 65 | networks: 66 | - traefik_proxy 67 | # ports: 68 | # - "8081:8081" 69 | environment: 70 | - REDIS_HOST=redis 71 | labels: 72 | - "traefik.enable=true" 73 | - "traefik.backend=rediscommander" 74 | - "traefik.frontend.rule=Host:rediscommander.${DOMAINNAME}" 75 | - "traefik.port=8081" 76 | - "traefik.docker.network=traefik_proxy" 77 | - "traefik.frontend.headers.SSLRedirect=true" 78 | - "traefik.frontend.headers.STSSeconds=315360000" 79 | - "traefik.frontend.headers.browserXSSFilter=true" 80 | - "traefik.frontend.headers.contentTypeNosniff=true" 81 | - "traefik.frontend.headers.forceSTSHeader=true" 82 | - "traefik.frontend.headers.SSLHost=rediscommander.${DOMAINNAME}" 83 | - "traefik.frontend.headers.SSLForceHost=true" 84 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 85 | - "traefik.frontend.headers.STSPreload=true" 86 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 87 | - "traefik.frontend.headers.frameDeny=true" 88 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 89 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 90 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 91 | 92 | networks: 93 | traefik_proxy: 94 | external: 95 | name: traefik_proxy 96 | -------------------------------------------------------------------------------- /ymlfiles/resilio.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Resilio - Bittorrent style folder sync 5 | resilio: 6 | container_name: resilio 7 | image: linuxserver/resilio-sync 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8888:8888" 13 | # - "55555:55555" 14 | volumes: 15 | - ${USERDIR}/docker/resilio/config:/config 16 | - ${USERDIR}/docker/resilio/sync:/sync 17 | - ${USERDIR}/docker/resilio/downloads:/downloads 18 | environment: 19 | - PUID=${PUID} 20 | - PGID=${PGID} 21 | - TZ=${TZ} 22 | - UMASK_SET=002 23 | labels: 24 | - "traefik.enable=true" 25 | - "traefik.backend=resilio" 26 | - "traefik.frontend.rule=Host:resilio.${DOMAINNAME}" 27 | - "traefik.port=8888" 28 | - "traefik.docker.network=traefik_proxy" 29 | - "traefik.frontend.headers.SSLRedirect=true" 30 | - "traefik.frontend.headers.STSSeconds=315360000" 31 | - "traefik.frontend.headers.browserXSSFilter=true" 32 | - "traefik.frontend.headers.contentTypeNosniff=true" 33 | - "traefik.frontend.headers.forceSTSHeader=true" 34 | - "traefik.frontend.headers.SSLHost=resilio.${DOMAINNAME}" 35 | - "traefik.frontend.headers.SSLForceHost=true" 36 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 37 | - "traefik.frontend.headers.STSPreload=true" 38 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 42 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/rsync.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # rsync -aP --inplace @::volume/music /mnt/storage/ 5 | 6 | 7 | ## Rsync Server 8 | rsync: 9 | container_name: rsync 10 | image: axiom/rsync-server 11 | restart: always 12 | networks: 13 | - traefik_proxy 14 | ports: 15 | - "873:873" 16 | - "9000:22" 17 | volumes: 18 | - ${USERDIR}/docker/rsync/authorized_keys:/root/.ssh/authorized_keys 19 | - /mnt/storage:/data:ro 20 | environment: 21 | - USERNAME=${MY_USERNAME} 22 | - PASSWORD=${MY_PASSWORD} 23 | - VOLUME=/data 24 | - ALLOW=192.168.1.0/24 172.16.0.0/12 127.0.0.1/32 25 | 26 | networks: 27 | traefik_proxy: 28 | external: 29 | name: traefik_proxy 30 | -------------------------------------------------------------------------------- /ymlfiles/samba.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Samba - File sharing 5 | samba: 6 | container_name: samba 7 | image: dperson/samba 8 | restart: always 9 | command: > 10 | -s "share;/share;yes;no;yes" 11 | networks: 12 | - traefik_proxy 13 | ports: 14 | - "137:137/udp" 15 | - "138:138/udp" 16 | - "139:139/tcp" 17 | - "445:445/tcp" 18 | volumes: 19 | - $USERDIR:/share 20 | # - ${USERDIR}/docker/samba:/etc/samba 21 | environment: 22 | - TZ=${TZ} 23 | - USERID=1000 24 | - GROUPID=1000 25 | - NMBD=True 26 | - SMB=True 27 | - RECYCLE=True 28 | - USER=${MY_USERNAME};$(MY_PASSWORD) 29 | - WORKGROUP=test 30 | 31 | networks: 32 | traefik_proxy: 33 | external: 34 | name: traefik_proxy 35 | -------------------------------------------------------------------------------- /ymlfiles/seagull.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Seagull - WebUI for Containers 5 | seagull: 6 | container_name: seagull 7 | image: tobegit3hub/seagull 8 | restart: always 9 | # command: -H unix:///var/run/docker.sock 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "10086:10086" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | # - portainer_data:/data # Change to local directory if you want to save/transfer config locally 17 | environment: 18 | - TZ=${TZ} 19 | labels: 20 | - "traefik.enable=true" 21 | - "traefik.backend=seagull" 22 | - "traefik.frontend.rule=Host:seagull.${DOMAINNAME}" 23 | - "traefik.port=10086" 24 | - "traefik.docker.network=traefik_proxy" 25 | - "traefik.frontend.headers.SSLRedirect=true" 26 | - "traefik.frontend.headers.STSSeconds=315360000" 27 | - "traefik.frontend.headers.browserXSSFilter=true" 28 | - "traefik.frontend.headers.contentTypeNosniff=true" 29 | - "traefik.frontend.headers.forceSTSHeader=true" 30 | - "traefik.frontend.headers.SSLHost=seagull.${DOMAINNAME}" 31 | - "traefik.frontend.headers.SSLForceHost=true" 32 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 33 | - "traefik.frontend.headers.STSPreload=true" 34 | - "traefik.frontend.headers.frameDeny=true" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | #volumes: 38 | # portainer_data: 39 | 40 | networks: 41 | traefik_proxy: 42 | external: 43 | name: traefik_proxy 44 | -------------------------------------------------------------------------------- /ymlfiles/sftp.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## SFTP - SSH File Transfer Protocol 5 | 6 | # Need to test with server 7 | 8 | # Generate an encrypted password (optional) with: 9 | # echo -n "your-password" | docker run -i --rm atmoz/makepasswd --crypt-md5 --clearfrom=- 10 | # Possible to add ssh keys. Generate your own with: 11 | # ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null 12 | # ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null 13 | sftp: 14 | container_name: sftp 15 | image: atmoz/sftp 16 | restart: always 17 | command: test:test 18 | networks: 19 | -traefik_proxy 20 | # ports: 21 | # - "22:22" 22 | volumes: 23 | - ${USERDIR}/Downloads:/home/sample/upload 24 | # - /host/id_rsa.pub:/home/foo/.ssh/keys/id_rsa.pub:ro 25 | # - /host/id_other.pub:/home/foo/.ssh/keys/id_other.pub:ro 26 | labels: 27 | - "traefik.enable=true" 28 | - "traefik.backend=sftp" 29 | - "traefik.frontend.rule=Host:sftp.${DOMAINNAME}" 30 | - "traefik.port=22" 31 | - "traefik.docker.network=traefik_proxy" 32 | # - "traefik.frontend.headers.SSLRedirect=true" 33 | # - "traefik.frontend.headers.STSSeconds=315360000" 34 | # - "traefik.frontend.headers.browserXSSFilter=true" 35 | # - "traefik.frontend.headers.contentTypeNosniff=true" 36 | # - "traefik.frontend.headers.forceSTSHeader=true" 37 | # - "traefik.frontend.headers.SSLHost=sftp.${DOMAINNAME}" 38 | # - "traefik.frontend.headers.SSLForceHost=true" 39 | # - "traefik.frontend.headers.STSIncludeSubdomains=true" 40 | # - "traefik.frontend.headers.STSPreload=true" 41 | # - "traefik.frontend.headers.frameDeny=true" 42 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/shaarli.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Shaarli 5 | shaarli: 6 | container_name: shaarli 7 | image: shaarli/shaarli:master 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - shaarli-data:/var/www/shaarli/data 15 | - shaarli-cache:/var/www/shaarli/cache 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.backend=shaarli" 19 | - "traefik.frontend.rule=Host:shaarli.${DOMAINNAME}" 20 | - "traefik.port=80" 21 | - "traefik.docker.network=traefik_proxy" 22 | - "traefik.frontend.headers.SSLRedirect=true" 23 | - "traefik.frontend.headers.STSSeconds=315360000" 24 | - "traefik.frontend.headers.browserXSSFilter=true" 25 | - "traefik.frontend.headers.contentTypeNosniff=true" 26 | - "traefik.frontend.headers.forceSTSHeader=true" 27 | - "traefik.frontend.headers.SSLHost=shaarli.${DOMAINNAME}" 28 | - "traefik.frontend.headers.SSLForceHost=true" 29 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 30 | - "traefik.frontend.headers.STSPreload=true" 31 | - "traefik.frontend.headers.frameDeny=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | volumes: 35 | shaarli-data: 36 | shaarli-cache: 37 | 38 | networks: 39 | traefik_proxy: 40 | external: 41 | name: traefik_proxy 42 | -------------------------------------------------------------------------------- /ymlfiles/smokeping.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## SmokePing - Network Latency 5 | smokeping: 6 | container_name: smokeping 7 | image: linuxserver/smokeping 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/smokeping/config:/config 15 | - ${USERDIR}/docker/smokeping/data:/data 16 | environment: 17 | - PUID=${PUID} 18 | - PGID=${PGID} 19 | - TZ=${TZ} 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.backend=smokeping" 23 | - "traefik.frontend.rule=Host:smokeping.${DOMAINNAME}" 24 | - "traefik.port=80" 25 | - "traefik.docker.network=traefik_proxy" 26 | - "traefik.frontend.headers.SSLRedirect=true" 27 | - "traefik.frontend.headers.STSSeconds=315360000" 28 | - "traefik.frontend.headers.browserXSSFilter=true" 29 | - "traefik.frontend.headers.contentTypeNosniff=true" 30 | - "traefik.frontend.headers.forceSTSHeader=true" 31 | - "traefik.frontend.headers.SSLHost=smokeping.${DOMAINNAME}" 32 | - "traefik.frontend.headers.SSLForceHost=true" 33 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 34 | - "traefik.frontend.headers.STSPreload=true" 35 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: 40 | name: traefik_proxy 41 | -------------------------------------------------------------------------------- /ymlfiles/snapraid.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## SnapRAID - Data Backup 5 | snapraid: 6 | container_name: snapraid 7 | image: xagaba/snapraid 8 | restart: always 9 | privileged: true 10 | # networks: 11 | # - traefik_proxy 12 | # ports: 13 | # - "7878:7878" 14 | volumes: 15 | - /mnt:/mnt 16 | - ${USERDIR}/docker/snapraid:/config 17 | # - /etc/timezone:/etc/timezone:ro 18 | # - /etc/localtime:/etc/localtime:ro 19 | - type: bind 20 | source: /dev/disk 21 | target: /dev/disk 22 | - type: bind 23 | source: /var/snapraid 24 | target: /var/snapraid 25 | environment: 26 | - PUID=${PUID} 27 | - PGID=${PGID} 28 | - TZ=${TZ} 29 | 30 | #networks: 31 | # traefik_proxy: 32 | # external: 33 | # name: traefik_proxy 34 | -------------------------------------------------------------------------------- /ymlfiles/sonarr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Sonarr – TV Show Download and Management 5 | sonarr: 6 | container_name: sonarr 7 | image: linuxserver/sonarr 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8989:8989" 13 | volumes: 14 | - ${USERDIR}/dwnloads:/downloads 15 | - /mnt/storage/tv:/tv 16 | - ${USERDIR}/docker/sonarr:/config 17 | environment: 18 | - PUID=${PUID} 19 | - PGID=${PGID} 20 | - TZ=${TZ} 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=sonarr" 24 | - "traefik.frontend.rule=Host:sonarr.${DOMAINNAME}" 25 | - "traefik.port=8989" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=sonarr.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 40 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/soulseek.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Soulseek - P2P Media Service 5 | soulseek: 6 | container_name: soulseek 7 | image: realies/soulseek 8 | restart: always 9 | network_mode: "container:qbittorrent" 10 | # networks: 11 | # - traefik_proxy 12 | # ports: 13 | # - "6080:6080" 14 | volumes: 15 | - soulseekdata:/root 16 | - /mnt/storage/music/to_be_tagged:/root/Soulseek Downloads 17 | - /mnt/storage/music/music:/Music 18 | - /etc/timezone:/etc/timezone:ro 19 | environment: 20 | - resolution=1280x720 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=soulseek" 24 | - "traefik.frontend.rule=Host:soulseek.${DOMAINNAME}" 25 | - "traefik.port=6080" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=soulseek.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 37 | - "traefik.frontend.headers.customFrameOptionsValue=SAMEORIGIN" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 40 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 41 | 42 | volumes: 43 | soulseekdata: 44 | 45 | #networks: 46 | # traefik_proxy: 47 | # external: 48 | # name: traefik_proxy 49 | -------------------------------------------------------------------------------- /ymlfiles/standardnotes.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## StandardFile - File Server for Standard Notes 5 | # Requires a MySQL database. Create with: 6 | # docker exec -it mariadb mysql -uroot -p 7 | # CREATE DATABASE standardnotes CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci; 8 | # GRANT ALL PRIVILEGES ON standardnotes.* TO 'standardnotes'@'standardfile.traefik_proxy'IDENTIFIED BY ''; 9 | # FLUSH PRIVILEGES; 10 | # exit 11 | standardfile: 12 | container_name: standardfile 13 | image: dryusdan/standardfile 14 | restart: always 15 | networks: 16 | - traefik_proxy 17 | # ports: 18 | # - "3000:3000" 19 | environment: 20 | - DB_HOST=mariadb 21 | - DB_PORT=3306 22 | - DB_DATABASE=standardnotes 23 | - DB_USERNAME=standardnotes 24 | - DB_PASSWORD=${MY_PASSWORD} 25 | - RAILS_ENV=production 26 | - SECRET_KEY_BASE=use "bundle exec rake secret" 27 | - RAILS_SERVE_STATIC_FILES=true 28 | - SALT_PSEUDO_NONCE=use "bundle exec rake secret" 29 | labels: 30 | - "traefik.enable=true" 31 | - "traefik.backend=standardfile" 32 | - "traefik.frontend.rule=Host:standardfile.${DOMAINNAME}" 33 | - "traefik.port=3000" 34 | - "traefik.docker.network=traefik_proxy" 35 | - "traefik.frontend.headers.SSLRedirect=true" 36 | - "traefik.frontend.headers.STSSeconds=315360000" 37 | - "traefik.frontend.headers.browserXSSFilter=true" 38 | - "traefik.frontend.headers.contentTypeNosniff=true" 39 | - "traefik.frontend.headers.forceSTSHeader=true" 40 | - "traefik.frontend.headers.SSLHost=standardfile.${DOMAINNAME}" 41 | - "traefik.frontend.headers.SSLForceHost=true" 42 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 43 | - "traefik.frontend.headers.STSPreload=true" 44 | - "traefik.frontend.headers.frameDeny=true" 45 | 46 | ## StandardNotes - Notes App 47 | # When registering enter standardfile address under advanced settings (https://standardfile.${DOMAINNAME}) 48 | standardnotes: 49 | container_name: standardnotes 50 | image: dryusdan/standardnotes 51 | restart: always 52 | networks: 53 | - traefik_proxy 54 | # ports: 55 | # - "3000:3000" 56 | environment: 57 | - config.assets.digest=true 58 | labels: 59 | - "traefik.enable=true" 60 | - "traefik.backend=standardnotes" 61 | - "traefik.frontend.rule=Host:standardnotes.${DOMAINNAME}" 62 | - "traefik.port=3000" 63 | - "traefik.docker.network=traefik_proxy" 64 | - "traefik.frontend.headers.SSLRedirect=true" 65 | - "traefik.frontend.headers.STSSeconds=315360000" 66 | - "traefik.frontend.headers.browserXSSFilter=true" 67 | - "traefik.frontend.headers.contentTypeNosniff=true" 68 | - "traefik.frontend.headers.forceSTSHeader=true" 69 | - "traefik.frontend.headers.SSLHost=standardnotes.${DOMAINNAME}" 70 | - "traefik.frontend.headers.SSLForceHost=true" 71 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 72 | - "traefik.frontend.headers.STSPreload=true" 73 | - "traefik.frontend.headers.frameDeny=true" 74 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 75 | 76 | networks: 77 | traefik_proxy: 78 | external: 79 | name: traefik_proxy 80 | -------------------------------------------------------------------------------- /ymlfiles/syncthing.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Syncthing – Data Sync 5 | syncthing: 6 | container_name: syncthing 7 | image: linuxserver/syncthing 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - "8384:8384" 13 | - "22000:22000" 14 | - "21027:21027/udp" 15 | volumes: 16 | - ${USERDIR}/Syncthing:/Syncthing 17 | - ${USERDIR}/docker/syncthing:/config 18 | environment: 19 | - PUID=${PUID} 20 | - PGID=${PGID} 21 | - TZ=${TZ} 22 | - UMASK_SET=002 23 | labels: 24 | - "traefik.enable=true" 25 | - "traefik.backend=syncthing" 26 | - "traefik.frontend.rule=Host:syncthing.${DOMAINNAME}" 27 | - "traefik.port=8384" 28 | - "traefik.protocol=https" 29 | - "traefik.docker.network=traefik_proxy" 30 | - "traefik.frontend.headers.SSLRedirect=true" 31 | - "traefik.frontend.headers.STSSeconds=315360000" 32 | - "traefik.frontend.headers.browserXSSFilter=true" 33 | - "traefik.frontend.headers.contentTypeNosniff=true" 34 | - "traefik.frontend.headers.forceSTSHeader=true" 35 | - "traefik.frontend.headers.SSLHost=syncthing.${DOMAINNAME}" 36 | - "traefik.frontend.headers.SSLForceHost=true" 37 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 38 | - "traefik.frontend.headers.STSPreload=true" 39 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 40 | - "traefik.frontend.headers.frameDeny=true" 41 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 42 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 43 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 44 | 45 | networks: 46 | traefik_proxy: 47 | external: 48 | name: traefik_proxy 49 | -------------------------------------------------------------------------------- /ymlfiles/taiga.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Taiga - Project Management Platform 5 | # Requires postgres db - manually create db first 6 | # Login: admin / 123123 7 | taiga: 8 | container_name: taiga 9 | image: benhutchins/taiga 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "80:80" 15 | volumes: 16 | - ${USERDIR}/docker/taiga/media:/usr/src/taiga-back/media 17 | environment: 18 | - TAIGA_HOSTNAME=taiga.${DOMAINNAME} 19 | - TAIGA_SSL_BY_REVERSE_PROXY=True 20 | - TAIGA_SECRET_KEY=${TAIGA_SECRET_KEY} 21 | - TAIGA_SLEEP=15 # when the db comes up from docker, it is usually too quick 22 | - TAIGA_ENABLE_EMAIL=False 23 | - TAIGA_DB_NAME=taiga 24 | - TAIGA_DB_HOST=postgres 25 | - TAIGA_DB_USER=postgres 26 | - TAIGA_DB_PASSWORD=${MY_PASSWORD} 27 | labels: 28 | - "traefik.enable=true" 29 | - "traefik.backend=taiga" 30 | - "traefik.frontend.rule=Host:taiga.${DOMAINNAME}" 31 | - "traefik.port=80" 32 | - "traefik.docker.network=traefik_proxy" 33 | - "traefik.frontend.headers.SSLRedirect=true" 34 | - "traefik.frontend.headers.STSSeconds=315360000" 35 | - "traefik.frontend.headers.browserXSSFilter=true" 36 | - "traefik.frontend.headers.contentTypeNosniff=true" 37 | - "traefik.frontend.headers.forceSTSHeader=true" 38 | - "traefik.frontend.headers.SSLHost=taiga.${DOMAINNAME}" 39 | - "traefik.frontend.headers.SSLForceHost=true" 40 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 41 | - "traefik.frontend.headers.STSPreload=true" 42 | - "traefik.frontend.headers.frameDeny=true" 43 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 44 | 45 | networks: 46 | traefik_proxy: 47 | external: 48 | name: traefik_proxy 49 | -------------------------------------------------------------------------------- /ymlfiles/taskwarrior.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Taskserver - Server for TaskWarrior 5 | # Seems to work without, but you may need to follow setup described here: https://hub.docker.com/r/lukd/taskwarrior 6 | taskserver: 7 | container_name: taskserver 8 | image: lukd/taskwarrior 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "53589:53589" 14 | volumes: 15 | - ${USERDIR}/docker/taskserver/data:/data 16 | environment: 17 | - "TASKD_BITS=4096" 18 | - "TASKD_EXPIRATION=365" 19 | - "TASKD_ORGANIZATION=My Organization" 20 | - "TASKD_CN=taskserver.${DOMAINNAME}" 21 | - "TASKD_COUNTRY=US" 22 | - "TASKD_STATE=${STATE}" 23 | - "TASKD_LOCALITY=${LOCALITY}" 24 | labels: 25 | - "traefik.enable=true" 26 | - "traefik.backend=taskserver" 27 | - "traefik.frontend.rule=Host:taskserver.${DOMAINNAME}" 28 | - "traefik.port=53589" 29 | - "traefik.docker.network=traefik_proxy" 30 | - "traefik.frontend.headers.SSLRedirect=true" 31 | - "traefik.frontend.headers.STSSeconds=315360000" 32 | - "traefik.frontend.headers.browserXSSFilter=true" 33 | - "traefik.frontend.headers.contentTypeNosniff=true" 34 | - "traefik.frontend.headers.forceSTSHeader=true" 35 | - "traefik.frontend.headers.SSLHost=taskwarrior.${DOMAINNAME}" 36 | - "traefik.frontend.headers.SSLForceHost=true" 37 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 38 | - "traefik.frontend.headers.STSPreload=true" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | 42 | ## Taskwarrior - Task Manager 43 | taskwarrior: 44 | container_name: taskwarrior 45 | image: hav0k/taskwarrior-web 46 | restart: always 47 | networks: 48 | - traefik_proxy 49 | # ports: 50 | # - "5678:5678" 51 | volumes: 52 | - ${USERDIR}/docker/taskwarrior/task-web:/root/.task 53 | environment: 54 | # Sync server: 55 | - TASKD_SERVER='taskserver.${DOMAINNAME}' 56 | - TASKD_CREDENTIALS='AlphaV/Alexey Vildyaev/uid' # Not sure what this is 57 | labels: 58 | - "traefik.enable=true" 59 | - "traefik.backend=taskwarrior" 60 | - "traefik.frontend.rule=Host:taskwarrior.${DOMAINNAME}" 61 | - "traefik.port=5678" 62 | - "traefik.docker.network=traefik_proxy" 63 | - "traefik.frontend.headers.SSLRedirect=true" 64 | - "traefik.frontend.headers.STSSeconds=315360000" 65 | - "traefik.frontend.headers.browserXSSFilter=true" 66 | - "traefik.frontend.headers.contentTypeNosniff=true" 67 | - "traefik.frontend.headers.forceSTSHeader=true" 68 | - "traefik.frontend.headers.SSLHost=${DOMAINNAME}" 69 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 70 | - "traefik.frontend.headers.STSPreload=true" 71 | - "traefik.frontend.headers.frameDeny=true" 72 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 73 | 74 | networks: 75 | traefik_proxy: 76 | external: 77 | name: traefik_proxy 78 | -------------------------------------------------------------------------------- /ymlfiles/tautulli.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Tautulli – Monitoring Plex Usage 5 | tautulli: 6 | container_name: tautulli 7 | image: linuxserver/tautulli 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8181:8181" 13 | volumes: 14 | - ${USERDIR}/docker/plex/Library/Application Support/Plex Media Server/Logs:/logs:ro # Plex Log Directory 15 | - ${USERDIR}/docker/tautulli/config:/config 16 | environment: 17 | - PUID=${PUID} 18 | - PGID=${PGID} 19 | - TZ=${TZ} 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.backend=tautulli" 23 | - "traefik.frontend.rule=Host:tautulli.${DOMAINNAME}" 24 | - "traefik.port=8181" 25 | - "traefik.docker.network=traefik_proxy" 26 | - "traefik.frontend.headers.SSLRedirect=true" 27 | - "traefik.frontend.headers.STSSeconds=315360000" 28 | - "traefik.frontend.headers.browserXSSFilter=true" 29 | - "traefik.frontend.headers.contentTypeNosniff=true" 30 | - "traefik.frontend.headers.forceSTSHeader=true" 31 | - "traefik.frontend.headers.SSLHost=tautulli.${DOMAINNAME}" 32 | - "traefik.frontend.headers.SSLForceHost=true" 33 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 34 | - "traefik.frontend.headers.STSPreload=true" 35 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 36 | - "traefik.frontend.headers.frameDeny=true" 37 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 38 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 39 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 40 | 41 | networks: 42 | traefik_proxy: 43 | external: 44 | name: traefik_proxy 45 | -------------------------------------------------------------------------------- /ymlfiles/tinyfilemanager.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## tinyfilemanager - Simple Directory Index 5 | # Login: admin/admin 6 | tinyfilemanager: 7 | container_name: tinyfilemanager 8 | image: puteulanus/tinyfilemanager 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "80:80" 14 | volumes: 15 | - ${USERDIR}/dwnloads:/web/file/test:ro # Location you want to index 16 | labels: 17 | - "traefik.enable=true" 18 | - "traefik.backend=tinyfilemanager" 19 | - "traefik.frontend.rule=Host:tinyfilemanager.${DOMAINNAME}" 20 | - "traefik.port=8080" 21 | - "traefik.docker.network=traefik_proxy" 22 | - "traefik.frontend.headers.SSLRedirect=true" 23 | - "traefik.frontend.headers.STSSeconds=315360000" 24 | - "traefik.frontend.headers.browserXSSFilter=true" 25 | - "traefik.frontend.headers.contentTypeNosniff=true" 26 | - "traefik.frontend.headers.forceSTSHeader=true" 27 | - "traefik.frontend.headers.SSLHost=tinyfilemanager.${DOMAINNAME}" 28 | - "traefik.frontend.headers.SSLForceHost=true" 29 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 30 | - "traefik.frontend.headers.STSPreload=true" 31 | - "traefik.frontend.headers.frameDeny=true" 32 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: 37 | name: traefik_proxy 38 | -------------------------------------------------------------------------------- /ymlfiles/tinyrss.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## TinyRSS 5 | # Need to set up a database first 6 | # Login: admin / password 7 | tinyrss: 8 | container_name: tinyrss 9 | image: linuxserver/tt-rss 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "780:80" 15 | # - "7443:443" 16 | volumes: 17 | - ${USERDIR}/docker/tinyrss:/config 18 | environment: 19 | - PUID=${PUID} 20 | - PGID=${PGID} 21 | - TZ=${TZ} 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=tinyrss" 25 | - "traefik.frontend.rule=Host:tinyrss.${DOMAINNAME}" 26 | - "traefik.port=80" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=tinyrss.${DOMAINNAME}" 34 | - "traefik.frontend.headers.SSLForceHost=true" 35 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 36 | - "traefik.frontend.headers.STSPreload=true" 37 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 38 | - "traefik.frontend.headers.frameDeny=true" 39 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 40 | 41 | networks: 42 | traefik_proxy: 43 | external: 44 | name: traefik_proxy 45 | -------------------------------------------------------------------------------- /ymlfiles/transmission.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Transmission with VPN – Bittorrent Downloader 5 | transmission: 6 | container_name: transmission 7 | image: haugene/transmission-openvpn 8 | restart: always 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.1.243 12 | # - traefik_proxy 13 | ports: 14 | - "9091:9091" 15 | cap_add: 16 | - NET_ADMIN 17 | devices: 18 | - /dev/net/tun 19 | dns: 20 | - 192.168.1.3 21 | # - 1.1.1.1 22 | # - 1.0.0.1 23 | volumes: 24 | - ${USERDIR}/dwnloads/transmission/completed:/data/completed 25 | - ${USERDIR}/dwnloads/transmission/incomplete:/data/incomplete 26 | - ${USERDIR}/dwnloads/transmission/watch:/data/watch 27 | - /etc/localtime:/etc/localtime:ro 28 | - ${USERDIR}/docker/transmission:/data 29 | - ${USERDIR}/docker/transmission/resolv.conf:/etc/resolv.conf 30 | environment: 31 | - PUID=${PUID} 32 | - PGID=${PGID} 33 | - OPENVPN_PROVIDER=PIA 34 | - OPENVPN_USERNAME=${PIA_USER} 35 | - OPENVPN_PASSWORD=${PIA_PASS} 36 | - WEBPROXY_ENABLED=false 37 | - OPENVPN_CONFIG=CA\ Toronto 38 | - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60 --auth-nocache 39 | - TRANSMISSION_RPC_USERNAME=${MY_USERNAME} 40 | - TRANSMISSION_RPC_PASSWORD=${MY_PASSWORD} 41 | - TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true 42 | - TRANSMISSION_RPC_HOST_WHITELIST="127.0.1.1,192.168.*.*" 43 | - TRANSMISSION_UMASK=002 44 | - LOCAL_NETWORK=192.168.1.0/24 45 | - ENABLE_UFW=true 46 | - UFW_ALLOW_GW_NET=true 47 | - CREATE_TUN_DEVICE=true 48 | labels: 49 | - "traefik.enable=true" 50 | - "traefik.backend=transmission" 51 | - "traefik.frontend.rule=Host:transmission.${DOMAINNAME}" 52 | - "traefik.port=9091" 53 | - "traefik.docker.network=traefik_proxy" 54 | - "traefik.frontend.headers.SSLRedirect=true" 55 | - "traefik.frontend.headers.STSSeconds=315360000" 56 | - "traefik.frontend.headers.browserXSSFilter=true" 57 | - "traefik.frontend.headers.contentTypeNosniff=true" 58 | - "traefik.frontend.headers.forceSTSHeader=true" 59 | - "traefik.frontend.headers.SSLHost=transmission.${DOMAINNAME}" 60 | - "traefik.frontend.headers.SSLForceHost=true" 61 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 62 | - "traefik.frontend.headers.STSPreload=true" 63 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 64 | - "traefik.frontend.headers.frameDeny=true" 65 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 66 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 67 | - "traefik.frontend.auth.headerField=X-Forwarded-User" 68 | 69 | networks: 70 | traefik_proxy: 71 | external: 72 | name: traefik_proxy 73 | -------------------------------------------------------------------------------- /ymlfiles/ttrss.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Tiny Tiny RSS 5 | # Need to set up a database first 6 | # Login: admin / password 7 | ttrss: 8 | container_name: ttrss 9 | image: linuxserver/tt-rss 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "780:80" 15 | # - "7443:443" 16 | volumes: 17 | - ${USERDIR}/docker/ttrss:/config 18 | environment: 19 | - PUID=${PUID} 20 | - PGID=${PGID} 21 | - TZ=${TZ} 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=ttrss" 25 | - "traefik.frontend.rule=Host:ttrss.${DOMAINNAME}" 26 | - "traefik.port=80" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=ttrss.${DOMAINNAME}" 34 | - "traefik.frontend.headers.SSLForceHost=true" 35 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 36 | - "traefik.frontend.headers.STSPreload=true" 37 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 38 | - "traefik.frontend.headers.frameDeny=true" 39 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 40 | 41 | networks: 42 | traefik_proxy: 43 | external: 44 | name: traefik_proxy 45 | -------------------------------------------------------------------------------- /ymlfiles/twweb.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Taskwarrior - twweb 5 | twweb: 6 | container_name: twweb 7 | image: mgoral/twweb 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5456:5456" 13 | volumes: 14 | - ${USERDIR}/docker/twweb/:/localdata 15 | environment: 16 | # - UID=${PUID} 17 | # - GID=${PGID} 18 | # - TZ=${TZ} 19 | - TWW_CFG_PIN=twweb # suggested to change this (pin of user) 20 | - TWW_CFG_DB_ENGINE=sqlite 21 | - TWW_CFG_DB_HOST=/localdata/twweb.db 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=twweb" 25 | - "traefik.frontend.rule=Host:twweb.${DOMAINNAME}" 26 | - "traefik.port=5456" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=twweb.${DOMAINNAME}" 34 | - "traefik.frontend.headers.SSLForceHost=true" 35 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 36 | - "traefik.frontend.headers.STSPreload=true" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | 40 | networks: 41 | traefik_proxy: 42 | external: 43 | name: traefik_proxy 44 | -------------------------------------------------------------------------------- /ymlfiles/unifi.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Unifi Controller Software 5 | 6 | ## Adopt new device 7 | # ssh ubnt@$AP-IP 8 | # login with ubnt/ubnt 9 | # mca-cli 10 | # set-inform http://$address:8080/inform 11 | 12 | unifi: 13 | container_name: unifi 14 | image: linuxserver/unifi-controller 15 | restart: unless-stopped 16 | networks: 17 | - traefik_proxy 18 | ports: 19 | - "3478:3478/udp" 20 | - "10001:10001/udp" 21 | - "8080:8080" 22 | - "8081:8081" 23 | # - "8443:8443" 24 | - "8843:8843" 25 | - "8880:8880" 26 | - "6789:6789" 27 | volumes: 28 | - ${USERDIR}/docker/unifi:/config 29 | - /etc/timezone:/etc/timezone:ro 30 | - /etc/localtime:/etc/localtime:ro 31 | environment: 32 | - PUID=${PUID} 33 | - PGID=${PGID} 34 | labels: 35 | - "traefik.enable=true" 36 | - "traefik.backend=unifi" 37 | - "traefik.frontend.rule=Host:unifi.${DOMAINNAME}" 38 | - "traefik.port=8443" 39 | - "traefik.protocol=https" 40 | - "traefik.docker.network=traefik_proxy" 41 | - "traefik.frontend.headers.SSLRedirect=true" 42 | - "traefik.frontend.headers.STSSeconds=315360000" 43 | - "traefik.frontend.headers.browserXSSFilter=true" 44 | - "traefik.frontend.headers.contentTypeNosniff=true" 45 | - "traefik.frontend.headers.forceSTSHeader=true" 46 | - "traefik.frontend.headers.SSLHost=unifi.${DOMAINNAME}" 47 | - "traefik.frontend.headers.SSLForceHost=true" 48 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 49 | - "traefik.frontend.headers.STSPreload=true" 50 | - "traefik.frontend.headers.frameDeny=true" 51 | - "traefik.frontend.passHostHeader=true" 52 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 53 | 54 | networks: 55 | traefik_proxy: 56 | external: 57 | name: traefik_proxy 58 | -------------------------------------------------------------------------------- /ymlfiles/volumio.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Volumio 5 | volumio: 6 | container_name: volumio 7 | image: jbonjean/volumio 8 | restart: always 9 | devices: 10 | - "/dev/snd" 11 | networks: 12 | - traefik_proxy 13 | ports: 14 | - "3000:3000" 15 | volumes: 16 | - /dev/shm:/dev/shm 17 | - /run/dbus:/run/dbus 18 | - ${USERDIR}/Music:/var/lib/mpd/music/:ro 19 | - ${USERDIR}/docker/volumio/data:/data 20 | environment: 21 | - HOST=https://volumio.${DOMAINNAME} 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.backend=volumio" 25 | - "traefik.frontend.rule=Host:volumio.${DOMAINNAME}" 26 | - "traefik.port=3000" 27 | - "traefik.docker.network=traefik_proxy" 28 | - "traefik.frontend.headers.SSLRedirect=true" 29 | - "traefik.frontend.headers.STSSeconds=315360000" 30 | - "traefik.frontend.headers.browserXSSFilter=true" 31 | - "traefik.frontend.headers.contentTypeNosniff=true" 32 | - "traefik.frontend.headers.forceSTSHeader=true" 33 | - "traefik.frontend.headers.SSLHost=volumio.${DOMAINNAME}" 34 | - "traefik.frontend.headers.SSLForceHost=true" 35 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 36 | - "traefik.frontend.headers.STSPreload=true" 37 | # - "traefik.frontend.headers.frameDeny=true" 38 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | 40 | networks: 41 | traefik_proxy: 42 | external: 43 | name: traefik_proxy 44 | -------------------------------------------------------------------------------- /ymlfiles/wallabag.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Wallabag 5 | # Don't create db before starting container - db will be automatically created 6 | # Login: wallabag / wallabag 7 | wallabag: 8 | container_name: wallabag 9 | image: wallabag/wallabag 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "80:80" 15 | volumes: 16 | - ${USERDIR}/docker/wallabag/images:/var/www/wallabag/web/assets/images 17 | environment: 18 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 19 | - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql 20 | - SYMFONY__ENV__DATABASE_HOST=mariadb 21 | - SYMFONY__ENV__DATABASE_PORT=3306 22 | - SYMFONY__ENV__DATABASE_NAME=wallabag 23 | - SYMFONY__ENV__DATABASE_USER=wallabag 24 | - SYMFONY__ENV__DATABASE_PASSWORD=${MY_PASSWORD} 25 | - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4 26 | - SYMFONY__ENV__SECRET=${SYMFONY__ENV__SECRET} 27 | - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.${DOMAINNAME} 28 | - SYMFONY__ENV__REDIS_SCHEME=tcp 29 | - SYMFONY__ENV__REDIS_HOST=redis 30 | - SYMFONY__ENV__REDIS_PORT=6379 31 | # - POPULATE_DATABASE=True # Disable after first run 32 | - SYMFONY__ENV__FOSUSER_REGISTRATION=false 33 | - SYMFONY__ENV__FOSUSER_CONFIRMATION=false 34 | labels: 35 | - "traefik.enable=true" 36 | - "traefik.backend=wallabag" 37 | - "traefik.frontend.rule=Host:wallabag.${DOMAINNAME}" 38 | - "traefik.port=80" 39 | - "traefik.docker.network=traefik_proxy" 40 | - "traefik.frontend.headers.SSLRedirect=true" 41 | - "traefik.frontend.headers.STSSeconds=315360000" 42 | - "traefik.frontend.headers.browserXSSFilter=true" 43 | - "traefik.frontend.headers.contentTypeNosniff=true" 44 | - "traefik.frontend.headers.forceSTSHeader=true" 45 | - "traefik.frontend.headers.SSLHost=wallabag.${DOMAINNAME}" 46 | - "traefik.frontend.headers.SSLForceHost=true" 47 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 48 | - "traefik.frontend.headers.STSPreload=true" 49 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 50 | - "traefik.frontend.headers.frameDeny=true" 51 | # - "traefik.frontend.auth.forward.address=http://oauth:4181" 52 | 53 | networks: 54 | traefik_proxy: 55 | external: 56 | name: traefik_proxy 57 | -------------------------------------------------------------------------------- /ymlfiles/watchtower.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Watchtower - Automatic Update of Containers/Apps 5 | # Consider using the fork kopfkrieg/watchtower 6 | watchtower: 7 | container_name: watchtower 8 | image: v2tec/watchtower 9 | restart: always 10 | command: --schedule "0 0 4 * * *" --cleanup 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock 13 | environment: 14 | - TZ=${TZ} 15 | 16 | networks: 17 | traefik_proxy: 18 | external: 19 | name: traefik_proxy 20 | -------------------------------------------------------------------------------- /ymlfiles/wekan.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # Need to run with MongoDB 5 | 6 | ## Wekan - Open Source Kanban Board 7 | wekan: 8 | container_name: wekan 9 | image: wekanteam/wekan 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "8080:8080" 15 | volumes: 16 | - /etc/timezone:/etc/timezone:ro 17 | environment: 18 | - MONGO_URL=mongodb://mongo:27017/wekan # //:/ 19 | - ROOT_URL=https://wekan.${DOMAINNAME} 20 | - WITH_API=false 21 | - BROWSER_POLICY_ENABLED=true 22 | - TRUSTED_URL=https://wekan.${DOMAINNAME} 23 | labels: 24 | - "traefik.enable=true" 25 | - "traefik.backend=wekan" 26 | - "traefik.frontend.rule=Host:wekan.${DOMAINNAME}" 27 | - "traefik.port=8080" 28 | - "traefik.docker.network=traefik_proxy" 29 | - "traefik.frontend.headers.SSLRedirect=true" 30 | - "traefik.frontend.headers.STSSeconds=315360000" 31 | - "traefik.frontend.headers.browserXSSFilter=true" 32 | - "traefik.frontend.headers.contentTypeNosniff=true" 33 | - "traefik.frontend.headers.forceSTSHeader=true" 34 | - "traefik.frontend.headers.SSLHost=wekan.${DOMAINNAME}" 35 | - "traefik.frontend.headers.SSLForceHost=true" 36 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 37 | - "traefik.frontend.headers.STSPreload=true" 38 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 42 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: 47 | name: traefik_proxy 48 | -------------------------------------------------------------------------------- /ymlfiles/wetty.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Wetty - SSH over the web 5 | wetty: 6 | container_name: wetty 7 | image: svenihoney/wetty 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "3000:3000" 13 | # volumes: 14 | # - ${USERDIR}/.ssh/id_rsa:/root/ssh/id_rsa 15 | environment: 16 | - VIRTUAL_HOST=wetty.${DOMAINNAME} 17 | - VIRTUAL_PORT=3000 18 | - REMOTE_SSH_SERVER=192.168.1.13 19 | - REMOTE_SSH_PORT=22 20 | - REMOTE_SSH_USER=${MY_USERNAME} 21 | labels: 22 | - "traefik.enable=true" 23 | - "traefik.backend=wetty" 24 | - "traefik.frontend.rule=Host:wetty.${DOMAINNAME}" 25 | - "traefik.port=3000" 26 | - "traefik.docker.network=traefik_proxy" 27 | - "traefik.frontend.headers.SSLRedirect=true" 28 | - "traefik.frontend.headers.STSSeconds=315360000" 29 | - "traefik.frontend.headers.browserXSSFilter=true" 30 | - "traefik.frontend.headers.contentTypeNosniff=true" 31 | - "traefik.frontend.headers.forceSTSHeader=true" 32 | - "traefik.frontend.headers.SSLHost=wetty.${DOMAINNAME}" 33 | - "traefik.frontend.headers.SSLForceHost=true" 34 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 35 | - "traefik.frontend.headers.STSPreload=true" 36 | - "traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex" 37 | - "traefik.frontend.headers.frameDeny=true" 38 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 39 | - "traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User" 40 | - "traefik.frontend.auth.forward.trustForwardHeader=true" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | -------------------------------------------------------------------------------- /ymlfiles/wordpress.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## WordPress - Personal Website 5 | wordpress: 6 | container_name: wordpress 7 | image: wordpress 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8000:80" 13 | volumes: 14 | - ${USERDIR}/docker/wordpress/html:/var/www/html 15 | - ${USERDIR}/docker/wordpress/php:/usr/local/etc/php 16 | environment: 17 | - PUID=${PUID} 18 | - PGID=${PGID} 19 | - TZ=${TZ} 20 | - WORDPRESS_DB_HOST=mariadb 21 | - WORDPRESS_DB_USER=wordpress 22 | - WORDPRESS_DB_PASSWORD=${MYSQL_PASSWORD} 23 | - WORDPRESS_DB_NAME=wordpress 24 | labels: 25 | - "traefik.enable=true" 26 | - "traefik.backend=wordpress" 27 | - "traefik.frontend.rule=Host:wordpress.${DOMAINNAME}" 28 | - "traefik.port=80" 29 | - "traefik.docker.network=traefik_proxy" 30 | - "traefik.frontend.headers.SSLRedirect=true" 31 | - "traefik.frontend.headers.STSSeconds=315360000" 32 | - "traefik.frontend.headers.browserXSSFilter=true" 33 | - "traefik.frontend.headers.contentTypeNosniff=true" 34 | - "traefik.frontend.headers.forceSTSHeader=true" 35 | - "traefik.frontend.headers.SSLHost=wordpress.${DOMAINNAME}" 36 | - "traefik.frontend.headers.SSLForceHost=true" 37 | - "traefik.frontend.headers.STSIncludeSubdomains=true" 38 | - "traefik.frontend.headers.STSPreload=true" 39 | - "traefik.frontend.headers.frameDeny=true" 40 | - "traefik.frontend.auth.forward.address=http://oauth:4181" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: 45 | name: traefik_proxy 46 | --------------------------------------------------------------------------------