├── .bash_aliases ├── README.md ├── resolv.conf ├── shared └── .htpasswd ├── traefik ├── acme │ └── acme.json ├── rules │ ├── app-pihole.toml │ ├── middlewares-chains.toml │ └── middlewares.toml └── traefik.log └── ymlfiles ├── .env ├── cf-companion.yml ├── dozzle.yml ├── glances.yml ├── heimdall.yml ├── jackett.yml ├── mariadb.yml ├── netdata.yml ├── nextcloud.yml ├── oauth.yml ├── oktowake.yml ├── pigallery.yml ├── pihole.yml ├── plex.yml ├── portainer.yml ├── presencelight.yml ├── qbittorrent.yml ├── radarr.yml ├── redis.yml ├── sonarr.yml ├── statping.yml ├── traefik.yml ├── vscode.yml ├── watchtower.yml └── whoami.yml /.bash_aliases: -------------------------------------------------------------------------------- 1 | # DOCKER 2 | alias dstopcont='sudo docker stop $(docker ps -a -q)' 3 | alias dstopall='sudo docker stop $(sudo docker ps -aq)' 4 | alias drmcont='sudo docker rm $(docker ps -a -q)' 5 | alias dvolprune='sudo docker volume prune' 6 | alias dsysprune='sudo docker system prune -a' 7 | alias ddelimages='sudo docker rmi $(docker images -q)' 8 | alias docerase='dstopcont ; drmcont ; ddelimages ; dvolprune ; dsysprune' 9 | alias docprune='ddelimages ; dvolprune ; dsysprune' 10 | alias dexec='sudo docker exec -ti' 11 | alias docps='sudo docker ps -a' 12 | alias dcrm='dcrun rm' 13 | alias docdf='sudo docker system df' 14 | alias dclogs='sudo docker logs -tf --tail="50" ' 15 | alias fixsecrets='sudo chown -R root:root /home/pi/docker/secrets ; sudo chmod -R 600 /home/pi/docker/secrets' 16 | 17 | # STACK UP AND DOWN 18 | alias 1down='cd /home/pi/docker ; dcdown1v ; dcdown1' 19 | alias 1up='cd /home/pi/docker ; sudo docker network create t1_proxy ; dcrec1 plexms ; dcup1 ; dcup1v' 20 | alias 2down='cd /home/pi/docker ; dcdown2v ; dcdown2' 21 | alias 2up='cd /home/pi/docker ; sudo docker network create --gateway 192.168.91.1 --subnet 192.168.91.0/24 socket_proxy ; sudo docker network create --gateway 192.168.90.1 --subnet 192.168.90.0/24 t2_proxy ; dcrec2 plexms ; dcup2 ; dcup2v' 22 | 23 | # DOCKER TRAEFIK 1 24 | alias dcrun1='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t1.yml ' 25 | alias dclogs1='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t1.yml logs -tf --tail="50" ' 26 | alias dcup1='dcrun1 up -d' 27 | alias dcdown1='dcrun1 down' 28 | alias dcrec1='dcrun1 up -d --force-recreate' 29 | alias dcstop1='dcrun1 stop' 30 | alias dcrestart1='dcrun1 restart ' 31 | alias dcpull1='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t1.yml pull' 32 | 33 | # DOCKER TRAEFIK 1 VPN 34 | alias dcrun1v='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t1-vpn.yml ' 35 | alias dclogs1v='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t1-vpn.yml logs -tf --tail="50" ' 36 | alias dcup1v='dcrun1v up -d' 37 | alias dcdown1v='dcrun1v down' 38 | alias dcrec1v='dcrun1v up -d --force-recreate' 39 | alias dcstop1v='dcrun1v stop' 40 | alias dcrestart1v='dcrun1v restart ' 41 | alias dcpull1v='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t1-vpn.yml pull' 42 | 43 | # DOCKER TRAEFIK 2 44 | alias dcrun2='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t2.yml ' 45 | alias dclogs2='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t2.yml logs -tf --tail="50" ' 46 | alias dcup2='dcrun2 up -d' 47 | alias dcdown2='dcrun2 down' 48 | alias dcrec2='dcrun2 up -d --force-recreate' 49 | alias dcstop2='dcrun2 stop' 50 | alias dcrestart2='dcrun2 restart ' 51 | alias dcpull2='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t2.yml pull' 52 | 53 | # DOCKER TRAEFIK 2 VPN 54 | alias dcrun2v='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t2-vpn.yml ' 55 | alias dclogs2v='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t2-vpn.yml logs -tf --tail="50" ' 56 | alias dcup2v='dcrun2v up -d' 57 | alias dcdown2v='dcrun2v down' 58 | alias dcrec2v='dcrun2v up -d --force-recreate' 59 | alias dcstop2v='dcrun2v stop' 60 | alias dcrestart2v='dcrun2v restart ' 61 | alias dcpull2v='cd /home/pi/docker ; sudo docker-compose -f /home/pi/docker/docker-compose-t2-vpn.yml pull' 62 | 63 | # DOCKER TRAEFIK 1 SWARM 64 | alias dslogs='sudo docker service logs -tf --tail="50"' 65 | alias dsps='sudo docker stack ps zstack' 66 | alias dsse='sudo docker stack services zstack' 67 | alias dsls='sudo docker stack ls' 68 | alias dsrm='sudo docker stack rm' 69 | alias dsup='sudo docker stack deploy --compose-file /home/pi/docker/docker-compose-swarm.yml zstack' 70 | alias dshelp='echo "dslogs dsps dsse dsls dsrm dsup"' 71 | 72 | # SHUTDOWN AND RESTART 73 | alias shutdown='sudo shutdown -h now' 74 | alias reboot='sudo reboot' 75 | 76 | # NETWORKING 77 | alias portsused='sudo netstat -tulpn | grep LISTEN' 78 | 79 | # FILE SIZE AND STORAGE 80 | alias free='free -h' 81 | alias fdisk='sudo fdisk -l' 82 | alias uuid='sudo vol_id -u' 83 | alias ll='ls -alh' 84 | alias dirsize='sudo du -hx --max-depth=1' 85 | 86 | # SYNOLOGY DSM COMMANDS 87 | alias servicelist='sudo synoservicecfg --list' 88 | alias servicestatus='sudo synoservice --status' 89 | alias servicestop='sudo synoservicecfg --stop' 90 | alias servicehstop='sudo synoservicecfg --hard-stop' 91 | alias servicestart='sudo synoservicecfg --start' 92 | alias servicehstart='sudo synoservicecfg --hard-start' 93 | alias servicerestart='sudo synoservice --restart' 94 | alias servicerestart2='sudo synoservicectl --restart' 95 | alias restartdocker='sudo synoservice --restart pkgctl-Docker' -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # My Home Network/Docker Setup 2 | 3 | ## Intro 4 | 5 | I have 2 Raspberry Pi 4bs in my house that is running a handful of docker containers to do MISC things on my home network and I wanted to be able to easily 6 | reach these services and have a more managed approach. I decided that I wanted to configure a Reverse Proxy to forward all my services under a single domain. 7 | This repo is what I have currently configured on my home network, and includes docker-compose yml files, and scripts to set up a similar environment. 8 | 9 | #### **NOTE: The docker images below all have ARM tags, so make sure that if you aren't using ARM that the image has the arch you need** 10 | 11 | ## Prerequisites 12 | 13 | - [**READ THIS**](https://www.smarthomebeginner.com/traefik-2-docker-tutorial) as I followed it very closely (and stole code/files) to do my setup. 14 | - Bookmark these Repos 15 | - https://github.com/htpcBeginner/docker-traefik 16 | - https://github.com/CVJoint/traefik2 17 | - Have [docker installed](https://docs.docker.com/engine/install/debian/) on your devices 18 | - Post Install Docker Things 19 | 20 | ```bash 21 | # Create docker group and add user to it (allows non-root to run docker) 22 | sudo groupadd docker 23 | sudo usermod -aG docker ` 24 | newgrp docker 25 | 26 | # Run docker at startup 27 | sudo systemctl enable docker 28 | ``` 29 | 30 | - Have [docker-compose](https://docs.docker.com/compose/install) installed on your devices 31 | - I personally used the [pip install ](https://docs.docker.com/compose/install/#install-using-pip) 32 | - Buy a domain (I did it on [Google Domains](https://domains.google/)) 33 | - [Configure your domain](https://support.cloudflare.com/hc/en-us/articles/360027989951-Getting-Started-with-Cloudflare) on Cloudflare 34 | - [Port forward](https://www.smarthomebeginner.com/setup-port-forwarding-on-router/) your router 35 | - Clone this repo wherever you want your docker stuff to be 36 | - `git clone https://github.com/isaacrlevin/HomeNetworkSetup.git docker` 37 | - Configure appropriate permissions on folders/file 38 | 39 | ```bash 40 | sudo setfacl -Rdm g:docker:rwx ~/docker 41 | sudo chmod -R 775 ~/docker 42 | chmod 600 ~/docker/traefik/acme/acme.json 43 | ``` 44 | - Create Traefik Proxy Network 45 | 46 | `docker network create --gateway 192.168.50.1 --subnet 192.168.50.0/24 traefik_proxy` 47 | 48 | - **OPTIONAL** 49 | - If you want to be able to monitor both Rasperry Pis in the same Portainer instance, you will need to enable a TLS Remote Endpoint 50 | - https://lemariva.com/blog/2019/12/portainer-managing-docker-engine-remotely 51 | 52 | ## Ok Now What? 53 | 54 | At this point you should have an environment ready to start building containers. At this point, you can follow the [**BLOG**](https://www.smarthomebeginner.com/traefik-2-docker-tutorial)(starting [**HERE**](https://www.smarthomebeginner.com/traefik-2-docker-tutorial/#Traefik_2_Docker_Compose)) and start configuring to your heart's content. 55 | 56 | ### Few things to point out 57 | 58 | - You really need to take a look at the Traefik configuration section of the blog. More than likely OOB my setup will work for you, but you should take a look at the `.bash_aliases` as they are super helpful, as well as the .env file in the `ymlfiles` directory. 59 | - I added a `resolv.conf` to this repo as I had a problem with DNS on SOME containers. Mounting this file inside the container (done in the yml files) resolved it (PUN INTENDED). 60 | - Since some of my services run on a host that Traefik is not configured on, I need to configure a rule to forward those requests. For instance [here](https://raw.githubusercontent.com/isaacrlevin/HomeNetworkSetup/main/traefik/rules/app-pihole.toml) is how I do it for Pi Hole 61 | 62 | ### Reach out if you want to chat! 63 | 64 | I am not even close to an expert on these things, but I was able to hack away to get what I was looking for, and I am pretty happy with it. All my services are accessible outside my network and are secured with Google Auth. Is this the best/safest implementation? NO! If you want to know how I did some of this stuff, or want to chat, hit me up on [Discussions](https://github.com/isaacrlevin/HomeNetworkSetup/discussions) 65 | -------------------------------------------------------------------------------- /resolv.conf: -------------------------------------------------------------------------------- 1 | nameserver 10.1.2.3 2 | nameserver 8.8.8.8 -------------------------------------------------------------------------------- /shared/.htpasswd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/isaacrlevin/HomeNetworkSetup/f74ed51262503a2364ce9995edbdc56697c7ad0d/shared/.htpasswd -------------------------------------------------------------------------------- /traefik/acme/acme.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/isaacrlevin/HomeNetworkSetup/f74ed51262503a2364ce9995edbdc56697c7ad0d/traefik/acme/acme.json -------------------------------------------------------------------------------- /traefik/rules/app-pihole.toml: -------------------------------------------------------------------------------- 1 | # Configure Traefik to route pi.$DOMAINNAME to external Pi Hole Instance 2 | [http.routers] 3 | [http.routers.pihole-rtr] 4 | entryPoints = ["https"] 5 | rule = "Host(`pihole.$DOMAINNAME.app`)" 6 | service = "pihole-svc" 7 | middlewares = ["chain-oauth", "pihole-add-admin"] 8 | [http.routers.pihole-rtr.tls] 9 | certresolver = "dns-cloudflare" 10 | 11 | [http.middlewares] 12 | [http.middlewares.pihole-add-admin.addPrefix] 13 | prefix = "/admin" 14 | 15 | [http.services] 16 | [http.services.pihole-svc] 17 | [http.services.pihole-svc.loadBalancer] 18 | passHostHeader = true 19 | [[http.services.pihole-svc.loadBalancer.servers]] 20 | url = "$PIHOLE_IP:80" #Whatever your Pi IP is -------------------------------------------------------------------------------- /traefik/rules/middlewares-chains.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares] 2 | [http.middlewares.chain-no-auth] 3 | [http.middlewares.chain-no-auth.chain] 4 | middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers"] 5 | 6 | [http.middlewares.chain-basic-auth] 7 | [http.middlewares.chain-basic-auth.chain] 8 | middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers", "middlewares-basic-auth"] 9 | 10 | [http.middlewares.chain-oauth] 11 | [http.middlewares.chain-oauth.chain] 12 | middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers", "middlewares-oauth"] 13 | 14 | [http.middlewares.chain-authelia] 15 | [http.middlewares.chain-authelia.chain] 16 | middlewares = [ "middlewares-rate-limit", "middlewares-secure-headers", "middlewares-authelia"] -------------------------------------------------------------------------------- /traefik/rules/middlewares.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares] 2 | [http.middlewares.middlewares-basic-auth] 3 | [http.middlewares.middlewares-basic-auth.basicAuth] 4 | realm = "Traefik2 Basic Auth" 5 | usersFile = "/shared/.htpasswd" #be sure to mount the volume through docker-compose.yml 6 | 7 | [http.middlewares.middlewares-rate-limit] 8 | [http.middlewares.middlewares-rate-limit.rateLimit] 9 | average = 100 10 | burst = 50 11 | 12 | # Available Header Options: 13 | #####https://github.com/unrolled/secure#available-options 14 | #####https://docs.traefik.io/middlewares/headers/ 15 | # A great resource for these headers is your preferred browser's docs. Firefox: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers 16 | # https://developers.google.com/search/reference/robots_meta_tag 17 | # https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Clickjacking_Defense_Cheat_Sheet.md 18 | # CSP for VNC: https://github.com/cockpit-project/cockpit/pull/5932 19 | # Check headers here, don't include OAuth when checking headers, otherwise you are checking google's headers: https://securityheaders.com 20 | # or check them here: https://observatory.mozilla.org/ 21 | 22 | # CAUTION: Any headers defined in docker-compose (yml) will OVERWRITE ALL of the headers defined below. 23 | 24 | [http.middlewares.set-security-headers-plex.headers] 25 | browserXssFilter = true 26 | contentTypeNosniff = true 27 | customFrameOptionsValue = "SAMEORIGIN" 28 | referrerPolicy = "same-origin" 29 | featurePolicy = "vibrate 'none'" 30 | stsSeconds = 31536000 31 | stsIncludeSubdomains = true 32 | # Only enable if the second level domain has TLS enabled 33 | stsPreload = false 34 | [http.middlewares.set-security-headers.headers.customRequestHeaders] 35 | X-Scheme = "https" 36 | X-Forwarded-Proto = "https" 37 | [http.middlewares.set-security-headers.headers.customResponseHeaders] 38 | Server = "" 39 | X-Powered-By = "" 40 | X-Robots-Tag = "none" 41 | 42 | 43 | [http.middlewares.middlewares-secure-headers] 44 | [http.middlewares.middlewares-secure-headers.headers] 45 | accessControlAllowMethods= ["GET", "OPTIONS", "PUT"] 46 | accessControlMaxAge = 100 47 | hostsProxyHeaders = ["X-Forwarded-Host"] 48 | sslRedirect = true 49 | stsSeconds = 63072000 50 | stsIncludeSubdomains = true 51 | stsPreload = true 52 | forceSTSHeader = true 53 | # frameDeny = true #overwritten by customFrameOptionsValue 54 | customFrameOptionsValue = "allow-from https:example.com" #CSP takes care of this but may be needed for organizr. 55 | contentTypeNosniff = true 56 | browserXssFilter = true 57 | # sslForceHost = true # add sslHost and all of the 58 | # sslHost = "example.com" 59 | referrerPolicy = "same-origin" 60 | # Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk. 61 | # the below line also breaks some apps due to 'none' - sonarr, radarr, etc. 62 | # contentSecurityPolicy = "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';" 63 | featurePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 64 | [http.middlewares.middlewares-secure-headers.headers.customResponseHeaders] 65 | X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex," 66 | server = "" 67 | 68 | [http.middlewares.middlewares-oauth] 69 | [http.middlewares.middlewares-oauth.forwardAuth] 70 | address = "http://oauth:4181" # Make sure you have the OAuth service in docker-compose.yml 71 | trustForwardHeader = true 72 | authResponseHeaders = ["X-Forwarded-User"] 73 | 74 | [http.middlewares.middlewares-authelia] 75 | [http.middlewares.middlewares-authelia.forwardAuth] 76 | address = "http://authelia:9091/api/verify?rd=https://authelia.example.com" 77 | trustForwardHeader = true 78 | authResponseHeaders = ["Remote-User", "Remote-Groups"] -------------------------------------------------------------------------------- /traefik/traefik.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/isaacrlevin/HomeNetworkSetup/f74ed51262503a2364ce9995edbdc56697c7ad0d/traefik/traefik.log -------------------------------------------------------------------------------- /ymlfiles/.env: -------------------------------------------------------------------------------- 1 | 2 | ##### PORTS 3 | 4 | ORGANIZER_PORT= 5 | HEIMDALL_PORT= 6 | HA_DOCKERMON_PORT= 7 | MOSQUITTO_HTTP_PORT= 8 | MOSQUITTO_HTTPS_PORT= 9 | ZONEMINDER_HTTP_PORT= 10 | ZONEMINDER_HTTPS_PORT= 11 | PHPMYADMIN_PORT= 12 | INFLUXDB_PORT= 13 | JACKETT_PORT= 14 | NZBHYDRA_PORT= 15 | LIDARR_PORT= 16 | #If you change radarr and sonarr port then update plex meta agent 17 | RADARR_PORT= 18 | SONARR_PORT= 19 | JDOWNLOADER_PORT= 20 | SABNZBD_PORT= 21 | QBITTORRENT_PORT= 22 | TRANSMISSION_PORT= 23 | PLEX_PORT= 24 | PLEX_WEB_TOOLS_PORT= 25 | EMBY_PORT= 26 | BAZARR_PORT= 27 | TAUTULLI_PORT= 28 | APCUPSD_PORT= 29 | GUACAMOLE_PORT= 30 | IPVANISH_REMOTE_SERVER= 31 | IPVANISH_PROXY_PORT= 32 | JDOWNLOADER_PORT= 33 | 34 | ##### SYSTEM 35 | 36 | PUID=1000 37 | PGID=995 38 | TZ=America/Los_Angeles 39 | USERDIR=/home/pi 40 | DOCKERDIR=/home/pi/docker 41 | SECRETSDIR=/home/pi/docker/secrets 42 | TRAEFIK2DIR=/home/pi/docker/traefik 43 | CONFIGFOLDER=/media/usb/config 44 | STORAGEFOLDER=/media/usb 45 | SERVER_IP= 46 | PIHOLE_IP= 47 | LOCAL_NETWORK= 48 | 49 | ##### DOMAIN 50 | 51 | DOMAINNAME= 52 | CLOUDFLARE_EMAIL= 53 | CLOUDFLARE_API_KEY= 54 | CLOUDFLARE_API_TOKEN= 55 | CLOUDFLARE_ZONEID= 56 | DUCKDNS_TOKEN= 57 | 58 | ##### DATABASE 59 | 60 | DB_HOST= 61 | DB_PORT= 62 | MYSQL_ROOT_PASSWORD= 63 | 64 | ##### SECURITY AND PRIVACY 65 | 66 | REDIS_PASSWORD= 67 | IPVANISH_USERNAME= 68 | IPVANISH_PASSWORD= 69 | MY_USERNAME= 70 | MY_PASSWORD= 71 | TRAEFIK_PASSWORD= 72 | GOOGLE_CLIENT_ID= 73 | GOOGLE_CLIENT_SECRET= 74 | GOOGLE_OAUTH_SECRET= 75 | LIDARR_API_KEY= 76 | RADARR_API_KEY= 77 | SONARR_API_KEY= 78 | SABNZBD_API_KEY= 79 | 80 | ##### NOTIFICATIONS 81 | 82 | TGRAM_BOT_TOKEN= 83 | TGRAM_CHAT_ID= 84 | MY_EMAIL= 85 | ARI_EMAIL= 86 | 87 | ##### APPS 88 | 89 | JDOWN_VNC_PASSWD= 90 | HANDBRAKE_VNC_PASSWD= 91 | FIREFOX_VNC_PASSWD= 92 | FILEBOT_VNC_PASSWD= 93 | QDIRSTAT_VNC_PASSWD= 94 | MKVTOOLNIX_VNC_PASSWD= 95 | MAKEMKV_VNC_PASSWD= 96 | GUAC_MYSQL_USER= 97 | GUAC_MYSQL_PASSWORD= 98 | TRANSMISSION_RPC_PASSWORD= 99 | TRANSMISSION_RPC_USERNAME= 100 | PIHOLE_WEBPASSWORD= 101 | 102 | ##### PLEX 103 | 104 | PLEX_CLAIM= 105 | SYN_PLEX=ACCESS-TOKEN@PLEX_SERVER_IP 106 | NUC_PLEX=ACCESS-TOKEN@PLEX_SERVER_IP 107 | # Plex libraries section id. Remember to change the numbers below to reflect your library. Add more as needed. 108 | # ALWAYS DO A DRY RUN TO VERIFY BEFORE SYNCING 109 | SYN_PLEX_HOLLYWOOD=1 110 | NUC_PLEX_HOLLYWOOD=2 111 | SYN_PLEX_TVSHOWS=2 112 | NUC_PLEX_TVSHOWS=16 113 | -------------------------------------------------------------------------------- /ymlfiles/cf-companion.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Cloudflare-Companion - Automatic CNAME DNS Creation 5 | cf-companion: 6 | container_name: cf-companion 7 | image: docker.pkg.github.com/jwillmer/docker-traefik-cloudflare-companion/docker-traefik-cloudflare-companion:6.1.2 8 | restart: always 9 | security_opt: 10 | - no-new-privileges:true 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock:ro 13 | environment: 14 | - TIMEZONE=$TZ 15 | - TRAEFIK_VERSION=2 16 | - CF_EMAIL=$CLOUDFLARE_EMAIL # Same as traefik 17 | - CF_TOKEN=$CLOUDFLARE_API_KEY # Same as traefik 18 | - TARGET_DOMAIN=$DOMAINNAME 19 | - DOMAIN1=$DOMAINNAME 20 | - DOMAIN1_ZONE_ID=$CLOUDFLARE_ZONEID # Copy from Cloudflare Overview page 21 | - DOMAIN1_PROXIED=TRUE 22 | -------------------------------------------------------------------------------- /ymlfiles/dozzle.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # Dozzle - Real-time Docker Log Viewer 5 | dozzle: 6 | image: amir20/dozzle:latest 7 | container_name: dozzle 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | security_opt: 12 | - no-new-privileges:true 13 | # ports: 14 | # - "$DOZZLE_PORT:8080" 15 | environment: 16 | DOZZLE_LEVEL: info 17 | DOZZLE_TAILSIZE: 300 18 | DOZZLE_FILTER: "status=running" 19 | # DOZZLE_FILTER: "label=log_me" # limits logs displayed to containers with this label 20 | volumes: 21 | - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.dozzle-rtr.entrypoints=https" 26 | - "traefik.http.routers.dozzle-rtr.rule=Host(`dozzle.$DOMAINNAME`)" 27 | ## Middlewares 28 | - "traefik.http.routers.dozzle-rtr.middlewares=chain-oauth@file" 29 | ## HTTP Services 30 | - "traefik.http.routers.dozzle-rtr.service=dozzle-svc" 31 | - "traefik.http.services.dozzle-svc.loadbalancer.server.port=8080" 32 | 33 | networks: 34 | traefik_proxy: 35 | external: true -------------------------------------------------------------------------------- /ymlfiles/glances.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Glances - Container and System Monitor 5 | glances: 6 | container_name: glances 7 | image: nicolargo/glances:dev 8 | pid: host 9 | restart: unless-stopped 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "61208:61208" 14 | security_opt: 15 | - no-new-privileges:true 16 | volumes: 17 | - $CONFIGFOLDER/glances:/glances/conf # Use this if you want to add a glances.conf file 18 | - /var/run/docker.sock:/var/run/docker.sock:ro 19 | environment: 20 | - GLANCES_OPT= -w 21 | - LOG_CFG=$CONFIGFOLDER/glances/glances.json 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.glances-rtr.entrypoints=https" 26 | - "traefik.http.routers.glances-rtr.rule=HostHeader(`glances.$DOMAINNAME`)" 27 | ## Middlewares 28 | - "traefik.http.routers.glances-rtr.middlewares=chain-oauth@file" 29 | ## HTTP Services 30 | - "traefik.http.routers.glances-rtr.service=glances-svc" 31 | - "traefik.http.services.glances-svc.loadbalancer.server.port=61208" 32 | 33 | networks: 34 | traefik_proxy: 35 | external: true 36 | -------------------------------------------------------------------------------- /ymlfiles/heimdall.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Heimdall - Homepage 5 | heimdall: 6 | container_name: heimdall 7 | image: linuxserver/heimdall:latest 8 | restart: always 9 | ports: 10 | - "85:80" 11 | security_opt: 12 | - no-new-privileges:true 13 | volumes: 14 | - $CONFIGFOLDER/heimdall:/config 15 | environment: 16 | - PUID=$PUID 17 | - PGID=$PGID 18 | - TZ=$TZ 19 | labels: 20 | - "traefik.enable=true" 21 | ## HTTP Routers 22 | - "traefik.http.routers.jackett-rtr.entrypoints=https" 23 | - "traefik.http.routers.jackett-rtr.rule=HostHeader(`heimdall.$DOMAINNAME`)" 24 | ## Middlewares 25 | - "traefik.http.routers.jackett-rtr.middlewares=chain-oauth@file" 26 | ## HTTP Services 27 | - "traefik.http.routers.jackett-rtr.service=jackett-svc" 28 | - "traefik.http.services.jackett-svc.loadbalancer.server.port=80" 29 | -------------------------------------------------------------------------------- /ymlfiles/jackett.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Jackett – Torrent Proxy/RSS Generator 5 | jackett: 6 | container_name: jackett 7 | image: linuxserver/jackett:latest 8 | restart: always 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.249 # Use this IP to connect to sonarr/radarr/lidarr/ttrss: http://192.168.50.249:9117/... 12 | ports: 13 | - "9117:9117" 14 | security_opt: 15 | - no-new-privileges:true 16 | volumes: 17 | - $CONFIGFOLDER/jackett:/config 18 | - $STORAGEFOLDER/Torrents:/downloads 19 | - $DOCKERDIR/resolv.conf:/etc/resolv.conf 20 | environment: 21 | - PUID=$PUID 22 | - PGID=$PGID 23 | - TZ=$TZ 24 | labels: 25 | - "traefik.enable=true" 26 | ## HTTP Routers 27 | - "traefik.http.routers.jackett-rtr.entrypoints=https" 28 | - "traefik.http.routers.jackett-rtr.rule=HostHeader(`jackett.$DOMAINNAME`)" 29 | ## Middlewares 30 | - "traefik.http.routers.jackett-rtr.middlewares=chain-oauth@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.jackett-rtr.service=jackett-svc" 33 | - "traefik.http.services.jackett-svc.loadbalancer.server.port=9117" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/mariadb.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Mariadb – Database Server 5 | 6 | ## Create external mariadb network: 7 | # docker network create --gateway 192.168.250.1 --subnet 192.168.250.0/24 mariadb 8 | 9 | ## Suggested procedure to create new databases: 10 | ## Replace 11 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 12 | # CREATE DATABASE CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 13 | # GRANT ALL PRIVILEGES ON .* TO ''@'.mariadb' IDENTIFIED BY ''; 14 | # FLUSH PRIVILEGES; 15 | # exit 16 | 17 | ## Create a custom.cnf: 18 | # Start the container to create the initial files, then stop the container and remove all but the custom.cnf. 19 | # rm -R $USERDIR/docker/mariadb/databases 20 | # rm -R $USERDIR/docker/mariadb/log 21 | # Add the following to $USERDIR/docker/mariadb/custom.cnf under the [mysqld] section: 22 | # character_set_server=utf8mb4 23 | # collation_server=utf8mb4_unicode_ci 24 | # innodb_file_format=Barracuda 25 | # innodb_large_prefix=ON 26 | # innodb_default_row_format=DYNAMIC 27 | # Start container 28 | ## Some resources for why these commands are chosen: 29 | ## utf8mb4 is the most universal and up to date character set allowing for emojis among other benefits 30 | ## utf8mb4_unicode_ci is the "standard" database type while general_ci is a simplified version which tried to improve speed before modern computing. I believe there is little to no benefit to use the simpler version. 31 | ## https://docs.nextcloud.com/server/16/admin_manual/configuration_database/mysql_4byte_support.html 32 | ## For a complete list of available options: docker run -it --rm mariadb --verbose --help 33 | ## Check your database variables, for example: 34 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 35 | # SHOW VARIABLES LIKE 'character_set_server'; 36 | # SHOW VARIABLES LIKE '%server%'; 37 | # SHOW VARIABLES LIKE 'innodb%'; 38 | # exit 39 | 40 | ## Delete the initial default databases and secure MySQL: 41 | ## NOTE: Accept all options except for 'Disallow root login remotely'. Answer "no" due to docker networking. 42 | # docker exec -it mariadb /usr/bin/mysql_secure_installation 43 | 44 | mariadb: 45 | container_name: mariadb 46 | image: linuxserver/mariadb:latest 47 | restart: always 48 | networks: 49 | mariadb: 50 | ipv4_address: 192.168.250.250 51 | security_opt: 52 | - no-new-privileges:true 53 | ports: 54 | - "3306:3306" 55 | volumes: 56 | - $CONFIGFOLDER/mariadb/data:/config 57 | - /etc/timezone:/etc/timezone:ro 58 | - /etc/localtime:/etc/localtime:ro 59 | - $DOCKERDIR/resolv.conf:/etc/resolv.conf 60 | environment: 61 | - PUID=$PUID 62 | - PGID=$PGID 63 | - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD 64 | 65 | ## phpMyAdmin - WebUI for MariaDB 66 | phpmyadmin: 67 | container_name: phpmyadmin 68 | image: phpmyadmin 69 | restart: always 70 | extra_hosts: 71 | - "mariadb:192.168.250.250" 72 | depends_on: 73 | - mariadb 74 | networks: 75 | - traefik_proxy 76 | - mariadb 77 | # ports: 78 | # - "80:80" 79 | security_opt: 80 | - no-new-privileges:true 81 | volumes: 82 | - /etc/timezone:/etc/timezone:ro 83 | - /etc/localtime:/etc/localtime:ro 84 | - $DOCKERDIR/resolv.conf:/etc/resolv.conf 85 | environment: 86 | - PMA_HOST=$DB_HOST 87 | - PMA_USER=root 88 | - PMA_PASSWORD=$MYSQL_ROOT_PASSWORD 89 | - PMA_ABSOLUTE_URI=https://phpmyadmin.$DOMAINNAME 90 | labels: 91 | - "traefik.enable=true" 92 | ## HTTP Routers 93 | - "traefik.http.routers.phpmyadmin-rtr.entrypoints=https" 94 | - "traefik.http.routers.phpmyadmin-rtr.rule=HostHeader(`phpmyadmin.$DOMAINNAME`)" 95 | ## Middlewares 96 | - "traefik.http.routers.phpmyadmin-rtr.middlewares=chain-oauth@file" 97 | ## HTTP Services 98 | - "traefik.http.routers.phpmyadmin-rtr.service=phpmyadmin-svc" 99 | - "traefik.http.services.phpmyadmin-svc.loadbalancer.server.port=80" 100 | 101 | networks: 102 | traefik_proxy: 103 | external: true 104 | mariadb: 105 | external: true 106 | -------------------------------------------------------------------------------- /ymlfiles/netdata.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | netdata: 5 | container_name: netdata 6 | image: netdata/netdata 7 | hostname: netdata.$DOMAINNAME 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - 19999:19999 13 | cap_add: 14 | - SYS_PTRACE 15 | security_opt: 16 | - apparmor:unconfined 17 | environment: 18 | - PGID=0 19 | volumes: 20 | - $CONFIGFOLDER/netdata:/etc/netdata 21 | - /etc/passwd:/etc/passwd:ro 22 | - /etc/group:/etc/group:ro 23 | - /proc:/proc:ro 24 | - /sys:/sys:ro 25 | - /etc/os-release:/etc/os-release:ro 26 | - /var/run/docker.sock:/var/run/docker.sock:ro 27 | labels: 28 | - "traefik.enable=true" 29 | # HTTP Routers 30 | - "traefik.http.routers.netdata-rtr.entrypoints=https" 31 | - "traefik.http.routers.netdata-rtr.rule=HostHeader(`netdata.$DOMAINNAME`)" 32 | ## Middlewares 33 | - "traefik.http.routers.netdata-rtr.middlewares=chain-oauth@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.netdata-rtr.service=netdata-svc" 36 | - "traefik.http.services.netdata-svc.loadbalancer.server.port=19999" 37 | networks: 38 | traefik_proxy: 39 | external: true 40 | -------------------------------------------------------------------------------- /ymlfiles/nextcloud.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | nextcloud: 4 | container_name: nextcloud 5 | image: nextcloud:latest 6 | restart: always 7 | extra_hosts: 8 | - "mariadb:192.168.250.250" 9 | - "redis:192.168.50.10" 10 | networks: 11 | - traefik_proxy 12 | - mariadb 13 | ports: 14 | - "4333:443" 15 | security_opt: 16 | - no-new-privileges:true 17 | volumes: 18 | - $CONFIGFOLDER/nc:/var/www/html/config 19 | - $STORAGEFOLDER/nc-data:/var/www/html/data 20 | - $DOCKERDIR/resolv.conf:/etc/resolv.conf 21 | - $STORAGEFOLDER/photos:/ext-photo 22 | - $CONFIGFOLDER/nc-apps:/var/www/html/custom_apps 23 | environment: 24 | - PUID=$PUID 25 | - PGID=$PGID 26 | - TZ=$TZ 27 | - NEXTCLOUD_ADMIN_PASSWORD=$MY_PASSWORD 28 | - NEXTCLOUD_ADMIN_USER=isaac 29 | - MYSQL_HOST=$DB_HOST:3306 30 | - MYSQL_DATABASE=nextcloud 31 | - MYSQL_PASSWORD=$MYSQL_ROOT_PASSWORD 32 | - NEXTCLOUD_HOSTNAME="nc.$DOMAINNAME" 33 | - MYSQL_USER=root 34 | - NEXTCLOUD_TRUSTED_DOMAINS="nc.$DOMAINNAME" 35 | - TRUSTED_PROXIES=192.168.50.0/24 36 | - OVERWRITEPROTOCOL=https 37 | - APACHE_DISABLE_REWRITE_IP=1 38 | - REDIS_HOST=redis 39 | - REDIS_HOST_PASSWORD=$REDIS_PASSWORD 40 | - START_CRON=true 41 | labels: 42 | - traefik.enable=true 43 | - traefik.docker.network=traefik_proxy 44 | - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect 45 | - traefik.http.routers.nextcloud.tls.certresolver=dns-cloudflare 46 | - traefik.http.routers.nextcloud.rule=Host(`nc.$DOMAINNAME`) 47 | - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://$DOMAINNAME 48 | - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' $DOMAINNAME *.$DOMAINNAME 49 | - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 50 | - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true 51 | - traefik.http.middlewares.nextcloud.headers.stsPreload=true 52 | - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav 53 | - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ 54 | 55 | networks: 56 | traefik_proxy: 57 | external: true 58 | mariadb: 59 | external: true 60 | -------------------------------------------------------------------------------- /ymlfiles/oauth.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Google OAuth - Single Sign On using OAuth 2.0 5 | # https://hub.docker.com/r/thomseddon/traefik-forward-auth 6 | # https://console.developers.google.com/ 7 | # Follow directions at above link. My Google settings under the Credentials tab are: 8 | # Credentials: Name can be anything (mine is Traefik) and Authorized redirect URLs: https://oauth.$DOMAINNAME/_oauth 9 | # OAuth Concent Screen: Application Name is Traefik (think it can be anything). I entered my e-mail for support e-mail. Authorized Domains is $DOMAINNAME 10 | # Domain Verification: $DOMAINNAME 11 | 12 | oauth: 13 | container_name: oauth 14 | image: thomseddon/traefik-forward-auth:2.1-arm 15 | restart: always 16 | networks: 17 | - traefik_proxy 18 | security_opt: 19 | - no-new-privileges:true 20 | environment: 21 | - CLIENT_ID=$GOOGLE_CLIENT_ID 22 | - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET 23 | - SECRET=$GOOGLE_OAUTH_SECRET 24 | - COOKIE_DOMAIN=$DOMAINNAME 25 | - INSECURE_COOKIE=false 26 | - AUTH_HOST=oauth.$DOMAINNAME 27 | - URL_PATH=/_oauth 28 | - WHITELIST=$MY_EMAIL,$ARI_EMAIL 29 | - LOG_LEVEL=trace 30 | - LOG_FORMAT=text 31 | - LIFETIME=2592000 # 30 days 32 | labels: 33 | - "traefik.enable=true" 34 | ## HTTP Routers 35 | - "traefik.http.routers.oauth-rtr.entrypoints=https" 36 | - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME`)" 37 | - "traefik.http.routers.oauth-rtr.tls=true" 38 | ## HTTP Services 39 | - "traefik.http.routers.oauth-rtr.service=oauth-svc" 40 | - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" 41 | ## Middlewares 42 | - "traefik.http.routers.oauth-rtr.middlewares=chain-oauth@file" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: true 47 | -------------------------------------------------------------------------------- /ymlfiles/oktowake.yml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | services: 4 | oktowake: 5 | image: isaaclevin/ok-to-wake:debian-arm32 6 | container_name: oktowake 7 | restart: unless-stopped 8 | environment: 9 | ASPNETCORE_URLS: "http://+:80" 10 | TZ: "America/Los_Angeles" 11 | ASPNETCORE_ENVIRONMENT: "Development" 12 | ports: 13 | - "8001:80" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security 16 | - $CONFIGFOLDER/oktowake/app:/app/Data 17 | labels: 18 | - "traefik.enable=true" 19 | ## HTTP Routers 20 | - "traefik.http.routers.jackett-rtr.entrypoints=https" 21 | - "traefik.http.routers.jackett-rtr.rule=HostHeader(`oktowake.$DOMAINNAME`)" 22 | ## Middlewares 23 | - "traefik.http.routers.jackett-rtr.middlewares=chain-oauth@file" 24 | ## HTTP Services 25 | - "traefik.http.routers.jackett-rtr.service=jackett-svc" 26 | - "traefik.http.services.jackett-svc.loadbalancer.server.port=80" -------------------------------------------------------------------------------- /ymlfiles/pigallery.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | pigallery: 4 | container_name: pigallery 5 | image: bpatrik/pigallery2:latest 6 | command: sh -c 'bin/wait-for mariadb:3306 -- --Server-Database-mysql-host=pigallery --Server-Database-mysql-username=root --Server-Database-mysql-password=is04aac! --Server-Database-mysql-database=pigallery' 7 | restart: always 8 | networks: 9 | - traefik_proxy 10 | - mariadb 11 | ports: 12 | - "9876:80" 13 | security_opt: 14 | - no-new-privileges:true 15 | volumes: 16 | - /media/usb/config/pigallery:/app/data/config 17 | - /media/usb/config/mariadb/data:/app/data/db 18 | - /media/usb/config/pigallery/tmp:/app/data/tmp 19 | - /media/usb/Windows:/app/data/images 20 | environment: 21 | - NODE_ENV=production 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.docker.network=traefik_proxy" 25 | ## HTTP Routers 26 | - "traefik.http.routers.pigallery-rtr.entrypoints=https" 27 | - "traefik.http.routers.pigallery-rtr.rule=HostHeader(`pigallery.$DOMAINNAME`)" 28 | ## Middlewares 29 | - "traefik.http.routers.pigallery-rtr.middlewares=chain-oauth@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.pigallery-rtr.service=pigallery-svc" 32 | - "traefik.http.services.pigallery-svc.loadbalancer.server.port=80" 33 | networks: 34 | traefik_proxy: 35 | external: true 36 | mariadb: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/pihole.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | ## DOES NOT RUN ON SAME HOST AS TRAEFIK 4 | services: 5 | pihole: 6 | container_name: pihole 7 | hostname: pihole 8 | image: pihole/pihole:latest 9 | ports: 10 | - "53:53/tcp" 11 | - "53:53/udp" 12 | - "67:67/udp" 13 | - "80:80/tcp" 14 | - "443:443/tcp" 15 | environment: 16 | TZ: 'America/Los_Angeles' #this is the time zone 17 | WEBPASSWORD: 'is04aac!' 18 | volumes: 19 | - '/home/pi/docker/config/etc-pihole/:/etc/pihole/' 20 | - '/home/pi/docker/config/etc-dnsmasq.d/:/etc/dnsmasq.d/' 21 | dns: 22 | - 127.0.0.1 23 | - 1.1.1.1 24 | cap_add: 25 | - NET_ADMIN 26 | restart: unless-stopped 27 | -------------------------------------------------------------------------------- /ymlfiles/plex.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Plex Media Server 5 | plex: 6 | container_name: plex 7 | image: linuxserver/plex:latest 8 | restart: always 9 | # devices: 10 | # - /dev/dri:/dev/dri 11 | privileged: true 12 | networks: 13 | traefik_proxy: 14 | ipv4_address: 192.168.50.200 # Set a static IP for tautulli to connect to 15 | ports: 16 | - "32400:32400" 17 | - "32400:32400/udp" 18 | - "33400:33400" 19 | - "33400:33400/udp" 20 | - "32469:32469" 21 | - "32469:32469/udp" 22 | # - "5353:5353/udp" 23 | - "1900:1900/udp" 24 | security_opt: 25 | - no-new-privileges:true 26 | volumes: 27 | - $CONFIGFOLDER/plex:/config 28 | - $STORAGEFOLDER/Movies:/MOVIES:ro 29 | - $STORAGEFOLDER/TV:/TV:ro 30 | - $STORAGEFOLDER/MUSIC:/MUSIC:ro 31 | - /etc/localtime:/etc/localtime:ro 32 | - $DOCKERDIR/resolv.conf:/etc/resolv.conf 33 | environment: 34 | - PUID=$PUID 35 | - PGID=$PGID 36 | - TZ=$TZ 37 | - VERSION=docker 38 | - PLEX_CLAIM=$PLEX_CLAIM 39 | labels: 40 | - "traefik.enable=true" 41 | ## HTTP Routers 42 | - "traefik.http.routers.plex-rtr.entrypoints=https" 43 | - "traefik.http.routers.plex-rtr.rule=HostHeader(`plex.$DOMAINNAME`)" 44 | - "traefik.http.routers.plex-rtr.priority=10" 45 | ## Middlewares 46 | - "traefik.http.routers.plex-rtr.middlewares=plex-headers" 47 | - "traefik.http.middlewares.plex-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 48 | - "traefik.http.middlewares.plex-headers.headers.accesscontrolalloworiginlist=https://$DOMAINNAME" 49 | - "traefik.http.middlewares.plex-headers.headers.accesscontrolmaxage=100" 50 | - "traefik.http.middlewares.plex-headers.headers.addvaryheader=true" 51 | - "traefik.http.middlewares.plex-headers.headers.hostsproxyheaders=X-Forwarded-Host" 52 | - "traefik.http.middlewares.plex-headers.headers.sslredirect=true" 53 | - "traefik.http.middlewares.plex-headers.headers.stsseconds=63072000" 54 | - "traefik.http.middlewares.plex-headers.headers.stsincludesubdomains=true" 55 | - "traefik.http.middlewares.plex-headers.headers.stspreload=true" 56 | - "traefik.http.middlewares.plex-headers.headers.forcestsheader=true" 57 | - "traefik.http.middlewares.plex-headers.headers.customframeoptionsvalue=allow-from https:$DOMAINNAME" # This option overrides FrameDeny 58 | - "traefik.http.middlewares.plex-headers.headers.contenttypenosniff=true" 59 | - "traefik.http.middlewares.plex-headers.headers.browserxssfilter=true" 60 | - "traefik.http.middlewares.plex-headers.headers.referrerpolicy=same-origin" 61 | - "traefik.http.middlewares.plex-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 62 | - "traefik.http.middlewares.plex-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 63 | ## HTTP Services 64 | - "traefik.http.routers.plex-rtr.service=plex-svc" 65 | - "traefik.http.services.plex-svc.loadbalancer.server.port=32400" 66 | ## Forward Auth for Web 67 | - "traefik.http.routers.plexWeb-rtr.entrypoints=https" 68 | - "traefik.http.routers.plexWeb-rtr.rule=(Host(`plex.$DOMAINNAME`) && PathPrefix(`/web/`))" 69 | - "traefik.http.routers.plexWeb-rtr.priority=20" 70 | - "traefik.http.routers.plexWeb-rtr.middlewares=chain-no-auth@file" 71 | - "traefik.http.routers.plexWeb-rtr.service=plex-svc" 72 | networks: 73 | traefik_proxy: 74 | external: true 75 | -------------------------------------------------------------------------------- /ymlfiles/portainer.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Portainer - WebUI for Containers 5 | portainer: 6 | container_name: portainer 7 | image: portainer/portainer-ce:latest 8 | restart: always 9 | command: -H unix:///var/run/docker.sock 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "9000:9000" 14 | security_opt: 15 | - no-new-privileges:true 16 | volumes: 17 | - /var/run/docker.sock:/var/run/docker.sock:ro # Connect to docker socket proxy tcp://docker-socket-proxy:2375 18 | - $CONFIGFOLDER/portainer:/data # Change to local directory if you want to save/transfer config locally 19 | environment: 20 | - TZ=$TZ 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.portainer-rtr.entrypoints=https" 25 | - "traefik.http.routers.portainer-rtr.rule=HostHeader(`portainer.$DOMAINNAME`)" 26 | ## Middlewares 27 | - "traefik.http.routers.portainer-rtr.middlewares=chain-oauth@file" 28 | ## HTTP Services 29 | - "traefik.http.routers.portainer-rtr.service=portainer-svc" 30 | - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" 31 | 32 | networks: 33 | traefik_proxy: 34 | external: true 35 | -------------------------------------------------------------------------------- /ymlfiles/presencelight.yml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | services: 4 | presencelight: 5 | image: isaaclevin/presencelight:debian-arm32 6 | container_name: presencelight 7 | restart: unless-stopped 8 | networks: 9 | - traefik_proxy 10 | environment: 11 | TZ: "America/Los_Angeles" 12 | ASPNETCORE_ENVIRONMENT: "Development" 13 | ASPNETCORE_URLS: "https://+:443;http://+:80" 14 | ASPNETCORE_Kestrel__Certificates__Default__Password: $MY_PASSWORD 15 | ASPNETCORE_Kestrel__Certificates__Default__Path: "/https/presencelight.pfx" 16 | ports: 17 | - "8001:80" 18 | - "4433:443" 19 | volumes: 20 | - /var/run/docker.sock:/var/run/docker.sock 21 | - ~/.aspnet/https:/https:ro 22 | labels: 23 | - "traefik.enable=true" 24 | - "traefik.docker.network=traefik_proxy" 25 | ## HTTP Routers 26 | - "traefik.tcp.routers.presencelight-tcp.entrypoints=https" 27 | - "traefik.tcp.routers.presencelight-tcp.rule=HostSNI(`presencelight.$DOMAINNAME`)" 28 | - "traefik.tcp.routers.presencelight-tcp.tls.certresolver=dns-cloudflare" 29 | - "traefik.tcp.routers.presencelight-tcp.tls.passthrough=true" 30 | ## TCP Services 31 | - "traefik.tcp.routers.presencelight-tcp.service=presencelight-tcp-svc" 32 | - "traefik.tcp.services.presencelight-tcp-svc.loadbalancer.server.port=443" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/qbittorrent.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## qBittorrent with VPN – Bittorrent Downloader 5 | # mkdir $USERDIR/docker/qbittorrent 6 | # mkdir $USERDIR/docker/qbittorrent/openvpn 7 | # Place ovpn file in $USERDIR/docker/qbittorrent/openvpn 8 | # If you can't see text in the WebUI go to your qbittorrent.conf file and add "en" to the Locale setting so it looks like this: General\Locale=en 9 | 10 | qbittorrent: 11 | container_name: qbittorrent 12 | image: ghcr.io/linuxserver/qbittorrent 13 | restart: always 14 | networks: 15 | traefik_proxy: 16 | ipv4_address: 192.168.50.247 17 | ports: 18 | - "8022:8080" 19 | - "8999:8999" 20 | - "8999:8999/udp" 21 | - "34400:34400" 22 | security_opt: 23 | - no-new-privileges:true 24 | volumes: 25 | - $CONFIGFOLDER/qbittorrent:/config 26 | - $STORAGEFOLDER/Torrents:/downloads 27 | environment: 28 | - PUID=$PUID 29 | - PGID=$PGID 30 | - VPN_ENABLED=no 31 | labels: 32 | - "traefik.enable=true" 33 | ## HTTP Routers 34 | - "traefik.http.routers.qbittorrent-rtr.entrypoints=https" 35 | - "traefik.http.routers.qbittorrent-rtr.rule=HostHeader(`qbittorrent.$DOMAINNAME`)" 36 | - "traefik.http.routers.qbittorrent-rtr.priority=10" 37 | ## Middlewares 38 | - "traefik.http.routers.qbittorrent-rtr.middlewares=chain-oauth@file" 39 | ## HTTP Services 40 | - "traefik.http.routers.qbittorrent-rtr.service=qbittorrent-svc" 41 | - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8080" 42 | ## API Forward Auth Bypass 43 | - "traefik.http.routers.qbittorrent-bypass.entrypoints=https" 44 | - "traefik.http.routers.qbittorrent-bypass.rule=HostHeader(`qbittorrent.$DOMAINNAME`) && PathPrefix(`/api/`)" 45 | - "traefik.http.routers.qbittorrent-bypass.priority=20" 46 | - "traefik.http.routers.qbittorrent-bypass.service=qbittorrent-svc" 47 | 48 | #Xteve 49 | ## HTTP Routers 50 | - "traefik.http.routers.xteve-rtr.entrypoints=https" 51 | - "traefik.http.routers.xteve-rtr.rule=HostHeader(`xteve.$DOMAINNAME`)" 52 | ## Middlewares 53 | - "traefik.http.routers.xteve-rtr.middlewares=chain-oauth@file" 54 | ## HTTP Services 55 | - "traefik.http.routers.xteve-rtr.service=xteve-svc" 56 | - "traefik.http.services.xteve-svc.loadbalancer.server.port=34400" 57 | 58 | networks: 59 | traefik_proxy: 60 | external: true 61 | -------------------------------------------------------------------------------- /ymlfiles/radarr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Radarr – Movie Download and Management 5 | radarr: 6 | container_name: radarr 7 | image: ghcr.io/linuxserver/radarr 8 | restart: always 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.245 12 | ports: 13 | - "7878:7878" 14 | security_opt: 15 | - no-new-privileges:true 16 | volumes: 17 | - $CONFIGFOLDER/radarr:/config 18 | - $STORAGEFOLDER/Torrents:/downloads 19 | - $STORAGEFOLDER/Movies:/movies 20 | - $DOCKERDIR/resolv.conf:/etc/resolv.conf 21 | environment: 22 | - PUID=$PUID 23 | - PGID=$PGID 24 | - TZ=$TZ 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.radarr-rtr.entrypoints=https" 29 | - "traefik.http.routers.radarr-rtr.rule=HostHeader(`radarr.$DOMAINNAME`)" 30 | - "traefik.http.routers.radarr-rtr.priority=10" 31 | - "traefik.http.routers.radarr-rtr.tls=true" 32 | ## Middlewares 33 | - "traefik.http.routers.radarr-rtr.middlewares=chain-oauth@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.radarr-rtr.service=radarr-svc" 36 | - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878" 37 | ## API Forward Auth Bypass 38 | - "traefik.http.routers.radarr-bypass.entrypoints=https" 39 | - "traefik.http.routers.radarr-bypass.rule=Headers(`X-Api-Key`, `$RADARR_API_KEY`) || Query(`apikey`, `$RADARR_API_KEY`)" 40 | - "traefik.http.routers.radarr-bypass.priority=20" 41 | - "traefik.http.routers.radarr-bypass.service=radarr-svc" 42 | 43 | networks: 44 | traefik_proxy: 45 | external: true 46 | -------------------------------------------------------------------------------- /ymlfiles/redis.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Redis - Key-value Store 5 | 6 | ## Fix THP issues: 7 | # sudo -i 8 | # echo never > /sys/kernel/mm/transparent_hugepage/enabled 9 | # exit 10 | # sudo sysctl vm.overcommit_memory=1 11 | 12 | # Add this to rc.local file to persist changes after reboot: 13 | # Ubuntu 18.04 doesn't contain rc.local file so we need to create it: 14 | # sudo nano /etc/rc.local 15 | # Paste the following: 16 | 17 | # #!/bin/sh -e 18 | # # 19 | # # rc.local 20 | # # 21 | # # This script is executed at the end of each multiuser runlevel. 22 | # # Make sure that the script will "exit 0" on success or any other 23 | # # value on error. 24 | # # 25 | # # In order to enable or disable this script just change the execution 26 | # # bits. 27 | # # 28 | # # By default this script does nothing. 29 | # 30 | # echo never > /sys/kernel/mm/transparent_hugepage/enabled 31 | # sysctl vm.overcommit_memory=1 32 | # 33 | # exit 0 34 | 35 | # Save and exit 36 | # Now make the file executable: 37 | # sudo chmod +x /etc/rc.local 38 | 39 | ##Customize config - OPTIONAL 40 | # mkdir -p $USERDIR/docker/redis/config 41 | # docker run --rm --entrypoint cat redis /usr/local/etc/redis/redis.conf > $CONFIGFOLDER/redis/redis.conf 42 | # Mount to /usr/local/etc/redis/redis.conf 43 | 44 | redis: 45 | container_name: redis 46 | image: redis:latest 47 | restart: always 48 | hostname: 'redis' 49 | networks: 50 | traefik_proxy: 51 | ipv4_address: 192.168.50.10 52 | aliases: 53 | - redis 54 | entrypoint: redis-server --appendonly yes --requirepass $REDIS_PASSWORD --maxmemory 512mb --maxmemory-policy allkeys-lru 55 | ports: 56 | - "6379:6379" 57 | security_opt: 58 | - no-new-privileges:true 59 | sysctls: 60 | net.core.somaxconn: '65535' 61 | volumes: 62 | - $CONFIGFOLDER/redis/data:/data 63 | - /etc/timezone:/etc/timezone:ro 64 | - /etc/localtime:/etc/localtime:ro 65 | 66 | networks: 67 | traefik_proxy: 68 | external: true 69 | -------------------------------------------------------------------------------- /ymlfiles/sonarr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Sonarr – TV Show Download and Management 5 | sonarr: 6 | container_name: sonarr 7 | image: linuxserver/sonarr:preview #latest 8 | restart: unless-stopped 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.246 12 | ports: 13 | - "8989:8989" 14 | security_opt: 15 | - no-new-privileges:true 16 | volumes: 17 | - $CONFIGFOLDER/sonarr:/config 18 | - $STORAGEFOLDER/Torrents:/downloads 19 | - $STORAGEFOLDER/TV:/tv 20 | - $DOCKERDIR/resolv.conf:/etc/resolv.conf 21 | environment: 22 | - PUID=$PUID 23 | - PGID=$PGID 24 | - TZ=$TZ 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.sonarr-rtr.entrypoints=https" 29 | - "traefik.http.routers.sonarr-rtr.rule=HostHeader(`sonarr.$DOMAINNAME`)" 30 | - "traefik.http.routers.sonarr-rtr.priority=10" 31 | - "traefik.http.routers.sonarr-rtr.tls=true" 32 | ## Middlewares 33 | - "traefik.http.routers.sonarr-rtr.middlewares=chain-oauth@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.sonarr-rtr.service=sonarr-svc" 36 | - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989" 37 | ## API Forward Auth Bypass 38 | - "traefik.http.routers.sonarr-bypass.entrypoints=https" 39 | - "traefik.http.routers.sonarr-bypass.rule=Headers(`X-Api-Key`, `$SONARR_API_KEY`) || Query(`apikey`, `$SONARR_API_KEY`)" 40 | - "traefik.http.routers.sonarr-bypass.priority=20" 41 | - "traefik.http.routers.sonarr-bypass.service=sonarr-svc" 42 | 43 | networks: 44 | traefik_proxy: 45 | external: true 46 | -------------------------------------------------------------------------------- /ymlfiles/statping.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## StatPing - Status Page & Monitoring Server 5 | # Login: admin / admin 6 | 7 | statping: 8 | container_name: statping 9 | image: statping/statping:latest 10 | restart: unless-stopped 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "4480:8080" 15 | security_opt: 16 | - no-new-privileges:true 17 | volumes: 18 | - $CONFIGFOLDER/statping:/app 19 | environment: 20 | - DB_CONN=sqlite 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.statping-rtr.entrypoints=https" 25 | - "traefik.http.routers.statping-rtr.rule=HostHeader(`statping.$DOMAINNAME`)" 26 | ## Middlewares 27 | - "traefik.http.routers.statping-rtr.middlewares=chain-oauth@file" 28 | ## HTTP Services 29 | - "traefik.http.routers.statping-rtr.service=statping-svc" 30 | - "traefik.http.services.statping-svc.loadbalancer.server.port=8080" 31 | 32 | networks: 33 | traefik_proxy: 34 | external: true 35 | -------------------------------------------------------------------------------- /ymlfiles/traefik.yml: -------------------------------------------------------------------------------- 1 | # Need to start the traefik network before running: 2 | # docker network create --gateway 192.168.50.1 --subnet 192.168.50.0/24 traefik_proxy 3 | # Trail logs using (docker logs -f traefik). Change "traefik" to name of container you want to trail 4 | 5 | version: "3.7" 6 | services: 7 | 8 | ## Traefik - Reverse Proxy 9 | traefik: 10 | container_name: traefik 11 | image: traefik:picodon # the picodon tag refers to v2.3.x 12 | restart: always 13 | command: # CLI arguments 14 | - --global.checkNewVersion=true 15 | - --global.sendAnonymousUsage=true 16 | - --entryPoints.http.address=:80 17 | - --entrypoints.http.http.redirections.entryPoint.to=https 18 | # entrypoints..http.redirections... 19 | - --entryPoints.https.address=:443 20 | # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/ 21 | - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 22 | - --entrypoints.https.http.tls.certresolver=dns-cloudflare 23 | - --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME 24 | - --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME 25 | - --entryPoints.traefik.address=:8080 26 | - "--entrypoints.dns.address=:53/tcp" 27 | - "--entrypoints.dns-udp.address=:53/udp" 28 | - --api=true 29 | # - --api.insecure=true 30 | - --log=true 31 | - --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC 32 | - --accessLog=true 33 | - --accessLog.filePath=/traefik.log 34 | - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines 35 | - --accessLog.filters.statusCodes=400-499 36 | - --providers.docker=true 37 | - --providers.docker.endpoint=unix:///var/run/docker.sock 38 | - --providers.docker.defaultrule=HostHeader(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) 39 | - --providers.docker.exposedByDefault=false 40 | - --providers.docker.network=traefik_proxy 41 | - --providers.docker.swarmMode=false 42 | - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory. 43 | - --providers.file.filename=/path/to/file # Load dynamic configuration from a file. 44 | - --providers.file.watch=true # Only works on top level files in the rules folder 45 | # - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory 46 | # LetsEncrypt Staging Server - uncomment when testing 47 | - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL 48 | - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json 49 | - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare 50 | - --certificatesresolvers.dns-cloudflare.acme.dnschallenge.resolvers==1.1.1.1:53,1.0.0.1:53 51 | networks: 52 | traefik_proxy: 53 | ipv4_address: 192.168.50.254 54 | ports: 55 | - 80:80 56 | - 443:443 57 | - 53:53/udp 58 | - 53:53/tcp 59 | - 8080:8080 60 | volumes: 61 | - $DOCKERDIR/traefik/rules:/rules 62 | - /var/run/docker.sock:/var/run/docker.sock:ro 63 | - $DOCKERDIR/traefik/acme/acme.json:/acme.json 64 | - $DOCKERDIR/traefik/traefik.log:/traefik.log 65 | - $DOCKERDIR/shared:/shared 66 | environment: 67 | - CF_API_EMAIL=$CLOUDFLARE_EMAIL 68 | - CF_API_KEY=$CLOUDFLARE_API_KEY 69 | labels: 70 | - "traefik.enable=true" 71 | # HTTP-to-HTTPS Redirect 72 | - "traefik.http.routers.http-catchall.entrypoints=http" 73 | - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" 74 | - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" 75 | - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" 76 | # HTTP Routers 77 | - "traefik.http.routers.traefik-rtr.entrypoints=https" 78 | - "traefik.http.routers.traefik-rtr.rule=Host(`$DOMAINNAME`)" 79 | - "traefik.http.routers.traefik-rtr.tls=true" 80 | # - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs 81 | - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME" 82 | - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME" 83 | ## Services - API 84 | - "traefik.http.routers.traefik-rtr.service=api@internal" 85 | ## Middlewares 86 | - "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file" 87 | networks: 88 | traefik_proxy: 89 | external: true 90 | -------------------------------------------------------------------------------- /ymlfiles/vscode.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # VSCode - VSCode Editing 5 | vscode: 6 | image: linuxserver/code-server:latest 7 | container_name: vscode 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8443:8443" 13 | security_opt: 14 | - no-new-privileges:true 15 | volumes: 16 | - $CONFIGFOLDER/vscode:/config 17 | - $CONFIGFOLDER:/data/configs 18 | - $DOCKERDIR:/data/docker 19 | environment: 20 | - PUID=$PUID 21 | - PGID=$PGID 22 | - SUDO_PASSWORD=$MY_PASSWORD 23 | labels: 24 | - "traefik.enable=true" 25 | ## HTTP Routers 26 | - "traefik.http.routers.vscode-rtr.entrypoints=https" 27 | - "traefik.http.routers.vscode-rtr.rule=HostHeader(`vscode.$DOMAINNAME`)" 28 | ## Middlewares 29 | - "traefik.http.routers.vscode-rtr.middlewares=chain-oauth@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.vscode-rtr.service=vscode-svc" 32 | - "traefik.http.services.vscode-svc.loadbalancer.server.port=8443" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/watchtower.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # WatchTower - Automatic Docker Container Updates 5 | watchtower: 6 | image: containrrr/watchtower 7 | container_name: watchtower 8 | restart: unless-stopped 9 | networks: 10 | - default 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock:ro 13 | environment: 14 | TZ: $TZ 15 | WATCHTOWER_CLEANUP: "true" 16 | WATCHTOWER_REMOVE_VOLUMES: "true" 17 | WATCHTOWER_INCLUDE_STOPPED: "true" 18 | WATCHTOWER_NO_STARTUP_MESSAGE: "false" 19 | WATCHTOWER_SCHEDULE: "0 30 12 * * *" # Everyday at 12:30 20 | DOCKER_API_VERSION: "1.40" 21 | -------------------------------------------------------------------------------- /ymlfiles/whoami.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Who Am I?? - Show Headers 5 | whoami: 6 | container_name: whoami 7 | image: containous/whoami:latest 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | security_opt: 12 | - no-new-privileges:true 13 | labels: 14 | - "traefik.enable=true" 15 | # HTTP Routers 16 | - "traefik.http.routers.whoami-rtr.entrypoints=https" 17 | - "traefik.http.routers.whoami-rtr.rule=HostHeader(`whoami.$DOMAINNAME`)" 18 | ## Middlewares 19 | - "traefik.http.routers.whoami-rtr.middlewares=chain-oauth@file" 20 | ## HTTP Services 21 | - "traefik.http.routers.whoami-rtr.service=whoami-svc" 22 | - "traefik.http.services.whoami-svc.loadbalancer.server.port=80" 23 | 24 | networks: 25 | traefik_proxy: 26 | external: true 27 | --------------------------------------------------------------------------------