├── ymlfiles ├── nmap.yml ├── iperf.yml ├── ofelia.yml ├── 1_rpi_hass.yml ├── hddtemp.yml ├── 2_pizero_resilio.yml ├── 1_rpi_openvpn.yml ├── apcupsd.yml ├── 1_rpi_ouroboros.yml ├── 2_pizero_syncthing.yml ├── 2_pizero_portainer.yml ├── rsync.yml ├── 3_rpiswarm_whoami.yml ├── 1_rpi_syncthing.yml ├── 3_rpiswarm_gogs.yml ├── 3_rpiswarm_viz.yml ├── ouroboros.yml ├── dockergc.yml ├── 3_rpiswarm_nginx2.yml ├── whoami.yml ├── 3_rpiswarm_nodered.yml ├── 3_rpiswarm_mysql.yml ├── 1_rpi_unifi.yml ├── unifi.yml ├── bin3.yml ├── logrotate.yml ├── rclonemount.yml ├── index3.yml ├── 3_rpiswarm_boinc.yml ├── index2.yml ├── autoindex4.yml ├── autoindex2.yml ├── autoindex.yml ├── autoindex3.yml ├── ombi.yml ├── heimdall.yml ├── index4.yml ├── boinc-web.yml ├── hydra.yml ├── 3_rpiswarm_nginx.yml ├── grocy.yml ├── 1_rpi_fail2ban.yml ├── hass.yml ├── photos4.yml ├── flexget.yml ├── glances.yml ├── radarr.yml ├── lidarr.yml ├── sonarr.yml ├── riot.yml ├── wetty.yml ├── nzbget.yml ├── picard.yml ├── firefox.yml ├── jackett.yml ├── portainer.yml ├── tautulli.yml ├── statping.yml ├── photos2.yml ├── bin.yml ├── fail2ban.yml ├── makemkv.yml ├── rclonebrowser.yml ├── cloud9.yml ├── filebot.yml ├── logs.yml ├── mkvtoolnix.yml ├── mqtt.yml ├── sabnzbd.yml ├── wekan.yml ├── 1_rpi_boinc.yml ├── mongo.yml ├── openvpn-as.yml ├── index.yml ├── freshrss.yml ├── photos3.yml ├── photos.yml ├── photos6.yml ├── handbrake.yml ├── 3_rpiswarm_traefik.yml ├── odoo.yml ├── photos5.yml ├── syncthing.yml ├── projectsend.yml ├── dillinger.yml ├── oauth.yml ├── jdownloader.yml ├── bin2.yml ├── pia.yml ├── qbittorrent.yml ├── rutorrent.yml ├── logs3.yml ├── postgres.yml ├── matrix.yml ├── gitea.yml ├── diskover.yml ├── boinc.yml ├── nagios.yml ├── openvpn.yml ├── redis.yml ├── codimd.yml ├── logs2.yml ├── organizr.yml ├── emby.yml ├── jellyfin.yml ├── plex.yml ├── soulseek.yml ├── guacamole.yml ├── mariadb_official.yml ├── bitwarden.yml ├── keycloak.yml ├── 1_rpi_pihole.yml ├── airsonic.yml ├── yourls.yml ├── mariadb.yml └── pihole.yml ├── .gitkeep ├── traefik ├── acme │ └── .gitkeep ├── rules_examples │ ├── test-chain.toml │ ├── secure-chain.toml │ ├── basic-chain.toml │ ├── rate-limit.toml │ ├── oauth.toml │ ├── basic-auth.toml │ ├── tls-opts.toml │ ├── cloudflare-ipwhitelist.toml │ ├── xhost-pihole.toml │ ├── test-headers.toml │ └── secure-headers.toml └── ReadMe.md ├── .gitignore └── ReadMe.md /ymlfiles/nmap.yml: -------------------------------------------------------------------------------- 1 | docker run --rm uzyexe/nmap -v 192.168.1.0/24 2 | -------------------------------------------------------------------------------- /.gitkeep: -------------------------------------------------------------------------------- 1 | Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley) 2 | -------------------------------------------------------------------------------- /traefik/acme/.gitkeep: -------------------------------------------------------------------------------- 1 | Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley) 2 | -------------------------------------------------------------------------------- /traefik/rules_examples/test-chain.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares] 2 | [http.middlewares.test-chain.chain] 3 | middlewares = ["oauth", "test-headers"] 4 | -------------------------------------------------------------------------------- /traefik/rules_examples/secure-chain.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares] 2 | [http.middlewares.secure-chain.chain] 3 | middlewares = ["secure-headers", "oauth"] 4 | -------------------------------------------------------------------------------- /traefik/rules_examples/basic-chain.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares] 2 | [http.middlewares.basic-chain.chain] 3 | middlewares = ["secure-headers", "basic-auth"] 4 | -------------------------------------------------------------------------------- /traefik/rules_examples/rate-limit.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares.rate-limit] 2 | [http.middlewares.rate-limit.rateLimit] 3 | average = 100 4 | burst = 50 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | traefik/acme/acme.json 2 | traefik/rules/ 3 | ymlfiles/dbbackup* 4 | ymlfiles/airsonic2.yml 5 | backupppp/ 6 | ymlswarm/ 7 | ymlfiles/oauth-keycloak.yml 8 | -------------------------------------------------------------------------------- /traefik/rules_examples/oauth.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares] 2 | [http.middlewares.oauth.forwardAuth] 3 | address = "http://oauth:4181" 4 | trustForwardHeader = true 5 | authResponseHeaders = ["X-Forwarded-User"] 6 | -------------------------------------------------------------------------------- /traefik/rules_examples/basic-auth.toml: -------------------------------------------------------------------------------- 1 | # Use this command and change the user and password: 2 | # echo $(htpasswd -nb user password) 3 | 4 | 5 | [http.middlewares] 6 | [http.middlewares.basic-auth.basicAuth] 7 | users = [ 8 | "user:$apr1$y.WvC/6.$E3FtsfTntPC0wVJ7IUVtX1", 9 | ] 10 | -------------------------------------------------------------------------------- /traefik/rules_examples/tls-opts.toml: -------------------------------------------------------------------------------- 1 | [tls] 2 | [tls.options] 3 | [tls.options.tls-opts] 4 | minVersion = "VersionTLS12" 5 | cipherSuites = [ 6 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 7 | "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", 8 | "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", 9 | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 10 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 11 | ] 12 | -------------------------------------------------------------------------------- /ymlfiles/iperf.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## iperf3 - Network Latency Tool 5 | iperf: 6 | container_name: iperf 7 | image: mlabbe/iperf3:latest 8 | restart: unless-stopped 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.199 12 | ports: 13 | - "5201:5201/tcp" 14 | - "5201:5201/udp" 15 | 16 | networks: 17 | traefik_proxy: 18 | external: true 19 | -------------------------------------------------------------------------------- /ymlfiles/ofelia.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Ofelia - Modern Job Scheduler (cron) 5 | ofelia: 6 | container_name: ofelia 7 | image: mcuadros/ofelia:latest 8 | restart: always 9 | volumes: 10 | - /var/run/docker.sock:/var/run/docker.sock:ro 11 | - $USERDIR/docker/ofelia/config.ini:/etc/ofelia/config.ini 12 | - /etc/timezone:/etc/timezone:ro 13 | - /etc/localtime:/etc/localtime:ro 14 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_hass.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Home Assistant - Home Automation Hub 5 | hass: 6 | container_name: hass 7 | image: homeassistant/raspberrypi3-homeassistant:latest 8 | restart: always 9 | network_mode: host 10 | privileged: true 11 | devices: 12 | - /dev/ttyACM0:/dev/ttyACM0 13 | # ports: 14 | # - "8123:8123" 15 | volumes: 16 | - ~/docker/hass:/config 17 | environment: 18 | - TZ=$TZ 19 | -------------------------------------------------------------------------------- /ymlfiles/hddtemp.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Hddtemp 5 | hddtemp: 6 | container_name: hddtemp 7 | image: emilgil/hddtemp:latest 8 | restart: always 9 | privileged: true 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "7634:7634" 14 | volumes: 15 | - /dev:/dev:ro 16 | environment: 17 | - TZ=$TZ 18 | - DRIVES=sd* # [abcdefghijk] 19 | # - HDDTEMP_ARGS="-q -d -F /dev/sd*" 20 | 21 | networks: 22 | traefik_proxy: 23 | external: true 24 | -------------------------------------------------------------------------------- /ymlfiles/2_pizero_resilio.yml: -------------------------------------------------------------------------------- 1 | version: "2.0" 2 | services: 3 | 4 | ## Resilio - Data Sync 5 | 6 | resilio: 7 | container_name: resilio 8 | image: kudaba/rpi-resilio:latest 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "8888:8888" 14 | - "55555:55555" 15 | volumes: 16 | - ~/resilio:/drive 17 | - ~/docker/resilio:/opt/rslsync/etc 18 | - /etc/timezone:/etc/timezone:ro 19 | - /etc/localtime:/etc/localtime:ro 20 | 21 | networks: 22 | traefik_proxy: 23 | external: true 24 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_openvpn.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## OpenVPN - VPN Service 5 | openvpn: 6 | container_name: openvpn 7 | image: darathor/openvpn:latest 8 | restart: always 9 | cap_add: 10 | - NET_ADMIN 11 | privileged: true 12 | networks: 13 | pi_net: 14 | ipv4_address: 172.20.200.40 15 | ports: 16 | - "1194:1194" 17 | volumes: 18 | - ~/docker/openvpn:/etc/openvpn 19 | - /etc/timezone:/etc/timezone:ro 20 | - /etc/localtime:/etc/localtime:ro 21 | 22 | networks: 23 | pi_net: 24 | external: true 25 | -------------------------------------------------------------------------------- /ymlfiles/apcupsd.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## APCUPSD 5 | # Check status with: docker exec -it apcupsd apcaccess 6 | apcupsd: 7 | container_name: apcupsd 8 | image: gersilex/apcupsd:latest 9 | restart: always 10 | network_mode: host 11 | privileged: true 12 | tty: true 13 | volumes: 14 | - /tmp/apcupsd-docker:/tmp/apcupsd-docker 15 | - $USERDIR/docker/apcupsd/apcupsd.conf:/etc/apcupsd/apcupsd.conf 16 | - $USERDIR/docker/apcupsd/doshutdown:/etc/apcupsd/doshutdown 17 | - $USERDIR/docker/apcupsd/apcupsd.events/var/log/apcupsd.events 18 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_ouroboros.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Ouroboros 5 | ouroboros: 6 | container_name: ouroboros 7 | image: pyouroboros/ouroboros:latest 8 | restart: always 9 | networks: 10 | - pi_net 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock 13 | environment: 14 | - TZ=$TZ 15 | - CLEANUP=true 16 | - CRON="0 5 * * *" 17 | - LOG_LEVEL=info 18 | - SELF_UPDATE=true 19 | # - IGNORE=unbound 20 | # - NOTIFIERS=$DISCORD_NOTIFY # Discord Webhook URL 21 | 22 | networks: 23 | pi_net: 24 | external: true 25 | -------------------------------------------------------------------------------- /ymlfiles/2_pizero_syncthing.yml: -------------------------------------------------------------------------------- 1 | version: "2.0" 2 | services: 3 | 4 | ## Syncthing - Data Sync 5 | 6 | syncthing: 7 | container_name: syncthing 8 | image: dargmuesli/syncthing:latest 9 | restart: always 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "8384:8384" 14 | - "22000:22000" 15 | - "21027:21027/udp" 16 | volumes: 17 | - ~/syncthing:/var/syncthing/Sync 18 | - ~/docker/syncthing:/var/syncthing/config 19 | environment: 20 | - PUID=$PUID 21 | - PGID=$PGID 22 | # - TZ=$TZ 23 | 24 | networks: 25 | traefik_proxy: 26 | external: true 27 | -------------------------------------------------------------------------------- /traefik/rules_examples/cloudflare-ipwhitelist.toml: -------------------------------------------------------------------------------- 1 | [http.middlewares] 2 | [http.middlewares.cloudflare-ipwhitelist.ipWhiteList] 3 | sourceRange = [ 4 | "173.245.48.0/20", 5 | "103.21.244.0/22", 6 | "103.22.200.0/22", 7 | "103.31.4.0/22", 8 | "141.101.64.0/18", 9 | "108.162.192.0/18", 10 | "190.93.240.0/20", 11 | "188.114.96.0/20", 12 | "197.234.240.0/22", 13 | "198.41.128.0/17", 14 | "162.158.0.0/15", 15 | "104.16.0.0/12", 16 | "172.64.0.0/13", 17 | "131.0.72.0/22", 18 | ] 19 | [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] 20 | depth = 2 21 | -------------------------------------------------------------------------------- /ymlfiles/2_pizero_portainer.yml: -------------------------------------------------------------------------------- 1 | version: "2.0" 2 | services: 3 | 4 | ## Portainer - WebUI for Containers 5 | portainer: 6 | container_name: portainer 7 | image: portainer/portainer:latest 8 | restart: always 9 | command: -H unix:///var/run/docker.sock 10 | networks: 11 | - traefik_proxy 12 | ports: 13 | - "9000:9000" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock 16 | - portainer_data:/data # Change to local directory if you want to save/transfer config locally 17 | environment: 18 | - TZ=$TZ 19 | 20 | volumes: 21 | portainer_data: 22 | 23 | networks: 24 | traefik_proxy: 25 | external: true 26 | -------------------------------------------------------------------------------- /traefik/rules_examples/xhost-pihole.toml: -------------------------------------------------------------------------------- 1 | [http.routers] 2 | [http.routers.pihole-rtr] 3 | entryPoints = ["https"] 4 | rule = "Host(`pihole.`)" 5 | service = "pihole-svc" 6 | middlewares = ["secure-chain", "add-admin"] 7 | [http.routers.pihole-rtr.tls] 8 | certresolver = "dns-cloudflare" 9 | 10 | [http.middlewares] 11 | [http.middlewares.add-admin.addPrefix] 12 | prefix = "/admin" 13 | 14 | [http.services] 15 | [http.services.pihole-svc] 16 | [http.services.pihole-svc.loadBalancer] 17 | passHostHeader = true 18 | [[http.services.pihole-svc.loadBalancer.servers]] 19 | url = "http://192.168.1.3:80" # or whatever your external host's IP:port is 20 | -------------------------------------------------------------------------------- /ymlfiles/rsync.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # rsync -aP --inplace $USERNAME@192.168.1.50::volume/music /mnt/storage/ 5 | 6 | ## Rsync Server 7 | rsync: 8 | container_name: rsync 9 | image: axiom/rsync-server:latest 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | ports: 14 | - "873:873" 15 | # - "22:22" 16 | volumes: 17 | # - $USERDIR/.ssh/authorized_keys:/root/.ssh/authorized_keys:ro 18 | - /mnt/storage:/data:ro 19 | environment: 20 | - USERNAME=$USERNAME 21 | - PASSWORD=$MY_PASSWORD 22 | - VOLUME=/data 23 | - ALLOW=192.168.1.0/24 172.16.0.0/12 127.0.0.1/32 24 | 25 | networks: 26 | traefik_proxy: 27 | external: true 28 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_whoami.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Who Am I 5 | 6 | whoami: 7 | image: containous/whoami:latest 8 | networks: 9 | - overlay_net 10 | ports: 11 | - "8000:80" 12 | deploy: 13 | # mode: global # service runs on every node 14 | mode: replicated # a specified number of containers (default) 15 | replicas: 1 16 | update_config: 17 | parallelism: 1 18 | delay: 10s 19 | order: stop-first 20 | restart_policy: 21 | condition: on-failure 22 | placement: 23 | constraints: 24 | # - node.role == manager 25 | - node.platform.arch == armv7l 26 | 27 | networks: 28 | overlay_net: 29 | external: true 30 | -------------------------------------------------------------------------------- /traefik/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Rules Folder 2 | 3 | Copy the **rules_examples** and create your own **rules** folder. The rules folder represents the **File provider**. By mapping the **File directory** to this folder you can easily manage and organize the dynamic configuration for the File provider. The **watch** flag is on by default, so changes made to these files will update in real-time. You can set the watch flag to false to stop this feature. 4 | 5 | It is also possible to create sub-directories here to further organize things, however the watch function doesn't seem to work on files within the sub-directories. 6 | 7 | # Acme Folder 8 | 9 | Create a file in the **acme** folder called **acme.json**, and assign the correct permissions: 10 | 11 | ``` 12 | $ touch /path/to/acme/acme.json 13 | $ chmod 600 !$ 14 | ``` 15 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_syncthing.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Syncthing – Continuous File Synchronization 5 | syncthing: 6 | container_name: syncthing 7 | image: linuxserver/syncthing:arm32v7-latest 8 | restart: always 9 | networks: 10 | - pi_net 11 | ports: 12 | - "8384:8384" # Application WebUI 13 | - "22000:22000" # Listening port 14 | - "21027:21027/udp" # Protocol discovery 15 | volumes: 16 | - $USERDIR/transfer_sync:/data/default 17 | - $USERDIR/.scripts:/data/scripts 18 | - $USERDIR/docker/ymlfiles_sync:/data/ymlfiles 19 | - $USERDIR/docker/syncthing:/config 20 | environment: 21 | - PUID=$PUID 22 | - PGID=$PGID 23 | - TZ=$TZ 24 | - UMASK_SET=022 25 | 26 | networks: 27 | pi_net: 28 | external: true 29 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_gogs.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Gogs 5 | 6 | gogs: 7 | image: hypriot/rpi-gogs-alpine #raspbian 8 | networks: 9 | - overlay_net 10 | ports: 11 | - "8022:22" 12 | - "3000:3000" 13 | volumes: 14 | - /opt/swarmdata/docker/gogs:/data 15 | deploy: 16 | # mode: global # service runs on every node 17 | mode: replicated # a specified number of containers (default) 18 | replicas: 1 19 | update_config: 20 | parallelism: 1 21 | delay: 10s 22 | order: stop-first 23 | restart_policy: 24 | condition: on-failure 25 | placement: 26 | constraints: 27 | - node.role == worker 28 | # - node.platform.arch == armv6l 29 | 30 | networks: 31 | overlay_net: 32 | external: true 33 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_viz.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Docker Swarm Visualizer 5 | 6 | viz: 7 | image: hypriot/visualizer:linux-armv7 8 | networks: 9 | - overlay_net 10 | ports: 11 | - "8080:8080" 12 | volumes: 13 | - /var/run/docker.sock:/var/run/docker.sock:ro 14 | deploy: 15 | # mode: global # service runs on every node 16 | mode: replicated # a specified number of containers (default) 17 | replicas: 1 18 | update_config: 19 | parallelism: 1 20 | delay: 10s 21 | order: stop-first 22 | restart_policy: 23 | condition: on-failure 24 | placement: 25 | constraints: 26 | - node.role == manager 27 | - node.platform.arch == armv7l 28 | 29 | networks: 30 | overlay_net: 31 | external: true 32 | -------------------------------------------------------------------------------- /ymlfiles/ouroboros.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Ouroboros 5 | # https://hub.docker.com/r/pyouroboros/ouroboros/ 6 | # https://github.com/pyouroboros/ouroboros/wiki 7 | ouroboros: 8 | container_name: ouroboros 9 | image: pyouroboros/ouroboros:latest 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | volumes: 14 | - /var/run/docker.sock:/var/run/docker.sock:ro 15 | environment: 16 | - TZ=$TZ 17 | - CLEANUP=true 18 | - CRON="0 4 * * *" 19 | # - INTERVAL=3600 # Comment out if using Cron 20 | # - RUN_ONCE=true # Default false 21 | - LOG_LEVEL=info 22 | - SELF_UPDATE=true 23 | # - IGNORE=mongo influxdb postgres mariadb 24 | - NOTIFIERS=$SLACK_NOTIFY # Slack Webhook URL 25 | 26 | networks: 27 | traefik_proxy: 28 | external: true 29 | -------------------------------------------------------------------------------- /ymlfiles/dockergc.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Docker Garbage Collector 5 | 6 | ## Create excludes file: 7 | # mkdir -p $USERDIR/docker/dockergc 8 | # cd $! 9 | # wget https://raw.githubusercontent.com/clockworksoul/docker-gc-cron/master/compose/docker-gc-exclude 10 | 11 | dockergc: 12 | container_name: dockergc 13 | image: clockworksoul/docker-gc-cron:latest 14 | restart: always 15 | volumes: 16 | - /var/run/docker.sock:/var/run/docker.sock:ro 17 | # - $USERDIR/docker/dockergc/docker-gc-exclude:/etc/docker-gc-exclude 18 | environment: 19 | - CRON=0 1 * * * 20 | - FORCE_IMAGE_REMOVAL=1 21 | - FORCE_CONTAINER_REMOVAL=1 22 | - MINIMUM_IMAGES_TO_SAVE=1 23 | - GRACE_PERIOD_SECONDS=3600 24 | - DRY_RUN=0 25 | - CLEAN_UP_VOLUMES=1 26 | - TZ=$TZ 27 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_nginx2.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Nginx 5 | 6 | nginx2: 7 | image: drakerin/rpi-alpine-nginx 8 | networks: 9 | - overlay_net 10 | ports: 11 | - "3380:80" 12 | volumes: 13 | # - /opt/swarmdata/docker/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf 14 | - /opt/swarmdata/docker/nginx2/index.html:/var/www/index.html 15 | deploy: 16 | # mode: global # service runs on every node 17 | mode: replicated # a specified number of containers (default) 18 | replicas: 2 19 | update_config: 20 | parallelism: 1 21 | delay: 10s 22 | order: stop-first 23 | restart_policy: 24 | condition: on-failure 25 | placement: 26 | constraints: 27 | - node.role == worker 28 | # - node.platform.arch == armv6l 29 | 30 | networks: 31 | overlay_net: 32 | external: true 33 | -------------------------------------------------------------------------------- /ymlfiles/whoami.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Who Am I?? - Show Headers 5 | whoami: 6 | container_name: whoami 7 | image: containous/whoami:v1.3.0 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | labels: 12 | - "traefik.enable=true" 13 | # HTTP Routers 14 | - "traefik.http.routers.whoami-rtr.entrypoints=https" 15 | - "traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAINNAME`)" 16 | - "traefik.http.routers.whoami-rtr.tls=true" 17 | - "traefik.http.routers.whoami-rtr.tls.certresolver=dns-cloudflare" 18 | ## Middlewares 19 | - "traefik.http.routers.whoami-rtr.middlewares=secure-chain@file" 20 | ## HTTP Services 21 | - "traefik.http.routers.whoami-rtr.service=whoami-svc" 22 | - "traefik.http.services.whoami-svc.loadbalancer.server.port=80" 23 | 24 | networks: 25 | traefik_proxy: 26 | external: true 27 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_nodered.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Node-RED 5 | 6 | nodered: 7 | image: nodered/node-red:1.0.3-2-12-minimal-arm32v6 8 | networks: 9 | - overlay_net 10 | ports: 11 | - "1880:1880" 12 | volumes: 13 | - /opt/swarmdata/docker/nodered:/data 14 | - /etc/timezone:/etc/timezone:ro 15 | - /etc/localtime:/etc/localtime:ro 16 | environment: 17 | - TZ=$TZ 18 | deploy: 19 | # mode: global # service runs on every node 20 | mode: replicated # a specified number of containers (default) 21 | replicas: 2 22 | update_config: 23 | parallelism: 1 24 | delay: 10s 25 | order: stop-first 26 | restart_policy: 27 | condition: on-failure 28 | placement: 29 | constraints: 30 | - node.role == worker 31 | # - node.platform.arch == armv6l 32 | 33 | networks: 34 | overlay_net: 35 | external: true 36 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_mysql.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MySQL 5 | 6 | mysql: 7 | image: hypriot/rpi-mysql:latest 8 | networks: 9 | - overlay_net 10 | ports: 11 | - "3306:3306" 12 | volumes: 13 | - /opt/swarmdata/docker/mysql:/var/lib/mysql 14 | - /etc/timezone:/etc/timezone:ro 15 | - /etc/localtime:/etc/localtime:ro 16 | environment: 17 | - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD 18 | deploy: 19 | # mode: global # service runs on every node 20 | mode: replicated # a specified number of containers (default) 21 | replicas: 1 22 | update_config: 23 | parallelism: 1 24 | delay: 10s 25 | order: stop-first 26 | restart_policy: 27 | condition: on-failure 28 | placement: 29 | constraints: 30 | - node.role == worker 31 | # - node.platform.arch == armv6l 32 | 33 | networks: 34 | overlay_net: 35 | external: true 36 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_unifi.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Unifi Controller Software 5 | ## Adopt new device 6 | # ssh ubnt@DEVICE_IP 7 | # login with ubnt/ubnt 8 | # mca-cli 9 | # set-inform http://$address:8080/inform 10 | 11 | unifi: 12 | container_name: unifi 13 | image: linuxserver/unifi-controller:arm32v7-latest 14 | restart: unless-stopped 15 | network_mode: host 16 | # networks: 17 | # - pi_net 18 | # ports: 19 | # - "3478:3478/udp" 20 | # - "10001:10001/udp" 21 | # - "8080:8080" # insecure dashboard 22 | # - "8081:8081" 23 | # - "8443:8443" # secure dashboard 24 | # - "8843:8843" 25 | # - "8880:8880" 26 | # - "6789:6789" 27 | volumes: 28 | - ~/docker/unifi:/config 29 | - /etc/timezone:/etc/timezone:ro 30 | - /etc/localtime:/etc/localtime:ro 31 | environment: 32 | - PUID=$PUID 33 | - PGID=$PGID 34 | 35 | #networks: 36 | # pi_net: 37 | # external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/unifi.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Unifi Controller Software 5 | ## Adopt new device 6 | # ssh ubnt@DEVICE_IP 7 | # login with ubnt/ubnt 8 | # mca-cli 9 | # set-inform http://$address:8080/inform 10 | 11 | unifi: 12 | container_name: unifi 13 | image: linuxserver/unifi-controller:latest 14 | restart: always 15 | networks: 16 | traefik_proxy: 17 | ipv4_address: 192.168.50.239 18 | ports: 19 | - "3478:3478/udp" 20 | - "10001:10001/udp" 21 | - "2280:8080" # insecure dashboard 22 | - "8081:8081" 23 | - "8443:8443" # secure dashboard 24 | - "8843:8843" 25 | - "8880:8880" 26 | - "6789:6789" 27 | volumes: 28 | - $USERDIR/docker/unifi:/config 29 | - /etc/timezone:/etc/timezone:ro 30 | - /etc/localtime:/etc/localtime:ro 31 | environment: 32 | - PUID=$PUID 33 | - PGID=$PGID 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/bin3.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Paste Bin 5 | bin: 6 | container_name: bin 7 | image: rlister/hastebin:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "7777:7777" 13 | environment: 14 | - STORAGE_TYPE=redis 15 | - STORAGE_HOST=redis 16 | labels: 17 | - "traefik.enable=true" 18 | ## HTTP Routers 19 | - "traefik.http.routers.bin-rtr.entrypoints=https" 20 | - "traefik.http.routers.bin-rtr.rule=Host(`bin.$DOMAINNAME`)" 21 | - "traefik.http.routers.bin-rtr.tls=true" 22 | - "traefik.http.routers.bin-rtr.tls.certresolver=dns-cloudflare" 23 | ## Middlewares 24 | - "traefik.http.routers.bin-rtr.middlewares=secure-chain@file" 25 | ## HTTP Services 26 | - "traefik.http.routers.bin-rtr.service=bin-svc" 27 | - "traefik.http.services.bin-svc.loadbalancer.server.port=7777" 28 | 29 | networks: 30 | traefik_proxy: 31 | external: true 32 | -------------------------------------------------------------------------------- /ymlfiles/logrotate.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## LogRotate - Log File Crawler 5 | logrotate: 6 | container_name: logrotate 7 | image: blacklabelops/logrotate:latest 8 | restart: always 9 | volumes: 10 | - /var/lib/docker/containers:/var/lib/docker/containers 11 | - /var/log/docker:/var/log/docker 12 | - $USERDIR/docker/logrotate:/logs 13 | - /etc/timezone:/etc/timezone:ro 14 | - /etc/localtime:/etc/localtime:ro 15 | environment: 16 | - LOGS_DIRECTORIES=/var/lib/docker/containers /var/log/docker 17 | # - LOGROTATE_INTERVAL=weekly # hourly daily weekly monthly yearly 18 | - LOG_FILE_ENDINGS=log json xml 19 | # - LOGROTATE_COPIES=10 20 | - LOGROTATE_SIZE=30M # 100k = 100 kilobytes; M = Megabytes; G = Gigabytes 21 | # - LOGROTATE_COMPRESSION=compress # Default = nocompress 22 | - LOGROTATE_OLDDIR=/logs 23 | # - LOGROTATE_CRONSCHEDULE=* * * * * * 24 | - LOGROTATE_LOGFILE=/logs/logrotatecron.log 25 | -------------------------------------------------------------------------------- /ymlfiles/rclonemount.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | services: 3 | 4 | ## RClone Mount 5 | 6 | # When you force remove the container, you have to sudo fusermount -u -z /mnt/mediaefs on the hostsystem! 7 | 8 | rclonemount: 9 | container_name: rclonemount 10 | image: mumiehub/rclone-mount:latest 11 | restart: always 12 | privileged: true 13 | cap_add: 14 | - SYS_ADMIN 15 | devices: 16 | - /dev/fuse 17 | security_opt: 18 | - apparmor:unconfined 19 | stdin_open: true 20 | tty: true 21 | volumes: 22 | - $USERDIR/.config/rclone:/config 23 | - /mnt/gmedia:/mnt/gmedia:shared 24 | environment: 25 | - "ConfigDir=/config" 26 | - "ConfigName=rclone.conf" 27 | - "RemotePath=gmedia:" 28 | - "MountPoint=/mnt/gmedia" 29 | - "MountCommands=--uid 1000 --gid 1000 --umask 022 --default-permissions --allow-other --allow-non-empty --cache-db-purge --dir-cache-time 72h --poll-interval 5m --buffer-size 128M" 30 | - "UnmountCommands=-u -z" 31 | -------------------------------------------------------------------------------- /ymlfiles/index3.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Simple Directory Index / File Browser 5 | index: 6 | container_name: index 7 | image: mohamnag/nginx-file-browser:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $TESTDIR:/opt/www/files/:ro # Location you want to index 15 | labels: 16 | - "traefik.enable=true" 17 | ## HTTP Routers 18 | - "traefik.http.routers.index-rtr.entrypoints=https" 19 | - "traefik.http.routers.index-rtr.rule=Host(`index.$DOMAINNAME`)" 20 | - "traefik.http.routers.index-rtr.tls=true" 21 | - "traefik.http.routers.index-rtr.tls.certresolver=dns-cloudflare" 22 | ## Middlewares 23 | - "traefik.http.routers.index-rtr.middlewares=secure-chain@file" 24 | ## HTTP Services 25 | - "traefik.http.routers.index-rtr.service=index-svc" 26 | - "traefik.http.services.index-svc.loadbalancer.server.port=80" 27 | 28 | networks: 29 | traefik_proxy: 30 | external: true 31 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_boinc.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## BOINC Client - Berkeley Open Infrastructure for Network Computing 5 | # https://boinc.berkeley.edu/projects.php 6 | 7 | boinc: 8 | image: boinc/client:arm32v7 9 | networks: 10 | - overlay_net 11 | ports: 12 | - "31416:31416" 13 | volumes: 14 | - "/home/pi/docker/boinc:/var/lib/boinc" 15 | deploy: 16 | # mode: global # service runs on every node 17 | mode: replicated # a specified number of containers (default) 18 | replicas: 1 19 | update_config: 20 | parallelism: 1 21 | delay: 10s 22 | order: stop-first 23 | restart_policy: 24 | condition: on-failure 25 | placement: 26 | constraints: 27 | # - node.role == manager 28 | - node.platform.arch == armv7l 29 | environment: 30 | - TZ=$TZ 31 | - BOINC_GUI_RPC_PASSWORD=$MY_PASSWORD 32 | - BOINC_CMD_LINE_OPTIONS=--allow_remote_gui_rpc 33 | 34 | networks: 35 | overlay_net: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/index2.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Simple Directory Index / File Browser 5 | index: 6 | container_name: index 7 | image: corfr/h5ai:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $TESTDIR:/var/www/:ro # Location you want to index 15 | environment: 16 | - IFM_AUTH=0 17 | labels: 18 | - "traefik.enable=true" 19 | ## HTTP Routers 20 | - "traefik.http.routers.index-rtr.entrypoints=https" 21 | - "traefik.http.routers.index-rtr.rule=Host(`index.$DOMAINNAME`)" 22 | - "traefik.http.routers.index-rtr.tls=true" 23 | - "traefik.http.routers.index-rtr.tls.certresolver=dns-cloudflare" 24 | ## Middlewares 25 | - "traefik.http.routers.index-rtr.middlewares=secure-chain@file" 26 | ## HTTP Services 27 | - "traefik.http.routers.index-rtr.service=index-svc" 28 | - "traefik.http.services.index-svc.loadbalancer.server.port=80" 29 | 30 | networks: 31 | traefik_proxy: 32 | external: true 33 | -------------------------------------------------------------------------------- /ymlfiles/autoindex4.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Autoindex - Apache Index 5 | autoindex: 6 | container_name: autoindex 7 | image: httpd:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $TESTDIR:/usr/local/apache2/htdocs/:ro # Location you want to index 15 | labels: 16 | - "traefik.enable=true" 17 | ## HTTP Routers 18 | - "traefik.http.routers.autoindex-rtr.entrypoints=https" 19 | - "traefik.http.routers.autoindex-rtr.rule=Host(`autoindex.$DOMAINNAME`)" 20 | - "traefik.http.routers.autoindex-rtr.tls=true" 21 | - "traefik.http.routers.autoindex-rtr.tls.certresolver=dns-cloudflare" 22 | ## Middlewares 23 | - "traefik.http.routers.autoindex-rtr.middlewares=secure-chain@file" 24 | ## HTTP Services 25 | - "traefik.http.routers.autoindex-rtr.service=autoindex-svc" 26 | - "traefik.http.services.autoindex-svc.loadbalancer.server.port=80" 27 | 28 | networks: 29 | traefik_proxy: 30 | external: true 31 | -------------------------------------------------------------------------------- /ymlfiles/autoindex2.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Autoindex - Simple Directory Index 5 | autoindex: 6 | container_name: autoindex 7 | image: dceoy/nginx-autoindex:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $TESTDIR:/var/lib/nginx/html:ro # Location you want to index 15 | labels: 16 | - "traefik.enable=true" 17 | ## HTTP Routers 18 | - "traefik.http.routers.autoindex-rtr.entrypoints=https" 19 | - "traefik.http.routers.autoindex-rtr.rule=Host(`autoindex.$DOMAINNAME`)" 20 | - "traefik.http.routers.autoindex-rtr.tls=true" 21 | - "traefik.http.routers.autoindex-rtr.tls.certresolver=dns-cloudflare" 22 | ## Middlewares 23 | - "traefik.http.routers.autoindex-rtr.middlewares=secure-chain@file" 24 | ## HTTP Services 25 | - "traefik.http.routers.autoindex-rtr.service=autoindex-svc" 26 | - "traefik.http.services.autoindex-svc.loadbalancer.server.port=80" 27 | 28 | networks: 29 | traefik_proxy: 30 | external: true 31 | -------------------------------------------------------------------------------- /ymlfiles/autoindex.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Autoindex - Simple Directory Index 5 | autoindex: 6 | container_name: autoindex 7 | image: davralin/nginx-autoindex:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $TESTDIR:/usr/share/nginx/html:ro # Location you want to index 15 | labels: 16 | - "traefik.enable=true" 17 | ## HTTP Routers 18 | - "traefik.http.routers.autoindex-rtr.entrypoints=https" 19 | - "traefik.http.routers.autoindex-rtr.rule=Host(`autoindex.$DOMAINNAME`)" 20 | - "traefik.http.routers.autoindex-rtr.tls=true" 21 | - "traefik.http.routers.autoindex-rtr.tls.certresolver=dns-cloudflare" 22 | ## Middlewares 23 | - "traefik.http.routers.autoindex-rtr.middlewares=secure-chain@file" 24 | ## HTTP Services 25 | - "traefik.http.routers.autoindex-rtr.service=autoindex-svc" 26 | - "traefik.http.services.autoindex-svc.loadbalancer.server.port=80" 27 | 28 | networks: 29 | traefik_proxy: 30 | external: true 31 | -------------------------------------------------------------------------------- /ymlfiles/autoindex3.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Autoindex - Simple Directory Index 5 | autoindex: 6 | container_name: autoindex 7 | image: chauffer/nginx-autoindex:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $TESTDIR:/usr/share/nginx/html:ro # Location you want to index 15 | labels: 16 | - "traefik.enable=true" 17 | ## HTTP Routers 18 | - "traefik.http.routers.autoindex-rtr.entrypoints=https" 19 | - "traefik.http.routers.autoindex-rtr.rule=Host(`autoindex.$DOMAINNAME`)" 20 | - "traefik.http.routers.autoindex-rtr.tls=true" 21 | - "traefik.http.routers.autoindex-rtr.tls.certresolver=dns-cloudflare" 22 | ## Middlewares 23 | - "traefik.http.routers.autoindex-rtr.middlewares=secure-chain@file" 24 | ## HTTP Services 25 | - "traefik.http.routers.autoindex-rtr.service=autoindex-svc" 26 | - "traefik.http.services.autoindex-svc.loadbalancer.server.port=80" 27 | 28 | networks: 29 | traefik_proxy: 30 | external: true 31 | -------------------------------------------------------------------------------- /ymlfiles/ombi.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Ombi – Media Request App 5 | ombi: 6 | container_name: ombi 7 | image: linuxserver/ombi:latest 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "3579:3579" 13 | volumes: 14 | - ${USERDIR}/docker/ombi:/config 15 | environment: 16 | - PUID=${PUID} 17 | - PGID=${PGID} 18 | - TZ=${TZ} 19 | labels: 20 | - "traefik.enable=true" 21 | ## HTTP Routers 22 | - "traefik.http.routers.ombi-rtr.entrypoints=https" 23 | - "traefik.http.routers.ombi-rtr.rule=Host(`ombi.$DOMAINNAME`)" 24 | - "traefik.http.routers.ombi-rtr.tls=true" 25 | - "traefik.http.routers.ombi-rtr.tls.certresolver=dns-cloudflare" 26 | ## Middlewares 27 | - "traefik.http.routers.ombi-rtr.middlewares=secure-headers@file,rate-limit@file" 28 | ## HTTP Services 29 | - "traefik.http.routers.ombi-rtr.service=ombi-svc" 30 | - "traefik.http.services.ombi-svc.loadbalancer.server.port=3579" 31 | 32 | networks: 33 | traefik_proxy: 34 | external: true 35 | -------------------------------------------------------------------------------- /ymlfiles/heimdall.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Heimdall - Homepage 5 | heimdall: 6 | container_name: heimdall 7 | image: linuxserver/heimdall:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $USERDIR/docker/heimdall:/config 15 | environment: 16 | - PUID=$PUID 17 | - PGID=$PGID 18 | - TZ=$TZ 19 | labels: 20 | - "traefik.enable=true" 21 | ## HTTP Routers 22 | - "traefik.http.routers.heimdall-rtr.entrypoints=https" 23 | - "traefik.http.routers.heimdall-rtr.rule=Host(`heimdall.$DOMAINNAME`)" 24 | - "traefik.http.routers.heimdall-rtr.tls=true" 25 | - "traefik.http.routers.heimdall-rtr.tls.certresolver=dns-cloudflare" 26 | ## Middlewares 27 | - "traefik.http.routers.heimdall-rtr.middlewares=secure-chain@file" 28 | ## HTTP Services 29 | - "traefik.http.routers.heimdall-rtr.service=heimdall-svc" 30 | - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80" 31 | 32 | networks: 33 | traefik_proxy: 34 | external: true 35 | -------------------------------------------------------------------------------- /ymlfiles/index4.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Simple Directory Index / File Browser 5 | index: 6 | container_name: index 7 | image: kitpages/nginx-explorer:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $TESTDIR:/usr/share/nginx/html:ro # Location you want to index 15 | environment: 16 | - HTTP_USER=test 17 | - HTTP_PASSWORD=test 18 | labels: 19 | - "traefik.enable=true" 20 | ## HTTP Routers 21 | - "traefik.http.routers.index-rtr.entrypoints=https" 22 | - "traefik.http.routers.index-rtr.rule=Host(`index.$DOMAINNAME`)" 23 | - "traefik.http.routers.index-rtr.tls=true" 24 | - "traefik.http.routers.index-rtr.tls.certresolver=dns-cloudflare" 25 | ## Middlewares 26 | - "traefik.http.routers.index-rtr.middlewares=secure-chain@file" 27 | ## HTTP Services 28 | - "traefik.http.routers.index-rtr.service=index-svc" 29 | - "traefik.http.services.index-svc.loadbalancer.server.port=80" 30 | 31 | networks: 32 | traefik_proxy: 33 | external: true 34 | -------------------------------------------------------------------------------- /ymlfiles/boinc-web.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## BOINC Web Manager 5 | 6 | ## Add your host: 7 | # name: boinc 8 | # IpAddress: boinc 9 | # enter 10 | 11 | boinc-web: 12 | container_name: boinc-web 13 | image: adamradocz/boinc-manager-web:latest 14 | restart: always 15 | networks: 16 | - traefik_proxy 17 | # ports: 18 | # - "3380:80" 19 | volumes: 20 | - $USERDIR/docker/boinc/web:/app/BoincManager 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.boinc-rtr.entrypoints=https" 25 | - "traefik.http.routers.boinc-rtr.rule=Host(`boinc.$DOMAINNAME`)" 26 | - "traefik.http.routers.boinc-rtr.tls=true" 27 | - "traefik.http.routers.boinc-rtr.tls.certresolver=dns-cloudflare" 28 | ## Middlewares 29 | - "traefik.http.routers.boinc-rtr.middlewares=secure-chain@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.boinc-rtr.service=boinc-svc" 32 | - "traefik.http.services.boinc-svc.loadbalancer.server.port=80" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/hydra.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Hydra2 - Usenet Search Application 5 | 6 | hydra: 7 | container_name: hydra 8 | image: linuxserver/hydra2:latest 9 | restart: unless-stopped 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "5076:5076" 14 | volumes: 15 | - $USERDIR/docker/hydra:/config 16 | - $USERDIR/dwnloads:/downloads 17 | environment: 18 | - PUID=$PUID 19 | - PGID=$PGID 20 | - TZ=$TZ 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.hydra-rtr.entrypoints=https" 25 | - "traefik.http.routers.hydra-rtr.rule=Host(`hydra.$DOMAINNAME`)" 26 | - "traefik.http.routers.hydra-rtr.tls=true" 27 | - "traefik.http.routers.hydra-rtr.tls.certresolver=dns-cloudflare" 28 | ## Middlewares 29 | - "traefik.http.routers.hydra-rtr.middlewares=secure-chain@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.hydra-rtr.service=hydra-svc" 32 | - "traefik.http.services.hydra-svc.loadbalancer.server.port=5076" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_nginx.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Nginx 5 | 6 | nginx: 7 | image: edwinluijten/hypriot-nginx:1.13.1 8 | networks: 9 | - overlay_net 10 | ports: 11 | - "80:80" 12 | volumes: 13 | - nfs_swarmdata:/usr/share/nginx/html 14 | - /opt/swarmdata/docker/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf 15 | - /opt/swarmdata/docker/nginx/nginx.conf:/etc/nginx/nginx.conf 16 | deploy: 17 | # mode: global # service runs on every node 18 | mode: replicated # a specified number of containers (default) 19 | replicas: 3 20 | update_config: 21 | parallelism: 1 22 | delay: 10s 23 | order: stop-first 24 | restart_policy: 25 | condition: on-failure 26 | placement: 27 | constraints: 28 | - node.role == worker 29 | # - node.platform.arch == armv6l 30 | 31 | volumes: 32 | nfs_swarmdata: 33 | driver: local 34 | driver_opts: 35 | type: "nfs" 36 | o: "addr=192.168.1.50,nfsvers=4,nolock,soft,rw" 37 | device: ":/opt/swarmdata/" 38 | 39 | networks: 40 | overlay_net: 41 | external: true 42 | -------------------------------------------------------------------------------- /ymlfiles/grocy.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## grocy - Web-based Groceries & Household Management 5 | 6 | # Give it a minute to start... 7 | # Login: admin / admin 8 | # Create new user and delete admin 9 | 10 | grocy: 11 | container_name: grocy 12 | image: linuxserver/grocy:latest 13 | restart: always 14 | networks: 15 | - traefik_proxy 16 | # ports: 17 | # - "80:80" 18 | environment: 19 | - PGID=$PGID 20 | - PUID=$PUID 21 | - TZ=$TZ 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.grocy-rtr.entrypoints=https" 26 | - "traefik.http.routers.grocy-rtr.rule=Host(`grocy.$DOMAINNAME`)" 27 | - "traefik.http.routers.grocy-rtr.tls=true" 28 | - "traefik.http.routers.grocy-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.grocy-rtr.middlewares=secure-chain@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.grocy-rtr.service=grocy-svc" 33 | - "traefik.http.services.grocy-svc.loadbalancer.server.port=80" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_fail2ban.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Fail2ban - Network security against attacks 5 | # iptables -L --line-numbers 6 | # fail2ban-client set unbanip 7 | # fail2ban-regex '' 'regex' 8 | # Other commands: https://www.fail2ban.org/wiki/index.php/Commands 9 | fail2ban: 10 | container_name: fail2ban 11 | image: darathor/fail2ban:latest 12 | restart: always 13 | network_mode: host 14 | cap_add: 15 | - NET_ADMIN 16 | - NET_RAW 17 | volumes: 18 | - ~/docker/fail2ban:/data 19 | - ~/docker/fail2ban/fail2ban.d:/etc/fail2ban/fail2ban.d 20 | environment: 21 | - TZ=$TZ 22 | - F2B_LOG_LEVEL=INFO 23 | - F2B_DB_PURGE_AGE=1d # Age at which bans should be purged from the database 24 | - F2B_MAX_RETRY=1 # Number of failures before a host get banned 25 | - F2B_IPTABLES_CHAIN=FORWARD # Specifies the iptables chain to which the Fail2Ban rules should be added 26 | - SSMTP_HOST=smtp.gmail.com 27 | - SSMTP_PORT=465 28 | - SSMTP_USER=$SMTP_EMAIL 29 | - SSMTP_PASSWORD=$SMTP_PASS 30 | - SSMTP_TLS=YES 31 | - F2B_ACTION=%(action_mw)s 32 | -------------------------------------------------------------------------------- /ymlfiles/hass.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Home Assistant - Home Automation Hub 5 | 6 | ## Check config with: 7 | # docker exec -it hass hass --script check_config -c /config 8 | 9 | hass: 10 | container_name: hass 11 | image: homeassistant/home-assistant:latest 12 | restart: always 13 | privileged: true 14 | networks: 15 | - traefik_proxy 16 | # ports: 17 | # - "8123:8123" 18 | volumes: 19 | - $USERDIR/docker/hass:/config 20 | environment: 21 | - TZ=$TZ 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.hass-rtr.entrypoints=https" 26 | - "traefik.http.routers.hass-rtr.rule=Host(`hass.$DOMAINNAME`)" 27 | - "traefik.http.routers.hass-rtr.tls=true" 28 | - "traefik.http.routers.hass-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.hass-rtr.middlewares=secure-headers@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.hass-rtr.service=hass-svc" 33 | - "traefik.http.services.hass-svc.loadbalancer.server.port=8123" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /traefik/rules_examples/test-headers.toml: -------------------------------------------------------------------------------- 1 | # This file is for testing. Enable this middleware and tweak the headers 2 | 3 | [http.middlewares] 4 | [http.middlewares.test-headers.headers] 5 | AccessControlAllowMethods= ["GET", "OPTIONS", "PUT"] 6 | AccessControlMaxAge = 100 7 | AddVaryHeader = true 8 | HostsProxyHeaders = ["X-Forwarded-Host"] 9 | SSLRedirect = true 10 | # SSLForceHost = true 11 | STSSeconds = 63072000 12 | STSIncludeSubdomains = true 13 | STSPreload = true 14 | ForceSTSHeader = true 15 | FrameDeny = true 16 | ContentTypeNosniff = true 17 | BrowserXssFilter = true 18 | # ContentSecurityPolicy = "default-src 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'none';" 19 | # ContentSecurityPolicy = "default-src 'self' 'unsafe-inline' data:;" 20 | ReferrerPolicy = "same-origin" 21 | FeaturePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 22 | [http.middlewares.test-headers.headers.customResponseHeaders] 23 | X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex," 24 | Set-Cookie = "__Secure-sess=123; path=/; HttpOnly; Secure; SameSite=Lax;" 25 | -------------------------------------------------------------------------------- /ymlfiles/photos4.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Photo/Image Server 5 | photos: 6 | container_name: photos 7 | image: linuxserver/photoshow:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - ${USERDIR}/docker/photos/config2:/config 15 | - ${USERDIR}/Pictures:/Pictures:ro 16 | - ${USERDIR}/docker/photos/thumbs2:/Thumbs 17 | environment: 18 | - PUID=${PUID} 19 | - PGID=${PGID} 20 | - TZ=${TZ} 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.photos-rtr.entrypoints=https" 25 | - "traefik.http.routers.photos-rtr.rule=Host(`photos.$DOMAINNAME`)" 26 | - "traefik.http.routers.photos-rtr.tls=true" 27 | - "traefik.http.routers.photos-rtr.tls.certresolver=dns-cloudflare" 28 | ## Middlewares 29 | - "traefik.http.routers.photos-rtr.middlewares=secure-chain@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.photos-rtr.service=photos-svc" 32 | - "traefik.http.services.photos-svc.loadbalancer.server.port=80" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/flexget.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Flex-GET 5 | flexget: 6 | container_name: flexget 7 | image: wiserain/flexget:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "3539:3539" 13 | volumes: 14 | - $USERDIR/docker/flexget/data:/data 15 | - $USERDIR/docker/flexget/config:/config 16 | environment: 17 | - PUID=$PUID 18 | - PGID=$PGID 19 | - TZ=$TZ 20 | - FG_WEBUI_PASSWD=$MY_PASSWORD 21 | - FG_LOG_LEVEL=info 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.flexget-rtr.entrypoints=https" 26 | - "traefik.http.routers.flexget-rtr.rule=Host(`flexget.$DOMAINNAME`)" 27 | - "traefik.http.routers.flexget-rtr.tls=true" 28 | - "traefik.http.routers.flexget-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.flexget-rtr.middlewares=secure-chain@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.flexget-rtr.service=flexget-svc" 33 | - "traefik.http.services.flexget-svc.loadbalancer.server.port=3539" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/glances.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Glances - Container and System Monitor 5 | glances: 6 | container_name: glances 7 | image: nicolargo/glances:latest 8 | pid: host 9 | restart: unless-stopped 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "61208:61208" 14 | volumes: 15 | - $USERDIR/docker/glances:/glances/conf # Use this if you want to add a glances.conf file 16 | - /var/run/docker.sock:/var/run/docker.sock:ro 17 | environment: 18 | - GLANCES_OPT=-w 19 | labels: 20 | - "traefik.enable=true" 21 | ## HTTP Routers 22 | - "traefik.http.routers.glances-rtr.entrypoints=https" 23 | - "traefik.http.routers.glances-rtr.rule=Host(`glances.$DOMAINNAME`)" 24 | - "traefik.http.routers.glances-rtr.tls=true" 25 | - "traefik.http.routers.glances-rtr.tls.certresolver=dns-cloudflare" 26 | ## Middlewares 27 | - "traefik.http.routers.glances-rtr.middlewares=secure-chain@file" 28 | ## HTTP Services 29 | - "traefik.http.routers.glances-rtr.service=glances-svc" 30 | - "traefik.http.services.glances-svc.loadbalancer.server.port=61208" 31 | 32 | networks: 33 | traefik_proxy: 34 | external: true 35 | -------------------------------------------------------------------------------- /ymlfiles/radarr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Radarr – Movie Download and Management 5 | radarr: 6 | container_name: radarr 7 | image: linuxserver/radarr:latest 8 | restart: always 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.245 12 | # ports: 13 | # - "7878:7878" 14 | volumes: 15 | - $USERDIR/docker/radarr:/config 16 | - $USERDIR/dwnloads:/downloads 17 | - /mnt/storage/movies:/movies 18 | environment: 19 | - PUID=$PUID 20 | - PGID=$PGID 21 | - TZ=$TZ 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.radarr-rtr.entrypoints=https" 26 | - "traefik.http.routers.radarr-rtr.rule=Host(`radarr.$DOMAINNAME`)" 27 | - "traefik.http.routers.radarr-rtr.tls=true" 28 | - "traefik.http.routers.radarr-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.radarr-rtr.middlewares=secure-chain@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.radarr-rtr.service=radarr-svc" 33 | - "traefik.http.services.radarr-svc.loadbalancer.server.port=7878" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/lidarr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Lidarr – Music Download and Management 5 | lidarr: 6 | container_name: lidarr 7 | image: linuxserver/lidarr:latest 8 | restart: unless-stopped 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.244 12 | # ports: 13 | # - "8686:8686" 14 | volumes: 15 | - $USERDIR/docker/lidarr:/config 16 | - $USERDIR/dwnloads:/downloads 17 | - /mnt/storage/music:/music 18 | environment: 19 | - PUID=$PUID 20 | - PGID=$PGID 21 | - TZ=$TZ 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.lidarr-rtr.entrypoints=https" 26 | - "traefik.http.routers.lidarr-rtr.rule=Host(`lidarr.$DOMAINNAME`)" 27 | - "traefik.http.routers.lidarr-rtr.tls=true" 28 | - "traefik.http.routers.lidarr-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.lidarr-rtr.middlewares=secure-chain@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.lidarr-rtr.service=lidarr-svc" 33 | - "traefik.http.services.lidarr-svc.loadbalancer.server.port=8686" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/sonarr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Sonarr – TV Show Download and Management 5 | sonarr: 6 | container_name: sonarr 7 | image: linuxserver/sonarr:preview #latest 8 | restart: unless-stopped 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.246 12 | # ports: 13 | # - "8989:8989" 14 | volumes: 15 | - $USERDIR/docker/sonarr:/config 16 | - $USERDIR/dwnloads:/downloads 17 | - /mnt/storage/tv:/tv 18 | environment: 19 | - PUID=$PUID 20 | - PGID=$PGID 21 | - TZ=$TZ 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.sonarr-rtr.entrypoints=https" 26 | - "traefik.http.routers.sonarr-rtr.rule=Host(`sonarr.$DOMAINNAME`)" 27 | - "traefik.http.routers.sonarr-rtr.tls=true" 28 | - "traefik.http.routers.sonarr-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.sonarr-rtr.middlewares=secure-chain@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.sonarr-rtr.service=sonarr-svc" 33 | - "traefik.http.services.sonarr-svc.loadbalancer.server.port=8989" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/riot.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Riot.io 5 | 6 | ## Create default config: 7 | # docker run --rm --entrypoint cat bubuntux/riot-web /etc/riot-web/config.json > $USERDIR/docker/riot/config.json 8 | 9 | riot: 10 | container_name: riot 11 | image: bubuntux/riot-web:latest 12 | restart: always 13 | networks: 14 | - traefik_proxy 15 | # ports: 16 | # - "80:80" 17 | volumes: 18 | - $USERDIR/docker/riot/config.json:/etc/riot-web/config.json:ro 19 | - /etc/timezone:/etc/timezone:ro 20 | - /etc/localtime:/etc/localtime:ro 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.riot-rtr.entrypoints=https" 25 | - "traefik.http.routers.riot-rtr.rule=Host(`riot.$DOMAINNAME`)" 26 | - "traefik.http.routers.riot-rtr.tls=true" 27 | - "traefik.http.routers.riot-rtr.tls.certresolver=dns-cloudflare" 28 | ## Middlewares 29 | - "traefik.http.routers.riot-rtr.middlewares=secure-chain@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.riot-rtr.service=riot-svc" 32 | - "traefik.http.services.riot-svc.loadbalancer.server.port=80" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/wetty.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Wetty - SSH over the web 5 | wetty: 6 | container_name: wetty 7 | image: svenihoney/wetty:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "3000:3000" 13 | volumes: 14 | - /etc/timezone:/etc/timezone:ro 15 | - /etc/localtime:/etc/localtime:ro 16 | environment: 17 | - VIRTUAL_HOST=wetty.$DOMAINNAME 18 | - VIRTUAL_PORT=3000 19 | - REMOTE_SSH_SERVER=192.168.1.12 20 | - REMOTE_SSH_PORT=22 21 | - REMOTE_SSH_USER=$USERNAME 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.wetty-rtr.entrypoints=https" 26 | - "traefik.http.routers.wetty-rtr.rule=Host(`wetty.$DOMAINNAME`)" 27 | - "traefik.http.routers.wetty-rtr.tls=true" 28 | - "traefik.http.routers.wetty-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.wetty-rtr.middlewares=secure-chain@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.wetty-rtr.service=wetty-svc" 33 | - "traefik.http.services.wetty-svc.loadbalancer.server.port=3000" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/nzbget.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Nzbget - Usenet Downloader 5 | 6 | # Login: nzbget 7 | # Password: tegbzn6789 8 | 9 | nzbget: 10 | container_name: nzbget 11 | image: linuxserver/nzbget:latest 12 | restart: unless-stopped 13 | networks: 14 | traefik_proxy: 15 | ipv4_address: 192.168.50.241 16 | # ports: 17 | # - "6789:6789" 18 | volumes: 19 | - $USERDIR/docker/nzbget:/config 20 | - $USERDIR/dwnloads:/downloads 21 | environment: 22 | - PUID=$PUID 23 | - PGID=$PGID 24 | - TZ=$TZ 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.nzbget-rtr.entrypoints=https" 29 | - "traefik.http.routers.nzbget-rtr.rule=Host(`nzbget.$DOMAINNAME`)" 30 | - "traefik.http.routers.nzbget-rtr.tls=true" 31 | - "traefik.http.routers.nzbget-rtr.tls.certresolver=dns-cloudflare" 32 | ## Middlewares 33 | - "traefik.http.routers.nzbget-rtr.middlewares=secure-chain@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.nzbget-rtr.service=nzbget-svc" 36 | - "traefik.http.services.nzbget-svc.loadbalancer.server.port=6789" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: true 41 | -------------------------------------------------------------------------------- /ymlfiles/picard.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MusicBrainz Picard – Music Management 5 | picard: 6 | container_name: picard 7 | image: mikenye/picard:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - $USERDIR/docker/picard:/config 15 | - $USERDIR/dwnloads/:/downloads 16 | - /mnt/storage/music:/storage 17 | environment: 18 | - USER_ID=$PUID 19 | - GROUP_ID=$PGID 20 | - TZ=$TZ 21 | - UMASK=022 22 | - DISPLAY_WIDTH=1600 23 | - DISPLAY_HEIGHT=768 24 | labels: 25 | - "traefik.enable=true" 26 | ## HTTP Routers 27 | - "traefik.http.routers.picard-rtr.entrypoints=https" 28 | - "traefik.http.routers.picard-rtr.rule=Host(`picard.$DOMAINNAME`)" 29 | - "traefik.http.routers.picard-rtr.tls=true" 30 | - "traefik.http.routers.picard-rtr.tls.certresolver=dns-cloudflare" 31 | ## Middlewares 32 | - "traefik.http.routers.picard-rtr.middlewares=secure-chain@file" 33 | ## HTTP Services 34 | - "traefik.http.routers.picard-rtr.service=picard-svc" 35 | - "traefik.http.services.picard-svc.loadbalancer.server.port=5800" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: true 40 | -------------------------------------------------------------------------------- /ymlfiles/firefox.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Firefox - Web Browser 5 | firefox: 6 | container_name: firefox 7 | image: jlesage/firefox:latest 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - "5800:5800" 13 | volumes: 14 | - ${USERDIR}/docker/firefox:/config 15 | - /dev/shm:/dev/shm 16 | environment: 17 | - USER_ID=$PUID 18 | - GROUP_ID=$PGID 19 | - TZ=$TZ 20 | - UMASK=002 21 | - KEEP_APP_RUNNING=1 22 | - CLEAN_TMP_DIR=1 23 | - DISPLAY_WIDTH=1800 24 | - DISPLAY_HEIGHT=800 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.firefox-rtr.entrypoints=https" 29 | - "traefik.http.routers.firefox-rtr.rule=Host(`firefox.$DOMAINNAME`)" 30 | - "traefik.http.routers.firefox-rtr.tls=true" 31 | - "traefik.http.routers.firefox-rtr.tls.certresolver=dns-cloudflare" 32 | ## Middlewares 33 | - "traefik.http.routers.firefox-rtr.middlewares=secure-chain@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.firefox-rtr.service=firefox-svc" 36 | - "traefik.http.services.firefox-svc.loadbalancer.server.port=5800" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: true 41 | -------------------------------------------------------------------------------- /ymlfiles/jackett.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Jackett – Torrent Proxy/RSS Generator 5 | jackett: 6 | container_name: jackett 7 | image: linuxserver/jackett:latest 8 | restart: always 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.249 # Use this IP to connect to sonarr/radarr/lidarr/ttrss: http://192.168.50.249:9117/... 12 | # ports: 13 | # - "9117:9117" 14 | volumes: 15 | - $USERDIR/docker/jackett:/config 16 | - $USERDIR/dwnloads/temp:/downloads 17 | environment: 18 | - PUID=$PUID 19 | - PGID=$PGID 20 | - TZ=$TZ 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.jackett-rtr.entrypoints=https" 25 | - "traefik.http.routers.jackett-rtr.rule=Host(`jackett.$DOMAINNAME`)" 26 | - "traefik.http.routers.jackett-rtr.tls=true" 27 | - "traefik.http.routers.jackett-rtr.tls.certresolver=dns-cloudflare" 28 | ## Middlewares 29 | - "traefik.http.routers.jackett-rtr.middlewares=secure-chain@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.jackett-rtr.service=jackett-svc" 32 | - "traefik.http.services.jackett-svc.loadbalancer.server.port=9117" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/portainer.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Portainer - WebUI for Containers 5 | portainer: 6 | container_name: portainer 7 | image: portainer/portainer:latest 8 | restart: always 9 | command: -H unix:///var/run/docker.sock 10 | networks: 11 | - traefik_proxy 12 | # ports: 13 | # - "9000:9000" 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock:ro 16 | - portainer_data:/data # Change to local directory if you want to save/transfer config locally 17 | environment: 18 | - TZ=$TZ 19 | labels: 20 | - "traefik.enable=true" 21 | ## HTTP Routers 22 | - "traefik.http.routers.portainer-rtr.entrypoints=https" 23 | - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME`)" 24 | - "traefik.http.routers.portainer-rtr.tls=true" 25 | - "traefik.http.routers.portainer-rtr.tls.certresolver=dns-cloudflare" 26 | ## Middlewares 27 | - "traefik.http.routers.portainer-rtr.middlewares=secure-chain@file" 28 | ## HTTP Services 29 | - "traefik.http.routers.portainer-rtr.service=portainer-svc" 30 | - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" 31 | 32 | volumes: 33 | portainer_data: 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/tautulli.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Tautulli – Monitoring Plex Usage 5 | tautulli: 6 | container_name: tautulli 7 | image: linuxserver/tautulli:latest 8 | restart: unless-stopped 9 | networks: 10 | traefik_proxy: 11 | ipv4_address: 192.168.50.243 12 | # ports: 13 | # - "8181:8181" 14 | volumes: 15 | - $USERDIR/docker/plex/Library/Application Support/Plex Media Server/Logs:/logs:ro # Plex Log Directory 16 | - $USERDIR/docker/tautulli/config:/config 17 | environment: 18 | - PUID=$PUID 19 | - PGID=$PGID 20 | - TZ=$TZ 21 | labels: 22 | - "traefik.enable=true" 23 | ## HTTP Routers 24 | - "traefik.http.routers.tautulli-rtr.entrypoints=https" 25 | - "traefik.http.routers.tautulli-rtr.rule=Host(`tautulli.$DOMAINNAME`)" 26 | - "traefik.http.routers.tautulli-rtr.tls=true" 27 | - "traefik.http.routers.tautulli-rtr.tls.certresolver=dns-cloudflare" 28 | ## Middlewares 29 | - "traefik.http.routers.tautulli-rtr.middlewares=secure-headers@file,rate-limit@file,basic-auth@file" 30 | ## HTTP Services 31 | - "traefik.http.routers.tautulli-rtr.service=tautulli-svc" 32 | - "traefik.http.services.tautulli-svc.loadbalancer.server.port=8181" 33 | 34 | networks: 35 | traefik_proxy: 36 | external: true 37 | -------------------------------------------------------------------------------- /ymlfiles/statping.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## StatPing - Status Page & Monitoring Server 5 | # Login: admin / admin 6 | 7 | statping: 8 | container_name: statping 9 | image: hunterlong/statping:latest 10 | restart: unless-stopped 11 | networks: 12 | - traefik_proxy 13 | - postgres 14 | # ports: 15 | # - "4480:8080" 16 | volumes: 17 | - $USERDIR/docker/statping/config:/app 18 | environment: 19 | - DB_CONN=postgres 20 | - DB_HOST=postgres 21 | - DB_USER=statping 22 | - DB_PASS=$PG_PASSWORD 23 | - DB_DATABASE=statping 24 | labels: 25 | - "traefik.enable=true" 26 | ## HTTP Routers 27 | - "traefik.http.routers.statping-rtr.entrypoints=https" 28 | - "traefik.http.routers.statping-rtr.rule=Host(`statping.$DOMAINNAME`)" 29 | - "traefik.http.routers.statping-rtr.tls=true" 30 | - "traefik.http.routers.statping-rtr.tls.certresolver=dns-cloudflare" 31 | ## Middlewares 32 | - "traefik.http.routers.statping-rtr.middlewares=secure-chain@file" 33 | ## HTTP Services 34 | - "traefik.http.routers.statping-rtr.service=statping-svc" 35 | - "traefik.http.services.statping-svc.loadbalancer.server.port=8080" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: true 40 | postgres: 41 | external: true 42 | -------------------------------------------------------------------------------- /ymlfiles/photos2.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Photo/Image Server 5 | 6 | ## You must copy the file from the link below into the /config folder: 7 | # https://github.com/trebonius0/Photato/blob/master/photato.ini 8 | 9 | photos: 10 | container_name: photos 11 | image: trebonius0/photato:latest 12 | restart: always 13 | networks: 14 | - traefik_proxy 15 | # ports: 16 | # - "8186:8186" 17 | volumes: 18 | - ${USERDIR}/Pictures:/pictures 19 | - ${USERDIR}/docker/photos/config:/config 20 | - ${USERDIR}/docker/photos/cache:/cache 21 | environment: 22 | - PUID=${PUID} 23 | - PGID=${PGID} 24 | - TZ=${TZ} 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.photos-rtr.entrypoints=https" 29 | - "traefik.http.routers.photos-rtr.rule=Host(`photos.$DOMAIN`)" 30 | - "traefik.http.routers.photos-rtr.tls=true" 31 | - "traefik.http.routers.photos-rtr.tls.certresolver=dns-cloudflare" 32 | ## Middlewares 33 | - "traefik.http.routers.photos-rtr.middlewares=secure-chain@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.photos-rtr.service=photos-svc" 36 | - "traefik.http.services.photos-svc.loadbalancer.server.port=8186" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: true 41 | -------------------------------------------------------------------------------- /ymlfiles/bin.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Paste Bin 5 | 6 | ## Change the theme: 7 | # sudo vim $USERDIR/docker/bin/cfg/conf.php 8 | # change template = "bootstrap" to "bootstrap-dark-page" 9 | ## Other options: https://privatebin.info/screenshots.html 10 | 11 | bin: 12 | container_name: bin 13 | image: jgeusebroek/privatebin:latest 14 | restart: always 15 | networks: 16 | - traefik_proxy 17 | - mariadb 18 | # ports: 19 | # - "80:80" 20 | volumes: 21 | - $USERDIR/docker/bin/data:/privatebin/data 22 | - $USERDIR/docker/bin/cfg:/privatebin/cfg 23 | environment: 24 | - UID=$PUID 25 | - GID=$PGID 26 | labels: 27 | - "traefik.enable=true" 28 | ## HTTP Routers 29 | - "traefik.http.routers.bin-rtr.entrypoints=https" 30 | - "traefik.http.routers.bin-rtr.rule=Host(`bin.$DOMAINNAME`)" 31 | - "traefik.http.routers.bin-rtr.tls=true" 32 | - "traefik.http.routers.bin-rtr.tls.certresolver=dns-cloudflare" 33 | ## Middlewares 34 | - "traefik.http.routers.bin-rtr.middlewares=secure-headers@file,rate-limit@file" 35 | ## HTTP Services 36 | - "traefik.http.routers.bin-rtr.service=bin-svc" 37 | - "traefik.http.services.bin-svc.loadbalancer.server.port=80" 38 | 39 | networks: 40 | traefik_proxy: 41 | external: true 42 | mariadb: 43 | external: true 44 | -------------------------------------------------------------------------------- /ymlfiles/fail2ban.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Fail2ban - Network security against attacks 5 | 6 | ## Some fail2ban commands: 7 | # iptables -L --line-numbers 8 | # fail2ban-client set unbanip 9 | # fail2ban-regex '' 'regex' 10 | # Other commands: https://www.fail2ban.org/wiki/index.php/Commands 11 | 12 | ## Check status of ssh jail: 13 | # sudo fail2ban-client status sshd 14 | 15 | fail2ban: 16 | container_name: fail2ban 17 | image: crazymax/fail2ban:latest 18 | restart: always 19 | network_mode: host 20 | cap_add: 21 | - NET_ADMIN 22 | - NET_RAW 23 | volumes: 24 | - /var/log/docker:/var/log/docker 25 | - $USERDIR/docker/hass/home-assistant.log:/var/log/home-assistant.log:ro 26 | - $USERDIR/docker/fail2ban:/data 27 | - $USERDIR/docker/fail2ban/fail2ban.d:/etc/fail2ban/fail2ban.d 28 | environment: 29 | - TZ=$TZ 30 | - F2B_LOG_LEVEL=INFO 31 | # - F2B_DB_PURGE_AGE=1d # Age at which bans should be purged from the database 32 | - F2B_IPTABLES_CHAIN=DOCKER-USER # Specifies the iptables chain to which the Fail2Ban rules should be added 33 | - SSMTP_HOST=smtp.gmail.com 34 | - SSMTP_PORT=465 35 | - SSMTP_USER=$SMTP_EMAIL 36 | - SSMTP_PASSWORD=$SMTP_PASS # Create an "app password" if you use 2FA 37 | - SSMTP_TLS=YES 38 | -------------------------------------------------------------------------------- /ymlfiles/makemkv.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MakeMKV - Video Converter 5 | makemkv: 6 | container_name: makemkv 7 | image: jlesage/makemkv:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - $USERDIR/docker/makemkv/config:/config:rw 15 | - $USERDIR/docker/makemkv/output:/output:rw # Output folder 16 | - /mnt/storage:/storage:ro # Data folder - can be anything 17 | - $USERDIR/dwnloads:/downloads:ro # Data folder - can be anything 18 | environment: 19 | - USER_ID=$PUID 20 | - GROUP_ID=$PGID 21 | - TZ=$TZ 22 | - UMASK=002 23 | - DISPLAY_WIDTH=1600 24 | - DISPLAY_HEIGHT=768 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.makemkv-rtr.entrypoints=https" 29 | - "traefik.http.routers.makemkv-rtr.rule=Host(`makemkv.$DOMAINNAME`)" 30 | - "traefik.http.routers.makemkv-rtr.tls=true" 31 | - "traefik.http.routers.makemkv-rtr.tls.certresolver=dns-cloudflare" 32 | ## Middlewares 33 | - "traefik.http.routers.makemkv-rtr.middlewares=secure-chain@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.makemkv-rtr.service=makemkv-svc" 36 | - "traefik.http.services.makemkv-svc.loadbalancer.server.port=5800" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: true 41 | -------------------------------------------------------------------------------- /ymlfiles/rclonebrowser.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## RClone Browser with GUI interface 5 | rclonebrowser: 6 | container_name: rclonebrowser 7 | image: romancin/rclonebrowser:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" # Web Access 13 | # - "5900:5900" # VNC port 14 | volumes: 15 | - $USERDIR/docker/rclonebrowser/config:/config 16 | - $USERDIR/docker/rclonebrowser/media:/media # Location for downloading/uploading 17 | environment: 18 | - USER_ID=$PUID 19 | - GROUP_ID=$PGID 20 | - TZ=$TZ 21 | - UMASK=022 22 | - DISPLAY_WIDTH=1600 23 | - DISPLAY_HEIGHT=768 24 | labels: 25 | - "traefik.enable=true" 26 | ## HTTP Routers 27 | - "traefik.http.routers.rclonebrowser-rtr.entrypoints=https" 28 | - "traefik.http.routers.rclonebrowser-rtr.rule=Host(`rclone.$DOMAINNAME`)" 29 | - "traefik.http.routers.rclonebrowser-rtr.tls=true" 30 | - "traefik.http.routers.rclonebrowser-rtr.tls.certresolver=dns-cloudflare" 31 | ## Middlewares 32 | - "traefik.http.routers.rclonebrowser-rtr.middlewares=secure-chain@file" 33 | ## HTTP Services 34 | - "traefik.http.routers.rclonebrowser-rtr.service=rclonebrowser-svc" 35 | - "traefik.http.services.rclonebrowser-svc.loadbalancer.server.port=5800" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: true 40 | -------------------------------------------------------------------------------- /ymlfiles/cloud9.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Cloud9 - Complete Web Based IDE with Terminal Access 5 | cloud9: 6 | container_name: cloud9 7 | image: linuxserver/cloud9:latest 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "8000:8000" 13 | volumes: 14 | - $USERDIR/docker/traefik2/traefik/rules:/code/traefik_rules 15 | - $USERDIR/docker/traefik2/ymlfiles:/code/ymlfiles 16 | # - /var/run/docker.sock:/var/run/docker.sock # Needed if you plan to use Docker or compose commands 17 | environment: 18 | - PUID=$PUID 19 | - PGID=$PGID 20 | - TZ=$TZ 21 | # - GITURL=https://github.com/linuxserver/docker-cloud9.git # Specify a git repo to checkout on first startup 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.cloud9-rtr.entrypoints=https" 26 | - "traefik.http.routers.cloud9-rtr.rule=Host(`cloud9.$DOMAINNAME`)" 27 | - "traefik.http.routers.cloud9-rtr.tls=true" 28 | - "traefik.http.routers.cloud9-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.cloud9-rtr.middlewares=secure-chain@file" 31 | ## HTTP Services 32 | - "traefik.http.routers.cloud9-rtr.service=cloud9-svc" 33 | - "traefik.http.services.cloud9-svc.loadbalancer.server.port=8000" 34 | 35 | networks: 36 | traefik_proxy: 37 | external: true 38 | -------------------------------------------------------------------------------- /ymlfiles/filebot.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## FileBot - Rename Movie and Tv Files 5 | filebot: 6 | container_name: filebot 7 | image: jlesage/filebot:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - $USERDIR/docker/filebot/config:/config 15 | - $USERDIR/docker/filebot/output:/output 16 | - /mnt/storage:/mnt/storage 17 | - /etc/timezone:/etc/timezone:ro 18 | - /etc/localtime:/etc/localtime:ro 19 | environment: 20 | - USER_ID=$PUID 21 | - GROUP_ID=$PGID 22 | - TZ=$TZ 23 | - UMASK_SET=022 24 | - DISPLAY_WIDTH=1600 25 | - DISPLAY_HEIGHT=768 26 | # - VNC_PASSWORD= # Optional 27 | labels: 28 | - "traefik.enable=true" 29 | ## HTTP Routers 30 | - "traefik.http.routers.filebot-rtr.entrypoints=https" 31 | - "traefik.http.routers.filebot-rtr.rule=Host(`filebot.$DOMAINNAME`)" 32 | - "traefik.http.routers.filebot-rtr.tls=true" 33 | - "traefik.http.routers.filebot-rtr.tls.certresolver=dns-cloudflare" 34 | ## Middlewares 35 | - "traefik.http.routers.filebot-rtr.middlewares=secure-chain@file" 36 | ## HTTP Services 37 | - "traefik.http.routers.filebot-rtr.service=filebot-svc" 38 | - "traefik.http.services.filebot-svc.loadbalancer.server.port=5800" 39 | 40 | networks: 41 | traefik_proxy: 42 | external: true 43 | -------------------------------------------------------------------------------- /ymlfiles/logs.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Dozzle - Docker Real-Time Log Viewer 5 | # Filter options: https://docs.docker.com/engine/reference/commandline/ps/#filtering 6 | 7 | dozzle: 8 | container_name: logs 9 | image: amir20/dozzle:latest 10 | restart: always 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "8080:8080" 15 | volumes: 16 | - /var/run/docker.sock:/var/run/docker.sock:ro 17 | - /etc/timezone:/etc/timezone:ro 18 | - /etc/localtime:/etc/localtime:ro 19 | environment: 20 | DOZZLE_LEVEL: info 21 | DOZZLE_TAILSIZE: 300 22 | DOZZLE_FILTER: "status=running" 23 | # DOZZLE_FILTER: "label=log_me" # limits logs displayed to containers with this label 24 | labels: 25 | # - log_me 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.dozzle-rtr.entrypoints=https" 29 | - "traefik.http.routers.dozzle-rtr.rule=Host(`logs.$DOMAINNAME`)" 30 | - "traefik.http.routers.dozzle-rtr.tls=true" 31 | - "traefik.http.routers.dozzle-rtr.tls.certresolver=dns-cloudflare" 32 | ## Middlewares 33 | - "traefik.http.routers.dozzle-rtr.middlewares=secure-chain@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.dozzle-rtr.service=dozzle-svc" 36 | - "traefik.http.services.dozzle-svc.loadbalancer.server.port=8080" 37 | 38 | networks: 39 | traefik_proxy: 40 | external: true 41 | -------------------------------------------------------------------------------- /ymlfiles/mkvtoolnix.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## mkvtoolnix – Video Editor 5 | mkvtoolnix: 6 | container_name: mkvtoolnix 7 | image: jlesage/mkvtoolnix:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - $USERDIR/docker/mkvtoolnix:/config:rw 15 | - $USERDIR:/home:rw # Data folder - can be anything 16 | - /mnt/storage:/storage:rw # Data folder - can be anything 17 | - /etc/timezone:/etc/timezone:ro 18 | - /etc/localtime:/etc/localtime:ro 19 | environment: 20 | - USER_ID=$PUID 21 | - GROUP_ID=$PGID 22 | - TZ=$TZ 23 | - UMASK=002 24 | - DISPLAY_WIDTH=1600 25 | - DISPLAY_HEIGHT=768 26 | labels: 27 | - "traefik.enable=true" 28 | ## HTTP Routers 29 | - "traefik.http.routers.mkvtoolnix-rtr.entrypoints=https" 30 | - "traefik.http.routers.mkvtoolnix-rtr.rule=Host(`mkvtoolnix.$DOMAINNAME`)" 31 | - "traefik.http.routers.mkvtoolnix-rtr.tls=true" 32 | - "traefik.http.routers.mkvtoolnix-rtr.tls.certresolver=dns-cloudflare" 33 | ## Middlewares 34 | - "traefik.http.routers.mkvtoolnix-rtr.middlewares=secure-chain@file" 35 | ## HTTP Services 36 | - "traefik.http.routers.mkvtoolnix-rtr.service=mkvtoolnix-svc" 37 | - "traefik.http.services.mkvtoolnix-svc.loadbalancer.server.port=5800" 38 | 39 | networks: 40 | traefik_proxy: 41 | external: true 42 | -------------------------------------------------------------------------------- /ymlfiles/mqtt.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MQTT Broker 5 | mqtt: 6 | container_name: mqtt 7 | image: matteocollina/mosca:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | ports: 12 | - "1883:1883" 13 | volumes: 14 | - $USERDIR/docker/mqtt:/db 15 | - /etc/timezone:/etc/timezone:ro 16 | - /etc/localtime:/etc/localtime:ro 17 | 18 | ## SmartThings MQTT Bridge 19 | mqtt_bridge: 20 | container_name: mqtt_bridge 21 | image: stjohnjohnson/smartthings-mqtt-bridge:latest 22 | restart: always 23 | networks: 24 | - traefik_proxy 25 | ports: 26 | - "8082:8080" 27 | volumes: 28 | - $USERDIR/docker/mqtt_bridge:/config 29 | - /etc/timezone:/etc/timezone:ro 30 | - /etc/localtime:/etc/localtime:ro 31 | # labels: 32 | # - "traefik.enable=true" 33 | # ## HTTP Routers 34 | # - "traefik.http.routers.wetty-rtr.entrypoints=https" 35 | # - "traefik.http.routers.wetty-rtr.rule=Host(`wetty.$DOMAINNAME`)" 36 | # - "traefik.http.routers.wetty-rtr.tls=true" 37 | # - "traefik.http.routers.wetty-rtr.tls.certresolver=dns-cloudflare" 38 | # ## Middlewares 39 | # - "traefik.http.routers.wetty-rtr.middlewares=secure-chain@file" 40 | # ## HTTP Services 41 | # - "traefik.http.routers.wetty-rtr.service=wetty-svc" 42 | # - "traefik.http.services.wetty-svc.loadbalancer.server.port=3000" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: true 47 | -------------------------------------------------------------------------------- /ymlfiles/sabnzbd.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## sabnzbd - Usenet Downloader 5 | 6 | ## Enable external access: 7 | # Navigate to Config > Special using Host IP. e.g.: http://:8082/config/special/ 8 | # Scroll to the bottom and add to host_whitelist ( ) 9 | # Enter sabnzbd.$DOMAINNAME separated by a comma , 10 | 11 | sabnzbd: 12 | container_name: sabnzbd 13 | image: linuxserver/sabnzbd:latest 14 | restart: unless-stopped 15 | networks: 16 | - traefik_proxy 17 | # ports: 18 | # - "8082:8080" 19 | # - "9090:9090" 20 | volumes: 21 | - $USERDIR/docker/sabnzbd:/config 22 | - $USERDIR/dwnloads/sabnzbd:/downloads 23 | - $USERDIR/dwnloads/temp:/incomplete-downloads 24 | environment: 25 | - PUID=$PUID 26 | - PGID=$PGID 27 | - TZ=$TZ 28 | labels: 29 | - "traefik.enable=true" 30 | ## HTTP Routers 31 | - "traefik.http.routers.sabnzbd-rtr.entrypoints=https" 32 | - "traefik.http.routers.sabnzbd-rtr.rule=Host(`sabnzbd.$DOMAINNAME`)" 33 | - "traefik.http.routers.sabnzbd-rtr.tls=true" 34 | - "traefik.http.routers.sabnzbd-rtr.tls.certresolver=dns-cloudflare" 35 | ## Middlewares 36 | - "traefik.http.routers.sabnzbd-rtr.middlewares=secure-chain@file" 37 | ## HTTP Services 38 | - "traefik.http.routers.sabnzbd-rtr.service=sabnzbd-svc" 39 | - "traefik.http.services.sabnzbd-svc.loadbalancer.server.port=8080" 40 | 41 | networks: 42 | traefik_proxy: 43 | external: true 44 | -------------------------------------------------------------------------------- /ymlfiles/wekan.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # Need to run with MongoDB 5 | 6 | ## Wekan - Open Source Kanban Board 7 | wekan: 8 | container_name: wekan 9 | image: wekanteam/wekan:latest 10 | restart: unless-stopped 11 | networks: 12 | - traefik_proxy 13 | # ports: 14 | # - "8080:8080" 15 | volumes: 16 | - /etc/timezone:/etc/timezone:ro 17 | - /etc/localtime:/etc/localtime:ro 18 | environment: 19 | - MONGO_URL=mongodb://mongo/wekan # //:/ 20 | - ROOT_URL=https://wekan.$DOMAINNAME 21 | - MAIL_URL=smtp://$SMTP_USER:$SMTP_PASS@$SMTP_EMAIL:465 # smtp://user:pass@mailserver.example.com:25/ 22 | - MAIL_FROM=Wekan Notifications <$SMTP_EMAIL> 23 | - WITH_API=false 24 | - BROWSER_POLICY_ENABLED=true 25 | - TRUSTED_URL=https://wekan.$DOMAINNAME 26 | labels: 27 | - "traefik.enable=true" 28 | ## HTTP Routers 29 | - "traefik.http.routers.wekan-rtr.entrypoints=https" 30 | - "traefik.http.routers.wekan-rtr.rule=Host(`wekan.$DOMAINNAME`)" 31 | - "traefik.http.routers.wekan-rtr.tls=true" 32 | - "traefik.http.routers.wekan-rtr.tls.certresolver=dns-cloudflare" 33 | ## Middlewares 34 | - "traefik.http.routers.wekan-rtr.middlewares=secure-chain@file" 35 | ## HTTP Services 36 | - "traefik.http.routers.wekan-rtr.service=wekan-svc" 37 | - "traefik.http.services.wekan-svc.loadbalancer.server.port=8080" 38 | 39 | networks: 40 | traefik_proxy: 41 | external: true 42 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_boinc.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## BOINC Client - Berkeley Open Infrastructure for Network Computing 5 | # https://boinc.berkeley.edu/projects.php 6 | 7 | ## Enter boinccmd commands via shell: 8 | # docker exec -it boinc bash 9 | # boinccmd --help 10 | # exit 11 | 12 | ## Link account to BOINCStats: 13 | # Create an account at https://bam.boincstats.com/ 14 | # docker exec -it boinc boinccmd --join_acct_mgr https://bam.boincstats.com 15 | ## Check if account is connected: 16 | # docker exec -it boinc boinccmd --acct_mgr info 17 | 18 | ## Join a project: 19 | # Create an account at https://www.worldcommunitygrid.org/ 20 | # docker exec -it boinc boinccmd --lookup_account http://www.worldcommunitygrid.org 21 | # docker exec -it boinc boinccmd --project_attach http://www.worldcommunitygrid.org 22 | ## Or atach directly to project: 23 | # docker exec -it boinc boinccmd --project_attach 24 | 25 | ## Check tasks using command line: 26 | # docker exec -it boinc boinccmd --get_tasks 27 | 28 | boinc: 29 | container_name: boinc 30 | image: boinc/client:arm32v7 31 | restart: always 32 | network_mode: host 33 | # ports: 34 | # - "31416:31416" 35 | volumes: 36 | - $USERDIR/docker/boinc/client:/var/lib/boinc 37 | environment: 38 | - TZ=$TZ 39 | - BOINC_GUI_RPC_PASSWORD=$MY_PASSWORD 40 | - BOINC_CMD_LINE_OPTIONS=--allow_remote_gui_rpc 41 | -------------------------------------------------------------------------------- /ymlfiles/mongo.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## MongoDB - Database 5 | mongo: 6 | container_name: mongo 7 | image: mongo:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "27017:27017" 13 | volumes: 14 | - $USERDIR/docker/mongo:/data/db 15 | - /etc/timezone:/etc/timezone:ro 16 | - /etc/localtime:/etc/localtime:ro 17 | 18 | ## Mongo-Express - Database Manager 19 | mongoexpress: 20 | container_name: mongoexpress 21 | image: mongo-express:latest 22 | restart: always 23 | depends_on: 24 | - mongo 25 | networks: 26 | - traefik_proxy 27 | # ports: 28 | # - "8081:8081" 29 | # environment: 30 | # - ME_CONFIG_BASICAUTH_USERNAME=$MY_USERNAME 31 | # - ME_CONFIG_BASICAUTH_PASSWORD=$MY_PASSWORD 32 | labels: 33 | - "traefik.enable=true" 34 | ## HTTP Routers 35 | - "traefik.http.routers.mongoexpress-rtr.entrypoints=https" 36 | - "traefik.http.routers.mongoexpress-rtr.rule=Host(`mongoexpress.$DOMAINNAME`)" 37 | - "traefik.http.routers.mongoexpress-rtr.tls=true" 38 | - "traefik.http.routers.mongoexpress-rtr.tls.certresolver=dns-cloudflare" 39 | ## Middlewares 40 | - "traefik.http.routers.mongoexpress-rtr.middlewares=secure-chain@file" 41 | ## HTTP Services 42 | - "traefik.http.routers.mongoexpress-rtr.service=mongoexpress-svc" 43 | - "traefik.http.services.mongoexpress-svc.loadbalancer.server.port=8081" 44 | 45 | networks: 46 | traefik_proxy: 47 | external: true 48 | -------------------------------------------------------------------------------- /ymlfiles/openvpn-as.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## OpenVPN - VPN Access Server 5 | openvpn-as: 6 | container_name: openvpn-as 7 | image: linuxserver/openvpn-as:latest 8 | restart: always 9 | cap_add: 10 | - NET_ADMIN 11 | networks: 12 | traefik_proxy: 13 | ipv4_address: 192.168.50.240 14 | ports: 15 | - "943:943" # Admin GUI 16 | - "9443:9443" # TCP port 17 | - "1194:1194/udp" # UDP port 18 | volumes: 19 | - $USERDIR/docker/openvpn-as:/config 20 | - /etc/timezone:/etc/timezone:ro 21 | environment: 22 | - PUID=$PUID 23 | - PGID=$PGID 24 | - TZ=$TZ 25 | # - INTERFACE=eth0 #Optional - With bridge networking, leave it as eth0 (or don't include at all), if host or macvlan, set it to your host's network interface, found by running ifconfig 26 | labels: 27 | - "traefik.enable=true" 28 | ## HTTP Routers 29 | - "traefik.http.routers.openvpnAS-rtr.entrypoints=https" 30 | - "traefik.http.routers.openvpnAS-rtr.rule=Host(`openvpn.$DOMAINNAME`)" 31 | - "traefik.http.routers.openvpnAS-rtr.tls=true" 32 | - "traefik.http.routers.openvpnAS-rtr.tls.certresolver=dns-cloudflare" 33 | ## Middlewares 34 | - "traefik.http.routers.openvpnAS-rtr.middlewares=secure-chain@file" 35 | ## HTTP Services 36 | - "traefik.http.routers.openvpnAS-rtr.service=openvpnAS-svc" 37 | - "traefik.http.services.openvpnAS-svc.loadbalancer.server.port=943" 38 | 39 | networks: 40 | traefik_proxy: 41 | external: 42 | name: traefik_proxy 43 | -------------------------------------------------------------------------------- /ymlfiles/index.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Simple Directory Index / File Browser 5 | index: 6 | container_name: index 7 | image: digitalmobil/ifm:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $USERDIR:/var/www/html/home:ro 15 | - /mnt/storage:/var/www/html/storage:ro 16 | - $USERDIR/tmpfldr:/tmpfldr 17 | - /tmp/index:/tmp # for IFM_TMP_DIR 18 | # - $TESTDIR:/var/www/html/files_available_here:ro # Location you want to index 19 | environment: 20 | - IFM_AUTH=0 # If enabled, login with: admin/admin 21 | - IFM_GUI_SHOWHIDDENFILES=0 22 | - IFM_TMP_DIR=/tmp # "This is used to save temporary zip files when you download an entire directory. Make sure the PHP user has write permissions there." 23 | # - IFM_ROOT_DIR=/var/www/html/files_available_here 24 | labels: 25 | - "traefik.enable=true" 26 | ## HTTP Routers 27 | - "traefik.http.routers.index-rtr.entrypoints=https" 28 | - "traefik.http.routers.index-rtr.rule=Host(`index.$DOMAINNAME`)" 29 | - "traefik.http.routers.index-rtr.tls=true" 30 | - "traefik.http.routers.index-rtr.tls.certresolver=dns-cloudflare" 31 | ## Middlewares 32 | - "traefik.http.routers.index-rtr.middlewares=secure-chain@file" 33 | ## HTTP Services 34 | - "traefik.http.routers.index-rtr.service=index-svc" 35 | - "traefik.http.services.index-svc.loadbalancer.server.port=80" 36 | 37 | networks: 38 | traefik_proxy: 39 | external: true 40 | -------------------------------------------------------------------------------- /ymlfiles/freshrss.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## FreshRSS 5 | 6 | ## Suggested procedure to create your Database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE freshrss CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON freshrss.* TO 'freshrss'@'freshrss.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | freshrss: 15 | container_name: freshrss 16 | image: linuxserver/freshrss:latest 17 | restart: unless-stopped 18 | networks: 19 | - traefik_proxy 20 | - mariadb 21 | # ports: 22 | # - "780:80" 23 | volumes: 24 | - $USERDIR/docker/freshrss:/config 25 | environment: 26 | - PUID=$PUID 27 | - PGID=$PGID 28 | - TZ=$TZ 29 | labels: 30 | - "traefik.enable=true" 31 | ## HTTP Routers 32 | - "traefik.http.routers.freshrss-rtr.entrypoints=https" 33 | - "traefik.http.routers.freshrss-rtr.rule=Host(`freshrss.$DOMAINNAME`)" 34 | - "traefik.http.routers.freshrss-rtr.tls=true" 35 | - "traefik.http.routers.freshrss-rtr.tls.certresolver=dns-cloudflare" 36 | ## Middlewares 37 | - "traefik.http.routers.freshrss-rtr.middlewares=secure-headers@file" 38 | ## HTTP Services 39 | - "traefik.http.routers.freshrss-rtr.service=freshrss-svc" 40 | - "traefik.http.services.freshrss-svc.loadbalancer.server.port=80" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: true 45 | mariadb: 46 | external: true 47 | -------------------------------------------------------------------------------- /ymlfiles/photos3.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Piwigo - Photo Gallery Server 5 | 6 | ## Suggested procedure to create your Piwigo Database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE piwigo CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON piwigo.* TO 'piwigo'@'piwigo.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | piwigo: 15 | container_name: piwigo 16 | image: linuxserver/piwigo:latest 17 | restart: always 18 | networks: 19 | - traefik_proxy 20 | - mariadb 21 | # ports: 22 | # - "80:80" 23 | volumes: 24 | # - ${USERDIR}/docker/piwigo:/config 25 | - ${USERDIR}/Pictures:/pics 26 | environment: 27 | - PUID=${PUID} 28 | - PGID=${PGID} 29 | - TZ=${TZ} 30 | labels: 31 | - "traefik.enable=true" 32 | ## HTTP Routers 33 | - "traefik.http.routers.photos-rtr.entrypoints=https" 34 | - "traefik.http.routers.photos-rtr.rule=Host(`photos.$DOMAINNAME`)" 35 | - "traefik.http.routers.photos-rtr.tls=true" 36 | - "traefik.http.routers.photos-rtr.tls.certresolver=dns-cloudflare" 37 | ## Middlewares 38 | - "traefik.http.routers.photos-rtr.middlewares=secure-chain@file" 39 | ## HTTP Services 40 | - "traefik.http.routers.photos-rtr.service=photos-svc" 41 | - "traefik.http.services.photos-svc.loadbalancer.server.port=80" 42 | 43 | networks: 44 | traefik_proxy: 45 | external: true 46 | mariadb: 47 | external: true 48 | -------------------------------------------------------------------------------- /ymlfiles/photos.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Lychee - Photo/Image Server 5 | 6 | ## Suggested procedure to create your database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE lychee CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON lychee.* TO 'lychee'@'lychee.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | photos: 15 | container_name: photos 16 | image: linuxserver/lychee:latest 17 | restart: always 18 | networks: 19 | - traefik_proxy 20 | - mariadb 21 | # ports: 22 | # - "80:80" 23 | volumes: 24 | - ${USERDIR}/pics:/pics 25 | - ${USERDIR}/Pictures:/pictures 26 | - ${USERDIR}/docker/lychee:/config 27 | environment: 28 | - PUID=${PUID} 29 | - PGID=${PGID} 30 | - TZ=${TZ} 31 | labels: 32 | - "traefik.enable=true" 33 | ## HTTP Routers 34 | - "traefik.http.routers.photos-rtr.entrypoints=https" 35 | - "traefik.http.routers.photos-rtr.rule=Host(`photos.$DOMAINNAME`)" 36 | - "traefik.http.routers.photos-rtr.tls=true" 37 | - "traefik.http.routers.photos-rtr.tls.certresolver=dns-cloudflare" 38 | ## Middlewares 39 | - "traefik.http.routers.photos-rtr.middlewares=secure-chain@file" 40 | ## HTTP Services 41 | - "traefik.http.routers.photos-rtr.service=photos-svc" 42 | - "traefik.http.services.photos-svc.loadbalancer.server.port=80" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: true 47 | mariadb: 48 | external: true 49 | -------------------------------------------------------------------------------- /ymlfiles/photos6.yml: -------------------------------------------------------------------------------- 1 | :latestversion: "3.7" 2 | services: 3 | 4 | ## Lychee - Photo/Image Server 5 | 6 | ## Suggested procedure to create your database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE lychee CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON lychee.* TO 'lychee'@'lychee.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | photos: 15 | container_name: photos 16 | image: lsiocommunity/pixapop:latest 17 | restart: always 18 | networks: 19 | - traefik_proxy 20 | - mariadb 21 | # ports: 22 | # - "80:80" 23 | volumes: 24 | - ${USERDIR}/pics:/photos 25 | # - ${USERDIR}/Pictures:/photos 26 | - ${USERDIR}/docker/photos/config6:/config 27 | environment: 28 | - PUID=${PUID} 29 | - PGID=${PGID} 30 | - TZ=${TZ} 31 | labels: 32 | - "traefik.enable=true" 33 | ## HTTP Routers 34 | - "traefik.http.routers.photos-rtr.entrypoints=https" 35 | - "traefik.http.routers.photos-rtr.rule=Host(`photos.$DOMAINNAME`)" 36 | - "traefik.http.routers.photos-rtr.tls=true" 37 | - "traefik.http.routers.photos-rtr.tls.certresolver=dns-cloudflare" 38 | ## Middlewares 39 | - "traefik.http.routers.photos-rtr.middlewares=oauth@file" 40 | ## HTTP Services 41 | - "traefik.http.routers.photos-rtr.service=photos-svc" 42 | - "traefik.http.services.photos-svc.loadbalancer.server.port=80" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: true 47 | mariadb: 48 | external: true 49 | -------------------------------------------------------------------------------- /ymlfiles/handbrake.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Handbrake - Video Converter 5 | handbrake: 6 | container_name: handbrake 7 | image: jlesage/handbrake:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "5800:5800" 13 | volumes: 14 | - $USERDIR/docker/handbrake/config:/config:rw 15 | - $USERDIR/docker/handbrake/watch:/watch:rw # Watch folder 16 | - $USERDIR/docker/handbrake/output:/output:rw # Output folder 17 | - /mnt/storage:/storage:ro # Data folder - can be anything 18 | - $USERDIR/dwnloads:/downloads:ro # Data folder - can be anything 19 | environment: 20 | - USER_ID=$PUID 21 | - GROUP_ID=$PGID 22 | - TZ=$TZ 23 | - UMASK=002 24 | - DISPLAY_WIDTH=1600 25 | - DISPLAY_HEIGHT=768 26 | # - AUTOMATED_CONVERSION_PRESET=H.265 MKV 480p30 27 | - AUTOMATED_CONVERSION_PRESET=H.265 MKV 1080p30 28 | - AUTOMATED_CONVERSION_FORMAT=mkv 29 | labels: 30 | - "traefik.enable=true" 31 | ## HTTP Routers 32 | - "traefik.http.routers.handbrake-rtr.entrypoints=https" 33 | - "traefik.http.routers.handbrake-rtr.rule=Host(`handbrake.$DOMAINNAME`)" 34 | - "traefik.http.routers.handbrake-rtr.tls=true" 35 | - "traefik.http.routers.handbrake-rtr.tls.certresolver=dns-cloudflare" 36 | ## Middlewares 37 | - "traefik.http.routers.handbrake-rtr.middlewares=secure-chain@file" 38 | ## HTTP Services 39 | - "traefik.http.routers.handbrake-rtr.service=handbrake-svc" 40 | - "traefik.http.services.handbrake-svc.loadbalancer.server.port=5800" 41 | 42 | networks: 43 | traefik_proxy: 44 | external: true 45 | -------------------------------------------------------------------------------- /ymlfiles/3_rpiswarm_traefik.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Traefik 5 | # runs but not set up 6 | traefik: 7 | image: gilir/rpi-traefik:latest 8 | command: 9 | - --logLevel=INFO 10 | - --api 11 | - --docker 12 | - --docker.swarmmode 13 | - --docker.watch 14 | - --docker.domain= 15 | - --checkNewVersion=false 16 | - --acme 17 | - --acme.email= 18 | - --acme.storage=/etc/traefik/acme/acme.json 19 | - --acme.entrypoint=https 20 | - --acme.ondemand=true 21 | - --acme.domains=' 22 | - --entryPoints=Name:https Address::443 TLS 23 | - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https 24 | - --defaultentrypoints=https,https 25 | networks: 26 | - overlay_net 27 | ports: 28 | - "2080:80" 29 | - "2280:8080" 30 | - "443:443" 31 | volumes: 32 | - /opt/swarmdata/docker/traefik:/etc/traefik 33 | - /var/run/docker.sock:/var/run/docker.sock:ro 34 | # environment: 35 | # - CLOUDFLARE_EMAIL=$CLOUDFLARE_EMAIL 36 | # - CLOUDFLARE_API_KEY=$CLOUDFLARE_API_KEY 37 | deploy: 38 | # mode: global # service runs on every node 39 | mode: replicated # a specified number of containers (default) 40 | replicas: 1 41 | update_config: 42 | parallelism: 1 43 | delay: 10s 44 | order: stop-first 45 | restart_policy: 46 | condition: on-failure 47 | placement: 48 | constraints: 49 | - node.role == manager 50 | # - node.platform.arch == armv7l 51 | # preferences: 52 | # - spread: node.labels.zone 53 | 54 | networks: 55 | overlay_net: 56 | external: true 57 | -------------------------------------------------------------------------------- /traefik/rules_examples/secure-headers.toml: -------------------------------------------------------------------------------- 1 | # Available Header Options: https://github.com/unrolled/secure#available-options 2 | # A great resource for these headers is your preferred browser's docs. Firefox: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers 3 | # https://developers.google.com/search/reference/robots_meta_tag 4 | # https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Clickjacking_Defense_Cheat_Sheet.md 5 | # CSP for VNC: https://github.com/cockpit-project/cockpit/pull/5932 6 | # Check headers here, don't include OAuth when checking headers, otherwise you are checking google's headers: https://securityheaders.com 7 | # or check them here: https://observatory.mozilla.org/ 8 | 9 | [http.middlewares] 10 | [http.middlewares.secure-headers.headers] 11 | accessControlAllowMethods= ["GET", "OPTIONS", "PUT"] 12 | accessControlMaxAge = 100 13 | hostsProxyHeaders = ["X-Forwarded-Host"] 14 | sslRedirect = true 15 | stsSeconds = 63072000 16 | stsIncludeSubdomains = true 17 | stsPreload = true 18 | forceSTSHeader = true 19 | # frameDeny = true 20 | customFrameOptionsValue = "allow-from https:" # This option overrides frameDeny 21 | contentTypeNosniff = true 22 | browserXssFilter = true 23 | # contentSecurityPolicy = "default-src 'self'; frame-ancestors 'none'; script-src 'none'; object-src 'none'; base-uri 'none';" 24 | referrerPolicy = "same-origin" 25 | featurePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 26 | [http.middlewares.secure-headers.headers.customResponseHeaders] 27 | X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex," 28 | # Set-Cookie = "__Secure-sess=123; path=/; HttpOnly; Secure; SameSite=Lax;" 29 | -------------------------------------------------------------------------------- /ymlfiles/odoo.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Odoo - Business Management Software 5 | odoo: 6 | container_name: odoo 7 | image: odoo:12.0 8 | restart: always 9 | depends_on: 10 | - odoo_db 11 | networks: 12 | - traefik_proxy 13 | ports: 14 | - "8069:8069" 15 | volumes: 16 | - odoo-web-data:/var/lib/odoo # folder needs correct folder perms to mount locally... 17 | # - $USERDIR/docker/odoo/config:/etc/odoo # custom config 18 | # - $USERDIR/docker/odoo/addons:/mnt/extra-addons 19 | - /etc/timezone:/etc/timezone:ro 20 | - /etc/localtime:/etc/localtime:ro 21 | environment: 22 | - HOST=odoo_db 23 | - USER=odoo 24 | - PASSWORD=odoo 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.odoo-rtr.entrypoints=https" 29 | - "traefik.http.routers.odoo-rtr.rule=Host(`odoo.$DOMAINNAME`)" 30 | - "traefik.http.routers.odoo-rtr.tls=true" 31 | - "traefik.http.routers.odoo-rtr.tls.certresolver=dns-cloudflare" 32 | ## Middlewares 33 | - "traefik.http.routers.odoo-rtr.middlewares=secure-chain@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.odoo-rtr.service=odoo-svc" 36 | - "traefik.http.services.odoo-svc.loadbalancer.server.port=8069" 37 | 38 | odoo_db: 39 | container_name: odoo_db 40 | image: postgres:10 41 | networks: 42 | - traefik_proxy 43 | volumes: 44 | - $USERDIR/docker/odoo/db:/var/lib/postgresql/data/pgdata 45 | environment: 46 | - POSTGRES_DB=postgres 47 | - POSTGRES_PASSWORD=odoo 48 | - POSTGRES_USER=odoo 49 | - PGDATA=/var/lib/postgresql/data/pgdata 50 | 51 | volumes: 52 | odoo-web-data: 53 | 54 | networks: 55 | traefik_proxy: 56 | external: true 57 | -------------------------------------------------------------------------------- /ymlfiles/photos5.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Chevereto - Image Hosting 5 | 6 | ## Suggested procedure to create your Chevereto Database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE chevereto CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON chevereto.* TO 'chevereto'@'%' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | # Fix permissions: 15 | # sudo chmod -R 766 ${USERDIR}/Pictures 16 | # or 17 | # create user or group with id 33 and assign permissions to that folder 18 | 19 | chevereto: 20 | container_name: chevereto 21 | image: nmtan/chevereto:latest 22 | restart: always 23 | networks: 24 | - traefik_proxy 25 | # ports: 26 | # - "80:80" 27 | volumes: 28 | - ${USERDIR}/Pictures:/var/www/html/images 29 | environment: 30 | - CHEVERETO_DB_HOST=mariadb 31 | - CHEVERETO_DB_USERNAME=chevereto 32 | - CHEVERETO_DB_PASSWORD=$MYSQL_PASSWORD 33 | - CHEVERETO_DB_NAME=chevereto 34 | - CHEVERETO_DB_PREFIX=chv_ 35 | labels: 36 | - "traefik.enable=true" 37 | ## HTTP Routers 38 | - "traefik.http.routers.photos-rtr.entrypoints=https" 39 | - "traefik.http.routers.photos-rtr.rule=Host(`photos.$DOMAINNAME`)" 40 | - "traefik.http.routers.photos-rtr.tls=true" 41 | - "traefik.http.routers.photos-rtr.tls.certresolver=dns-cloudflare" 42 | ## Middlewares 43 | - "traefik.http.routers.photos-rtr.middlewares=secure-chain@file" 44 | ## HTTP Services 45 | - "traefik.http.routers.photos-rtr.service=photos-svc" 46 | - "traefik.http.services.photos-svc.loadbalancer.server.port=80" 47 | 48 | networks: 49 | traefik_proxy: 50 | external: true 51 | -------------------------------------------------------------------------------- /ymlfiles/syncthing.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Syncthing – Continuous File Synchronization 5 | 6 | ## Fix inotify limit error - Need to run on host 7 | #https://docs.syncthing.net/users/faq.html#inotify-limits 8 | # echo "fs.inotify.max_user_watches=204800" | sudo tee -a /etc/sysctl.d/90-override.conf 9 | # This only takes effect after a reboot. To adjust the limit immediately, run: 10 | # sudo sh -c 'echo 204800 > /proc/sys/fs/inotify/max_user_watches' 11 | 12 | syncthing: 13 | container_name: syncthing 14 | image: linuxserver/syncthing:latest 15 | restart: always 16 | networks: 17 | - traefik_proxy 18 | ports: 19 | # - "8384:8384" # Application WebUI 20 | - "22000:22000" # Listening port 21 | - "21027:21027/udp" # Protocol discovery 22 | volumes: 23 | - $USERDIR/transfer_sync:/data/default 24 | - $USERDIR/.scripts:/data/scripts 25 | - $TRAEFIK2DIR/ymlfiles:/data/ymlfiles 26 | - $USERDIR/docker/syncthing:/config 27 | environment: 28 | - PUID=$PUID 29 | - PGID=$PGID 30 | - TZ=$TZ 31 | - UMASK_SET=022 32 | labels: 33 | - "traefik.enable=true" 34 | ## HTTP Routers 35 | - "traefik.http.routers.syncthing-rtr.entrypoints=https" 36 | - "traefik.http.routers.syncthing-rtr.rule=Host(`syncthing.$DOMAINNAME`)" 37 | - "traefik.http.routers.syncthing-rtr.tls=true" 38 | - "traefik.http.routers.syncthing-rtr.tls.certresolver=dns-cloudflare" 39 | ## Middlewares 40 | - "traefik.http.routers.syncthing-rtr.middlewares=secure-chain@file" 41 | ## HTTP Services 42 | - "traefik.http.routers.syncthing-rtr.service=syncthing-svc" 43 | - "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384" 44 | 45 | networks: 46 | traefik_proxy: 47 | external: true 48 | -------------------------------------------------------------------------------- /ymlfiles/projectsend.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## ProjectSend - WeTransfer/File Sharing 5 | 6 | ## Suggested procedure to create your ProjectSend Database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE projectsend CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON projectsend.* TO 'projectsend'@'projectsend.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | ## Start container and enter database information during install process 15 | # Replace localhost with "mariadb:3306" 16 | 17 | projectsend: 18 | container_name: projectsend 19 | image: linuxserver/projectsend:latest 20 | restart: always 21 | networks: 22 | - traefik_proxy 23 | - mariadb 24 | # ports: 25 | # - "9980:80" 26 | volumes: 27 | - $USERDIR/docker/projectsend:/config 28 | - /mnt/storage/files/PROJECTSEND:/data 29 | environment: 30 | - PUID=$PUID 31 | - PGID=$PGID 32 | - TZ=$TZ 33 | - MAX_UPLOAD=30720 # 30GB 34 | labels: 35 | - "traefik.enable=true" 36 | ## HTTP Routers 37 | - "traefik.http.routers.projectsend-rtr.entrypoints=https" 38 | - "traefik.http.routers.projectsend-rtr.rule=Host(`send.$DOMAINNAME`)" 39 | - "traefik.http.routers.projectsend-rtr.tls=true" 40 | - "traefik.http.routers.projectsend-rtr.tls.certresolver=dns-cloudflare" 41 | ## Middlewares 42 | - "traefik.http.routers.projectsend-rtr.middlewares=secure-headers@file,rate-limit@file" 43 | ## HTTP Services 44 | - "traefik.http.routers.projectsend-rtr.service=projectsend-svc" 45 | - "traefik.http.services.projectsend-svc.loadbalancer.server.port=80" 46 | 47 | networks: 48 | traefik_proxy: 49 | external: true 50 | mariadb: 51 | external: true 52 | -------------------------------------------------------------------------------- /ymlfiles/dillinger.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Dillinger - Markdown Editor 5 | 6 | ## Create $USERDIR/docker/dillinger/configs/googledrive/googledrive-config.json 7 | # { 8 | # "client_id": "", 9 | # "client_secret": "", 10 | # "redirect_uri": "https://dillinger.$DOMAINNAME/oauth/googledrive" 11 | # } 12 | 13 | # I created a Google Web application, with Authorized JavaScript origin = https://dillinger.$DOMAINNAME and Authorized redirect URIs = https://dillinger.$DOMAINNAME/oauth/googledrive 14 | 15 | dillinger: 16 | container_name: dillinger 17 | image: linuxserver/dillinger:latest 18 | restart: always 19 | networks: 20 | - traefik_proxy 21 | # ports: 22 | # - "8080:8080" 23 | volumes: 24 | - $USERDIR/docker/dillinger:/config 25 | environment: 26 | - PUID=$PUID 27 | - PGID=$PGID 28 | - TZ=$TZ 29 | labels: 30 | - "traefik.enable=true" 31 | ## HTTP Routers 32 | - "traefik.http.routers.dillinger-rtr.entrypoints=https" 33 | - "traefik.http.routers.dillinger-rtr.rule=Host(`dillinger.$DOMAINNAME`)" 34 | - "traefik.http.routers.dillinger-rtr.tls=true" 35 | - "traefik.http.routers.dillinger-rtr.tls.certresolver=dns-cloudflare" 36 | # - "traefik.http.routers.dillinger-rtr.tls.options=tls-opts@file" 37 | ## Middlewares 38 | - "traefik.http.routers.dillinger-rtr.middlewares=secure-headers@file,dillinger-auth" # Doesn't work with OAuth for some reason 39 | - "traefik.http.middlewares.dillinger-auth.basicauth.users=$HTPASSWD" # htpasswd should have single $'s escaped w backslash: \$ 40 | ## HTTP Services 41 | - "traefik.http.routers.dillinger-rtr.service=dillinger-svc" 42 | - "traefik.http.services.dillinger-svc.loadbalancer.server.port=8080" 43 | 44 | networks: 45 | traefik_proxy: 46 | external: true 47 | -------------------------------------------------------------------------------- /ymlfiles/oauth.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Google OAuth - Single Sign On using OAuth 2.0 5 | # https://hub.docker.com/r/thomseddon/traefik-forward-auth 6 | # https://console.developers.google.com/ 7 | # Follow directions at above link. My Google settings under the Credentials tab are: 8 | # Credentials: Name can be anything (mine is Traefik) and Authorized redirect URLs: https://oauth.$DOMAINNAME/_oauth 9 | # OAuth Concent Screen: Application Name is Traefik (think it can be anything). I entered my e-mail for support e-mail. Authorized Domains is $DOMAINNAME 10 | # Domain Verification: $DOMAINNAME 11 | 12 | oauth: 13 | container_name: oauth 14 | image: thomseddon/traefik-forward-auth:latest 15 | restart: always 16 | networks: 17 | - traefik_proxy 18 | environment: 19 | - CLIENT_ID=$GOOGLE_CLIENT_ID 20 | - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET 21 | - SECRET=$GOOGLE_OAUTH_SECRET 22 | - COOKIE_DOMAIN=$DOMAINNAME 23 | - INSECURE_COOKIE=false 24 | - AUTH_HOST=oauth.$DOMAINNAME 25 | - URL_PATH=/_oauth 26 | - WHITELIST=$MY_EMAIL 27 | - LOG_LEVEL=info 28 | - LOG_FORMAT=text 29 | - LIFETIME=2592000 # 30 days 30 | labels: 31 | - "traefik.enable=true" 32 | ## HTTP Routers 33 | - "traefik.http.routers.oauth-rtr.entrypoints=https" 34 | - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME`)" 35 | - "traefik.http.routers.oauth-rtr.tls=true" 36 | - "traefik.http.routers.oauth-rtr.tls.certresolver=dns-cloudflare" 37 | ## Middlewares 38 | - "traefik.http.routers.oauth-rtr.middlewares=secure-chain@file,rate-limit@file" 39 | ## HTTP Services 40 | - "traefik.http.routers.oauth-rtr.service=oauth-svc" 41 | - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" 42 | 43 | networks: 44 | traefik_proxy: 45 | external: true 46 | -------------------------------------------------------------------------------- /ymlfiles/jdownloader.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## JDownloader – Download Manager 5 | 6 | ## Disable ads, banners, and other junk: 7 | # https://www.ps2-home.com/forum/viewtopic.php?t=512 8 | # Go to Advanced Settings and search for these keywords: 9 | # premium alert 10 | # special deals 11 | # banner 12 | # Donate (displays the Contribute tab) 13 | 14 | ## Themes available 15 | # Search Advanced Settings for "look and feel" 16 | 17 | jdownloader: 18 | container_name: jdownloader 19 | image: jlesage/jdownloader-2:latest 20 | restart: always 21 | networks: 22 | - traefik_proxy 23 | # ports: 24 | # - "5800:5800" 25 | # - "5900:5900" 26 | # - "3129:3129" 27 | volumes: 28 | - $USERDIR/docker/jdownloader:/config 29 | - $USERDIR/dwnloads/:/downloads # by default this folder is called ":/output" 30 | - /mnt/storage:/mnt/storage 31 | environment: 32 | - USER_ID=$PUID 33 | - GROUP_ID=$PGID 34 | - TZ=$TZ 35 | - UMASK_SET=022 36 | - DISPLAY_WIDTH=1600 37 | - DISPLAY_HEIGHT=768 38 | - KEEP_APP_RUNNING=1 39 | # - VNC_PASSWORD= # Optional 40 | labels: 41 | - "traefik.enable=true" 42 | ## HTTP Routers 43 | - "traefik.http.routers.jdownloader-rtr.entrypoints=https" 44 | - "traefik.http.routers.jdownloader-rtr.rule=Host(`jdownloader.$DOMAINNAME`)" 45 | - "traefik.http.routers.jdownloader-rtr.tls=true" 46 | - "traefik.http.routers.jdownloader-rtr.tls.certresolver=dns-cloudflare" 47 | ## Middlewares 48 | - "traefik.http.routers.jdownloader-rtr.middlewares=secure-chain@file" 49 | ## HTTP Services 50 | - "traefik.http.routers.jdownloader-rtr.service=jdownloader-svc" 51 | - "traefik.http.services.jdownloader-svc.loadbalancer.server.port=5800" 52 | 53 | networks: 54 | traefik_proxy: 55 | external: true 56 | -------------------------------------------------------------------------------- /ymlfiles/bin2.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Stikked - A Paste Bin 5 | 6 | ## Suggested procedure to create your Stikked Database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE bin CHARACTER SET = utf8 COLLATE = utf8_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON bin.* TO 'bin'@'bin.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | bin: 15 | container_name: bin 16 | image: claudehohl/stikked:latest 17 | restart: unless-stopped 18 | networks: 19 | - traefik_proxy 20 | - mariadb 21 | # ports: 22 | # - "80:80" 23 | environment: 24 | - STIKKED_SITE_NAME=$DOMAINNAME PasteBin 25 | - STIKKED_BASE_URL=https://bin.$DOMAINNAME 26 | - STIKKED_DB_HOSTNAME=mariadb 27 | - STIKKED_DB_DATABASE=bin 28 | - STIKKED_DB_USERNAME=bin 29 | - STIKKED_DB_PASSWORD=$MYSQL_PASSWORD 30 | - STIKKED_THEME=bootstrap 31 | - STIKKED_JS_EDITOR=ace #codemirror 32 | - STIKKED_DISALLOW_SEARCH_ENGINES=true 33 | - STIKKED_URL_SHORTENING_USE=yourls 34 | - STIKKED_YOURLS_URL=https://$DOMAINNAME 35 | - STIKKED_YOURLS_SIGNATURE=$YOURLS_API 36 | - STIKKED_RECAPTCHA_PUBLICKEY=$RECAPTCHA_PUBLICKEY 37 | - STIKKED_RECAPTCHA_PRIVATEKEY=$RECAPTCHA_PRIVATEKEY 38 | labels: 39 | - "traefik.enable=true" 40 | ## HTTP Routers 41 | - "traefik.http.routers.bin-rtr.entrypoints=https" 42 | - "traefik.http.routers.bin-rtr.rule=Host(`bin.$DOMAINNAME`)" 43 | - "traefik.http.routers.bin-rtr.tls=true" 44 | - "traefik.http.routers.bin-rtr.tls.certresolver=dns-cloudflare" 45 | ## Middlewares 46 | - "traefik.http.routers.bin-rtr.middlewares=secure-headers@file" 47 | ## HTTP Services 48 | - "traefik.http.routers.bin-rtr.service=bin-svc" 49 | - "traefik.http.services.bin-svc.loadbalancer.server.port=80" 50 | 51 | networks: 52 | traefik_proxy: 53 | external: true 54 | mariadb: 55 | external: true 56 | -------------------------------------------------------------------------------- /ymlfiles/pia.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## PIA - VPN Container 5 | pia: 6 | container_name: pia 7 | image: act28/pia-openvpn-proxy:latest 8 | restart: always 9 | cap_add: 10 | - NET_ADMIN 11 | devices: 12 | - /dev/net/tun 13 | dns: 14 | - 209.222.18.218 15 | - 209.222.18.222 16 | networks: 17 | traefik_proxy: 18 | ipv4_address: 192.168.50.238 19 | volumes: 20 | - /etc/timezone:/etc/timezone:ro 21 | - /etc/localtime:/etc/localtime:ro 22 | environment: 23 | # - REGION=US East 24 | - REGION=CA Toronto 25 | - USERNAME=$PIA_USER 26 | - PASSWORD=$PIA_PASS 27 | - LOCAL_NETWORK=192.168.1.0/24 28 | labels: 29 | - "traefik.enable=true" 30 | ## HTTP Routers 31 | - "traefik.http.routers.rutorrent-rtr.entrypoints=https" 32 | - "traefik.http.routers.rutorrent-rtr.rule=Host(`rutorrent.$DOMAINNAME`)" 33 | - "traefik.http.routers.rutorrent-rtr.tls=true" 34 | - "traefik.http.routers.rutorrent-rtr.tls.certresolver=dns-cloudflare" 35 | ## Middlewares 36 | - "traefik.http.routers.rutorrent-rtr.middlewares=secure-chain@file" 37 | ## HTTP Services 38 | - "traefik.http.routers.rutorrent-rtr.service=rutorrent-svc" 39 | - "traefik.http.services.rutorrent-svc.loadbalancer.server.port=80" 40 | 41 | ## RuTorrent 42 | 43 | ## This needs to be it's own file to connect to container:pia 44 | 45 | # rutorrent: 46 | # container_name: rutorrent 47 | # image: linuxserver/rutorrent:latest 48 | # restart: always 49 | # network_mode: "container:pia" 50 | ## ports: 51 | ## - "80:80" 52 | ## - "5000:5000" 53 | ## - "51413:51413" 54 | ## - "6881:6881/udp" 55 | # volumes: 56 | # - $USERDIR/docker/rutorrent:/config 57 | # - $USERDIR/dwnloads:/downloads 58 | # - /etc/timezone:/etc/timezone:ro 59 | # - /etc/localtime:/etc/localtime:ro 60 | # environment: 61 | # - PUID=$PUID 62 | # - PGID=$PGID 63 | 64 | networks: 65 | traefik_proxy: 66 | external: true 67 | -------------------------------------------------------------------------------- /ymlfiles/qbittorrent.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## qBittorrent with VPN – Bittorrent Downloader 5 | # mkdir $USERDIR/docker/qbittorrent 6 | # mkdir $USERDIR/docker/qbittorrent/openvpn 7 | # Place ovpn file in $USERDIR/docker/qbittorrent/openvpn 8 | # If you can't see text in the WebUI go to your qbittorrent.conf file and add "en" to the Locale setting so it looks like this: General\Locale=en 9 | 10 | qbittorrent: 11 | container_name: qbittorrent 12 | image: markusmcnugen/qbittorrentvpn:latest 13 | restart: always 14 | networks: 15 | traefik_proxy: 16 | ipv4_address: 192.168.50.247 17 | cap_add: 18 | - NET_ADMIN 19 | devices: 20 | - /dev/net/tun 21 | # ports: 22 | # - "8022:8080" 23 | # - "8999:8999" 24 | # - "8999:8999/udp" 25 | volumes: 26 | - $USERDIR/docker/qbittorrent:/config 27 | - $USERDIR/dwnloads:/downloads 28 | - /mnt/storage:/mnt/storage 29 | environment: 30 | - PUID=$PUID 31 | - PGID=$PGID 32 | - VPN_ENABLED=yes 33 | - VPN_USERNAME=$PIA_USER 34 | - VPN_PASSWORD=$PIA_PASS 35 | - LAN_NETWORK=192.168.1.0/24 36 | - NAME_SERVERS=1.1.1.1,1.0.0.1 37 | - UMASK=002 38 | ## Add these to your .ovpn file: 39 | # - VPN_OPTIONS=--inactive 3600 --ping 10 --ping-exit 60 --auth-nocache 40 | labels: 41 | - "traefik.enable=true" 42 | ## HTTP Routers 43 | - "traefik.http.routers.qbittorrent-rtr.entrypoints=https" 44 | - "traefik.http.routers.qbittorrent-rtr.rule=Host(`qbittorrent.$DOMAINNAME`)" 45 | - "traefik.http.routers.qbittorrent-rtr.tls=true" 46 | - "traefik.http.routers.qbittorrent-rtr.tls.certresolver=dns-cloudflare" 47 | ## Middlewares 48 | - "traefik.http.routers.qbittorrent-rtr.middlewares=secure-chain@file" 49 | ## HTTP Services 50 | - "traefik.http.routers.qbittorrent-rtr.service=qbittorrent-svc" 51 | - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8080" 52 | 53 | networks: 54 | traefik_proxy: 55 | external: true 56 | -------------------------------------------------------------------------------- /ymlfiles/rutorrent.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## ruTorrent with VPN – Bittorrent Downloader 5 | rutorrent: 6 | container_name: rutorrent 7 | image: binhex/arch-rtorrentvpn:latest 8 | restart: always 9 | cap_add: 10 | - NET_ADMIN 11 | devices: 12 | - /dev/net/tun 13 | networks: 14 | traefik_proxy: 15 | ipv4_address: 192.168.50.237 16 | # ports: 17 | # - "9080:9080" # WebUI 18 | # - "9443:9443" # HTTPS WebUI 19 | # - "8118:8118" # privoxy 20 | volumes: 21 | - $USERDIR/docker/rutorrent:/config 22 | - $USERDIR/dwnloads:/data 23 | - /etc/timezone:/etc/timezone:ro 24 | - /etc/localtime:/etc/localtime:ro 25 | environment: 26 | - VPN_ENABLED=yes 27 | - VPN_USER=$PIA_USER 28 | - VPN_PASS=$PIA_PASS 29 | - VPN_PROV=pia 30 | - STRICT_PORT_FORWARD=yes 31 | - ENABLE_PRIVOXY=yes 32 | - ENABLE_AUTODL_IRSSI=no 33 | - ENABLE_RPC2=no 34 | # - ENABLE_RPC2_AUTH=yes 35 | # - RPC2_USER=admin 36 | # - RPC2_PASS=rutorrent 37 | - ENABLE_WEBUI_AUTH=no 38 | # - WEBUI_USER=admin 39 | # - WEBUI_PASS=rutorrent 40 | - LAN_NETWORK=192.168.1.0/24 41 | - NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 42 | - DEBUG=false 43 | - PHP_TZ=$TZ 44 | - UMASK=002 45 | - PUID=$PUID 46 | - PGID=$PGID 47 | labels: 48 | - "traefik.enable=true" 49 | ## HTTP Routers 50 | - "traefik.http.routers.rutorrent-rtr.entrypoints=https" 51 | - "traefik.http.routers.rutorrent-rtr.rule=Host(`rutorrent.$DOMAINNAME`)" 52 | - "traefik.http.routers.rutorrent-rtr.tls=true" 53 | - "traefik.http.routers.rutorrent-rtr.tls.certresolver=dns-cloudflare" 54 | ## Middlewares 55 | - "traefik.http.routers.rutorrent-rtr.middlewares=secure-chain@file" 56 | ## HTTP Services 57 | - "traefik.http.routers.rutorrent-rtr.service=rutorrent-svc" 58 | - "traefik.http.services.rutorrent-svc.loadbalancer.server.port=9080" 59 | 60 | networks: 61 | traefik_proxy: 62 | external: true 63 | -------------------------------------------------------------------------------- /ymlfiles/logs3.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Logio - UI for Docker Logs 5 | logio: 6 | container_name: logio 7 | image: quay.io/blacklabelops/logio:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "28778:28778" 13 | volumes: 14 | - /opt/server 15 | # environment: 16 | # - LOGIO_ADMIN_USER= 17 | # - LOGIO_ADMIN_PASSWORD= 18 | labels: 19 | - "traefik.enable=true" 20 | ## HTTP Routers 21 | - "traefik.http.routers.logio-rtr.entrypoints=https" 22 | - "traefik.http.routers.logio-rtr.rule=Host(`logs.$DOMAINNAME`)" 23 | - "traefik.http.routers.logio-rtr.tls=true" 24 | - "traefik.http.routers.logio-rtr.tls.certresolver=dns-cloudflare" 25 | ## Middlewares 26 | - "traefik.http.routers.logio-rtr.middlewares=secure-chain@file" 27 | ## HTTP Services 28 | - "traefik.http.routers.logio-rtr.service=logio-svc" 29 | - "traefik.http.services.logio-svc.loadbalancer.server.port=28778" 30 | 31 | ## Harvester for Logio 32 | harvester: 33 | container_name: harvester 34 | user: root 35 | image: quay.io/blacklabelops/logio:latest 36 | restart: always 37 | command: harvester 38 | networks: 39 | - traefik_proxy 40 | # ports: 41 | # - "28777:28777" 42 | volumes: 43 | - /var/lib/docker:/var/lib/docker:ro 44 | - /var/log/docker:/var/log/docker:ro 45 | environment: 46 | # - DELAYED_START=10 47 | - LOGIO_HARVESTER1STREAMNAME=DockerLogs 48 | - LOGIO_HARVESTER1LOGSTREAMS=/var/lib/docker 49 | - LOGIO_HARVESTER1FILEPATTERN=*.log 50 | - LOGIO_HARVESTER2STREAMNAME=Traefik 51 | - LOGIO_HARVESTER2LOGSTREAMS=/var/log/docker 52 | - LOGIO_HARVESTER2FILEPATTERN=traefik.log 53 | - LOGIO_HARVESTER3STREAMNAME=Bitwarden 54 | - LOGIO_HARVESTER3LOGSTREAMS=/var/log/docker 55 | - LOGIO_HARVESTER3FILEPATTERN=bitwarden.log 56 | - LOGIO_HARVESTER4STREAMNAME=Pihole 57 | - LOGIO_HARVESTER4LOGSTREAMS=/var/log/docker 58 | - LOGIO_HARVESTER4FILEPATTERN=pihole.log 59 | 60 | # - LOGS_DIRECTORIES=/var/lib/docker 61 | # - LOG_FILE_PATTERN=*.log 62 | 63 | networks: 64 | traefik_proxy: 65 | external: true 66 | -------------------------------------------------------------------------------- /ymlfiles/postgres.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Postgres Database 5 | 6 | ## Still testing this out.. 7 | 8 | ## Create external postgres network: 9 | # docker network create --gateway 192.168.251.1 --subnet 192.168.251.0/24 postgres 10 | 11 | ## Suggested procedure to create new databases: 12 | ## Replace 13 | # docker exec -it postgres su postgres 14 | # createuser 15 | # createdb --owner= --encoding=UTF8 16 | # psql --u postgres 17 | # GRANT ALL PRIVILEGES ON DATABASE TO ; 18 | # exit 19 | # exit 20 | 21 | postgres: 22 | container_name: postgres 23 | image: postgres:12 24 | restart: always 25 | networks: 26 | # traefik_proxy: 27 | # ipv4_address: 192.168.50.250 28 | postgres: 29 | ipv4_address: 192.168.251.251 30 | ports: 31 | - "5432:5432" 32 | volumes: 33 | - $USERDIR/docker/postgres/postgres:/var/lib/postgresql/data 34 | - /etc/timezone:/etc/timezone:ro 35 | - /etc/localtime:/etc/localtime:ro 36 | environment: 37 | - POSTGRES_PASSWORD=$PG_ROOT_PASSWORD 38 | 39 | ## PGAdmin - Postgres Admin Tool 40 | pgadmin: 41 | container_name: pgadmin 42 | image: thajeztah/pgadmin4:latest 43 | restart: always 44 | depends_on: 45 | - postgres 46 | networks: 47 | - traefik_proxy 48 | - postgres 49 | # ports: 50 | # - "5050:5050" 51 | volumes: 52 | - $USERDIR/docker/postgres/pgadmin:/pgadmin 53 | - /etc/timezone:/etc/timezone:ro 54 | - /etc/localtime:/etc/localtime:ro 55 | labels: 56 | - "traefik.enable=true" 57 | ## HTTP Routers 58 | - "traefik.http.routers.pgadmin-rtr.entrypoints=https" 59 | - "traefik.http.routers.pgadmin-rtr.rule=Host(`pgadmin.$DOMAINNAME`)" 60 | - "traefik.http.routers.pgadmin-rtr.tls=true" 61 | - "traefik.http.routers.pgadmin-rtr.tls.certresolver=dns-cloudflare" 62 | ## Middlewares 63 | - "traefik.http.routers.pgadmin-rtr.middlewares=secure-chain@file" 64 | ## HTTP Services 65 | - "traefik.http.routers.pgadmin-rtr.service=pgadmin-svc" 66 | - "traefik.http.services.pgadmin-svc.loadbalancer.server.port=5050" 67 | 68 | networks: 69 | traefik_proxy: 70 | external: true 71 | postgres: 72 | external: true 73 | -------------------------------------------------------------------------------- /ymlfiles/matrix.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Synapse - Matrix Server 5 | 6 | # ... still a WIP ... 7 | 8 | 9 | matrix: 10 | container_name: matrix 11 | image: matrixdotorg/synapse:latest 12 | restart: always 13 | networks: 14 | - traefik_proxy 15 | # ports: 16 | # - "8008:8008" 17 | volumes: 18 | - $USERDIR/docker/matrix/data:/data 19 | # - /etc/timezone:/etc/timezone:ro 20 | # - /etc/localtime:/etc/localtime:ro 21 | environment: 22 | - UID=$PUID 23 | - GID=$PGID 24 | - TZ=$TZ 25 | labels: 26 | - "traefik.enable=true" 27 | ## HTTP Routers 28 | - "traefik.http.routers.matrix-rtr.entrypoints=https" 29 | - "traefik.http.routers.matrix-rtr.rule=Host(`matrix.$DOMAINNAME`)" 30 | - "traefik.http.routers.matrix-rtr.tls=true" 31 | - "traefik.http.routers.matrix-rtr.tls.certresolver=dns-cloudflare" 32 | ## Middlewares 33 | - "traefik.http.routers.matrix-rtr.middlewares=secure-chain@file" 34 | ## HTTP Services 35 | - "traefik.http.routers.matrix-rtr.service=matrix-svc" 36 | - "traefik.http.services.matrix-svc.loadbalancer.server.port=8008" 37 | 38 | ## ma1sd - Federated Matrix Identity Server 39 | ma1sd: 40 | container_name: ma1sd 41 | image: ma1uta/ma1sd:latest 42 | restart: always 43 | networks: 44 | - traefik_proxy 45 | # ports: 46 | # - "8090:8090" 47 | volumes: 48 | - $USERDIR/docker/matrix/ma1sd/etc:/etc/ma1sd 49 | - $USERDIR/docker/matrix/ma1sd/var:/var/ma1sd 50 | # - /etc/timezone:/etc/timezone:ro 51 | # - /etc/localtime:/etc/localtime:ro 52 | environment: 53 | # - UID=$PUID 54 | # - GID=$PGID 55 | # - TZ=$TZ 56 | - MATRIX_DOMAIN=matrix.$DOMAINNAME 57 | labels: 58 | - "traefik.enable=true" 59 | ## HTTP Routers 60 | - "traefik.http.routers.matrix-rtr.entrypoints=https" 61 | - "traefik.http.routers.matrix-rtr.rule=Host(`matrix-ident.$DOMAINNAME`)" 62 | - "traefik.http.routers.matrix-rtr.tls=true" 63 | - "traefik.http.routers.matrix-rtr.tls.certresolver=dns-cloudflare" 64 | ## Middlewares 65 | - "traefik.http.routers.matrix-rtr.middlewares=secure-chain@file" 66 | ## HTTP Services 67 | - "traefik.http.routers.matrix-rtr.service=matrix-svc" 68 | - "traefik.http.services.matrix-svc.loadbalancer.server.port=8090" 69 | 70 | networks: 71 | traefik_proxy: 72 | external: true 73 | -------------------------------------------------------------------------------- /ymlfiles/gitea.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Gitea - Selfhosted Git Service 5 | #https://docs.gitea.io/en-us/fail2ban-setup/ 6 | 7 | ## Suggested procedure to create your database: 8 | ## Change the 9 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 10 | # CREATE DATABASE gitea CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 11 | # GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'gitea.mariadb' IDENTIFIED BY ''; 12 | # FLUSH PRIVILEGES; 13 | # exit 14 | 15 | ## Disable self registration during install, or with the DISABLE_REGISTRATION flag in gitea>conf>app.ini 16 | 17 | gitea: 18 | container_name: gitea 19 | image: gitea/gitea:latest 20 | restart: always 21 | networks: 22 | - traefik_proxy 23 | - mariadb 24 | # ports: 25 | # - "3000:3000" 26 | # - "127.0.0.1:2222:22" 27 | volumes: 28 | - $USERDIR/docker/gitea:/data 29 | - /var/log/docker/gitea.log:/var/log/docker/gitea.log # make sure to touch this file with user permissions before starting, and change the log path on install 30 | environment: 31 | - USER_UID=1000 32 | - USER_GID=1000 33 | # - SSH_PORT=2222 34 | - DB_TYPE=mysql 35 | - DB_HOST=mariadb:3306 36 | - DB_NAME=gitea 37 | - DB_USER=gitea 38 | - DB_PASSWD=$MYSQL_PASSWORD 39 | - RUN_MODE=prod 40 | - ROOT_URL=https://gitea.$DOMAINNAME 41 | labels: 42 | - "traefik.enable=true" 43 | ## HTTP Routers 44 | - "traefik.http.routers.gitea-rtr.entrypoints=https" 45 | - "traefik.http.routers.gitea-rtr.rule=Host(`gitea.$DOMAINNAME`)" 46 | - "traefik.http.routers.gitea-rtr.tls=true" 47 | - "traefik.http.routers.gitea-rtr.tls.certresolver=dns-cloudflare" 48 | ## Middlewares 49 | - "traefik.http.routers.gitea-rtr.middlewares=secure-chain@file" 50 | ## HTTP Services 51 | - "traefik.http.routers.gitea-rtr.service=gitea-svc" 52 | - "traefik.http.services.gitea-svc.loadbalancer.server.port=3000" 53 | ## TCP 54 | # - "traefik.tcp.routers.gitea-tcp.entrypoints=ssh" 55 | # - "traefik.tcp.routers.gitea-tcp.tls=true" 56 | # - "traefik.tcp.routers.gitea-tcp.rule=HostSNI(`*`)" 57 | # - "traefik.tcp.routers.gitea-tcp.service=gitea-tcp-svc" 58 | # - "traefik.tcp.services.gitea-tcp-svc.loadbalancer.server.port=22" 59 | 60 | networks: 61 | traefik_proxy: 62 | external: true 63 | mariadb: 64 | external: true 65 | -------------------------------------------------------------------------------- /ymlfiles/diskover.yml: -------------------------------------------------------------------------------- 1 | version: "2.2" 2 | services: 3 | 4 | ## Add Redis 5 | 6 | ## Diskover - Disk Space Usage Manager / Search Tool 7 | diskover: 8 | container_name: diskover 9 | image: linuxserver/diskover:latest 10 | restart: always 11 | mem_limit: 4096m 12 | depends_on: 13 | - elasticsearch 14 | networks: 15 | - traefik_proxy 16 | # ports: 17 | # - "80:80" 18 | # - "9181:9181" 19 | # - "9999:9999" 20 | volumes: 21 | - $USERDIR/docker/diskover/config:/config 22 | - /mnt/storage:/data:ro 23 | environment: 24 | - PUID=$PUID 25 | - PGID=$PGID 26 | - TZ=$TZ 27 | - REDIS_HOST=redis 28 | - REDIS_PORT=6379 29 | - ES_HOST=elasticsearch 30 | - ES_PORT=9200 31 | - ES_USER=elastic 32 | - ES_PASS=changeme # keep as "changeme" ... not sure how to actually change 33 | - INDEX_NAME=diskover- 34 | - RUN_ON_START=true 35 | - USE_CRON=true 36 | labels: 37 | - "traefik.enable=true" 38 | ## HTTP Routers 39 | - "traefik.http.routers.diskover-rtr.entrypoints=https" 40 | - "traefik.http.routers.diskover-rtr.rule=Host(`diskover.$DOMAINNAME`)" 41 | - "traefik.http.routers.diskover-rtr.tls=true" 42 | - "traefik.http.routers.diskover-rtr.tls.certresolver=dns-cloudflare" 43 | ## Middlewares 44 | - "traefik.http.routers.diskover-rtr.middlewares=secure-chain@file" 45 | ## HTTP Services 46 | - "traefik.http.routers.diskover-rtr.service=diskover-svc" 47 | - "traefik.http.services.diskover-svc.loadbalancer.server.port=80" 48 | 49 | ## Elasticsearch - Search and Analytics Engine 50 | # On linux machine you need to enter (sudo sysctl -w vm.max_map_count=262144) because the standard value of 65530 is too low (error in logs) 51 | # If you get the warning "Failed to create node environment" you need to make sure permissions are set to 1000:1000 on the data folder 52 | # sudo chown -R 1000:1000 ${USERDIR}/docker/elasticsearch/ 53 | elasticsearch: 54 | container_name: elasticsearch 55 | image: docker.elastic.co/elasticsearch/elasticsearch:5.6.9 56 | restart: always 57 | networks: 58 | - traefik_proxy 59 | # ports: 60 | # - "9200:9200" 61 | # - "9300:9300" 62 | ulimits: 63 | memlock: 64 | soft: '-1' 65 | hard: '-1' 66 | volumes: 67 | - $USERDIR/docker/diskover/elasticsearch:/usr/share/elasticsearch/data 68 | environment: 69 | - bootstrap.memory_lock=true 70 | - cluster.name=docker-cluster 71 | - "ES_JAVA_OPTS=-Xms2048m -Xmx2048m" 72 | 73 | networks: 74 | traefik_proxy: 75 | external: true 76 | -------------------------------------------------------------------------------- /ymlfiles/boinc.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## BOINC Client - Berkeley Open Infrastructure for Network Computing 5 | # https://boinc.berkeley.edu/projects.php 6 | 7 | ## Use Docker or install on host: sudo apt install boinc-client 8 | 9 | ## Use a Terminal UI (very useful!) 10 | # sudo apt install boinctui 11 | # boinctui 12 | 13 | ## Enter boinccmd commands via shell: 14 | # docker exec -it boinc bash 15 | # boinccmd --help 16 | # exit 17 | 18 | ## Attach to BOINCStats Account Manager (BAM): 19 | # Create an account at https://bam.boincstats.com/ 20 | # docker exec -it boinc boinccmd --acct_mgr attach https://bam.boincstats.com 21 | ## Check if account is connected: 22 | # docker exec -it boinc boinccmd --acct_mgr info 23 | 24 | ## Join a project: 25 | # Create an account at https://www.worldcommunitygrid.org/ or using my recruitment link: https://join.worldcommunitygrid.org?recruiterId=1093972 26 | # docker exec -it boinc boinccmd --lookup_account http://www.worldcommunitygrid.org 27 | # docker exec -it boinc boinccmd --project_attach http://www.worldcommunitygrid.org 28 | ## Or atach directly to project: 29 | # docker exec -it boinc boinccmd --project_attach 30 | 31 | ## Check task status using command line: 32 | # docker exec -it boinc boinccmd --get_tasks 33 | ## I only like to see this info: 34 | # docker exec -it boinc boinccmd --get_tasks | egrep '\-\-\-|WU name|project URL|task_state|fraction' 35 | 36 | ## My Project URLs: 37 | # World Community Grid - http://www.worldcommunitygrid.org 38 | # Climate Prediction - https://climateprediction.net ## never had any tasks :-( 39 | # Rosetta@Home - http://boinc.bakerlab.org/rosetta/ 40 | # SETI@Home - http://setiathome.berkeley.edu 41 | # Cosmology@Home - http://www.cosmologyathome.org 42 | 43 | ## Pi Pojects: 44 | # Einstein@Home - http://einstein.phys.uwm.edu/ 45 | # SETI@Home - http://setiathome.berkeley.edu 46 | # Universe@Home - https://universeathome.pl/universe/ 47 | 48 | ## Detach from projcet: 49 | # docker exec -it boinc boinccmd --project detach_when_done 50 | 51 | boinc: 52 | container_name: boinc 53 | image: boinc/client:latest 54 | restart: always 55 | networks: 56 | - traefik_proxy 57 | # ports: 58 | # - "31416:31416" 59 | volumes: 60 | - $USERDIR/docker/boinc/client:/var/lib/boinc 61 | environment: 62 | - TZ=$TZ 63 | - BOINC_GUI_RPC_PASSWORD=$MY_PASSWORD 64 | - BOINC_CMD_LINE_OPTIONS=--allow_remote_gui_rpc 65 | 66 | networks: 67 | traefik_proxy: 68 | external: true 69 | -------------------------------------------------------------------------------- /ymlfiles/nagios.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | # ... still working on this one ... 5 | 6 | ## Nagios - System, Network, and Infrastructure Monitor 7 | # Login: nagiosadmin / nagios 8 | 9 | ## Change default password: 10 | # docker exec -it nagios htpasswd -bB /opt/nagios/etc/htpasswd.users nagiosadmin 11 | 12 | ## Install NRPE Server 13 | # https://assets.nagios.com/downloads/nagioscore/docs/nrpe/NRPE.pdf 14 | 15 | # https://hub.docker.com/r/binfalse/nrpe-server 16 | 17 | ## Install NRPE Server 18 | # sudo apt install nagios-nrpe-server 19 | ## At a minimum, you’ll probably want to edit the “allowed_hosts” parameter, to include the IP of your Nagios Server. 20 | # sudo vim /etc/nagios/nrpe.cfg 21 | ## Create folder and change permissions (otherwise NRPE daemon wouldn't start) 22 | # sudo mkdir /var/run/nagios 23 | # sudo chown -R nagios:nagios /var/run/nagios 24 | ## Restart NRPE Server 25 | # sudo service nagios-nrpe-server restart 26 | ## Check status 27 | # sudo service nagios-nrpe-server status 28 | ## Server runs on port 5666 by default 29 | 30 | nagios: 31 | container_name: nagios 32 | image: jasonrivers/nagios:latest 33 | restart: always 34 | networks: 35 | - traefik_proxy 36 | # ports: 37 | # - "80:80" 38 | volumes: 39 | - $USERDIR/docker/nagios/etc:/opt/nagios/etc 40 | - $USERDIR/docker/nagios/var:/opt/nagios/var 41 | # - $USERDIR/docker/nagios/custom-plugins:/opt/Custom-Nagios-Plugins 42 | # - $USERDIR/docker/nagios/graph/var:/opt/nagiosgraph/var 43 | # - $USERDIR/docker/nagios/graph/etc:/opt/nagiosgraph/etc 44 | # - /etc/timezone:/etc/timezone:ro 45 | # - /etc/localtime:/etc/localtime:ro 46 | environment: 47 | # - MAIL_RELAY_HOST= # set Postfix relayhost 48 | # - MAIL_INET_PROTOCOLS= # set the inet_protocols in postfix 49 | - NAGIOS_FQDN=nagios.$DOMAINNAME # set the server Fully Qualified Domain Name in postfix 50 | - NAGIOS_TIMEZONE=$TZ 51 | - REMOTE_SSH_USER=$USERNAME 52 | labels: 53 | - "traefik.enable=true" 54 | ## HTTP Routers 55 | - "traefik.http.routers.nagios-rtr.entrypoints=https" 56 | - "traefik.http.routers.nagios-rtr.rule=Host(`nagios.$DOMAINNAME`)" 57 | - "traefik.http.routers.nagios-rtr.tls=true" 58 | - "traefik.http.routers.nagios-rtr.tls.certresolver=dns-cloudflare" 59 | ## Middlewares 60 | - "traefik.http.routers.nagios-rtr.middlewares=secure-chain@file" 61 | ## HTTP Services 62 | - "traefik.http.routers.nagios-rtr.service=nagios-svc" 63 | - "traefik.http.services.nagios-svc.loadbalancer.server.port=80" 64 | 65 | networks: 66 | traefik_proxy: 67 | external: true 68 | -------------------------------------------------------------------------------- /ymlfiles/openvpn.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## OpenVPN - VPN Service 5 | 6 | ## Create config file: 7 | ## I'm using the following cipher with my iphone: AES-256-CBC-SHA256 8 | ## This is considered OVPN Hardening and is optional. I've added it to the example below as reference. More info here: 9 | # https://github.com/kylemanna/docker-openvpn/blob/master/docs/paranoid.md 10 | # https://community.openvpn.net/openvpn/wiki/Hardening 11 | # docker-compose -f run --rm openvpn ovpn_genconfig -u udp:// 12 | # Example: 13 | # docker-compose -f ~/docker/ymlfiles/openvpn.yml run --rm openvpn ovpn_genconfig -u udp:// -C 'AES-256-CBC' -a 'SHA256' 14 | # Find your server/WAN IP here: https://whatismyipaddress.com/ 15 | 16 | ## Change these in openvpn.conf: 17 | ## Comment out or delete these lines: 18 | # route 192.168.254.0 255.255.255.0 19 | # push "dhcp-option DNS 8.8.8.8" 20 | # push "dhcp-option DNS 8.8.4.4" 21 | ## Add these lines under the Push Configurations: 22 | # push "route 172.20.200.0 255.255.255.0" 23 | # push "dhcp-option DNS 172.20.200.101" 24 | 25 | ## Change the same values in ovpn_env.sh so that they look like the following: 26 | # OVPN_DNS_SERVERS=([0]="172.20.200.101") 27 | # OVPN_ROUTES=([0]="172.20.200.0/24") 28 | 29 | ## Create Certificates: 30 | # docker-compose -f ~/docker/ymlfiles/openvpn.yml run --rm openvpn ovpn_initpki 31 | 32 | ## Fix ownership 33 | # sudo chown -R ${USER}:docker ~/docker/openvpn 34 | 35 | ## Start OpenVPN container 36 | 37 | ## Create client certificate (change client name if you want e.g. to iphone) 38 | # docker exec -it openvpn easyrsa build-client-full iphone 39 | 40 | ## Export client ovpn file (use same client name as above): 41 | # docker exec -it openvpn ovpn_getclient iphone > iphone.ovpn 42 | 43 | ## Transfer client.ovpn to your client (e.g. your phone) and open with OpenVPN Connect 44 | 45 | ## To revoke client certificate: 46 | # docker exec -it openvpn ovpn_revokeclient iphone remove 47 | 48 | openvpn: 49 | container_name: openvpn 50 | image: kylemanna/openvpn:latest 51 | restart: always 52 | cap_add: 53 | - NET_ADMIN 54 | networks: 55 | traefik_proxy: 56 | ipv4_address: 192.168.50.242 57 | ports: 58 | # - "943:943" 59 | # - "9443:9443" 60 | - "1194:1194/udp" 61 | volumes: 62 | - /etc/timezone:/etc/timezone:ro 63 | - $USERDIR/docker/openvpn:/etc/openvpn 64 | # environment: 65 | # OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60 -–log-driver json-file --log-opt max-size=10m 66 | 67 | networks: 68 | traefik_proxy: 69 | external: 70 | name: traefik_proxy 71 | -------------------------------------------------------------------------------- /ymlfiles/redis.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Redis - Key-value Store 5 | 6 | ## Fix THP issues: 7 | # sudo -i 8 | # echo never > /sys/kernel/mm/transparent_hugepage/enabled 9 | # exit 10 | # sudo sysctl vm.overcommit_memory=1 11 | 12 | # Add this to rc.local file to persist changes after reboot: 13 | # Ubuntu 18.04 doesn't contain rc.local file so we need to create it: 14 | # sudo nano /etc/rc.local 15 | # Paste the following: 16 | 17 | # #!/bin/sh -e 18 | # # 19 | # # rc.local 20 | # # 21 | # # This script is executed at the end of each multiuser runlevel. 22 | # # Make sure that the script will "exit 0" on success or any other 23 | # # value on error. 24 | # # 25 | # # In order to enable or disable this script just change the execution 26 | # # bits. 27 | # # 28 | # # By default this script does nothing. 29 | # 30 | # echo never > /sys/kernel/mm/transparent_hugepage/enabled 31 | # sysctl vm.overcommit_memory=1 32 | # 33 | # exit 0 34 | 35 | # Save and exit 36 | # Now make the file executable: 37 | # sudo chmod +x /etc/rc.local 38 | 39 | ##Customize config - OPTIONAL 40 | # mkdir -p $USERDIR/docker/redis/config 41 | # docker run --rm --entrypoint cat redis /usr/local/etc/redis/redis.conf > $USERDIR/docker/redis/config/redis.conf 42 | # Mount to /usr/local/etc/redis/redis.conf 43 | 44 | redis: 45 | container_name: redis 46 | image: redis:latest 47 | restart: always 48 | entrypoint: redis-server --appendonly yes 49 | networks: 50 | - traefik_proxy 51 | # ports: 52 | # - "6379:6379" 53 | sysctls: 54 | net.core.somaxconn: '65535' 55 | volumes: 56 | - $USERDIR/docker/redis/data:/data 57 | - /etc/timezone:/etc/timezone:ro 58 | - /etc/localtime:/etc/localtime:ro 59 | 60 | ## Redis Commander - Redis Management Tool 61 | rediscommander: 62 | container_name: rediscommander 63 | image: rediscommander/redis-commander:latest 64 | restart: always 65 | depends_on: 66 | - redis 67 | networks: 68 | - traefik_proxy 69 | # ports: 70 | # - "8081:8081" 71 | environment: 72 | - REDIS_HOST=redis 73 | labels: 74 | - "traefik.enable=true" 75 | ## HTTP Routers 76 | - "traefik.http.routers.rediscommander-rtr.entrypoints=https" 77 | - "traefik.http.routers.rediscommander-rtr.rule=Host(`rediscommander.$DOMAINNAME`)" 78 | - "traefik.http.routers.rediscommander-rtr.tls=true" 79 | - "traefik.http.routers.rediscommander-rtr.tls.certresolver=dns-cloudflare" 80 | ## Middlewares 81 | - "traefik.http.routers.rediscommander-rtr.middlewares=secure-chain@file" 82 | ## HTTP Services 83 | - "traefik.http.routers.rediscommander-rtr.service=rediscommander-svc" 84 | - "traefik.http.services.rediscommander-svc.loadbalancer.server.port=8081" 85 | 86 | networks: 87 | traefik_proxy: 88 | external: true 89 | -------------------------------------------------------------------------------- /ymlfiles/codimd.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## CodiMD - Collaborative Markdown Note Editor 5 | 6 | ## Suggested procedure to create your CodiMD Database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE codimd CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON codimd.* TO 'codimd'@'codimd.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | ## To change a users password (only works for postgres...) 15 | # https://github.com/codimd/container/issues/34#issuecomment-497658805 16 | # docker-compose exec codimd ./bin/manage_users --reset 17 | 18 | codimd: 19 | container_name: codimd 20 | image: linuxserver/codimd:1.5.0-ls27 21 | restart: always 22 | networks: 23 | - traefik_proxy 24 | - mariadb 25 | # ports: 26 | # - "3000:3000" 27 | volumes: 28 | - $USERDIR/docker/codimd:/config 29 | environment: 30 | - PUID=$PUID 31 | - PGID=$PGID 32 | - TZ=$TZ 33 | - DB_HOST=mariadb 34 | - DB_USER=codimd 35 | - DB_PASS=$MYSQL_PASSWORD 36 | - DB_NAME=codimd 37 | - DB_PORT=3306 38 | - CMD_FORBIDDEN_NOTE_IDS='robots.txt' 39 | - CMD_IMAGE_UPLOAD_TYPE=filesystem 40 | - CMD_DOMAIN=codimd.$DOMAINNAME 41 | - CMD_PROTOCOL_USESSL=true 42 | - CMD_URL_ADDPORT=false 43 | - CMD_ALLOW_ORIGIN=codimd.$DOMAINNAME 44 | - CMD_HSTS_ENABLE=true 45 | - CMD_HSTS_INCLUDE_SUBDOMAINS=true 46 | - CMD_HSTS_MAX_AGE=63072000 47 | - CMD_HSTS_PRELOAD=true 48 | - CMD_ALLOW_ANONYMOUS=true # allow anonymous usage 49 | - CMD_ALLOW_ANONYMOUS_EDITS=true # allow users to select freely permission, allowing guests to edit existing notes 50 | - CMD_ALLOW_FREEURL=true # allow new note creation by accessing a nonexistent note URL. This is the behavior familiar from Etherpad. 51 | - CMD_DEFAULT_PERMISSION=freely # freely, editable, limited, locked, protected or private 52 | - CMD_SESSION_LIFE=1209600000 # cookie session life time in milliseconds (14 days) 53 | - CMD_SESSION_SECRET=$CODIMD_SECRET # I created with date +%s | sha256sum | base64 | head -c 32 ; echo 54 | labels: 55 | - "traefik.enable=true" 56 | ## HTTP Routers 57 | - "traefik.http.routers.codimd-rtr.entrypoints=https" 58 | - "traefik.http.routers.codimd-rtr.rule=Host(`codimd.$DOMAINNAME`)" 59 | - "traefik.http.routers.codimd-rtr.tls=true" 60 | - "traefik.http.routers.codimd-rtr.tls.certresolver=dns-cloudflare" 61 | ## Middlewares 62 | - "traefik.http.routers.codimd-rtr.middlewares=secure-headers@file" 63 | ## HTTP Services 64 | - "traefik.http.routers.codimd-rtr.service=codimd-svc" 65 | - "traefik.http.services.codimd-svc.loadbalancer.server.port=3000" 66 | 67 | networks: 68 | traefik_proxy: 69 | external: true 70 | mariadb: 71 | external: true 72 | -------------------------------------------------------------------------------- /ymlfiles/logs2.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Logarr - WebUI for Docker Logs 5 | logarr: 6 | container_name: logarr 7 | image: monitorr/logarr-alpha:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | # ports: 12 | # - "80:80" 13 | volumes: 14 | - $USERDIR/docker/logarr:/config 15 | - /var/log/docker:/var/log/docker:ro 16 | environment: 17 | - TZ=$TZ 18 | labels: 19 | - "traefik.enable=true" 20 | ## HTTP Routers 21 | - "traefik.http.routers.logarr-rtr.entrypoints=https" 22 | - "traefik.http.routers.logarr-rtr.rule=Host(`logs.$DOMAINNAME`)" 23 | - "traefik.http.routers.logarr-rtr.tls=true" 24 | - "traefik.http.routers.logarr-rtr.tls.certresolver=dns-cloudflare" 25 | ## Middlewares 26 | - "traefik.http.routers.logarr-rtr.middlewares=logarr-headers" 27 | - "traefik.http.middlewares.logarr-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 28 | # - "traefik.http.middlewares.logarr-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 29 | - "traefik.http.middlewares.logarr-headers.headers.accesscontrolmaxage=100" 30 | - "traefik.http.middlewares.logarr-headers.headers.addvaryheader=true" 31 | # - "traefik.http.middlewares.logarr-headers.headers.allowedhosts=logarr.$DOMAINNAME" 32 | - "traefik.http.middlewares.logarr-headers.headers.hostsproxyheaders=X-Forwarded-Host" 33 | - "traefik.http.middlewares.logarr-headers.headers.sslredirect=true" 34 | # - "traefik.http.middlewares.logarr-headers.headers.sslhost=logarr.$DOMAINNAME" 35 | # - "traefik.http.middlewares.logarr-headers.headers.sslforcehost=true" 36 | - "traefik.http.middlewares.logarr-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 37 | - "traefik.http.middlewares.logarr-headers.headers.stsseconds=63072000" 38 | - "traefik.http.middlewares.logarr-headers.headers.stsincludesubdomains=true" 39 | - "traefik.http.middlewares.logarr-headers.headers.stspreload=true" 40 | - "traefik.http.middlewares.logarr-headers.headers.forcestsheader=true" 41 | # - "traefik.http.middlewares.logarr-headers.headers.framedeny=true" 42 | - "traefik.http.middlewares.logarr-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny 43 | - "traefik.http.middlewares.logarr-headers.headers.contenttypenosniff=true" 44 | - "traefik.http.middlewares.logarr-headers.headers.browserxssfilter=true" 45 | # - "traefik.http.middlewares.logarr-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';" 46 | - "traefik.http.middlewares.logarr-headers.headers.referrerpolicy=same-origin" 47 | - "traefik.http.middlewares.logarr-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 48 | - "traefik.http.middlewares.logarr-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 49 | ## HTTP Services 50 | - "traefik.http.routers.logarr-rtr.service=logarr-svc" 51 | - "traefik.http.services.logarr-svc.loadbalancer.server.port=80" 52 | 53 | networks: 54 | traefik_proxy: 55 | external: true 56 | -------------------------------------------------------------------------------- /ymlfiles/organizr.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Organizr - Unified Server Web Interface 5 | 6 | ## Still need to add allow from header... 7 | 8 | organizr: 9 | container_name: organizr 10 | image: organizrtools/organizr-v2:latest 11 | restart: unless-stopped 12 | networks: 13 | - traefik_proxy 14 | ports: 15 | - "1180:80" 16 | volumes: 17 | - ${USERDIR}/docker/organizr:/config 18 | environment: 19 | - PUID=$PUID 20 | - PGID=$PGID 21 | - TZ=$TZ 22 | labels: 23 | - "traefik.enable=true" 24 | ## HTTP Routers 25 | - "traefik.http.routers.organizr-rtr.entrypoints=https" 26 | - "traefik.http.routers.organizr-rtr.rule=Host(`organizr.$DOMAINNAME`)" 27 | - "traefik.http.routers.organizr-rtr.tls=true" 28 | - "traefik.http.routers.organizr-rtr.tls.certresolver=dns-cloudflare" 29 | ## Middlewares 30 | - "traefik.http.routers.organizr-rtr.middlewares=organizr-headers" 31 | - "traefik.http.middlewares.organizr-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 32 | - "traefik.http.middlewares.organizr-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 33 | - "traefik.http.middlewares.organizr-headers.headers.accesscontrolmaxage=100" 34 | - "traefik.http.middlewares.organizr-headers.headers.addvaryheader=true" 35 | - "traefik.http.middlewares.organizr-headers.headers.allowedhosts=organizr.$DOMAINNAME" 36 | - "traefik.http.middlewares.organizr-headers.headers.hostsproxyheaders=X-Forwarded-Host" 37 | - "traefik.http.middlewares.organizr-headers.headers.sslredirect=true" 38 | - "traefik.http.middlewares.organizr-headers.headers.sslhost=organizr.$DOMAINNAME" 39 | - "traefik.http.middlewares.organizr-headers.headers.sslforcehost=true" 40 | - "traefik.http.middlewares.organizr-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 41 | - "traefik.http.middlewares.organizr-headers.headers.stsseconds=63072000" 42 | - "traefik.http.middlewares.organizr-headers.headers.stsincludesubdomains=true" 43 | - "traefik.http.middlewares.organizr-headers.headers.stspreload=true" 44 | - "traefik.http.middlewares.organizr-headers.headers.forcestsheader=true" 45 | # - "traefik.http.middlewares.organizr-headers.headers.framedeny=true" 46 | - "traefik.http.middlewares.organizr-headers.headers.customframeoptionsvalue=allow-from https:$DOMAINNAME" # This option overrides FrameDeny 47 | - "traefik.http.middlewares.organizr-headers.headers.contenttypenosniff=true" 48 | - "traefik.http.middlewares.organizr-headers.headers.browserxssfilter=true" 49 | # - "traefik.http.middlewares.organizr-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; script-src 'none'; base-uri 'none';" 50 | - "traefik.http.middlewares.organizr-headers.headers.referrerpolicy=same-origin" 51 | - "traefik.http.middlewares.organizr-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 52 | - "traefik.http.middlewares.organizr-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 53 | ## HTTP Services 54 | - "traefik.http.routers.organizr-rtr.service=organizr-svc" 55 | - "traefik.http.services.organizr-svc.loadbalancer.server.port=80" 56 | 57 | networks: 58 | traefik_proxy: 59 | external: true 60 | -------------------------------------------------------------------------------- /ymlfiles/emby.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Emby Media Server 5 | emby: 6 | container_name: emby 7 | image: emby/embyserver:latest 8 | restart: always 9 | devices: 10 | - /dev/dri:/dev/dri 11 | networks: 12 | traefik_proxy: 13 | ipv4_address: 192.168.50.201 14 | ports: 15 | - "8096:8096" 16 | - "8920:8920" 17 | volumes: 18 | - /mnt/storage/movies:/MOVIES:ro 19 | - /mnt/storage/tv:/TVSHOWS:ro 20 | - /mnt/storage/concerts:/CONCERTS:ro 21 | - /mnt/storage/music/music:/music:ro 22 | - $USERDIR/docker/emby:/config 23 | environment: 24 | - UID=$PUID 25 | - GID=$PGID 26 | - GIDLIST=44 27 | labels: 28 | - "traefik.enable=true" 29 | ## HTTP Routers 30 | - "traefik.http.routers.emby-rtr.entrypoints=https" 31 | - "traefik.http.routers.emby-rtr.rule=Host(`emby.$DOMAINNAME`)" 32 | - "traefik.http.routers.emby-rtr.priority=4" 33 | - "traefik.http.routers.emby-rtr.tls=true" 34 | - "traefik.http.routers.emby-rtr.tls.certresolver=dns-cloudflare" 35 | ## Middlewares 36 | - "traefik.http.routers.emby-rtr.middlewares=emby-headers" 37 | - "traefik.http.middlewares.emby-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 38 | # - "traefik.http.middlewares.emby-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 39 | - "traefik.http.middlewares.emby-headers.headers.accesscontrolmaxage=100" 40 | - "traefik.http.middlewares.emby-headers.headers.addvaryheader=true" 41 | # - "traefik.http.middlewares.emby-headers.headers.allowedhosts=emby.$DOMAINNAME" 42 | - "traefik.http.middlewares.emby-headers.headers.hostsproxyheaders=X-Forwarded-Host" 43 | - "traefik.http.middlewares.emby-headers.headers.sslredirect=true" 44 | # - "traefik.http.middlewares.emby-headers.headers.sslhost=emby.$DOMAINNAME" 45 | # - "traefik.http.middlewares.emby-headers.headers.sslforcehost=true" 46 | # - "traefik.http.middlewares.emby-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 47 | - "traefik.http.middlewares.emby-headers.headers.stsseconds=63072000" 48 | - "traefik.http.middlewares.emby-headers.headers.stsincludesubdomains=true" 49 | - "traefik.http.middlewares.emby-headers.headers.stspreload=true" 50 | - "traefik.http.middlewares.emby-headers.headers.forcestsheader=true" 51 | - "traefik.http.middlewares.emby-headers.headers.framedeny=true" 52 | # - "traefik.http.middlewares.emby-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny 53 | - "traefik.http.middlewares.emby-headers.headers.contenttypenosniff=true" 54 | - "traefik.http.middlewares.emby-headers.headers.browserxssfilter=true" 55 | # - "traefik.http.middlewares.emby-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';" 56 | - "traefik.http.middlewares.emby-headers.headers.referrerpolicy=same-origin" 57 | - "traefik.http.middlewares.emby-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 58 | - "traefik.http.middlewares.emby-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 59 | ## HTTP Services 60 | - "traefik.http.routers.emby-rtr.service=emby-svc" 61 | - "traefik.http.services.emby-svc.loadbalancer.server.port=8096" 62 | 63 | networks: 64 | traefik_proxy: 65 | external: true 66 | -------------------------------------------------------------------------------- /ymlfiles/jellyfin.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Jellyfin - Media Server 5 | jellyfin: 6 | container_name: jellyfin 7 | image: linuxserver/jellyfin:latest 8 | restart: always 9 | devices: 10 | - /dev/dri:/dev/dri 11 | networks: 12 | - traefik_proxy 13 | ports: 14 | - "8097:8096" 15 | - "8921:8920" 16 | volumes: 17 | - /mnt/storage/movies:/MOVIES:ro 18 | - /mnt/storage/tv:/TVSHOWS:ro 19 | - /mnt/storage/concerts:/CONCERTS:ro 20 | - $USERDIR/docker/jellyfin:/config 21 | environment: 22 | - PUID=$PUID 23 | - PGID=$PGID 24 | - TZ=$TZ 25 | - UMASK_SET=022 26 | labels: 27 | - "traefik.enable=true" 28 | ## HTTP Routers 29 | - "traefik.http.routers.jellyfin-rtr.entrypoints=https" 30 | - "traefik.http.routers.jellyfin-rtr.rule=Host(`jellyfin.$DOMAINNAME`)" 31 | - "traefik.http.routers.jellyfin-rtr.tls=true" 32 | - "traefik.http.routers.jellyfin-rtr.tls.certresolver=dns-cloudflare" 33 | ## Middlewares 34 | - "traefik.http.routers.jellyfin-rtr.middlewares=jellyfin-headers" 35 | - "traefik.http.middlewares.jellyfin-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 36 | - "traefik.http.middlewares.jellyfin-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 37 | - "traefik.http.middlewares.jellyfin-headers.headers.accesscontrolmaxage=100" 38 | - "traefik.http.middlewares.jellyfin-headers.headers.addvaryheader=true" 39 | # - "traefik.http.middlewares.jellyfin-headers.headers.allowedhosts=jellyfin.$DOMAINNAME" 40 | - "traefik.http.middlewares.jellyfin-headers.headers.hostsproxyheaders=X-Forwarded-Host" 41 | - "traefik.http.middlewares.jellyfin-headers.headers.sslredirect=true" 42 | # - "traefik.http.middlewares.jellyfin-headers.headers.sslhost=jellyfin.$DOMAINNAME" 43 | # - "traefik.http.middlewares.jellyfin-headers.headers.sslforcehost=true" 44 | # - "traefik.http.middlewares.jellyfin-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 45 | - "traefik.http.middlewares.jellyfin-headers.headers.stsseconds=63072000" 46 | - "traefik.http.middlewares.jellyfin-headers.headers.stsincludesubdomains=true" 47 | - "traefik.http.middlewares.jellyfin-headers.headers.stspreload=true" 48 | - "traefik.http.middlewares.jellyfin-headers.headers.forcestsheader=true" 49 | - "traefik.http.middlewares.jellyfin-headers.headers.framedeny=true" 50 | # - "traefik.http.middlewares.jellyfin-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny 51 | - "traefik.http.middlewares.jellyfin-headers.headers.contenttypenosniff=true" 52 | - "traefik.http.middlewares.jellyfin-headers.headers.browserxssfilter=true" 53 | # - "traefik.http.middlewares.jellyfin-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';" 54 | - "traefik.http.middlewares.jellyfin-headers.headers.referrerpolicy=same-origin" 55 | - "traefik.http.middlewares.jellyfin-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 56 | - "traefik.http.middlewares.jellyfin-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 57 | - "traefik.http.middlewares.jellyfin-headers.headers.customframeoptionsvalue=allow-from https:$DOMAINNAME" # This option overrides FrameDeny 58 | ## HTTP Services 59 | - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc" 60 | - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" 61 | 62 | networks: 63 | traefik_proxy: 64 | external: true 65 | -------------------------------------------------------------------------------- /ymlfiles/plex.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Plex Media Server 5 | plex: 6 | container_name: plex 7 | image: linuxserver/plex:latest 8 | restart: always 9 | devices: 10 | - /dev/dri:/dev/dri 11 | privileged: true 12 | networks: 13 | traefik_proxy: 14 | ipv4_address: 192.168.50.200 # Set a static IP for tautulli to connect to 15 | ports: 16 | - "32400:32400" 17 | - "32400:32400/udp" 18 | - "32469:32469" 19 | - "32469:32469/udp" 20 | - "5353:5353/udp" 21 | - "1900:1900/udp" 22 | volumes: 23 | - $USERDIR/docker/plex:/config 24 | - /mnt/storage/movies:/MOVIES:ro 25 | - /mnt/storage/tv:/TV:ro 26 | - /mnt/storage/concerts:/CONCERTS:ro 27 | - /mnt/storage/music:/MUSIC:ro 28 | - /mnt/storage/books:/BOOKS:ro 29 | environment: 30 | - PUID=$PUID 31 | - PGID=$PGID 32 | - TZ=$TZ 33 | - VERSION=docker 34 | labels: 35 | - "traefik.enable=true" 36 | ## HTTP Routers 37 | - "traefik.http.routers.plex-rtr.entrypoints=https" 38 | - "traefik.http.routers.plex-rtr.rule=Host(`plex.$DOMAINNAME`)" 39 | - "traefik.http.routers.plex-rtr.tls=true" 40 | - "traefik.http.routers.plex-rtr.tls.certresolver=dns-cloudflare" 41 | ## Middlewares 42 | - "traefik.http.routers.plex-rtr.middlewares=plex-headers" 43 | - "traefik.http.middlewares.plex-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 44 | - "traefik.http.middlewares.plex-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 45 | - "traefik.http.middlewares.plex-headers.headers.accesscontrolmaxage=100" 46 | - "traefik.http.middlewares.plex-headers.headers.addvaryheader=true" 47 | # - "traefik.http.middlewares.plex-headers.headers.allowedhosts=plex.$DOMAINNAME" 48 | - "traefik.http.middlewares.plex-headers.headers.hostsproxyheaders=X-Forwarded-Host" 49 | - "traefik.http.middlewares.plex-headers.headers.sslredirect=true" 50 | # - "traefik.http.middlewares.plex-headers.headers.sslhost=plex.$DOMAINNAME" 51 | # - "traefik.http.middlewares.plex-headers.headers.sslforcehost=true" 52 | # - "traefik.http.middlewares.plex-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 53 | - "traefik.http.middlewares.plex-headers.headers.stsseconds=63072000" 54 | - "traefik.http.middlewares.plex-headers.headers.stsincludesubdomains=true" 55 | - "traefik.http.middlewares.plex-headers.headers.stspreload=true" 56 | - "traefik.http.middlewares.plex-headers.headers.forcestsheader=true" 57 | # - "traefik.http.middlewares.plex-headers.headers.framedeny=true" 58 | - "traefik.http.middlewares.plex-headers.headers.customframeoptionsvalue=allow-from https:$DOMAINNAME" # This option overrides FrameDeny 59 | - "traefik.http.middlewares.plex-headers.headers.contenttypenosniff=true" 60 | - "traefik.http.middlewares.plex-headers.headers.browserxssfilter=true" 61 | # - "traefik.http.middlewares.plex-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';" 62 | - "traefik.http.middlewares.plex-headers.headers.referrerpolicy=same-origin" 63 | - "traefik.http.middlewares.plex-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 64 | - "traefik.http.middlewares.plex-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 65 | ## HTTP Services 66 | - "traefik.http.routers.plex-rtr.service=plex-svc" 67 | - "traefik.http.services.plex-svc.loadbalancer.server.port=32400" 68 | 69 | networks: 70 | traefik_proxy: 71 | external: true 72 | -------------------------------------------------------------------------------- /ymlfiles/soulseek.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Soulseek - P2P Media Service 5 | soulseek: 6 | container_name: soulseek 7 | image: realies/soulseek:latest 8 | restart: unless-stopped 9 | networks: 10 | - traefik_proxy 11 | # network_mode: "container:qbittorrent" 12 | # ports: 13 | # - "6080:6080" 14 | volumes: 15 | - soulseek_data:/root/.SoulseekQt 16 | - soulseek_logs:/root/Soulseek Chat Logs 17 | - $USERDIR/dwnloads/completed:/root/Soulseek Downloads/complete 18 | - $USERDIR/dwnloads/temp:/root/Soulseek Downloads/downloading 19 | - /mnt/storage/music/music:/Music 20 | - /etc/timezone:/etc/timezone:ro 21 | - /etc/localtime:/etc/localtime:ro 22 | environment: 23 | - resolution=1600x720 24 | labels: 25 | - "traefik.enable=true" 26 | ## HTTP Routers 27 | - "traefik.http.routers.soulseek-rtr.entrypoints=https" 28 | - "traefik.http.routers.soulseek-rtr.rule=Host(`soulseek.$DOMAINNAME`)" 29 | - "traefik.http.routers.soulseek-rtr.tls=true" 30 | - "traefik.http.routers.soulseek-rtr.tls.certresolver=dns-cloudflare" 31 | ## Middlewares 32 | - "traefik.http.routers.soulseek-rtr.middlewares=soulseek-headers,oauth@file" 33 | - "traefik.http.middlewares.soulseek-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 34 | - "traefik.http.middlewares.soulseek-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 35 | - "traefik.http.middlewares.soulseek-headers.headers.accesscontrolmaxage=100" 36 | - "traefik.http.middlewares.soulseek-headers.headers.addvaryheader=true" 37 | - "traefik.http.middlewares.soulseek-headers.headers.allowedhosts=soulseek.$DOMAINNAME" 38 | - "traefik.http.middlewares.soulseek-headers.headers.hostsproxyheaders=X-Forwarded-Host" 39 | - "traefik.http.middlewares.soulseek-headers.headers.sslredirect=true" 40 | - "traefik.http.middlewares.soulseek-headers.headers.sslhost=soulseek.$DOMAINNAME" 41 | - "traefik.http.middlewares.soulseek-headers.headers.sslforcehost=true" 42 | - "traefik.http.middlewares.soulseek-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 43 | - "traefik.http.middlewares.soulseek-headers.headers.stsseconds=63072000" 44 | - "traefik.http.middlewares.soulseek-headers.headers.stsincludesubdomains=true" 45 | - "traefik.http.middlewares.soulseek-headers.headers.stspreload=true" 46 | - "traefik.http.middlewares.soulseek-headers.headers.forcestsheader=true" 47 | # - "traefik.http.middlewares.soulseek-headers.headers.framedeny=true" 48 | # - "traefik.http.middlewares.soulseek-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny 49 | - "traefik.http.middlewares.soulseek-headers.headers.contenttypenosniff=true" 50 | - "traefik.http.middlewares.soulseek-headers.headers.browserxssfilter=true" 51 | # - "traefik.http.middlewares.soulseek-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';" 52 | - "traefik.http.middlewares.soulseek-headers.headers.referrerpolicy=same-origin" 53 | - "traefik.http.middlewares.soulseek-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 54 | - "traefik.http.middlewares.soulseek-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 55 | ## HTTP Services 56 | - "traefik.http.routers.soulseek-rtr.service=soulseek-svc" 57 | - "traefik.http.services.soulseek-svc.loadbalancer.server.port=6080" 58 | 59 | volumes: 60 | soulseek_data: 61 | soulseek_logs: 62 | 63 | networks: 64 | traefik_proxy: 65 | external: true 66 | -------------------------------------------------------------------------------- /ymlfiles/guacamole.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Stop MariaDB container and start this one in order to initialize database (without creating external volume...) 5 | 6 | ## Suggested procedure to create a MariaDB database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE guacamole CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON guacamole.* TO 'guacamole'@'guacamole.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | ## Populate database by entering MariaDB container: 15 | # docker exec -it mariadb bash 16 | # cat /opt/guacamole/mysql/schema/*.sql | mysql -u root -p guacamole 17 | 18 | ## Stop containers, restart normal MariaDB container and comment out the one below, and the init volume 19 | 20 | ## Navigate to guacamole.${DOMAINNAME}/guacamole 21 | # Login: guacadmin / guacadmin 22 | # Recommended to create a new user and disable/delete guacadmin 23 | 24 | ## Guacd 25 | guacd: 26 | container_name: guacd 27 | image: guacamole/guacd:latest 28 | restart: always 29 | networks: 30 | - traefik_proxy 31 | # ports: 32 | # - "4822:4822" 33 | # environment: 34 | # - GUACD_LOG_LEVEL=info 35 | volumes: 36 | # - /var/lib/guacamole/drive:/drive:rw 37 | # - /var/lib/guacamole/record:/record:rw 38 | - /etc/timezone:/etc/timezone:ro 39 | - /etc/localtime:/etc/localtime:ro 40 | 41 | ## Guacamole 42 | guacamole: 43 | container_name: guacamole 44 | image: guacamole/guacamole:latest 45 | restart: always 46 | networks: 47 | - traefik_proxy 48 | - mariadb 49 | # ports: 50 | # - "8080:8080" 51 | environment: 52 | - GUACD_HOSTNAME=guacd 53 | - GUACD_PORT=4822 54 | - MYSQL_HOSTNAME=mariadb 55 | - MYSQL_DATABASE=guacamole 56 | - MYSQL_USER=guacamole 57 | - MYSQL_PASSWORD=$MYSQL_PASSWORD 58 | volumes: 59 | # - guacamole_db_init:/opt/guacamole/mysql/schema # Uncomment to initialize MariaDB. Need to use container below in the same compose file 60 | - /etc/timezone:/etc/timezone:ro 61 | - /etc/localtime:/etc/localtime:ro 62 | labels: 63 | - "traefik.enable=true" 64 | ## HTTP Routers 65 | - "traefik.http.routers.guacamole-rtr.entrypoints=https" 66 | - "traefik.http.routers.guacamole-rtr.rule=Host(`guacamole.$DOMAINNAME`)" 67 | - "traefik.http.routers.guacamole-rtr.tls=true" 68 | - "traefik.http.routers.guacamole-rtr.tls.certresolver=dns-cloudflare" 69 | ## Middlewares 70 | - "traefik.http.routers.guacamole-rtr.middlewares=secure-chain@file,add-guacamole" 71 | - "traefik.http.middlewares.add-guacamole.addPrefix.prefix=/guacamole" 72 | ## HTTP Services 73 | - "traefik.http.routers.guacamole-rtr.service=guacamole-svc" 74 | - "traefik.http.services.guacamole-svc.loadbalancer.server.port=8080" 75 | 76 | # mariadb: 77 | # container_name: mariadb 78 | # image: linuxserver/mariadb:latest 79 | # restart: always 80 | # networks: 81 | # mariadb: 82 | # ipv4_address: 192.168.250.250 83 | # ports: 84 | # - "3306:3306" 85 | # volumes: 86 | # - $USERDIR/docker/mariadb/data:/config 87 | # - guacamole_db_init:/opt/guacamole/mysql/schema 88 | # - /etc/timezone:/etc/timezone:ro 89 | # - /etc/localtime:/etc/localtime:ro 90 | # environment: 91 | # - PUID=$PUID 92 | # - PGID=$PGID 93 | # - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD 94 | 95 | volumes: 96 | guacamole_db_init: 97 | 98 | networks: 99 | traefik_proxy: 100 | external: true 101 | mariadb: 102 | external: true 103 | -------------------------------------------------------------------------------- /ymlfiles/mariadb_official.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Mariadb – Database Server 5 | 6 | ## Create external mariadb network: 7 | # docker network create --gateway 192.168.250.1 --subnet 192.168.250.0/24 mariadb 8 | 9 | ## Suggested procedure to create new databases: 10 | ## Replace 11 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 12 | # CREATE DATABASE CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 13 | # GRANT ALL PRIVILEGES ON .* TO ''@'.mariadb' IDENTIFIED BY ''; 14 | # FLUSH PRIVILEGES; 15 | # exit 16 | 17 | ## Some resources for why some these options are chosen: 18 | ## utf8mb4 is the most universal and up to date character set allowing for emojis among other benefits 19 | ## utf8mb4_unicode_ci is the "standard" database type while general_ci is a simplified version which tried to improve speed before modern computing. I believe there is little to no benefit to use the simpler version. 20 | ## https://docs.nextcloud.com/server/16/admin_manual/configuration_database/mysql_4byte_support.html 21 | ## For a complete list of available options: docker run -it --rm mariadb --verbose --help 22 | ## Check your global database variables, for example character_set_server with: 23 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 24 | # SHOW VARIABLES LIKE 'character_set_server'; 25 | # SHOW VARIABLES LIKE '%server%'; 26 | # exit 27 | 28 | ## Delete the initial default databases and secure MySQL: 29 | ## NOTE: Accept all options except for 'Disallow root login remotely'. Answer "no" due to docker networking. 30 | # docker exec -it mariadb /usr/bin/mysql_secure_installation 31 | 32 | ## Restore a backup: 33 | # docker exec -it mariadb 34 | # mysql -u root -p -e "create database database_name"; 35 | # mysql -u root -p database_name < /dbbackups/path/to/your_database_backup.sql 36 | # exit 37 | 38 | mariadb: 39 | container_name: mariadb 40 | image: mariadb:10.4 41 | restart: always 42 | networks: 43 | traefik_proxy: 44 | ipv4_address: 192.168.50.250 45 | mariadb: 46 | ipv4_address: 192.168.250.250 47 | command: > 48 | --character-set-server=utf8mb4 49 | --collation-server=utf8mb4_unicode_ci 50 | --innodb-file-format=Barracuda 51 | --innodb-file-per-table=1 52 | # ports: 53 | # - "3306:3306" 54 | volumes: 55 | - $USERDIR/docker/mariadb2/config:/var/lib/mysql 56 | - $USERDIR/docker/mariadb2/back:/dbbackups 57 | - /etc/localtime:/etc/localtime:ro 58 | environment: 59 | - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD 60 | 61 | 62 | ## phpMyAdmin - WebUI for MariaDB 63 | phpmyadmin: 64 | hostname: phpmyadmin 65 | container_name: phpmyadmin 66 | image: phpmyadmin/phpmyadmin:latest 67 | restart: always 68 | depends_on: 69 | - mariadb 70 | networks: 71 | - traefik_proxy 72 | - mariadb 73 | # ports: 74 | # - "80:80" 75 | environment: 76 | # - PMA_ARBITRARY=1 # Allows you to enter a database server hostname on login form 77 | - PMA_HOST=mariadb 78 | - PMA_USER=root 79 | - PMA_PASSWORD=$MYSQL_ROOT_PASSWORD 80 | - PMA_ABSOLUTE_URI=https://phpmyadmin.$DOMAINNAME 81 | labels: 82 | - "traefik.enable=true" 83 | ## HTTP Routers 84 | - "traefik.http.routers.phpmyadmin-rtr.entrypoints=https" 85 | - "traefik.http.routers.phpmyadmin-rtr.rule=Host(`phpmyadmin.$DOMAINNAME`)" 86 | # - "traefik.http.routers.phpmyadmin-rtr.tls=true" 87 | - "traefik.http.routers.phpmyadmin-rtr.tls.certresolver=dns-cloudflare" 88 | ## Middlewares 89 | - "traefik.http.routers.phpmyadmin-rtr.middlewares=secure-chain@file" 90 | ## HTTP Services 91 | - "traefik.http.routers.phpmyadmin-rtr.service=phpmyadmin-svc" 92 | - "traefik.http.services.phpmyadmin-svc.loadbalancer.server.port=80" 93 | 94 | networks: 95 | traefik_proxy: 96 | external: true 97 | mariadb: 98 | external: true 99 | -------------------------------------------------------------------------------- /ymlfiles/bitwarden.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Bitwarden - Password Vault 5 | bitwarden: 6 | container_name: bitwarden 7 | image: bitwardenrs/server:latest 8 | restart: always 9 | networks: 10 | - traefik_proxy 11 | - bw-net 12 | # ports: 13 | # - "80:80" 14 | # - "3012:3012" 15 | volumes: 16 | - $USERDIR/docker/bitwarden:/data 17 | - /var/log/docker:/var/log/docker 18 | - /etc/timezone:/etc/timezone:ro 19 | - /etc/localtime:/etc/localtime:ro 20 | environment: 21 | - SIGNUPS_ALLOWED=false # Change to false after first login 22 | - INVITATIONS_ALLOWED=true # Send invitation using admin page 23 | - WEBSOCKET_ENABLED=true 24 | - LOG_FILE=/var/log/docker/bitwarden.log 25 | - SMTP_HOST=smtp.gmail.com 26 | - SMTP_FROM=$SMTP_EMAIL 27 | - SMTP_PORT=587 28 | - SMTP_SSL=true 29 | - SMTP_USERNAME=$SMTP_EMAIL 30 | - SMTP_PASSWORD=$SMTP_PASS 31 | - DOMAIN=https://bitwarden.$DOMAINNAME 32 | # - DISABLE_ADMIN_TOKEN=true ### USE WITH CAUTION!! Access admin page at bitwarden.$DOMAINNAME/admin to send invitations - anyone can access, add authorization!!! 33 | labels: 34 | - "traefik.enable=true" 35 | ## HTTP Routers 36 | - "traefik.http.routers.bitwarden-rtr.entrypoints=https" 37 | - "traefik.http.routers.bitwarden-rtr.rule=Host(`bitwarden.$DOMAINNAME`)" 38 | - "traefik.http.routers.bitwarden-rtr.priority=1" 39 | - "traefik.http.routers.bitwarden-rtr.tls=true" 40 | - "traefik.http.routers.bitwarden-rtr.tls.certresolver=dns-cloudflare" 41 | ## Middlewares 42 | - "traefik.http.routers.bitwarden-rtr.middlewares=secure-headers@file" 43 | ## HTTP Services 44 | - "traefik.http.routers.bitwarden-rtr.service=bitwarden-svc" 45 | - "traefik.http.services.bitwarden-svc.loadbalancer.server.port=80" 46 | ## Bitwarden WebSocket 47 | - "traefik.http.routers.bitwardenHub-rtr.entrypoints=https" 48 | - "traefik.http.routers.bitwardenHub-rtr.rule=(Host(`bitwarden.$DOMAINNAME`) && Path(`/notifications/hub`))" 49 | - "traefik.http.routers.bitwardenHub-rtr.priority=2" 50 | - "traefik.http.routers.bitwardenHub-rtr.tls=true" 51 | - "traefik.http.routers.bitwardenHub-rtr.tls.certresolver=dns-cloudflare" 52 | - "traefik.http.routers.bitwardenHub-rtr.service=bitwardenHub-svc" 53 | - "traefik.http.services.bitwardenHub-svc.loadbalancer.server.port=3012" 54 | # ## Admin Page - Used when DISABLE_ADMIN_TOKEN=true above 55 | - "traefik.http.routers.bitwardenAdmin-rtr.entrypoints=https" 56 | - "traefik.http.routers.bitwardenAdmin-rtr.rule=(Host(`bitwarden.$DOMAINNAME`) && Path(`/admin`))" 57 | - "traefik.http.routers.bitwardenAdmin-rtr.priority=3" 58 | - "traefik.http.routers.bitwardenAdmin-rtr.tls=true" 59 | - "traefik.http.routers.bitwardenAdmin-rtr.tls.certresolver=dns-cloudflare" 60 | - "traefik.http.routers.bitwardenAdmin-rtr.middlewares=secure-chain@file" 61 | - "traefik.http.routers.bitwardenAdmin-rtr.service=bitwarden-svc" 62 | 63 | ## Bitwarden Backup 64 | 65 | ## To restore database from backup: 66 | # docker exec -it bitwarden bash 67 | # mv /data/db.sqlite3 /data/db.sqlite3.back 68 | # sqlite3 /data/db.sqlite3 ".restore '/data/db-backup/select_db_file'" 69 | # exit 70 | 71 | bw_backup: 72 | container_name: bw_backup 73 | image: bruceforce/bw_backup 74 | restart: on-failure 75 | networks: 76 | - bw-net 77 | init: true 78 | depends_on: 79 | - bitwarden 80 | volumes: 81 | - $USERDIR/docker/bitwarden:/data 82 | - /mnt/storage/misc/backup/backup_databases/bitwarden:/dbbackup 83 | - /etc/timezone:/etc/timezone:ro 84 | - /etc/localtime:/etc/localtime:ro 85 | environment: 86 | - DB_FILE=/data/db.sqlite3 87 | - BACKUP_FILE=/dbbackup/backup.sqlite3 88 | - CRON_TIME=30 4 * * * 89 | - TIMESTAMP=true 90 | - UID=0 91 | - GID=0 92 | 93 | networks: 94 | traefik_proxy: 95 | external: true 96 | bw-net: 97 | external: false 98 | -------------------------------------------------------------------------------- /ymlfiles/keycloak.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Forward Authentication for Traefik 5 | # oauth: 6 | # container_name: oauth 7 | ## image: thomseddon/traefik-forward-auth # thomseddeon's image doesnt support OIDC_ISSUER yet 8 | # image: funkypenguin/traefik-forward-auth:latest 9 | # restart: always 10 | # networks: 11 | # - traefik_proxy 12 | # depends_on: 13 | # - keycloak 14 | # environment: 15 | # - CLIENT_ID=$AUTH_CLIENT_ID 16 | # - CLIENT_SECRET=$AUTH_CLIENT_SECRET 17 | # - SECRET=$AUTH_SECRET 18 | # - OIDC_ISSUER=https://keycloak.$DOMAINNAME/auth/realms/$KEYCLOAK_REALM 19 | # - AUTH_HOST=oauth.$DOMAINNAME 20 | # - COOKIE_DOMAIN=$DOMAINNAME 21 | # - COOKIE_SECURE=true 22 | # - LIFETIME=2592000 # 30 days 23 | # labels: 24 | # - "traefik.enable=true" 25 | # ## HTTP Routers 26 | # - "traefik.http.routers.oauth-rtr.entrypoints=https" 27 | # - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME`)" 28 | # - "traefik.http.routers.oauth-rtr.tls=true" 29 | # - "traefik.http.routers.oauth-rtr.tls.certresolver=dns-cloudflare" 30 | # ## Middlewares 31 | # - "traefik.http.routers.oauth-rtr.middlewares=secure-chain@file,rate-limit@file" 32 | # ## HTTP Services 33 | # - "traefik.http.routers.oauth-rtr.service=oauth-svc" 34 | # - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" 35 | 36 | ## Keycloak - Private Authentication 37 | 38 | ## To fix net.core.*mem issues add these to the bottom of /etc/sysctl.conf 39 | ## https://forums.docker.com/t/how-to-tune-kernel-properties-in-docker-images/25291 40 | # ## Allow a 25MB UDP receive buffer for JGroups 41 | # net.core.rmem_max = 26214400 42 | # ## Allow a 1MB UDP send buffer for JGroups 43 | # net.core.wmem_max = 1048576 44 | 45 | # or 46 | 47 | # sudo sysctl -w net.core.rmem_max=26214400 48 | # sudo sysctl -w net.core.wmem_max=1048576 49 | ## https://www.cyberciti.biz/faq/reload-sysctl-conf-on-linux-using-sysctl/ 50 | 51 | ## Suggested procedure to create your KeyCloak Database: 52 | ## Change the 53 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 54 | # CREATE DATABASE keycloak CHARACTER SET = utf8 COLLATE = utf8_unicode_ci; 55 | # GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'keycloak.mariadb' IDENTIFIED BY ''; 56 | # FLUSH PRIVILEGES; 57 | # exit 58 | 59 | ## Initialize admin account: 60 | # docker exec keycloak keycloak/bin/add-user-keycloak.sh -u -p 61 | 62 | keycloak: 63 | container_name: keycloak 64 | image: jboss/keycloak:latest 65 | restart: always 66 | networks: 67 | - traefik_proxy 68 | - mariadb 69 | # ports: 70 | # - "8080:8080" 71 | volumes: 72 | - /etc/timezone:/etc/timezone:ro 73 | - /etc/localtime:/etc/localtime:ro 74 | environment: 75 | - PUID=$PUID 76 | - PGID=$PGID 77 | - KEYCLOAK_USER=$MY_USERNAME 78 | - KEYCLOAK_PASSWORD=$MY_PASSWORD 79 | - DB_VENDOR=mariadb 80 | - DB_ADDR=mariadb 81 | - DB_DATABASE=keycloak 82 | - DB_USER=keycloak 83 | - DB_PASSWORD=$MYSQL_PASSWORD 84 | - PROXY_ADDRESS_FORWARDING=true 85 | - KEYCLOAK_HOSTNAME=keycloak.$DOMAINNAME 86 | # - JDBC_PARAMS=connectTimeout=30000 87 | labels: 88 | - "traefik.enable=true" 89 | ## HTTP Routers 90 | - "traefik.http.routers.keycloak-rtr.entrypoints=https" 91 | - "traefik.http.routers.keycloak-rtr.rule=Host(`keycloak.$DOMAINNAME`)" 92 | - "traefik.http.routers.keycloak-rtr.tls=true" 93 | - "traefik.http.routers.keycloak-rtr.tls.certresolver=dns-cloudflare" 94 | ## Middlewares 95 | - "traefik.http.routers.keycloak-rtr.middlewares=secure-chain@file" 96 | ## HTTP Services 97 | - "traefik.http.routers.keycloak-rtr.service=keycloak-svc" 98 | - "traefik.http.services.keycloak-svc.loadbalancer.server.port=8080" 99 | 100 | networks: 101 | traefik_proxy: 102 | external: true 103 | mariadb: 104 | external: true 105 | -------------------------------------------------------------------------------- /ReadMe.md: -------------------------------------------------------------------------------- 1 | # Traefik v2 2 | 3 | ## How to use this repo: 4 | 5 | Clone the repo using: 6 | 7 | ``` 8 | $ git clone https://github.com/sseifert/docker-compose.git $HOME/docker/traefik2 9 | ``` 10 | 11 | Then create the environment variable, **\$TRAEFIK2DIR** which points to this directory. I've been using a **.bash_aliases** file to identify my environment variables with: 12 | 13 | ``` 14 | $ vim $HOME/.bash_aliases 15 | ``` 16 | 17 | ``` 18 | export TRAEFIK2DIR="$HOME/docker/traefik2" 19 | ``` 20 | 21 | Reload your .bash_aliases file using: 22 | 23 | ``` 24 | $ source $HOME/.bash_aliases 25 | ``` 26 | 27 | I've been using this method in order to maintain the same configuration across different hosts by copying/syncing my .bash_aliases file. 28 | 29 | ## Starting/Stopping Containers 30 | 31 | You can include the following in your .bash_aliases file in order to bring up Docker containers, e.g. `dup traefik`: 32 | 33 | ``` 34 | dup() { 35 | docker-compose -f $TRAEFIK2DIR/ymlfiles/$1.yml -p $1 up -d 36 | } 37 | ``` 38 | 39 | and to bring down containers, e.g. `ddown traefik`: 40 | 41 | ``` 42 | ddown() { 43 | docker-compose -f $TRAEFIK2DIR/ymlfiles/$1.yml -p $1 down 44 | } 45 | ``` 46 | 47 | Other environment variables you will need: 48 | 49 | - CLOUDFLARE_EMAIL 50 | - CLOUDFLARE_API_KEY 51 | - DOMAINNAME 52 | - MY_EMAIL 53 | - GOOGLE_CLIENT_ID 54 | - GOOGLE_CLIENT_SECRET 55 | - OAUTH_SECRET 56 | - ... and a few others 57 | 58 | ## Traefik_proxy Network 59 | 60 | Create the **traefik_proxy** network with: 61 | 62 | ``` 63 | $ docker network create traefik_proxy 64 | ``` 65 | 66 | or specify the subnet that you want to use (as long as it's in the private IP space). My server 67 | is at 192.168.1.50, so I figure a 192.168.50.0/24 subnet will be easy to identify with that 68 | server's docker network. I use this method so that I can assign static IPs to containers. 69 | 70 | ``` 71 | $ docker network create --gateway 192.168.50.1 --subnet 192.168.50.0/24 traefik_proxy 72 | ``` 73 | 74 | or create a macvlan network with: 75 | 76 | ``` 77 | $ docker network create -d macvlan --subnet=192.168.1.0/24 --ip-range=192.168.1.128/25 --gateway=192.168.1.1 -o parent=eth0 traefik_proxy 78 | ``` 79 | 80 | If you create a macvlan network make sure your DHCP server doesn't assign addresses above **.127** . 81 | 82 | **Note:** your services on the macvlan network won't be available by the host. This means, for example, that the host couldn't use a pihole on the macvlan network, although all other services and devices could access the pihole. This may not be an issue if you only access the services on other devices, and you run pihole on a dedicated raspberry pi ;-). There's a way around this by modifying your host network config, but I haven't figured that part out yet. 83 | 84 | I'm currently using the second method, which is a bridge network with a defined gateway and subnet. 85 | 86 | --- 87 | 88 | ## How I actually bring up/down my containers 89 | 90 | I use a scripts folder **$HOME/.scripts** where I have the following file 91 | **"dup"**: 92 | 93 | ``` 94 | #!/bin/sh 95 | # $HOME/.scripts/dup 96 | 97 | echo $(basename "$0") 98 | CONTAINERS="$@" 99 | for c in $CONTAINERS 100 | do 101 | echo "" 102 | echo "...$c up..." 103 | echo "" 104 | docker-compose -f "$TRAEFIK2DIR/ymlfiles/$c.yml" -p $c up -d 105 | done" 106 | ``` 107 | 108 | Then, in my **.bash_aliases** file I've added: 109 | 110 | ``` 111 | export PATH="$PATH:$HOME/.scripts" 112 | ``` 113 | 114 | Now it's possible to bring up multiple projects at the same time with `dup traefik bitwarden 115 | plex` etc. The script will go in a loop and start each service in order. 116 | 117 | A similar **ddown** script can be created to bring multiple services down: 118 | 119 | ``` 120 | #!/bin/sh 121 | # $HOME/.scripts/ddown 122 | 123 | CONTAINERS="$@" 124 | for c in $CONTAINERS 125 | do 126 | echo "" 127 | echo "...$c down..." 128 | echo "" 129 | docker-compose -f "$TRAEFIK2DIR/ymlfiles/$c.yml" -p $c down 130 | done 131 | ``` 132 | 133 | Now I have a line saved in my notes of all my "standard" services so that I can start/stop them easily. I have two lines saved: One starts the database containers first, the other lists the databases at the end so that they're stopped last. 134 | 135 | --- 136 | -------------------------------------------------------------------------------- /ymlfiles/1_rpi_pihole.yml: -------------------------------------------------------------------------------- 1 | 2 | ### Before starting the containers, create an external network to assign IP addresses: 3 | # docker network create --gateway 172.20.200.1 --subnet 172.20.200.0/24 pi_net 4 | 5 | ## Pihole - Ad-blocker 6 | 7 | ## The resolv.conf file was giving me trouble in the pihole container. My workaround was: 8 | # mkdir -p $USERDIR/docker/pihole/resolv.conf 9 | # vim $USERDIR/docker/pihole/resolv.conf/resolv.conf 10 | ## Enter both lines below and save: 11 | # nameserver 127.0.0.1 12 | # nameserver 172.20.200.102 13 | 14 | ## To store logs use: 15 | # touch $USERDIR/docker/pihole/pihole.log 16 | 17 | ## I've added the following blocklist in addition to the standard ones under Settings>Blocklists (copy the link, paste and update) 18 | # https://dbl.oisd.nl/ 19 | ## More info here: https://www.reddit.com/r/pihole/comments/bppug1/introducing_the/ 20 | ## These regex's: 21 | # https://github.com/mmotti/pihole-regex 22 | ## And I've added the following whitelist entry: 23 | # https://github.com/anudeepND/whitelist/blob/master/domains/whitelist.txt 24 | 25 | version: "3.7" 26 | services: 27 | 28 | ## Pihole - Ad-blocker 29 | pihole: 30 | container_name: pihole 31 | image: pihole/pihole:latest 32 | restart: unless-stopped 33 | depends_on: 34 | - unbound 35 | cap_add: 36 | - NET_ADMIN 37 | - NET_RAW 38 | - NET_BIND_SERVICE 39 | network_mode: "host" 40 | # networks: 41 | # pi_net: 42 | # ipv4_address: 172.20.200.101 43 | # ports: 44 | # - '53:53/tcp' 45 | # - '53:53/udp' 46 | # - '67:67/udp' 47 | # - '80:80/tcp' 48 | # - '443:443/tcp' 49 | volumes: 50 | - ~/docker/pihole/pihole:/etc/pihole 51 | # ## Add dark skin to pihole: https://github.com/thomasbnt/Night_PiHole 52 | # - ~/docker/pihole/theme/skin-blue.min.css:/var/www/html/admin/style/vendor/skin-blue.min.css 53 | # - ~/docker/pihole/theme/AdminLTE.min.css:/var/www/html/admin/style/vendor/AdminLTE.min.css 54 | - ~/docker/pihole/resolv.conf/resolv.conf:/etc/resolv.conf:ro 55 | - ~/docker/pihole/dnsmasq.d:/etc/dnsmasq.d 56 | ## Run `touch ~/docker/pihole/pihole.log` before starting pihole 57 | - ~/docker/pihole/pihole.log:/var/log/pihole.log 58 | environment: 59 | - TZ=$TZ 60 | - ServerIP=192.168.1.3 # My Docker Host IP 61 | - IPv6=False 62 | - WEBPASSWORD=$PIHOLE_PASSWORD 63 | - DNS1=127.0.0.1 64 | - DNS2=172.20.200.102 # Unbound IP 65 | 66 | ## Unbound - DNS Server 67 | 68 | ## Setup folders and files 69 | # mkdir $USERDIR/docker/pihole/unbound 70 | # docker run --rm --entrypoint cat mvance/unbound-rpi /opt/unbound/etc/unbound/a-records.conf > ${USERDIR}/docker/pihole/unbound/a-records.conf 71 | ## Start container 72 | # docker exec -it unbound unbound-anchor 73 | ## Stop container 74 | # sudo rm $USERDIR/docker/pihole/unbound/var/root.key 75 | # sudo mv $USERDIR/docker/pihole/unbound/root.key $USERDIR/docker/pihole/unbound/var 76 | # sudo wget https://www.internic.net/domain/named.root -O ~/docker/pihole/unbound/var/root.hints 77 | 78 | ## Edit the unbound.conf file, add to the bottom of BASIC SETTINGS: 79 | ## For a recursive resolver (querying the root domains): 80 | # root-hints: "/opt/unbound/etc/unbound/var/root.hints" 81 | ## Commnt out everything in the DNS forwarding section at the bottom since we will recursively query the root servers instead 82 | ## To fix Plex DNS rebinding: 83 | # private-domain: plex.direct 84 | 85 | ## Test that it's working (pihole must be running) 86 | # docker exec -it pihole dig pi-hole.net @127.0.0.1 -p 53 87 | 88 | ## Test DNSSEC 89 | ## This command should result in: "status: SERVFAIL" 90 | # docker exec -it pihole dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53 91 | ## This command should result in: "status: NOERROR" 92 | # docker exec -it pihole dig sigok.verteiltesysteme.net @127.0.0.1 -p 53 93 | 94 | unbound: 95 | container_name: unbound 96 | image: mvance/unbound-rpi:latest 97 | restart: always 98 | networks: 99 | pi_net: 100 | ipv4_address: 172.20.200.102 101 | # ports: 102 | # - '5353:5353' 103 | volumes: 104 | - ~/docker/pihole/unbound:/opt/unbound/etc/unbound 105 | 106 | networks: 107 | pi_net: 108 | external: true 109 | -------------------------------------------------------------------------------- /ymlfiles/airsonic.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Airsonic - Music Server 5 | # Login: admin / admin 6 | 7 | ## With Mariadb (Optional, default HyperSQL works well) 8 | # https://airsonic.github.io/docs/database/ 9 | 10 | ## Suggested procedure to create your database: 11 | ## Change the 12 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 13 | # CREATE DATABASE airsonic CHARACTER SET = utf8 COLLATE = utf8_general_ci; 14 | # GRANT ALL PRIVILEGES ON airsonic.* TO 'airsonic'@'airsonic.mariadb' IDENTIFIED BY ''; 15 | # FLUSH PRIVILEGES; 16 | # exit 17 | 18 | airsonic: 19 | container_name: airsonic 20 | image: linuxserver/airsonic:latest 21 | restart: always 22 | networks: 23 | - traefik_proxy 24 | - mariadb 25 | # ports: 26 | # - "4040:4040" 27 | volumes: 28 | - /mnt/storage/music/music:/music:ro 29 | - $USERDIR/docker/airsonic/podcasts:/podcasts 30 | - $USERDIR/docker/airsonic/playlists:/playlists 31 | - $USERDIR/docker/airsonic2/config:/config 32 | # - $USERDIR/docker/airsonic/config:/app/airsonic/config #Used to change log level for debugging 33 | - /etc/timezone:/etc/timezone:ro 34 | - /etc/localtime:/etc/localtime:ro 35 | environment: 36 | - PUID=$PUID 37 | - PGID=$PGID 38 | - JAVA_OPTS=-Dserver.use-forward-headers=true 39 | labels: 40 | - "traefik.enable=true" 41 | ## HTTP Routers 42 | - "traefik.http.routers.airsonic-rtr.entrypoints=https" 43 | - "traefik.http.routers.airsonic-rtr.rule=Host(`airsonic.$DOMAINNAME`)" 44 | - "traefik.http.routers.airsonic-rtr.tls=true" 45 | - "traefik.http.routers.airsonic-rtr.tls.certresolver=dns-cloudflare" 46 | ## Middlewares 47 | - "traefik.http.routers.airsonic-rtr.middlewares=airsonic-headers" 48 | - "traefik.http.middlewares.airsonic-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 49 | - "traefik.http.middlewares.airsonic-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 50 | - "traefik.http.middlewares.airsonic-headers.headers.accesscontrolmaxage=100" 51 | - "traefik.http.middlewares.airsonic-headers.headers.addvaryheader=true" 52 | - "traefik.http.middlewares.airsonic-headers.headers.allowedhosts=airsonic.$DOMAINNAME" 53 | - "traefik.http.middlewares.airsonic-headers.headers.hostsproxyheaders=X-Forwarded-Host" 54 | - "traefik.http.middlewares.airsonic-headers.headers.sslredirect=true" 55 | - "traefik.http.middlewares.airsonic-headers.headers.sslhost=airsonic.$DOMAINNAME" 56 | - "traefik.http.middlewares.airsonic-headers.headers.sslforcehost=true" 57 | - "traefik.http.middlewares.airsonic-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 58 | - "traefik.http.middlewares.airsonic-headers.headers.stsseconds=63072000" 59 | - "traefik.http.middlewares.airsonic-headers.headers.stsincludesubdomains=true" 60 | - "traefik.http.middlewares.airsonic-headers.headers.stspreload=true" 61 | - "traefik.http.middlewares.airsonic-headers.headers.forcestsheader=true" 62 | # - "traefik.http.middlewares.airsonic-headers.headers.framedeny=true" 63 | - "traefik.http.middlewares.airsonic-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny 64 | - "traefik.http.middlewares.airsonic-headers.headers.contenttypenosniff=true" 65 | - "traefik.http.middlewares.airsonic-headers.headers.browserxssfilter=true" 66 | # - "traefik.http.middlewares.airsonic-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; base-uri 'none';" 67 | # - traefik.http.middlewares.airsonic-headers.headers.ContentSecurityPolicy="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com; img-src 'self' *.akamaized.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self'; object-src 'none'; base-uri 'none';" 68 | - "traefik.http.middlewares.airsonic-headers.headers.referrerpolicy=same-origin" 69 | - "traefik.http.middlewares.airsonic-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 70 | - "traefik.http.middlewares.airsonic-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 71 | ## HTTP Services 72 | - "traefik.http.routers.airsonic-rtr.service=airsonic-svc" 73 | - "traefik.http.services.airsonic-svc.loadbalancer.server.port=4040" 74 | 75 | networks: 76 | traefik_proxy: 77 | external: true 78 | mariadb: 79 | external: true 80 | -------------------------------------------------------------------------------- /ymlfiles/yourls.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## YOURLS - Your Own URL Shortener 5 | 6 | ## Suggested procedure to create your YOURLS Database: 7 | ## Change the 8 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 9 | # CREATE DATABASE yourls CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 10 | # GRANT ALL PRIVILEGES ON yourls.* TO 'yourls'@'yourls.mariadb' IDENTIFIED BY ''; 11 | # FLUSH PRIVILEGES; 12 | # exit 13 | 14 | ## You need to add a theme otherwise YOURLS will not work. I'm using ininity-squared. Extract the contents of the latest release zip folder into the yourls folder mounted below 15 | # https://github.com/tomslominski/infinity-squared 16 | 17 | ## I use these plugins: 18 | ## https://github.com/YOURLS/awesome-yourls 19 | # Admin NoReCAPTCHA 20 | # Allow Hyphens in Short URLs 21 | # Anti spam 22 | # Every Click Counts 23 | # Google Safe Browsing 24 | # Login Timeout 25 | # Popular Clicks Extended 26 | 27 | yourls: 28 | container_name: yourls 29 | image: yourls:latest 30 | restart: always 31 | networks: 32 | traefik_proxy: 33 | ipv4_address: 192.168.50.248 34 | mariadb: 35 | ipv4_address: 192.168.250.248 36 | # ports: 37 | # - "80:80" 38 | volumes: 39 | - $USERDIR/docker/yourls/config:/var/www/html # Create folder, then extract latest release from this link or any other theme: https://github.com/tomslominski/infinity-squared/releases/latest 40 | # - $USERDIR/docker/yourls/page:/page 41 | environment: 42 | - YOURLS_SITE=https://$DOMAINNAME 43 | - YOURLS_DB_HOST=mariadb 44 | - YOURLS_DB_USER=yourls 45 | - YOURLS_DB_PASS=$MYSQL_PASSWORD 46 | - YOURLS_DB_NAME=yourls 47 | - YOURLS_USER=$MY_USERNAME 48 | - YOURLS_PASS=$YOURLS_PASS 49 | - YOURLS_COOKIEKEY=$YOURLS_COOKIEKEY # go to http://yourls.org/cookie 50 | - YOURLS_URL_CONVERT=62 51 | labels: 52 | - "traefik.enable=true" 53 | ## HTTP Routers 54 | - "traefik.http.routers.yourls-rtr.entrypoints=https" 55 | - "traefik.http.routers.yourls-rtr.rule=Host(`$DOMAINNAME`)" 56 | - "traefik.http.routers.yourls-rtr.priority=1" 57 | - "traefik.http.routers.yourls-rtr.tls=true" 58 | - "traefik.http.routers.yourls-rtr.tls.certresolver=dns-cloudflare" 59 | ## Middlewares 60 | - "traefik.http.routers.yourls-rtr.middlewares=yourls-headers" 61 | - "traefik.http.middlewares.yourls-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT" 62 | - "traefik.http.middlewares.yourls-headers.headers.accesscontrolalloworigin=https://$DOMAINNAME" 63 | - "traefik.http.middlewares.yourls-headers.headers.accesscontrolmaxage=100" 64 | - "traefik.http.middlewares.yourls-headers.headers.addvaryheader=true" 65 | - "traefik.http.middlewares.yourls-headers.headers.allowedhosts=$DOMAINNAME" 66 | - "traefik.http.middlewares.yourls-headers.headers.hostsproxyheaders=X-Forwarded-Host" 67 | - "traefik.http.middlewares.yourls-headers.headers.sslredirect=true" 68 | - "traefik.http.middlewares.yourls-headers.headers.sslhost=$DOMAINNAME" 69 | - "traefik.http.middlewares.yourls-headers.headers.sslforcehost=true" 70 | - "traefik.http.middlewares.yourls-headers.headers.sslproxyheaders.X-Forwarded-Proto=https" 71 | - "traefik.http.middlewares.yourls-headers.headers.stsseconds=63072000" 72 | - "traefik.http.middlewares.yourls-headers.headers.stsincludesubdomains=true" 73 | - "traefik.http.middlewares.yourls-headers.headers.stspreload=true" 74 | - "traefik.http.middlewares.yourls-headers.headers.forcestsheader=true" 75 | - "traefik.http.middlewares.yourls-headers.headers.framedeny=true" 76 | # - "traefik.http.middlewares.yourls-headers.headers.customframeoptionsvalue=SAMEORIGIN" # This option overrides FrameDeny 77 | - "traefik.http.middlewares.yourls-headers.headers.contenttypenosniff=true" 78 | - "traefik.http.middlewares.yourls-headers.headers.browserxssfilter=true" 79 | - "traefik.http.middlewares.yourls-headers.headers.contentsecuritypolicy=frame-ancestors 'none'; object-src 'none'; script-src 'none'; base-uri 'none';" 80 | - "traefik.http.middlewares.yourls-headers.headers.referrerpolicy=same-origin" 81 | - "traefik.http.middlewares.yourls-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 82 | - "traefik.http.middlewares.yourls-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex," 83 | ## HTTP Services 84 | - "traefik.http.routers.yourls-rtr.service=yourls-svc" 85 | - "traefik.http.services.yourls-svc.loadbalancer.server.port=80" 86 | ## Admin Page 87 | - "traefik.http.routers.yourlsAdmin-rtr.entrypoints=https" 88 | - "traefik.http.routers.yourlsAdmin-rtr.rule=(Host(`$DOMAINNAME`) && Path(`/admin/`))" 89 | - "traefik.http.routers.yourlsAdmin-rtr.priority=2" 90 | - "traefik.http.routers.yourlsAdmin-rtr.tls=true" 91 | - "traefik.http.routers.yourlsAdmin-rtr.tls.certresolver=dns-cloudflare" 92 | - "traefik.http.routers.yourlsAdmin-rtr.middlewares=secure-chain@file" 93 | - "traefik.http.routers.yourlsAdmin-rtr.service=yourls-svc" 94 | 95 | networks: 96 | traefik_proxy: 97 | external: true 98 | mariadb: 99 | external: true 100 | -------------------------------------------------------------------------------- /ymlfiles/mariadb.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | 4 | ## Mariadb – Database Server 5 | 6 | ## Create external mariadb network: 7 | # docker network create --gateway 192.168.250.1 --subnet 192.168.250.0/24 mariadb 8 | 9 | ## Suggested procedure to create new databases: 10 | ## Replace 11 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 12 | # CREATE DATABASE CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci; 13 | # GRANT ALL PRIVILEGES ON .* TO ''@'.mariadb' IDENTIFIED BY ''; 14 | # FLUSH PRIVILEGES; 15 | # exit 16 | 17 | ## Create a custom.cnf: 18 | # Start the container to create the initial files, then stop the container and remove all but the custom.cnf. 19 | # rm -R $USERDIR/docker/mariadb/databases 20 | # rm -R $USERDIR/docker/mariadb/log 21 | # Add the following to $USERDIR/docker/mariadb/custom.cnf under the [mysqld] section: 22 | # character_set_server=utf8mb4 23 | # collation_server=utf8mb4_unicode_ci 24 | # innodb_file_format=Barracuda 25 | # innodb_large_prefix=ON 26 | # innodb_default_row_format=DYNAMIC 27 | # Start container 28 | ## Some resources for why these commands are chosen: 29 | ## utf8mb4 is the most universal and up to date character set allowing for emojis among other benefits 30 | ## utf8mb4_unicode_ci is the "standard" database type while general_ci is a simplified version which tried to improve speed before modern computing. I believe there is little to no benefit to use the simpler version. 31 | ## https://docs.nextcloud.com/server/16/admin_manual/configuration_database/mysql_4byte_support.html 32 | ## For a complete list of available options: docker run -it --rm mariadb --verbose --help 33 | ## Check your database variables, for example: 34 | # docker exec -it mariadb mysql -uroot -p$MYSQL_ROOT_PASSWORD 35 | # SHOW VARIABLES LIKE 'character_set_server'; 36 | # SHOW VARIABLES LIKE '%server%'; 37 | # SHOW VARIABLES LIKE 'innodb%'; 38 | # exit 39 | 40 | ## Delete the initial default databases and secure MySQL: 41 | ## NOTE: Accept all options except for 'Disallow root login remotely'. Answer "no" due to docker networking. 42 | # docker exec -it mariadb /usr/bin/mysql_secure_installation 43 | 44 | mariadb: 45 | container_name: mariadb 46 | image: linuxserver/mariadb:latest 47 | restart: always 48 | networks: 49 | # traefik_proxy: 50 | # ipv4_address: 192.168.50.250 51 | mariadb: 52 | ipv4_address: 192.168.250.250 53 | ports: 54 | - "3306:3306" 55 | volumes: 56 | - $USERDIR/docker/mariadb/data:/config 57 | - /etc/timezone:/etc/timezone:ro 58 | - /etc/localtime:/etc/localtime:ro 59 | environment: 60 | - PUID=$PUID 61 | - PGID=$PGID 62 | - MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD 63 | 64 | ## Database Backup 65 | 66 | ## Modify script to add subdirs by date 67 | ## Create the script file 68 | # docker run --rm --entrypoint cat dsteinkopf script/backup-all-mysql /backup-all-mysql.sh > $USERDIR/docker/mariadb/backup-all-mysql.sh 69 | # chmod 755 $USERDIR/docker/mariadb/backup-all-mysql.sh 70 | ## Edit the file: 71 | ## Add subdirs by date and time: 72 | # DBDUMPSDIR=/var/dbdumps/`date +"%Y-%m-%d_%H%M%S"` 73 | # ERRORFILELASTRUN=$DBDUMPSDIR/../errorslastrun.log 74 | 75 | ## Decompress before restore: backupfile.sql.gz. 76 | # sudo bunzip2 .sql.bz2 77 | 78 | ## Restore a backup: 79 | # docker exec -it mariadb 80 | # mysql -u root -p -e "create database database_name"; 81 | # mysql -u root -p database_name < /dbbackups/path/to/your_database_backup.sql 82 | # exit 83 | 84 | dbbackup: 85 | container_name: dbbackup 86 | image: dsteinkopf/backup-all-mysql:latest 87 | restart: always 88 | depends_on: 89 | - mariadb 90 | networks: 91 | - mariadb 92 | volumes: 93 | - /mnt/storage/misc/backup/backup_databases/mariadb:/var/dbdumps 94 | - $USERDIR/docker/mariadb/backup-all-mysql.sh:/backup-all-mysql.sh 95 | - /etc/timezone:/etc/timezone:ro 96 | - /etc/localtime:/etc/localtime:ro 97 | environment: 98 | - BACKUP_INTERVAL=604800 #1week 86400 #1day 99 | - BACKUP_FIRSTDELAY=30 #1h 100 | - MYSQL_HOST=mariadb 101 | - MYSQL_ENV_MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD 102 | 103 | ## phpMyAdmin - WebUI for MariaDB 104 | phpmyadmin: 105 | container_name: phpmyadmin 106 | image: phpmyadmin/phpmyadmin:latest 107 | restart: always 108 | depends_on: 109 | - mariadb 110 | networks: 111 | - traefik_proxy 112 | - mariadb 113 | # ports: 114 | # - "80:80" 115 | environment: 116 | # - PMA_ARBITRARY=1 # Allows you to enter a database server hostname on login form 117 | - PMA_HOST=mariadb 118 | - PMA_USER=root 119 | - PMA_PASSWORD=$MYSQL_ROOT_PASSWORD 120 | - PMA_ABSOLUTE_URI=https://phpmyadmin.$DOMAINNAME 121 | labels: 122 | - "traefik.enable=true" 123 | ## HTTP Routers 124 | - "traefik.http.routers.phpmyadmin-rtr.entrypoints=https" 125 | - "traefik.http.routers.phpmyadmin-rtr.rule=Host(`phpmyadmin.$DOMAINNAME`)" 126 | # - "traefik.http.routers.phpmyadmin-rtr.tls=true" 127 | - "traefik.http.routers.phpmyadmin-rtr.tls.certresolver=dns-cloudflare" 128 | ## Middlewares 129 | - "traefik.http.routers.phpmyadmin-rtr.middlewares=secure-chain@file" 130 | ## HTTP Services 131 | - "traefik.http.routers.phpmyadmin-rtr.service=phpmyadmin-svc" 132 | - "traefik.http.services.phpmyadmin-svc.loadbalancer.server.port=80" 133 | 134 | networks: 135 | traefik_proxy: 136 | external: true 137 | mariadb: 138 | external: true 139 | -------------------------------------------------------------------------------- /ymlfiles/pihole.yml: -------------------------------------------------------------------------------- 1 | # Need to start the traefik network before running: 2 | # docker network create --gateway 192.168.50.1 --subnet 192.168.50.0/24 traefik_proxy 3 | 4 | ## Pihole - Ad-blocker 5 | 6 | ## Modify Ubuntu Network Configuration: 7 | ## Disable and stop Ubuntu’s DNS resolver: 8 | # sudo systemctl disable systemd-resolved.service 9 | # sudo systemctl stop systemd-resolved 10 | ## Open Network Manager configuration: 11 | # sudo vim /etc/NetworkManager/NetworkManager.conf 12 | ## Add this new line under [main], under plugins: 13 | # dns=default 14 | ## Make a backup of resolv.conf file and delete original (optional) 15 | # sudo cp /etc/resolv.conf /etc/resolv.conf.bak 16 | # sudo rm /etc/resolv.conf 17 | ## Restart Network Manager 18 | # sudo service network-manager restart 19 | ## Apparently sometimes it won't restart/connect, so restart a second time to be sure 20 | # sudo service network-manager restart 21 | 22 | ## The resolv.conf file was giving me trouble in the pihole container, so here is the workaround: 23 | # mkdir -p $USERDIR/docker/pihole/resolv.conf 24 | # vim $USERDIR/docker/pihole/resolv.conf/resolv.conf 25 | ## Enter both lines below and save: 26 | # nameserver 127.0.0.1 27 | # nameserver 192.168.50.252 28 | 29 | ## To store logs use: 30 | # touch $USERDIR/docker/pihole/pihole.log 31 | 32 | ## I've added the following blocklist in addition to the standard ones under Settings>Blocklists (copy the link, paste and update) 33 | # https://dbl.oisd.nl/ 34 | ## More info here: https://www.reddit.com/r/pihole/comments/bppug1/introducing_the/ 35 | ## These regex's: https://github.com/mmotti/pihole-regex 36 | # docker exec -it pihole bash 37 | # curl -sSl https://raw.githubusercontent.com/mmotti/pihole-regex/master/install.sh | bash 38 | # exit 39 | ## And I've added the following whitelist entries (copy domains and paste all at once) 40 | # https://github.com/anudeepND/whitelist/blob/master/domains/whitelist.txt 41 | 42 | version: "3.7" 43 | services: 44 | 45 | ## Pihole - Ad-blocker 46 | pihole: 47 | container_name: pihole 48 | image: pihole/pihole:latest 49 | restart: always 50 | depends_on: 51 | - unbound 52 | cap_add: 53 | - NET_ADMIN 54 | - NET_RAW 55 | - NET_BIND_SERVICE 56 | networks: 57 | traefik_proxy: 58 | ipv4_address: 192.168.50.253 59 | ports: 60 | - '53:53/tcp' 61 | - '53:53/udp' 62 | # - '67:67/udp' 63 | - '1180:80/tcp' 64 | - '1443:443/tcp' 65 | volumes: 66 | - $USERDIR/docker/pihole/pihole:/etc/pihole 67 | # ## Add dark skin to pihole: https://github.com/thomasbnt/Night_PiHole 68 | - $USERDIR/docker/pihole/theme/skin-blue.min.css:/var/www/html/admin/style/vendor/skin-blue.min.css 69 | - $USERDIR/docker/pihole/theme/AdminLTE.min.css:/var/www/html/admin/style/vendor/AdminLTE.min.css 70 | - $USERDIR/docker/pihole/resolv.conf/resolv.conf:/etc/resolv.conf:ro 71 | - $USERDIR/docker/pihole/dnsmasq.d:/etc/dnsmasq.d 72 | ## Run `touch ~/docker/pihole/pihole.log` before starting pihole 73 | - $USERDIR/docker/pihole/pihole.log:/var/log/pihole.log 74 | - ${USERDIR}/docker/pihole/scripts/whitelist/scripts/whitelist.sh:/usr/local/bin/whitelist.sh 75 | environment: 76 | - TZ=$TZ 77 | - ServerIP=192.168.1.50 # (My Docker Host IP) 78 | - IPv6=False 79 | - WEBPASSWORD=$PIHOLE_PASSWORD 80 | - DNS1=127.0.0.1 81 | - DNS2=192.168.50.252 # Unbound IP 82 | labels: 83 | - "traefik.enable=true" 84 | ## HTTP Routers 85 | - "traefik.http.routers.pihole-rtr.entrypoints=https" 86 | - "traefik.http.routers.pihole-rtr.rule=Host(`pihole.$DOMAINNAME`)" 87 | - "traefik.http.routers.pihole-rtr.tls=true" 88 | - "traefik.http.routers.pihole-rtr.tls.certresolver=dns-cloudflare" 89 | ## Middlewares 90 | - "traefik.http.routers.pihole-rtr.middlewares=secure-chain@file,add-admin@file" 91 | ## HTTP Services 92 | - "traefik.http.routers.pihole-rtr.service=pihole-svc" 93 | - "traefik.http.services.pihole-svc.loadbalancer.server.port=80" 94 | 95 | ## Unbound - DNS Server 96 | 97 | ## Setup folders and files 98 | # mkdir $USERDIR/docker/pihole/unbound 99 | # docker run --rm --entrypoint cat mvance/unbound /opt/unbound/etc/unbound/a-records.conf > ${USERDIR}/docker/pihole/unbound/a-records.conf 100 | 101 | ## Refresh th root.key (OPTIONAL) 102 | ## Start container 103 | # docker exec -it unbound unbound-anchor 104 | ## Stop container 105 | # sudo rm $USERDIR/docker/pihole/unbound/var/root.key 106 | # sudo mv $USERDIR/docker/pihole/unbound/root.key $USERDIR/docker/pihole/unbound/var 107 | 108 | ## Pull new root.hints: 109 | # sudo wget https://www.internic.net/domain/named.root -O ~/docker/pihole/unbound/var/root.hints 110 | 111 | ## Additional settings for unbound.conf file: 112 | ## Add to the bottom of BASIC SETTINGS: 113 | # To fix the DNS rebinding problemfor Plex: private-domain: plex.direct 114 | # To recursively query the root servers: root-hints: "/opt/unbound/etc/unbound/var/root.hints" 115 | # Commnt out any DNS forwarders if you want to recursively query the root servers 116 | 117 | ## Test that it's working (pihole must be running) 118 | # docker exec -it pihole dig pi-hole.net @127.0.0.1 -p 53 119 | 120 | ## Test DNSSEC 121 | ## This command should result in: "status: SERVFAIL" 122 | # docker exec -it pihole dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53 123 | ## This command should result in: "status: NOERROR" 124 | # docker exec -it pihole dig sigok.verteiltesysteme.net @127.0.0.1 -p 53 125 | 126 | unbound: 127 | container_name: unbound 128 | image: mvance/unbound:latest 129 | restart: always 130 | networks: 131 | traefik_proxy: 132 | ipv4_address: 192.168.50.252 133 | # ports: 134 | # - '5353:5353' 135 | volumes: 136 | - $USERDIR/docker/pihole/unbound:/opt/unbound/etc/unbound 137 | 138 | networks: 139 | traefik_proxy: 140 | external: true 141 | --------------------------------------------------------------------------------