--- version: '3.7' services: traefik: image: "traefik:v2.10.5" container_name: "traefik" depends_on: - authelia command: # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/traefikconfig" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.email=${EMAIL}" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--metrics.prometheus=true" - "--log.level=DEBUG" - "--log.format=json" ports: - "80:80" - "443:443" - "8080:8080" extra_hosts: - host.docker.internal:172.17.0.1 volumes: - "${CONFIG}/traefik/letsencrypt:/letsencrypt" - "${CONFIG}/traefik/configs:/traefikconfig" - "/var/run/docker.sock:/var/run/docker.sock:ro" labels: - "traefik.enable=true" # HTTP-to-HTTPS Redirect - "traefik.http.routers.http-catchall.entrypoints=web" - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" # Middlewares #basic auth # - "traefik.http.middlewares.basic-auth.basicauth.users=$HTPASSWD" # google oauth - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" #rate limiting - "traefik.http.middlewares.home-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50" #http - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" #chain the middlewares to create a "secured" one - "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,forward-auth" - "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit" - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls=true" - "traefik.http.services.traefik.loadbalancer.server.port=8080" - "traefik.http.routers.traefik.tls.certresolver=myresolver" - "com.centurylinklabs.watchtower.enable=false" - "flame.type=application" - "flame.name=traefik" - "flame.icon=arrow-decision-outline" - "flame.url=traefik.${DOMAIN}" oauth: image: thomseddon/traefik-forward-auth:latest container_name: oauth environment: - CLIENT_ID=$GOOGLE_CLIENT_ID - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET - SECRET=$OAUTH_SECRET - COOKIE_DOMAIN=$DOMAIN - INSECURE_COOKIE=false - AUTH_HOST=oauth.$DOMAIN - URL_PATH=/_oauth - WHITELIST=$EMAIL - LOG_LEVEL=info - LOG_FORMAT=text - LIFETIME=2592000 # 30 days labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.oauth-rtr.entrypoints=websecure" - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)" - "traefik.http.routers.oauth-rtr.tls=true" ## HTTP Services - "traefik.http.routers.oauth-rtr.service=oauth-svc" - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" - "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver" ## Middlewares - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" - "traefik.http.routers.oauth-rtr.middlewares=forward-auth" restart: unless-stopped authelia: container_name: authelia image: authelia/authelia restart: unless-stopped expose: - 9091 volumes: - ${CONFIG}/authelia:/config environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)" - "traefik.http.routers.authelia.entryPoints=https" - "traefik.http.routers.authelia.tls=true" - "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fauth..${DOMAIN}%2F" - "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true" - "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" - "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia:9091/api/verify?auth=basic" - "traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true" - "traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" watchtower: image: containrrr/watchtower container_name: watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - PGID - PUID - TZ command: --schedule "9 0 6 * * *" --cleanup restart: unless-stopped ddclient: image: linuxserver/ddclient container_name: ddclient volumes: - ${CONFIG}/ddclient:/config environment: - PGID - PUID - TZ restart: unless-stopped sabnzbd: image: linuxserver/sabnzbd:latest container_name: sabnzbd #network_mode: service:transmission-vpn ports: - "8081:8080" volumes: - ${CONFIG}/sabnzbd:/config - ${DOWNLOAD}:/downloads environment: - PUID - PGID - TZ - UMASK_SET=002 labels: - "traefik.enable=true" - "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)" - "traefik.http.routers.sab.entrypoints=websecure" - "traefik.http.routers.sab.tls=true" - "traefik.http.routers.sab.tls.certresolver=myresolver" - "traefik.http.routers.sab.middlewares=authelia@docker" #- "traefik.http.services.sab-svc.loadbalancer.server.port=8080" - "flame.type=application" - "flame.name=sabnzbd" - "flame.url=sab.${DOMAIN}" - "flame.icon=download-outline" - homepage.group=Newsgroups - homepage.name=SABnzbd - homepage.href=https://sab.${DOMAIN} - homepage.icon=sabnzbd - homepage.widget.type=sabnzbd - homepage.widget.url=http://${LOCAL_IP}:8081 - homepage.widget.key=78a5f66f979f2d5d3720f944cfe3c1fd - homepage.weight=90 restart: unless-stopped sonarr: image: linuxserver/sonarr:latest container_name: sonarr ports: - "8989:8989" volumes: - ${CONFIG}/sonarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)" - "traefik.http.routers.sonarr.entrypoints=websecure" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.tls.certresolver=myresolver" - "traefik.http.routers.sonarr.middlewares=secured" - "flame.type=application" - "flame.name=sonarr" - "flame.url=sonarr.${DOMAIN}" - "flame.icon=television-classic" - homepage.group=Newsgroups - homepage.name=Sonarr - homepage.href=https://sonarr.${DOMAIN} - homepage.icon=sonarr - homepage.widget.type=sonarr - homepage.widget.url=http://${LOCAL_IP}:8989 - homepage.widget.key=069396631eca455aa5e44d3f96463b38 restart: unless-stopped radarr: image: linuxserver/radarr:latest container_name: radarr ports: - "7878:7878" volumes: - ${CONFIG}/radarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)" - "traefik.http.routers.radarr.entrypoints=websecure" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.tls.certresolver=myresolver" - "traefik.http.routers.radarr.middlewares=secured" - "flame.type=application" - "flame.name=radarr" - "flame.url=radarr.${DOMAIN}" - "flame.icon=movie-open-settings" - homepage.group=Newsgroups - homepage.name=Radarr - homepage.href=https://radarr.${DOMAIN} - homepage.icon=radarr - homepage.widget.type=radarr - homepage.widget.url=http://${LOCAL_IP}:7878 - homepage.widget.key=5288c691b26149aa81e60863ab4cb890 restart: unless-stopped nzbhydra: image: linuxserver/nzbhydra2:latest container_name: nzbhydra ports: - "5076:5076" volumes: - ${CONFIG}/nzbhydra2:/config - ${DOWNLOAD}:/downloads environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.hydra.rule=Host(`hydra.${DOMAIN}`)" - "traefik.http.routers.hydra.entrypoints=websecure" - "traefik.http.routers.hydra.tls=true" - "traefik.http.routers.hydra.tls.certresolver=myresolver" - "traefik.http.routers.hydra.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=hydra" - "flame.url=hydra.${DOMAIN}" - "flame.icon=spider" restart: unless-stopped jellyfin: image: jellyfin/jellyfin container_name: jellyfin restart: unless-stopped ports: - "8096:8096" - "8921:8920" environment: - PGID - PUID - TZ volumes: - ${CONFIG}/jellyfin:/config - ./cache/jellyfin:/cache - ${DATA}:/media labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" - "traefik.http.routers.jellyfin.entrypoints=websecure" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls.certresolver=myresolver" - "traefik.http.routers.jellyfin.middlewares=secured-no-oauth" - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" - "flame.type=application" - "flame.name=jellyfin" - "flame.url=jellyfin.${DOMAIN}" - "flame.icon=jellyfish-outline" flame: image: pawelmalak/flame container_name: flame volumes: - ${CONFIG}/flame:/app/data - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration ports: - 5005:5005 environment: - PASSWORD=$ADMINPWD restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.flame.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.flame.entrypoints=websecure" - "traefik.http.routers.flame.tls=true" - "traefik.http.routers.flame.tls.certresolver=myresolver" - "traefik.http.routers.flame.middlewares=secured" pyload: image: lscr.io/linuxserver/pyload-ng container_name: pyload environment: - PGID - PUID - TZ volumes: - ${CONFIG}/pyload/config:/config - ${DOWNLOAD}:/downloads ports: - 8005:8000 - 9666:9666 labels: - "traefik.enable=true" - "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)" - "traefik.http.routers.pyload.entrypoints=websecure" - "traefik.http.routers.pyload.tls=true" - "traefik.http.routers.pyload.tls.certresolver=myresolver" - "traefik.http.routers.pyload.middlewares=secured" - "flame.type=application" - "flame.name=pyload" - "flame.url=pyload.${DOMAIN}" - "flame.icon=file-download-outline" restart: unless-stopped unifi-controller: image: linuxserver/unifi-controller:7.3.83 container_name: unifi-controller environment: - PGID - PUID #- MEM_LIMIT=256M #optional volumes: - ${CONFIG}/unify:/config ports: - 3478:3478/udp - 10001:10001/udp - 10080:8080 - 10081:8081 - 10443:8443 #web ui - 10843:8843 - 10880:8880 - 6789:6789 restart: unless-stopped labels: - "flame.type=application" - "flame.name=unifi controller" - "flame.url=${LOCAL_IP}:10443" - "flame.icon=wifi" # duplicati: # image: linuxserver/duplicati # container_name: duplicati # environment: # - PGID # - PUID # - TZ # #- CLI_ARGS= #optional # volumes: # - ${CONFIG}/duplicati:/config # - /:/nas # ports: # - 8200:8200 # labels: # - "traefik.enable=true" # - "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)" # - "traefik.http.routers.duplicati.entrypoints=websecure" # - "traefik.http.routers.duplicati.tls=true" # - "traefik.http.routers.duplicati.tls.certresolver=myresolver" # - "traefik.http.routers.duplicati.middlewares=secured" # restart: unless-stopped metube: image: alexta69/metube container_name: metube restart: unless-stopped user: "1001:1001" ports: - "8084:8081" volumes: - ${DOWNLOAD}:/downloads labels: - "traefik.enable=true" - "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)" - "traefik.http.routers.metube.entrypoints=websecure" - "traefik.http.routers.metube.tls=true" - "traefik.http.routers.metube.tls.certresolver=myresolver" - "traefik.http.routers.metube.middlewares=secured" - "flame.type=application" - "flame.name=metube" - "flame.url=metube.${DOMAIN}" - "flame.icon=youtube-subscription" qbittorrent: image: lscr.io/linuxserver/qbittorrent container_name: qbittorrent environment: - PUID - PGID - TZ - WEBUI_PORT=8085 volumes: - ${CONFIG}/qbitorrent:/config - ${DOWNLOAD}/Torrents:/downloads ports: - 8085:8085 - 6881:6881 - 6881:6881/udp restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)" - "traefik.http.routers.qbittorrent.entrypoints=websecure" - "traefik.http.routers.qbittorrent.tls=true" - "traefik.http.routers.qbittorrent.tls.certresolver=myresolver" - "traefik.http.routers.qbittorrent.middlewares=secured" - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085" - "flame.type=application" - "flame.name=qbittorrent" - "flame.url=qbittorrent.${DOMAIN}" - "flame.icon=folder-download" code-server: image: lscr.io/linuxserver/code-server:latest container_name: code-server environment: - PUID - PGID - TZ - DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional volumes: - ${CONFIG}/codeServer:/config - /:/nas ports: - 10543:8443 labels: - "traefik.enable=true" - "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)" - "traefik.http.routers.code-server.entrypoints=websecure" - "traefik.http.routers.code-server.tls=true" - "traefik.http.routers.code-server.tls.certresolver=myresolver" - "traefik.http.routers.code-server.middlewares=secured" - "flame.type=application" - "flame.name=code-server" - "flame.icon=code-braces" - "flame.url=code-server.${DOMAIN}" restart: unless-stopped freshrss: image: linuxserver/freshrss:latest container_name: freshrss environment: - PUID - PGID - TZ volumes: - ${CONFIG}/freshrss:/config ports: - 10180:80 labels: - "traefik.enable=true" - "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)" - "traefik.http.routers.freshrss.entrypoints=websecure" - "traefik.http.routers.freshrss.tls=true" - "traefik.http.routers.freshrss.tls.certresolver=myresolver" - "traefik.http.routers.freshrss.middlewares=secured" - "flame.type=application" - "flame.name=freshrss" - "flame.url=freshrss.${DOMAIN}" - "flame.icon=rss-box" restart: unless-stopped prometheus: image: prom/prometheus:v2.42.0 container_name: prometheus hostname: prometheus user: root restart: unless-stopped depends_on: - cadvisor command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--storage.tsdb.retention.time=7d' - '--web.enable-lifecycle' volumes: - ${CONFIG}/prometheus_data:/prometheus - ${CONFIG}/prometheus.yml:/etc/prometheus/prometheus.yml expose: - "9090" labels: - "traefik.enable=true" - "traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)" - "traefik.http.routers.prometheus.entrypoints=websecure" - "traefik.http.routers.prometheus.tls=true" - "traefik.http.routers.prometheus.tls.certresolver=myresolver" - "traefik.http.routers.prometheus.middlewares=secured" - "org.label-schema.group=monitoring" - "flame.type=application" - "flame.name=prometheus" - "flame.url=prometheus.${DOMAIN}" - "flame.icon=state-machine" # WEB BASED UI VISUALISATION OF METRICS grafana: image: grafana/grafana:9.4.3 container_name: grafana hostname: grafana user: root restart: unless-stopped env_file: .env volumes: - ${CONFIG}/grafana_data:/var/lib/grafana expose: - "3000" labels: - "traefik.enable=true" - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)" - "traefik.http.routers.grafana.entrypoints=websecure" - "traefik.http.routers.grafana.tls=true" - "traefik.http.routers.grafana.tls.certresolver=myresolver" - "traefik.http.routers.grafana.middlewares=secured" - "org.label-schema.group=monitoring" - "flame.type=application" - "flame.name=grafana" - "flame.url=grafana.${DOMAIN}" - "flame.icon=chart-multiple" # HOST LINUX MACHINE METRICS EXPORTER nodeexporter: image: prom/node-exporter:v1.5.0 container_name: nodeexporter hostname: nodeexporter restart: unless-stopped command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro expose: - "9100" labels: org.label-schema.group: "monitoring" # DOCKER CONTAINERS METRICS EXPORTER cadvisor: image: gcr.io/cadvisor/cadvisor:v0.47.1 container_name: cadvisor hostname: cadvisor restart: unless-stopped privileged: true devices: - /dev/kmsg:/dev/kmsg volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker:/var/lib/docker:ro - /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux expose: - "3000" labels: org.label-schema.group: "monitoring" syncthing: image: lscr.io/linuxserver/syncthing:latest container_name: syncthing hostname: syncthing #optional environment: - PUID - PGID - TZ volumes: - ${CONFIG}/syncthing:/config - ${DATA}:/nas ports: - 8384:8384 - 22000:22000/tcp - 22000:22000/udp - 21027:21027/udp restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)" - "traefik.http.routers.syncthing.entrypoints=websecure" - "traefik.http.routers.syncthing.tls=true" - "traefik.http.routers.syncthing.tls.certresolver=myresolver" - "traefik.http.routers.syncthing.middlewares=secured" - "flame.type=application" - "flame.name=syncthing" - "flame.url=syncthing.${DOMAIN}" - "flame.icon=sync" snapdrop: image: lscr.io/linuxserver/snapdrop:latest container_name: snapdrop environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - ${CONFIG}/snapdrop:/config ports: - 8087:80 - 4437:443 restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.snapdrop.rule=Host(`snapdrop.${DOMAIN}`)" - "traefik.http.routers.snapdrop.entrypoints=web" - "traefik.http.routers.snapdrop.tls=true" - "traefik.http.routers.snapdrop.tls.certresolver=myresolver" - "traefik.http.routers.snapdrop.middlewares=secured" - "flame.type=application" - "flame.name=snapdrop" - "flame.url=snapdrop.${DOMAIN}" - "flame.icon=share-variant-outline" vrising: image: trueosiris/vrising container_name: vrising environment: - TZ=Europe/Paris - SERVERNAME=vrisingAthaliar volumes: - '${CONFIG}/vrising/server:/mnt/vrising/server:rw' - '${CONFIG}/vrising/data:/mnt/vrising/persistentdata:rw' ports: - 9876:9876/udp - 9877:9877/udp restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.vrising.rule=Host(`vrising.${DOMAIN}`)" - "traefik.http.routers.vrising.entrypoints=web" - "traefik.http.routers.vrising.tls=true" - "traefik.http.routers.vrising.tls.certresolver=myresolver" - "traefik.http.routers.vrising.middlewares=secured" mealie: image: ghcr.io/mealie-recipes/mealie:nightly container_name: mealie ports: - 9925:3000 - 9000:9000 volumes: - ${CONFIG}/mealie:/app/data/ environment: - ALLOW_SIGNUP=true - PUID - PGID - TZ - BASE_URL=https://mealie.${DOMAIN} restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)" - "traefik.http.routers.mealie.entrypoints=websecure" - "traefik.http.routers.mealie.tls=true" - "traefik.http.routers.mealie.tls.certresolver=myresolver" - "traefik.http.routers.mealie.middlewares=secured" - "traefik.http.services.mealie.loadbalancer.server.port=9000" - "flame.type=application" - "flame.name=mealie" - "flame.url=mealie.${DOMAIN}" - "flame.icon=noodles" - BASE_URL=https://mealie.${DOMAIN} # for icons: https://mdi.bessarabov.com/ gluetun: image: qmcgaw/gluetun # container_name: gluetun # line above must be uncommented to allow external containers to connect. # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp # HTTP proxy - 8388:8388/tcp # Shadowsocks - 8388:8388/udp # Shadowsocks volumes: - ${CONFIG}/gluetun:/gluetun environment: # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup - VPN_SERVICE_PROVIDER=protonvpn - VPN_TYPE=openvpn # OpenVPN: - OPENVPN_USER=$PROTON_OVPN_USERNAME - OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD # Wireguard: # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # - WIREGUARD_ADDRESSES=10.64.222.21/32 # Timezone for accurate log times - TZ # Server list updater # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list - HTTPPROXY=on - SERVER_COUNTRIES=Bulgaria homepage: image: ghcr.io/gethomepage/homepage:latest container_name: homepage ports: - 3123:3000 volumes: - ${CONFIG}/homepage:/app/config # Make sure your local config directory exists # - /var/run/docker.sock:ro:/var/run/docker.sock # For docker integrations - ${DATA}:${DATA} - /:/system restart: unless-stopped environment: - TZ - PUID - PGID labels: - "traefik.enable=true" - "traefik.http.routers.homepage.rule=Host(`home.${DOMAIN}`)" - "traefik.http.routers.homepage.entrypoints=websecure" - "traefik.http.routers.homepage.tls=true" - "traefik.http.routers.homepage.tls.certresolver=myresolver" - "traefik.http.routers.homepage.middlewares=secured" dockerproxy: image: ghcr.io/tecnativa/docker-socket-proxy:latest container_name: dockerproxy environment: - CONTAINERS=1 # Allow access to viewing containers # - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm) # - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm) - POST=0 # Disallow any POST operations (effectively read-only) ports: - 127.0.0.1:2375:2375 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only restart: unless-stopped networks: default: name: $DOCKER_MY_NETWORK external: true