--- version: '3.7' services: traefik: image: "traefik:v3.1.0" container_name: "traefik" command: # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/traefikconfig" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.email=${EMAIL}" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--metrics.prometheus=true" - "--log.format=json" ports: - "80:80" - "443:443" - "8080:8080" extra_hosts: - host.docker.internal:172.17.0.1 volumes: - "${CONFIG}/traefik/letsencrypt:/letsencrypt" - "${CONFIG}/traefik/configs:/traefikconfig" - "/var/run/docker.sock:/var/run/docker.sock:ro" labels: - "traefik.enable=true" # HTTP-to-HTTPS Redirect - "traefik.http.routers.http-catchall.entrypoints=web" - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true" # Middlewares #basic auth # - "traefik.http.middlewares.basic-auth.basicauth.users=$HTPASSWD" # google oauth - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" #rate limiting - "traefik.http.middlewares.home-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.home-ratelimit.ratelimit.burst=50" #http - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" #chain the middlewares to create a "secured" one - "traefik.http.middlewares.secured.chain.middlewares=https-only,home-ratelimit,forward-auth" - "traefik.http.middlewares.secured-no-oauth.chain.middlewares=https-only,home-ratelimit" # traefik dashboard rules - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls=true" - "traefik.http.services.traefik.loadbalancer.server.port=8080" - "traefik.http.routers.traefik.tls.certresolver=myresolver" # dont autoupdate traefik container - "com.centurylinklabs.watchtower.enable=false" # flame dashboard - "flame.type=application" - "flame.name=traefik" - "flame.icon=arrow-decision-outline" - "flame.url=https://traefik.${DOMAIN}" - "kuma.traefik.http.name=Traefik" - "kuma.traefik.http.url=http://${LOCAL_IP}:8080" oauth: image: thomseddon/traefik-forward-auth:latest container_name: oauth environment: - CLIENT_ID=$GOOGLE_CLIENT_ID - CLIENT_SECRET=$GOOGLE_CLIENT_SECRET - SECRET=$OAUTH_SECRET - COOKIE_DOMAIN=$DOMAIN - INSECURE_COOKIE=false - AUTH_HOST=oauth.$DOMAIN - URL_PATH=/_oauth - WHITELIST=$EMAIL - LOG_LEVEL=info - LOG_FORMAT=text - LIFETIME=2592000 # 30 days labels: - "traefik.enable=true" ## HTTP Routers - "traefik.http.routers.oauth-rtr.entrypoints=websecure" - "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAIN`)" - "traefik.http.routers.oauth-rtr.tls=true" ## HTTP Services - "traefik.http.routers.oauth-rtr.service=oauth-svc" - "traefik.http.services.oauth-svc.loadbalancer.server.port=4181" - "traefik.http.routers.oauth-rtr.tls.certresolver=myresolver" ## Middlewares - "traefik.http.middlewares.forward-auth.forwardauth.address=http://oauth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User, X-WebAuth-User" - "traefik.http.routers.oauth-rtr.middlewares=forward-auth" restart: unless-stopped watchtower: image: containrrr/watchtower container_name: watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - PGID - PUID - TZ - WATCHTOWER_CLEANUP=true command: --schedule "9 0 6 * * *" --cleanup restart: unless-stopped ddclient: image: linuxserver/ddclient container_name: ddclient volumes: - ${CONFIG}/ddclient:/config environment: - PGID - PUID - TZ restart: unless-stopped sabnzbd: image: linuxserver/sabnzbd:latest container_name: sabnzbd #network_mode: service:transmission-vpn ports: - "8081:8080" volumes: - ${CONFIG}/sabnzbd:/config - ${DOWNLOAD}:/downloads environment: - PUID - PGID - TZ - UMASK_SET=002 labels: - "traefik.enable=true" - "traefik.http.routers.sab.rule=Host(`sab.${DOMAIN}`)" - "traefik.http.routers.sab.entrypoints=websecure" - "traefik.http.routers.sab.tls=true" - "traefik.http.routers.sab.tls.certresolver=myresolver" - "traefik.http.routers.sab.middlewares=secured" #- "traefik.http.services.sab-svc.loadbalancer.server.port=8080" - "flame.type=application" - "flame.name=sabnzbd" - "flame.url=https://sab.${DOMAIN}" - "flame.icon=download-outline" - homepage.group=Newsgroups - homepage.name=SABnzbd - homepage.href=https://sab.${DOMAIN} - homepage.icon=sabnzbd - homepage.widget.type=sabnzbd - homepage.widget.url=http://${LOCAL_IP}:8081 - homepage.widget.key=78a5f66f979f2d5d3720f944cfe3c1fd - homepage.weight=90 - "kuma.sab.http.name=Sabnzb" - "kuma.sab.http.url=http://${LOCAL_IP}:8081" restart: unless-stopped sonarr: image: linuxserver/sonarr:latest container_name: sonarr ports: - "8989:8989" volumes: - ${CONFIG}/sonarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.${DOMAIN}`)" - "traefik.http.routers.sonarr.entrypoints=websecure" - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.tls.certresolver=myresolver" - "traefik.http.routers.sonarr.middlewares=secured" - "flame.type=application" - "flame.name=sonarr" - "flame.url=https://sonarr.${DOMAIN}" - "flame.icon=television-classic" - homepage.group=Newsgroups - homepage.name=Sonarr - homepage.href=https://sonarr.${DOMAIN} - homepage.icon=sonarr - homepage.widget.type=sonarr - homepage.widget.url=http://${LOCAL_IP}:8989 - homepage.widget.key=069396631eca455aa5e44d3f96463b38 - "kuma.sonarr.http.name=Sonarr" - "kuma.sonarr.http.url=http://${LOCAL_IP}:8989" restart: unless-stopped radarr: image: linuxserver/radarr:latest container_name: radarr ports: - "7878:7878" volumes: - ${CONFIG}/radarr:/config - ${DOWNLOAD}:/downloads - ${DATA}:/nasMerged - ${DATA}:/tv environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.${DOMAIN}`)" - "traefik.http.routers.radarr.entrypoints=websecure" - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.tls.certresolver=myresolver" - "traefik.http.routers.radarr.middlewares=secured" - "flame.type=application" - "flame.name=radarr" - "flame.url=https://radarr.${DOMAIN}" - "flame.icon=movie-open-settings" - homepage.group=Newsgroups - homepage.name=Radarr - homepage.href=https://radarr.${DOMAIN} - homepage.icon=radarr - homepage.widget.type=radarr - homepage.widget.url=http://${LOCAL_IP}:7878 - homepage.widget.key=5288c691b26149aa81e60863ab4cb890 - "kuma.radarr.http.name=Radarr" - "kuma.radarr.http.url=http://${LOCAL_IP}:7878" restart: unless-stopped prowlarr: image: linuxserver/prowlarr:latest container_name: prowlarr #network_mode: service:transmission-vpn ports: - "9696:9696" volumes: - ${CONFIG}/prowlarr:/config environment: - PUID - PGID - TZ - UMASK_SET=002 labels: - "traefik.enable=true" - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${DOMAIN}`)" - "traefik.http.routers.prowlarr.entrypoints=websecure" - "traefik.http.routers.prowlarr.tls=true" - "traefik.http.routers.prowlarr.tls.certresolver=myresolver" - "traefik.http.routers.prowlarr.middlewares=secured" - "flame.type=application" - "flame.name=prowlarr" - "flame.url=https://prowlarr.${DOMAIN}" - "flame.icon=download-outline" - homepage.group=Newsgroups - homepage.name=Prowlarr - homepage.href=https://prowlarr.${DOMAIN} - homepage.icon=prowlarr - "kuma.prowlarr.http.name=Prowlarr" - "kuma.prowlarr.http.url=http://${LOCAL_IP}:9696" restart: unless-stopped nzbhydra: image: linuxserver/nzbhydra2:latest container_name: nzbhydra ports: - "5076:5076" volumes: - ${CONFIG}/nzbhydra2:/config - ${DOWNLOAD}:/downloads environment: - PGID - PUID - TZ labels: - "traefik.enable=true" - "traefik.http.routers.hydra.rule=Host(`hydra.${DOMAIN}`)" - "traefik.http.routers.hydra.entrypoints=websecure" - "traefik.http.routers.hydra.tls=true" - "traefik.http.routers.hydra.tls.certresolver=myresolver" - "traefik.http.routers.hydra.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=hydra" - "flame.url=https://hydra.${DOMAIN}" - "flame.icon=spider" - "kuma.hydra.http.name=Nzbhydra" - "kuma.hydra.http.url=http://${LOCAL_IP}:5076" restart: unless-stopped jellyfin: image: jellyfin/jellyfin container_name: jellyfin restart: unless-stopped ports: - "8096:8096" - "8921:8920" environment: - PGID - PUID - TZ volumes: - ${CONFIG}/jellyfin:/config - ./cache/jellyfin:/cache - ${DATA}:/media labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)" - "traefik.http.routers.jellyfin.entrypoints=websecure" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls.certresolver=myresolver" - "traefik.http.routers.jellyfin.middlewares=secured-no-oauth" - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" - "flame.type=application" - "flame.name=jellyfin" - "flame.url=https://jellyfin.${DOMAIN}" - "flame.icon=jellyfish-outline" - "kuma.jellyfin.http.name=Jellyfin" - "kuma.jellyfin.http.url=http://${LOCAL_IP}:8096" flame: image: pawelmalak/flame container_name: flame volumes: - ${CONFIG}/flame:/app/data - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration ports: - 5005:5005 environment: - PASSWORD=$ADMINPWD restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.flame.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.flame.entrypoints=websecure" - "traefik.http.routers.flame.tls=true" - "traefik.http.routers.flame.tls.certresolver=myresolver" - "traefik.http.routers.flame.middlewares=secured" - "kuma.flame.http.name=Flame" - "kuma.flame.http.url=http://${LOCAL_IP}:5005" pyload: image: lscr.io/linuxserver/pyload-ng container_name: pyload environment: - PGID - PUID - TZ volumes: - ${CONFIG}/pyload/config:/config - ${DOWNLOAD}:/downloads ports: - 8005:8000 - 9666:9666 labels: - "traefik.enable=true" - "traefik.http.routers.pyload.rule=Host(`pyload.${DOMAIN}`)" - "traefik.http.routers.pyload.entrypoints=websecure" - "traefik.http.routers.pyload.tls=true" - "traefik.http.routers.pyload.tls.certresolver=myresolver" - "traefik.http.routers.pyload.middlewares=secured" - "flame.type=application" - "flame.name=pyload" - "flame.url=https://pyload.${DOMAIN}" - "flame.icon=file-download-outline" - "kuma.pyload.http.name=Pyload" - "kuma.pyload.http.url=http://${LOCAL_IP}:8005" restart: unless-stopped # unifi-controller: # image: linuxserver/unifi-controller:7.3.83 # container_name: unifi-controller # environment: # - PGID # - PUID # #- MEM_LIMIT=256M #optional # volumes: # - ${CONFIG}/unify:/config # ports: # - 3478:3478/udp # - 10001:10001/udp # - 10080:8080 # - 10081:8081 # - 10443:8443 #web ui # - 10843:8843 # - 10880:8880 # - 6789:6789 # restart: unless-stopped # labels: # - "flame.type=application" # - "flame.name=unifi controller" # - "flame.url=https://${LOCAL_IP}:10443" # - "flame.icon=wifi" # duplicati: # image: linuxserver/duplicati # container_name: duplicati # environment: # - PGID # - PUID # - TZ # #- CLI_ARGS= #optional # volumes: # - ${CONFIG}/duplicati:/config # - /:/nas # ports: # - 8200:8200 # labels: # - "traefik.enable=true" # - "traefik.http.routers.duplicati.rule=Host(`duplicati.${DOMAIN}`)" # - "traefik.http.routers.duplicati.entrypoints=websecure" # - "traefik.http.routers.duplicati.tls=true" # - "traefik.http.routers.duplicati.tls.certresolver=myresolver" # - "traefik.http.routers.duplicati.middlewares=secured" # restart: unless-stopped metube: image: alexta69/metube container_name: metube restart: unless-stopped user: "1001:1001" ports: - "8084:8081" volumes: - ${DOWNLOAD}:/downloads labels: - "traefik.enable=true" - "traefik.http.routers.metube.rule=Host(`metube.${DOMAIN}`)" - "traefik.http.routers.metube.entrypoints=websecure" - "traefik.http.routers.metube.tls=true" - "traefik.http.routers.metube.tls.certresolver=myresolver" - "traefik.http.routers.metube.middlewares=secured" - "flame.type=application" - "flame.name=metube" - "flame.url=https://metube.${DOMAIN}" - "flame.icon=youtube-subscription" - "kuma.metube.http.name=Metube" - "kuma.metube.http.url=http://${LOCAL_IP}:8084" qbittorrent: image: lscr.io/linuxserver/qbittorrent container_name: qbittorrent environment: - PUID - PGID - TZ - WEBUI_PORT=8085 volumes: - ${CONFIG}/qbitorrent:/config - ${DOWNLOAD}/Torrents:/downloads ports: - 8085:8085 - 6881:6881 - 6881:6881/udp restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${DOMAIN}`)" - "traefik.http.routers.qbittorrent.entrypoints=websecure" - "traefik.http.routers.qbittorrent.tls=true" - "traefik.http.routers.qbittorrent.tls.certresolver=myresolver" - "traefik.http.routers.qbittorrent.middlewares=secured" - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8085" - "flame.type=application" - "flame.name=qbittorrent" - "flame.url=https://qbittorrent.${DOMAIN}" - "flame.icon=folder-download" - "kuma.qbitorrent.http.name=Qbitorrent" - "kuma.qbitorrent.http.url=http://${LOCAL_IP}:8085" code-server: image: lscr.io/linuxserver/code-server:latest container_name: code-server environment: - PUID - PGID - TZ - DEFAULT_WORKSPACE=/nas/home/nathan/docker/pepitosDocker #optional volumes: - ${CONFIG}/codeServer:/config - /:/nas ports: - 10543:8443 labels: - "traefik.enable=true" - "traefik.http.routers.code-server.rule=Host(`code-server.${DOMAIN}`)" - "traefik.http.routers.code-server.entrypoints=websecure" - "traefik.http.routers.code-server.tls=true" - "traefik.http.routers.code-server.tls.certresolver=myresolver" - "traefik.http.routers.code-server.middlewares=secured" - "flame.type=application" - "flame.name=code-server" - "flame.icon=code-braces" - "flame.url=https://code-server.${DOMAIN}" - "kuma.code-server.http.name=VSCode" - "kuma.code-server.http.url=http://${LOCAL_IP}:10543" restart: unless-stopped freshrss: image: linuxserver/freshrss:latest container_name: freshrss environment: - PUID - PGID - TZ volumes: - ${CONFIG}/freshrss:/config ports: - 10180:80 labels: - "traefik.enable=true" - "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN}`)" - "traefik.http.routers.freshrss.entrypoints=websecure" - "traefik.http.routers.freshrss.tls=true" - "traefik.http.routers.freshrss.tls.certresolver=myresolver" - "traefik.http.routers.freshrss.middlewares=secured" - "flame.type=application" - "flame.name=freshrss" - "flame.url=https://freshrss.${DOMAIN}" - "flame.icon=rss-box" - "kuma.freshrss.http.name=Prowlarr" - "kuma.freshrss.http.url=http://${LOCAL_IP}:10180" restart: unless-stopped prometheus: image: prom/prometheus:v2.42.0 container_name: prometheus hostname: prometheus user: root restart: unless-stopped depends_on: - cadvisor command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--storage.tsdb.retention.time=7d' - '--web.enable-lifecycle' volumes: - ${CONFIG}/prometheus_data:/prometheus - ${CONFIG}/prometheus.yml:/etc/prometheus/prometheus.yml expose: - "9090" labels: - "traefik.enable=true" - "traefik.http.routers.prometheus.rule=Host(`prometheus.${DOMAIN}`)" - "traefik.http.routers.prometheus.entrypoints=websecure" - "traefik.http.routers.prometheus.tls=true" - "traefik.http.routers.prometheus.tls.certresolver=myresolver" - "traefik.http.routers.prometheus.middlewares=secured" - "org.label-schema.group=monitoring" - "flame.type=application" - "flame.name=prometheus" - "flame.url=https://prometheus.${DOMAIN}" - "flame.icon=state-machine" # WEB BASED UI VISUALISATION OF METRICS grafana: image: grafana/grafana:9.4.3 container_name: grafana hostname: grafana user: root restart: unless-stopped env_file: .env volumes: - ${CONFIG}/grafana_data:/var/lib/grafana expose: - "3000" labels: - "traefik.enable=true" - "traefik.http.routers.grafana.rule=Host(`grafana.${DOMAIN}`)" - "traefik.http.routers.grafana.entrypoints=websecure" - "traefik.http.routers.grafana.tls=true" - "traefik.http.routers.grafana.tls.certresolver=myresolver" - "traefik.http.routers.grafana.middlewares=secured" - "org.label-schema.group=monitoring" - "flame.type=application" - "flame.name=grafana" - "flame.url=https://grafana.${DOMAIN}" - "flame.icon=chart-multiple" - "kuma.grafana.http.name=Grafana" - "kuma.grafana.http.url=http://${LOCAL_IP}:3000" # HOST LINUX MACHINE METRICS EXPORTER nodeexporter: image: prom/node-exporter:v1.5.0 container_name: nodeexporter hostname: nodeexporter restart: unless-stopped command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro expose: - "9100" labels: org.label-schema.group: "monitoring" # DOCKER CONTAINERS METRICS EXPORTER cadvisor: image: gcr.io/cadvisor/cadvisor:v0.47.1 container_name: cadvisor hostname: cadvisor restart: unless-stopped privileged: true devices: - /dev/kmsg:/dev/kmsg volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker:/var/lib/docker:ro - /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux expose: - "3000" labels: org.label-schema.group: "monitoring" uptimekuma: image: louislam/uptime-kuma:latest container_name: uptimekuma environment: - PUID - PGID - TZ volumes: - ${DATA}/uptimekuma:/app/data ports: - 3001:3001 restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.${DOMAIN}`)" - "traefik.http.routers.uptimekuma.entrypoints=websecure" - "traefik.http.routers.uptimekuma.tls=true" - "traefik.http.routers.uptimekuma.tls.certresolver=myresolver" - "traefik.http.routers.uptimekuma.middlewares=secured" - "flame.type=application" - "flame.name=uptimekuma" - "flame.url=https://uptimekuma.${DOMAIN}" - "flame.icon=bottle-tonic-plus-outline" autokuma: image: ghcr.io/bigboot/autokuma:latest container_name: autokuma restart: unless-stopped environment: AUTOKUMA__KUMA__URL: http://$LOCAL_IP:3001 AUTOKUMA__KUMA__USERNAME: $UPTIME_KUMA_LOGIN AUTOKUMA__KUMA__PASSWORD: $UPTIME_KUMA_PASSWORD volumes: - /var/run/docker.sock:/var/run/docker.sock:ro syncthing: image: lscr.io/linuxserver/syncthing:latest container_name: syncthing hostname: syncthing #optional environment: - PUID - PGID - TZ volumes: - ${CONFIG}/syncthing:/config - ${DATA}:/nas ports: - 8384:8384 - 22000:22000/tcp - 22000:22000/udp - 21027:21027/udp restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.syncthing.rule=Host(`syncthing.${DOMAIN}`)" - "traefik.http.routers.syncthing.entrypoints=websecure" - "traefik.http.routers.syncthing.tls=true" - "traefik.http.routers.syncthing.tls.certresolver=myresolver" - "traefik.http.routers.syncthing.middlewares=secured" - "flame.type=application" - "flame.name=syncthing" - "flame.url=https://syncthing.${DOMAIN}" - "flame.icon=sync" - "kuma.syncthing.http.name=Synthings" - "kuma.syncthing.http.url=http://${LOCAL_IP}:8384" snapdrop: image: lscr.io/linuxserver/snapdrop:latest container_name: snapdrop environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC volumes: - ${CONFIG}/snapdrop:/config ports: - 8087:80 - 4437:443 restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.snapdrop.rule=Host(`snapdrop.${DOMAIN}`)" - "traefik.http.routers.snapdrop.entrypoints=web" - "traefik.http.routers.snapdrop.tls=true" - "traefik.http.routers.snapdrop.tls.certresolver=myresolver" - "traefik.http.routers.snapdrop.middlewares=secured" - "flame.type=application" - "flame.name=snapdrop" - "flame.url=https://snapdrop.${DOMAIN}" - "flame.icon=share-variant-outline" - "kuma.snapdrop.http.name=Snapdrop" - "kuma.snapdrop.http.url=http://${LOCAL_IP}:8087" # vrising: # image: trueosiris/vrising # container_name: vrising # environment: # - TZ=Europe/Paris # - SERVERNAME=vrisingAthaliar # volumes: # - '${CONFIG}/vrising/server:/mnt/vrising/server:rw' # - '${CONFIG}/vrising/data:/mnt/vrising/persistentdata:rw' # ports: # - 9876:9876/udp # - 9877:9877/udp # restart: unless-stopped # labels: # - "traefik.enable=true" # - "traefik.http.routers.vrising.rule=Host(`vrising.${DOMAIN}`)" # - "traefik.http.routers.vrising.entrypoints=web" # - "traefik.http.routers.vrising.tls=true" # - "traefik.http.routers.vrising.tls.certresolver=myresolver" # - "traefik.http.routers.vrising.middlewares=secured" mealie: image: ghcr.io/mealie-recipes/mealie:nightly container_name: mealie ports: - 9925:3000 - 9000:9000 volumes: - ${CONFIG}/mealie:/app/data/ environment: - ALLOW_SIGNUP=true - PUID - PGID - TZ - BASE_URL=https://mealie.${DOMAIN} restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.mealie.rule=Host(`mealie.${DOMAIN}`)" - "traefik.http.routers.mealie.entrypoints=websecure" - "traefik.http.routers.mealie.tls=true" - "traefik.http.routers.mealie.tls.certresolver=myresolver" - "traefik.http.routers.mealie.middlewares=secured" - "traefik.http.services.mealie.loadbalancer.server.port=9000" - "flame.type=application" - "flame.name=mealie" - "flame.url=https://mealie.${DOMAIN}" - "flame.icon=noodles" - BASE_URL=https://mealie.${DOMAIN} - "kuma.mealie.http.name=Mealie" - "kuma.mealie.http.url=http://${LOCAL_IP}:9000" # for icons: https://mdi.bessarabov.com/ apprise: image: caronc/apprise container_name: apprise ports: - 8006:8000 volumes: - ${CONFIG}/apprise:/app/data/ environment: - PUID - PGID - TZ restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.apprise.rule=Host(`apprise.${DOMAIN}`)" - "traefik.http.routers.apprise.entrypoints=websecure" - "traefik.http.routers.apprise.tls=true" - "traefik.http.routers.apprise.tls.certresolver=myresolver" - "traefik.http.routers.apprise.middlewares=secured" - "flame.type=application" - "flame.name=apprise" - "flame.url=https://apprise.${DOMAIN}" - "flame.icon=bell" - BASE_URL=https://apprise.${DOMAIN} - "kuma.apprise.http.name=Apprise" - "kuma.apprise.http.url=http://${LOCAL_IP}:8006" gluetun: image: qmcgaw/gluetun # container_name: gluetun # line above must be uncommented to allow external containers to connect. # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp # HTTP proxy - 8388:8388/tcp # Shadowsocks - 8388:8388/udp # Shadowsocks volumes: - ${CONFIG}/gluetun:/gluetun environment: # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup - VPN_SERVICE_PROVIDER=protonvpn - VPN_TYPE=openvpn # OpenVPN: - OPENVPN_USER=$PROTON_OVPN_USERNAME - OPENVPN_PASSWORD=$PROTON_OVPN_PASSWORD # Wireguard: # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU= # - WIREGUARD_ADDRESSES=10.64.222.21/32 # Timezone for accurate log times - TZ # Server list updater # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list - HTTPPROXY=on - SERVER_COUNTRIES=Bulgaria homepage: image: ghcr.io/gethomepage/homepage:latest container_name: homepage ports: - 3123:3000 volumes: - ${CONFIG}/homepage:/app/config # Make sure your local config directory exists # - /var/run/docker.sock:ro:/var/run/docker.sock # For docker integrations - ${DATA}:${DATA} - /:/system restart: unless-stopped environment: - TZ - PUID - PGID labels: - "traefik.enable=true" - "traefik.http.routers.homepage.rule=Host(`home.${DOMAIN}`)" - "traefik.http.routers.homepage.entrypoints=websecure" - "traefik.http.routers.homepage.tls=true" - "traefik.http.routers.homepage.tls.certresolver=myresolver" - "traefik.http.routers.homepage.middlewares=secured" dockerproxy: image: ghcr.io/tecnativa/docker-socket-proxy:latest container_name: dockerproxy environment: - CONTAINERS=1 # Allow access to viewing containers # - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm) # - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm) - POST=0 # Disallow any POST operations (effectively read-only) ports: - 127.0.0.1:2375:2375 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only restart: unless-stopped wg-easy: image: weejewel/wg-easy container_name: wg-easy volumes: - ${CONFIG}/wg-easy:/etc/wireguard ports: - "51820:51820/udp" - "51821:51821/tcp" restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 environment: - TZ - PUID - PGID - WG_HOST=wg.${DOMAIN} labels: - "traefik.enable=true" - "traefik.http.routers.wg.rule=Host(`wg.${DOMAIN}`)" - "traefik.http.routers.wg.entrypoints=web" - "traefik.http.routers.wg.tls=true" - "traefik.http.routers.wg.tls.certresolver=myresolver" - "traefik.http.routers.wg.middlewares=secured" - "traefik.http.services.wireguard-ui.loadbalancer.server.port=51821" - "flame.type=application" - "flame.name=wg-easy" - "flame.url=https://wg.${DOMAIN}" - "flame.icon=vpn" - "kuma.wg.http.name=Prowlarr" - "kuma.wg.http.url=http://${LOCAL_IP}:51821" joal: image: anthonyraymond/joal container_name: joal restart: unless-stopped environment: - TZ - PUID - PGID volumes: - ${CONFIG}/joal:/data ports: - 9485:9485 command: - "--joal-conf=/data" - "--spring.main.web-environment=true" - "--server.port=9485" - "--joal.ui.path.prefix=joal" - "--joal.ui.secret-token=joal" audiobookshelf: image: ghcr.io/advplyr/audiobookshelf:latest container_name: audiobookshelf restart: unless-stopped ports: - 13378:80 environment: - PGID - PUID - TZ volumes: - ${DATA}/audiobookshelf/audiobooks:/audiobooks - ${DATA}/audiobookshelf/podcasts:/podcasts - ${CONFIG}/audiobookshelf/audiobooks:/config - ${DATA}/audiobookshelf/metadata:/metadata labels: - "traefik.enable=true" - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN}`)" - "traefik.http.routers.audiobookshelf.entrypoints=websecure" - "traefik.http.routers.audiobookshelf.tls=true" - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver" - "traefik.http.routers.audiobookshelf.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=audiobookshelf" - "flame.url=https://audiobookshelf.${DOMAIN}" - "flame.icon=book-open-outline" - "kuma.audiobookshelf.http.name=Prowlarr" - "kuma.audiobookshelf.http.url=http://${LOCAL_IP}:13378" calibre-web: image: lscr.io/linuxserver/calibre-web:latest container_name: calibre-web restart: unless-stopped environment: - PGID - PUID - TZ - DOCKER_MODS=linuxserver/mods:universal-calibre #optional volumes: - ${CONFIG}/calibre:/config - ${DATA}/calibre/library:/books ports: - 8083:8083 labels: - "traefik.enable=true" - "traefik.http.routers.calibre.rule=Host(`calibre.${DOMAIN}`)" - "traefik.http.routers.calibre.entrypoints=websecure" - "traefik.http.routers.calibre.tls=true" - "traefik.http.routers.calibre.tls.certresolver=myresolver" - "traefik.http.routers.calibre.middlewares=secured-no-oauth" - "flame.type=application" - "flame.name=calibre" - "flame.url=https://calibre.${DOMAIN}" - "flame.icon=book-open-outline" - "kuma.calibre.http.name=Calibre" - "kuma.calibre.http.url=http://${LOCAL_IP}:8083" dozzle: container_name: dozzle image: amir20/dozzle:latest volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - PGID - PUID - TZ ports: - 9999:8080 labels: - "traefik.enable=true" - "traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)" - "traefik.http.routers.dozzle.entrypoints=websecure" - "traefik.http.routers.dozzle.tls=true" - "traefik.http.routers.dozzle.tls.certresolver=myresolver" - "traefik.http.routers.dozzle.middlewares=secured" - "flame.type=application" - "flame.name=dozzle" - "flame.url=https://dozzle.${DOMAIN}" - "flame.icon=text-long" - "kuma.dozzle.http.name=Dozzle" - "kuma.dozzle.http.url=http://${LOCAL_IP}:9999" stirling-pdf: image: frooodle/s-pdf:latest ports: - 8093:8080 volumes: # - /location/of/trainingData:/usr/share/tessdata #Required for extra OCR languages - ${CONFIG}/stirlingpdf:/configs # - /location/of/customFiles:/customFiles/ # - /location/of/logs:/logs/ environment: - PGID - PUID - TZ - DOCKER_ENABLE_SECURITY=false # tell docker to download security jar (required as true for auth login) - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false labels: - "traefik.enable=true" - "traefik.http.routers.stirlingpdf.rule=Host(`stirlingpdf.${DOMAIN}`)" - "traefik.http.routers.stirlingpdf.entrypoints=websecure" - "traefik.http.routers.stirlingpdf.tls=true" - "traefik.http.routers.stirlingpdf.tls.certresolver=myresolver" - "traefik.http.routers.stirlingpdf.middlewares=secured" - "flame.type=application" - "flame.name=stirlingpdf" - "flame.url=https://stirlingpdf.${DOMAIN}" - "flame.icon=file-pdf-box" - "kuma.stirlingpdf.http.name=Prowlarr" - "kuma.stirlingpdf.http.url=http://${LOCAL_IP}:8093" alfio: image: alfio/alf.io environment: POSTGRES_PORT_5432_TCP_PORT: 5432 POSTGRES_PORT_5432_TCP_ADDR: db POSTGRES_ENV_POSTGRES_DB: alfio POSTGRES_ENV_POSTGRES_USERNAME: alfio POSTGRES_ENV_POSTGRES_PASSWORD: alfio SPRING_PROFILES_ACTIVE: dev,jdbc-session ports: - "8086:8080" labels: - "traefik.enable=true" - "traefik.http.routers.alf.rule=Host(`alf.${DOMAIN}`)" - "traefik.http.routers.alf.entrypoints=websecure" - "traefik.http.routers.alf.tls=true" - "traefik.http.routers.alf.tls.certresolver=myresolver" - "traefik.http.routers.alf.middlewares=secured" - "flame.type=application" - "flame.name=alf" - "flame.url=https://alf.${DOMAIN}" - "flame.icon=file-pdf-box" db: image: postgres:10 environment: POSTGRES_DB: alfio POSTGRES_USER: alfio POSTGRES_PASSWORD: alfio ports: - target: 5432 published: 5432 protocol: tcp mode: host volumes: - data-volume:/var/lib/postgresql/data volumes: data-volume: networks: default: name: $DOCKER_MY_NETWORK external: true