You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wanting to add UniqueBible docker to my current setup of dockers that I am using traefik to reverse proxy to a registered domain name. Has anyone done anything like this?
Here is my existing Docker compose that I am using.
version: "3.9"
########################### NETWORKS
# You may customize the network subnet (192.168.90.0/24) below as you please.
# Docker Compose version 3.5 or higher required to define networks this way.
networks:
socket_proxy:
name: socket_proxy
driver: bridge
ipam:
config:
- subnet: 192.168.91.0/2
# t2_proxy:
# name: t2_proxy
# driver: bridge
# ipam:
# config:
# - subnet: 192.168.90.0/24
########################### SECRETS
secrets:
traefik_forward_auth:
file: $DOCKERDIR/secrets/traefik_forward_auth
########################### EXTENSION FIELDS
# Helps eliminate repetition of sections
# More Info on how to use this: https://github.com/htpcBeginner/docker-traefik/pull/228
# Common environment values
x-environment: &default-tz-puid-pgid
TZ: $TZ
PUID: $PUID
PGID: $PGID
# Keys common to some of the core services that we always to automatically restart on failure
x-common-keys-core: &common-keys-core
networks:
# - t2_proxy
- socket_proxy
security_opt:
- no-new-privileges:true
restart: always
# Keys common to some of the dependent services/apps
x-common-keys-apps: &common-keys-apps
networks:
# - t2_proxy
- socket_proxy
security_opt:
- no-new-privileges:true
restart: unless-stopped
# Keys common to some of the services in media-services.txt
x-common-keys-media: &common-keys-media
networks:
# - t2_proxy
- socket_proxy
security_opt:
- no-new-privileges:true
restart: "no"
########################### SERVICES
services:
# Traefik 2 - Reverse Proxy
traefik:
<<: *common-keys-core # See EXTENSION FIELDS at the top
container_name: traefik
image: traefik:2.7
profiles: ["db_setup", "frontend"]
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
- --entryPoints.postgres.address=:5432
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
- --entrypoints.https.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
- --entryPoints.traefik.address=:8080
- --api=true
# - --api.insecure=true
- --api.dashboard=true
# - --serversTransport.insecureSkipVerify=true
- --log=true
# - --log.filePath=/logs/cloudserver/traefik/traefik.log
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/logs/cloudserver/traefik/access.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=204-299,400-499,500-599
- --providers.docker=true
# --providers.docker.endpoint=unix:///var/run/docker.sock # Use Docker Socket Proxy instead for improved security
- --providers.docker.endpoint=tcp://socket-proxy:2375 # Use this instead of the previous line if you have socket proxy.
- --providers.docker.exposedByDefault=false
- --entrypoints.https.http.tls.options=tls-opts@file
# Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
- --entrypoints.https.http.tls.certresolver=dns-cloudflare
- --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER
- --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER
# - --entrypoints.https.http.tls.domains[1].main=$DOMAINNAME2 # Pulls main cert for second domain
# - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAINNAME2 # Pulls wildcard cert for second domain
- --providers.docker.network=socket_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file
- --providers.file.watch=true # Only works on top level files in the rules folder
#- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
networks:
# t2_proxy:
# ipv4_address: 192.168.90.254 # You can specify a static IP
- socket_proxy
# - default
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- 5432:5432 #<<<<<<<<<<<<<<<< to access PostgreSQL
# - "8080:8080"
#- target: 8080 # insecure api wont work
# published: 8080
# protocol: tcp
# mode: host
volumes:
- $DOCKERDIR/appdata/traefik2/rules/cloudserver:/rules # file provider directory
# - /var/run/docker.sock:/var/run/docker.sock:ro # If you use Docker Socket Proxy, comment this line out
- $DOCKERDIR/appdata/traefik2/acme/acme.json:/acme.json # cert location - you must create this empty file and change permissions to 600
- $DOCKERDIR/logs/cloudserver/traefik:/logs # for fail2ban or crowdsec
- $DOCKERDIR/shared:/shared
environment:
- TZ=$TZ
- CF_API_EMAIL=$CLOUDFLARE_EMAIL
- CF_API_KEY=$CLOUDFLARE_API_KEY
- DOMAINNAME_CLOUD_SERVER # Passing the domain name to the traefik container to be able to use the variable in rules.
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "traefik.enable=true"
- "traefik.docker.network=socket_proxy"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`)"
- "traefik.http.routers.traefik-rtr.tls=true" # Some people had 404s without this
# - "traefik.http.routers.traefik-rtr.tls.certresolver=dns-cloudflare" # Comment out this line after first run of traefik to force the use of wildcard certs
- "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER"
- "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER"
# - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$DOMAINNAME2" # Pulls main cert for second domain
# - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$DOMAINNAME2" # Pulls wildcard cert for second domain
## Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
## Middlewares
## Healthcheck/ping
#- "traefik.http.routers.ping.rule=Host(`traefik.$DOMAINNAME_CLOUD_SERVER`) && Path(`/ping`)"
#- "traefik.http.routers.ping.tls=true"
#- "traefik.http.routers.ping.service=ping@internal"
## Middlewares
#- "traefik.http.routers.traefik-rtr.middlewares=chain-no-auth@file" # For No Authentication
#- "traefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@file" # For Basic HTTP Authentication
- "traefik.http.routers.traefik-rtr.middlewares=chain-oauth@file" # For Google OAuth
# Dozzle - Real-time Docker Log Viewer
dozzle:
image: amir20/dozzle:latest
container_name: dozzle
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["db_setup","frontend"]
networks:
# - t2_proxy
- socket_proxy
ports:
- "8082:8080"
environment:
DOZZLE_LEVEL: info
DOZZLE_TAILSIZE: 300
DOZZLE_FILTER: "status=running"
# DOZZLE_FILTER: "label=log_me" # limits logs displayed to containers with this label
DOCKER_HOST: tcp://socket-proxy:2375
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.dozzle-rtr.entrypoints=https"
- "traefik.http.routers.dozzle-rtr.rule=Host(`dozzle.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.dozzle-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.dozzle-rtr.service=dozzle-svc"
- "traefik.http.services.dozzle-svc.loadbalancer.server.port=8080"
# Heimdall - Application Dashboard
heimdall:
<<: *common-keys-core # See EXTENSION FIELDS at the top
image: lscr.io/linuxserver/heimdall
container_name: heimdall
# ports:
# - "$HEIMDALL_HTTP_PORT:80" # 80 used by Traefik
# - "$HEIMDALL_HTTPS_PORT:443" # 443 used by Traefik. Disabled because we will put Heimdall behind proxy.
networks:
- socket_proxy
volumes:
- $DOCKERDIR/appdata/heimdall:/config
profiles: ["db_setup", "frontend"]
environment:
<<: *default-tz-puid-pgid
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.heimdall-rtr.entrypoints=https"
- "traefik.http.routers.heimdall-rtr.rule=Host(`$DOMAINNAME_CLOUD_SERVER`,`www.$DOMAINNAME_CLOUD_SERVER`)"
- "traefik.http.routers.heimdall-rtr.tls=true"
## Middlewares
- "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
- "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
# Google OAuth - Single Sign On using OAuth 2.0
oauth:
<<: *common-keys-core # See EXTENSION FIELDS at the top
container_name: oauth
image: thomseddon/traefik-forward-auth:latest
# image: thomseddon/traefik-forward-auth:2.1-arm # Use this image with Raspberry Pi
profiles: ["db_setup", "frontend"]
environment:
- CONFIG=/config
- COOKIE_DOMAIN=$DOMAINNAME_CLOUD_SERVER
- INSECURE_COOKIE=false
- AUTH_HOST=oauth.$DOMAINNAME_CLOUD_SERVER
- URL_PATH=/_oauth
- LOG_LEVEL=info
- LOG_FORMAT=text
- LIFETIME=2592000 # 30 days
- DEFAULT_ACTION=auth
- DEFAULT_PROVIDER=google
secrets:
- source: traefik_forward_auth
target: /config
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.oauth-rtr.tls=true"
- "traefik.http.routers.oauth-rtr.entrypoints=https"
- "traefik.http.routers.oauth-rtr.rule=Host(`oauth.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.oauth-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.oauth-rtr.service=oauth-svc"
- "traefik.http.services.oauth-svc.loadbalancer.server.port=4181"
it-tools:
image: corentinth/it-tools
container_name: it-tools
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["db_setup", "frontend"]
networks:
- socket_proxy
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.it-tools-rtr.entrypoints=https"
- "traefik.http.routers.it-tools-rtr.rule=Host(`tools.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.it-tools-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.it-tools-rtr.service=it-tools-svc"
- "traefik.http.services.it-tools-svc.loadbalancer.server.port=80"
# Docker-GC - Automatic Docker Garbage Collection
# Create docker-gc-exclude file
dockergc:
<<: *common-keys-apps # See EXTENSION FIELDS at the top
image: clockworksoul/docker-gc-cron:latest
container_name: docker-gc
profiles: ["frontend"]
volumes:
# - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy and comment this line for improved security.
- $DOCKERDIR/appdata/docker-gc/docker-gc-exclude:/etc/docker-gc-exclude # Create empty file
environment:
CRON: 0 0 0 * * ? # Everyday at midnight. Previously 0 0 * * *
FORCE_IMAGE_REMOVAL: 1
FORCE_CONTAINER_REMOVAL: 0
GRACE_PERIOD_SECONDS: 604800
DRY_RUN: 0
CLEAN_UP_VOLUMES: 1
TZ: $TZ
DOCKER_HOST: tcp://socket-proxy:2375 # Use this if you have Socket Proxy enabled.
# Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
socket-proxy:
container_name: socket-proxy
image: tecnativa/docker-socket-proxy
profiles: ["db_setup", "frontend"]
restart: always
networks:
socket_proxy:
ipv4_address: $socket_proxy_ip # 192.168.91.254 You can specify a static IP
# privileged: true # true for VM. False for unprivileged LXC container.
ports:
- "127.0.0.1:2375:2375" # Port 2375 should only ever get exposed to the internal network. When possible use this line.
# I use the next line instead, as I want portainer to manage multiple docker endpoints within my home network.
# - "2375:2375"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
- LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
# 0 to revoke access.
# 1 to grant access.
## Granted by Default
- EVENTS=1
- PING=1
- VERSION=1
## Revoked by Default
# Security critical
- AUTH=0
- SECRETS=0
- POST=1 # Watchtower
# Not always needed
- BUILD=0
- COMMIT=0
- CONFIGS=0
- CONTAINERS=1 # Traefik, portainer, etc.
- DISTRIBUTION=0
- EXEC=0
- IMAGES=1 # Portainer
- INFO=1 # Portainer
- NETWORKS=1 # Portainer
- NODES=0
- PLUGINS=0
- SERVICES=1 # Portainer
- SESSION=0
- SWARM=0
- SYSTEM=0
- TASKS=1 # Portainer
- VOLUMES=1 # Portainer
# Grafana - Graphical data visualization for InfluxDB data
grafana:
image: grafana/grafana:latest
container_name: grafana
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["frontend"]
networks:
- socket_proxy
ports:
- "3000:3000"
user: $PUID
volumes:
- $DOCKERDIR/appdata/grafana:/var/lib/grafana
environment:
GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel"
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.grafana-rtr.entrypoints=https"
- "traefik.http.routers.grafana-rtr.rule=Host(`grafana.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.grafana-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.grafana-rtr.service=grafana-svc"
- "traefik.http.services.grafana-svc.loadbalancer.server.port=3000"
# Gluetun - VPN Client for Docker Containers and More
# Gluetun only for use by torrent clients + on demand lan devices.
# Arr apps do not need VPN (not recommended), unless you have ISP/country restrictions.
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["frontend"]
networks:
- socket_proxy
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
ports:
- "8081:8080" # Exposing qBittorrent through Docker Host LAN IP
- 8073:8073/tcp #GUI Interface for qbittorrent
- 56056:56056/tcp # Port forwarded per Mullvad
- 56056:56056/udp
volumes:
- $DOCKERDIR/appdata/gluetun:/gluetun
environment:
- TZ=$TZ
- VPN_SERVICE_PROVIDER=private internet access
- VPN_TYPE=openvpn
- SERVER_REGIONS=$VPN_REGIONS
- OPENVPN_USER=$VPN_USERNAME
- OPENVPN_PASSWORD=$VPN_PASSWORD
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.gluetun-qbittorrent-rtr.entrypoints=https"
- "traefik.http.routers.gluetun-qbittorrent-rtr.rule=Host(`qbit.$DOMAINNAME_CLOUD_SERVER`)" # qBittorrent
## Middlewares
- "traefik.http.routers.gluetun-qbittorrent-rtr.middlewares=chain-oauth@file" # qBittorrent
## HTTP Services
- "traefik.http.routers.gluetun-qbittorrent-rtr.service=gluetun-svc" # qBittorrent
- "traefik.http.services.gluetun-svc.loadbalancer.server.port=8080" # qBittorrent
# qBittorrent - Torrent downloader
# Needs trailing / if using PathPrefixStrip
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["frontend"]
network_mode: "service:gluetun"
# ports:
# - "8081:8080" # Explosed via gluetun. 8081 because crowdsec is using port 8080
volumes:
- $DOCKERDIR/appdata/qbittorrent:/config
- $DATADIR1/downloads:/data/downloads # Ensure that downloads folder is set to /data/downloads in qBittorrent
environment:
- TZ=$TZ
- PUID=$PUID
- PGID=$PGID
healthcheck: # https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220
test: "curl -sf https://example.com || exit 1"
interval: 1m
timeout: 10s
retries: 1
labels: # Traefik labels added via glueten
- "deunhealth.restart.on.unhealthy=true"
# # File Browser - Explorer
# filebrowser:
# image: filebrowser/filebrowser:s6
# container_name: filebrowser
# security_opt:
# - no-new-privileges:true
# restart: unless-stopped
# profiles: ["frontend"]
# networks:
# - socket_proxy
# ports:
# - "81:80"
# volumes:
# - $DOCKERDIR/appdata/filebrowser:/config
# - $EXTDRIVE:/data/media
# - $USERDIR:/data/home
# environment:
# TZ: $TZ
# PUID: $PUID
# PGID: $PGID
# labels:
# - "traefik.enable=true"
# ## HTTP Routers
# - "traefik.http.routers.filebrowser-rtr.entrypoints=https"
# - "traefik.http.routers.filebrowser-rtr.rule=Host(`fb.$DOMAINNAME_CLOUD_SERVER`)"
# ## Middlewares
# - "traefik.http.routers.filebrowser-rtr.middlewares=chain-oauth@file"
# ## HTTP Services
# - "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc"
# - "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80"
# coder:
# # This MUST be stable for our documentation and
# # other automations.
# image: ghcr.io/coder/coder:${CODER_VERSION:-latest}
# container_name: coder
# profiles: ["frontend"]
# networks:
# - socket_proxy
# ports:
# - "7080:7080"
# environment:
# CODER_PG_CONNECTION_URL: "postgresql://${POSTGRES_USER:-username}:${POSTGRES_PASSWORD:-password}@postgre/${POSTGRES_DB:-coder}?sslmode=disable"
# CODER_HTTP_ADDRESS: "0.0.0.0:7080"
# # CODER_VERBOSE=true
# # You'll need to set CODER_ACCESS_URL to an IP or domain
# # that workspaces can reach. This cannot be localhost
# # or 127.0.0.1 for non-Docker templates!
# CODER_ACCESS_URL: "${CODER_ACCESS_URL}"
# # If the coder user does not have write permissions on
# # the docker socket, you can uncomment the following
# # lines and set the group ID to one that has write
# # permissions on the docker socket.
# #group_add:
# # - "998" # docker group on host
# volumes:
# - $DOCKERDIR/appdata/coder:/home/coder/.config
# # - /var/run/docker.sock:/var/run/docker.sock
# depends_on:
# postgre:
# condition: service_healthy
# labels:
# - "traefik.enable=true"
# ## HTTP Routers
# - "traefik.http.routers.coder-rtr.entrypoints=https"
# - "traefik.http.routers.coder-rtr.rule=Host(`coder.$DOMAINNAME_CLOUD_SERVER`)"
# ## Middlewares
# - "traefik.http.routers.coder-rtr.middlewares=chain-oauth@file"
# ## HTTP Services
# - "traefik.http.routers.coder-rtr.service=coder-svc"
# - "traefik.http.services.coder-svc.loadbalancer.server.port=7080"
# pgadmin:
# container_name: pgadmin
# image: dpage/pgadmin4:latest
# profiles: ["db_setup", "frontend"]
# environment:
# - PGADMIN_DEFAULT_EMAIL=${pgadmin_default_email:[email protected]}
# - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD:-sfdgsdfgsfdg!}
# # - PGADMIN_CONFIG_SERVER_MODE:"False"
# - PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED:"False"
# - SCRIPT_NAME=/pgadmin4
# - TZ:$TZ
# - CODER_VERBOSE=true
# # - PUID:$PUID
# # - PGID:$PGID
# volumes:
# - $DOCKERDIR/appdata/pgadmin:/var/lib/pgadmin
# - ./docker_pgadmin_servers.json:/pgadmin4/servers.json
# networks:
# - socket_proxy
# ports:
# - "15433:80"
# entrypoint:
# - "/bin/sh"
# - "-c"
# - "/bin/echo 'postgres:5432:*:postgres:password' > /tmp/pgpassfile && chmod 600 /tmp/pgpassfile && /entrypoint.sh"
# restart: unless-stopped
# labels:
# - "traefik.enable=true"
# ## HTTP Routers
# - "traefik.http.routers.pgadmin-rtr.entrypoints=https"
# - "traefik.http.routers.pgadmin-rtr.rule=Host(`data.$DOMAINNAME_CLOUD_SERVER`)"
# ## Middlewares
# - "traefik.http.routers.pgadmin-rtr.middlewares=chain-oauth@file"
# ## HTTP Services
# - "traefik.http.routers.pgadmin-rtr.service=pgadmin-svc"
# - "traefik.http.services.pgadmin-svc.loadbalancer.server.port=80"
# postgre:
# container_name: postgre
# image: "postgres:15.3"
# restart: always
# profiles: ["db_setup","frontend"]
# environment:
# - POSTGRES_PASSWORD=${POSTGRES_SU_PASSWORD:-changeme}
# # - POSTGRES_HOST_AUTH_METHOD=trust
# networks:
# - socket_proxy
# volumes:
# - $DOCKERDIR/appdata/postgresql:/var/lib/pgadmin
# - ./docker_pgadmin_servers.json:/pgadmin4/servers.json
# healthcheck:
# test:
# [
# "CMD-SHELL",
# "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB",
# ]
# interval: 5s
# timeout: 5s
# retries: 5
# labels:
# - "com.centurylinklabs.watchtower.enable=false"
# - "traefik.enable=true"
# # routers
# - "traefik.tcp.routers.postgres.rule=HostSNI(`*`)"
# - "traefik.tcp.routers.postgres.entryPoints=postgres"
# - "traefik.tcp.routers.postgres.service=postgres"
# - "traefil.htcp.routers.postgres.rule=HOST('127.0.0.11')"
# # services (needed for TCP)
# - "traefik.tcp.services.postgres.loadbalancer.server.port=5432"
portainer:
<<: *common-keys-core # See EXTENSION FIELDS at the top
container_name: portainer
image: portainer/portainer-ee:latest
profiles: ["db_setup","frontend"]
# command: -H unix:///var/run/docker.sock # # Use Docker Socket Proxy instead for improved security
command: -H tcp://socket-proxy:2375
networks:
- socket_proxy
volumes:
# - /var/run/docker.sock:/var/run/docker.sock:ro # # Use Docker Socket Proxy instead for improved security
- $DOCKERDIR/appdata/portainer/data:/data # Change to local directory if you want to save/transfer config locally
environment:
- TZ=$TZ
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.portainer-rtr.entrypoints=https"
- "traefik.http.routers.portainer-rtr.rule=Host(`portainer.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.portainer-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.portainer-rtr.service=portainer-svc"
- "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
# WatchTower - Automatic Docker Container Updates
watchtower:
image: containrrr/watchtower
profiles: ["db_setup","frontend"]
container_name: watchtower
restart: unless-stopped
networks:
- socket_proxy
depends_on:
- socket-proxy
environment:
TZ: $TZ
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_REMOVE_VOLUMES: "true"
WATCHTOWER_INCLUDE_STOPPED: "true"
WATCHTOWER_NO_STARTUP_MESSAGE: "false"
WATCHTOWER_SCHEDULE: "00 30 12 * * *" # Everyday at 12:30
# WATCHTOWER_NOTIFICATIONS: shoutrrr
# WATCHTOWER_NOTIFICATION_URL: "telegram://$TGRAM_BOT_TOKEN@telegram?channels=$TGRAM_CHAT_ID"
# WATCHTOWER_NOTIFICATIONS_LEVEL: info
DOCKER_HOST: tcp://socket-proxy:2375
DOCKER_API_VERSION: "1.40"
# # Jellyfin - Media Server
# jellyfin:
# <<: *common-keys-media # See EXTENSION FIELDS at the top
# image: jellyfin/jellyfin:latest
# profiles: ["db_setup","frontend"]
# container_name: jellyfin
# devices:
# - /dev/dri:/dev/dri # for harware transcoding
# ports:
# - "$JELLYFIN_PORT:8096"
# - "8920:8920" # Emby also uses same port if running both
# environment:
# <<: *default-tz-puid-pgid
# UMASK_SET: 022
# volumes:
# - $DOCKERDIR/appdata/jellyfin:/config
# - $DATADIR/temp/appdata/jellyfin/metadata:/config/metadata
# - $DATADIR/downloads:/data/downloads
# - $DATADIR1:/data/media
# # - /dev/shm:/data/transcode # Offload transcoding to RAM if you have enough RAM
# labels:
# - "traefik.enable=true"
# ## HTTP Routers
# - "traefik.http.routers.jellyfin-rtr.entrypoints=https"
# - "traefik.http.routers.jellyfin-rtr.rule=Host(`jelly.$DOMAINNAME_CLOUD_SERVER`)"
# ## Middlewares
# - "traefik.http.routers.jellyfin-rtr.middlewares=chain-no-auth@file"
# ## HTTP Services
# - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc"
# - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
# InfluxDB - Database for sensor data
influxdb:
image: influxdb:latest
container_name: influxdb
networks:
socket_proxy:
ipv4_address: $influxdb_ip
security_opt:
- no-new-privileges:true
restart: unless-stopped
environment:
- LOG-LEVEL=debug
ports:
- "8086:8086"
volumes:
- $DOCKERDIR/appdata/influxdb2/config:/etc/influxdb2
- $DOCKERDIR/appdata/influxdb2/db:/var/lib/influxdb2
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.influxdb-rtr.entrypoints=https"
- "traefik.http.routers.influxdb-rtr.rule=Host(`infl.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.influxdb-rtr.middlewares=chain-no-auth@file"
## HTTP Services
- "traefik.http.routers.influxdb-rtr.service=influxdb-svc"
- "traefik.http.services.influxdb-svc.loadbalancer.server.port=8086" # Glances - System Information
glances:
<<: *common-keys-apps # See EXTENSION FIELDS at the top
image: nicolargo/glances:latest-full
container_name: glances
profiles: ["db_setup","frontend"]
# privileged: true # Only for VM
# network_mode: host
networks:
- socket_proxy
ports:
- "61208:61208"
pid: host
volumes:
- $DOCKERDIR/appdata/glances/glances.conf:/glances/conf/glances.conf # Use this if you want to add a glances.conf file
- $USERDIR:/data/home:ro
- /media/data:/data/data:ro
# - /var/run/docker.sock:/var/run/docker.sock:ro # Use Docker Socket Proxy instead for improved security
environment:
# GLANCES_OPT: "-C /glances/conf/glances.conf --export influxdb2 -q"
# GLANCES_OPT: "--export influxdb"
GLANCES_OPT: "-w"
DOCKER_HOST: tcp://socket-proxy:2375
TZ: $TZ
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.glances-rtr.entrypoints=https"
- "traefik.http.routers.glances-rtr.rule=Host(`glances.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.glances-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.glances-rtr.service=glances-svc"
- "traefik.http.services.glances-svc.loadbalancer.server.port=61208"
node-red:
image: nodered/node-red:latest
environment:
- TZ=$TZ
- CODER_HTTP_ADDRESS:0.0.00:1880
ports:
- "1880:1880"
profiles: ["db_setup","frontend"]
container_name: nodered
networks:
- socket_proxy
volumes:
- $DOCKERDIR/appdata/node-red-data:/data
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.nodered-rtr.entrypoints=https"
- "traefik.http.routers.nodered-rtr.rule=Host(`nodered.$DOMAINNAME_CLOUD_SERVER`)"
## Middlewares
- "traefik.http.routers.nodered-rtr.middlewares=chain-oauth@file"
## HTTP Services
- "traefik.http.routers.nodered-rtr.service=nodered-svc"
- "traefik.http.services.nodered-svc.loadbalancer.server.port=1880"
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I wanting to add UniqueBible docker to my current setup of dockers that I am using traefik to reverse proxy to a registered domain name. Has anyone done anything like this?
Here is my existing Docker compose that I am using.
'''
Beta Was this translation helpful? Give feedback.
All reactions