Last active
October 14, 2023 21:26
-
-
Save JAlcocerT/302f787db6f6d75e978674e0e18d1185 to your computer and use it in GitHub Desktop.
Docker Compose files for different services that help our Privacy and Security online.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Content from https://github.com/JAlcocerT/Docker/tree/main/Security |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.3' | |
services: | |
nginx-proxy: | |
image: jwilder/nginx-proxy:0.6.0 | |
restart: always | |
ports: | |
- "80:80" | |
- "443:443" | |
volumes: | |
- /var/run/docker.sock:/tmp/docker.sock:ro | |
- certs:/etc/nginx/certs:ro | |
- confd:/etc/nginx/conf.d | |
- vhostd:/etc/nginx/vhost.d | |
- html:/usr/share/nginx/html | |
labels: | |
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy | |
letsencrypt: | |
image: jrcs/letsencrypt-nginx-proxy-companion:v1.12 | |
restart: always | |
volumes: | |
- certs:/etc/nginx/certs:rw | |
- confd:/etc/nginx/conf.d | |
- vhostd:/etc/nginx/vhost.d | |
- html:/usr/share/nginx/html | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
synapse: | |
image: matrixdotorg/synapse | |
restart: always | |
expose: | |
- "8008" | |
volumes: | |
- ./synapse-data:/data | |
environment: | |
VIRTUAL_HOST: your.domain.com | |
VIRTUAL_PORT: 8008 | |
LETSENCRYPT_HOST: your.domain.com | |
LETSENCRYPT_EMAIL: your@mail.com | |
volumes: | |
certs: | |
confd: | |
vhostd: | |
html: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3" | |
services: | |
app: | |
image: 'jc21/nginx-proxy-manager:latest' | |
restart: unless-stopped | |
container_name: nginx | |
ports: | |
# These ports are in format <host-port>:<container-port> | |
- '80:80' # Public HTTP Port | |
- '443:443' # Public HTTPS Port | |
- '81:81' # Admin Web Port | |
volumes: | |
- /home/your_user/Docker/Nginx/data:/data | |
- /home/your_user/Docker/Nginx/letsencrypt:/etc/letsencrypt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3" | |
services: | |
pihole: | |
container_name: pihole | |
image: pihole/pihole:latest | |
ports: | |
- 53:53/tcp | |
- 53:53/udp | |
- 67:67/udp | |
- 80:80/tcp | |
- 443:443/tcp | |
environment: | |
TZ: Europe/Madrid | |
WEBPASSWORD: password_change_me #optional | |
# Volumes store your data between container upgrades | |
volumes: | |
- ~/Docker/pihole/:/etc/pihole/ | |
- ~/Docker/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/ | |
# Recommended but not required (DHCP needs NET_ADMIN) | |
cap_add: | |
- NET_ADMIN | |
restart: unless-stopped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: "2.1" | |
volumes: | |
searx: | |
services: | |
searx: | |
image: searx/searx | |
container_name: searx | |
volumes: | |
- /home/Docker/searx:/etc/searx | |
environment: | |
- BASE_URL=http://http://192.168.your.ip/ | |
ports: | |
- 3000:8080 #change 8282 as necessary | |
restart: unless-stopped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: "2" | |
services: | |
whoogle: | |
image: mvance/unbound-rpi:latest | |
container_name: unbound-dns | |
ports: | |
- 5000:5000 | |
restart: unless-stopped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: "3" | |
services: | |
wyl: | |
image: aceberg/watchyourlan | |
container_name: watchyourlan | |
network_mode: "host" | |
restart: unless-stopped | |
volumes: | |
- /home/your_user/Docker/watchyourlan/wyl:/data | |
environment: | |
TZ: Europe/Paris # required: needs your TZ for correct time | |
IFACE: "eth0" # required: 1 or more interface, use the command 'ip link conf' and use the second entry | |
DBPATH: "/data/db.sqlite" # optional, default: /data/db.sqlite | |
GUIIP: "0.0.0.0" # optional, default: localhost | |
GUIPORT: "8840" # optional, default: 8840 | |
TIMEOUT: "120" # optional, time in seconds, default: 60 | |
SHOUTRRR_URL: "" # optional, set url to notify | |
THEME: "darkly" # optional |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: "2" | |
services: | |
whoogle: | |
image: benbusby/whoogle-search:latest | |
container_name: whoogle | |
ports: | |
- 5000:5000 | |
restart: unless-stopped | |
#sudo docker run --name whoogle -d -p 5000:5000/udp -p 5000:5000/tcp \ | |
#--restart=always benbusby/whoogle-search:latest | |
#docker run --publish 5000:5000 --detach --name whoogle benbusby/whoogle-search:latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.3' | |
services: | |
wireguard: | |
image: linuxserver/wireguard | |
container_name: wireguard | |
cap_add: | |
- NET_ADMIN | |
- SYS_MODULE | |
environment: | |
- PUID=1000 | |
- PGID=1000 | |
- TZ=Europe/Paris | |
- SERVERURL=aa.333.999.zzz #optional_change_me | |
- SERVERPORT=51820 #optional | |
- PEERS=2 #optional | |
- PEERDNS=auto #optional | |
- INTERNAL_SUBNET=10.13.13.0 #optional | |
volumes: | |
- /root/wireguard:/config | |
- /lib/modules:/lib/modules | |
- /usr/src:/usr/src | |
ports: | |
- 51820:51820/udp | |
sysctls: | |
- net.ipv4.conf.all.src_valid_mark=1 | |
restart: unless-stopped |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment